LinuxAdmin: Expanding Linux SysAdmin knowledge

Subscribe to LinuxAdmin: Expanding Linux SysAdmin knowledge feed
Expanding Linux SysAdmin knowledgelinuxadmin: Expanding Linux SysAdmin knowledge
Updated: 13 min 21 sec ago

Replacing a failed drive in an LVM volume group

4 hours 29 min ago

I've tried searching but there seems to be remarkably little out there on how to replace a failing drive. I cannot add a new drive first, all available slots already have a drive in them ... this seems to be the most common scenario described in the search results I find.

I tried following this but I think this is outdated or missing a step or has a wrong step in it because two logical volumes refuse to sync, stating they are missing rmeta data, and after resync'ing the other volumes had missing super-blocks (which likely means it wrote over all the data).
I see kernel errors of something like:

device-mapper: raid: New device injected into existing array without 'repair' or 'rebuild' parameter specified

I have another machine with a failing drive in an LVM vg and I'd like to replace it ... and have it go smoothly.

submitted by /u/grumpieroldman
[link] [comments]

Logan Airport blocks port 22 at their routers :(

6 hours 51 min ago

And everything else besides 80 and 443 for that matter. What am i supposed to do!!!!11one. The bars aren't even open yet. pls sent halp. pls.

Totally thought about spinning up a VPN over 443, but in order to do that, well you see where this is going.

submitted by /u/1upnate
[link] [comments]

OpenVPN connection timeout after 1 hour

8 hours 40 min ago


I have configured OpenVPN server on Ubuntu 16.04 and also I have a problem with it. Each connection is only alive for 1 hour (3600 sec), after that session closes itself. Does anyone else had this issue and if yes, how did you resolve it?

submitted by /u/jsteppe
[link] [comments]

How to practice KVM with Windows Desktop?

14 hours 14 min ago

Hello Linux. So I'm studying for my RHCSA exam and I've ran into an issue... I've tried nesting my VM's to allow KVM to work but it doesn't seem to work... Whenever I'd try to run virt-manager I'd get an error like ..'Cannot open display'

I've tried: X11Fowarding, Logging in ssh with -X, changing ssh ports, changing display numbers.. and updating packages.. I've also tried these for different distros: Debian, CentOS, RHEL

If anyone has a solution to my issue this would be wonderful!! Even if it were just a KVM emulator it would be fine !

Thanks :)

submitted by /u/sxcdennis
[link] [comments]

IntermediateCA not working as intended.

Sun, 06/24/2018 - 16:08

I generated rootca.crt and rootca.key. I can use them to sign .csr. Client's who trust rootca.crt will be to communicate with server's who's cert is signed by rootca via tls. All good and all.

The problem arise when I use rootca to create a intermca. I then use intermca to sign request. Client's who trust intermca will be able to communicate to server's who's cert is signed by intermca via tls. However, client's who only trust rootca will complain the server's cert is signed by unknown authority. This is as if rootca and intermca are two separate unrelated CA. I thought there should be a certificiate chain going on here. Since intermca is signed by rootca, anyone who trusted rootca should also trust certs that's signed by intermca, that's not the case for me atm.

Below is the v3 exntension. They are the same for both rootca.crt and intermca.crt

X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment, Certificate Sign X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Alternative Name:,

Is there something I am missing?

submitted by /u/juniorsysadmin1
[link] [comments]

Unable to create intermediateCA.

Sun, 06/24/2018 - 03:38

So i have a rootca.crt and rootca.key. I use it to sign in coming certs. I am using this for tls. So far everything works. Client that trusts rootca.crt can communicate with server via https who's cert is signed by rootca.crt. So far so good.

Now my problem is when I create a intermca.crt. intermca.crt is basically a cert signed by rootca but it's a CA. I then use intermca.crt to sign server's csr for the server to host https. However, the client that trusted rootca.crt is complaining.

x509: certificate signed by unknown authority (possibly because of "x509: invalid signature: parent certificate cannot sign this kind of certificate" while trying to verify candidate authority certificate "foo co"

What does that message mean? Does it mean rootca is not a CA that is allow to create ca certs?

openssl x509 -in rootca.crt -text

Certificate: Data: Version: 3 (0x2) Serial Number: 46:43:d1:62:7a:ce:54:b2:3d:eb:2c:07:97:37:53:3c Signature Algorithm: sha256WithRSAEncryption Issuer: O=abc Validity Not Before: Jun 23 01:21:42 2018 GMT Not After : Mar 10 01:21:42 2038 GMT Subject: O=abc Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:9b:8e:da:c5:f3:26:45:f5:19:74:8f:84:7b:ce: b4:b1:5d:f8:22:8e:88:d3:ee:3b:6a:9b:e1:5c:84: e8:81:2b:a1:63:c5:30:3a:c5:27:5c:65:f5:2c:d5: 6e:45:89:2e:e0:b9:55:f3:fc:8e:a6:4a:26:3a:bc: fa:5a:cf:32:b7:cd:ce:ac:45:24:55:4d:94:0b:e6: 26:95:dd:8c:5f:a1:3c:0f:e2:86:cd:78:93:cd:f4: 8a:e5:a7:4e:cf:44:fa:91:6b:17:3c:6e:19:7f:bc: c1:bf:86:4c:ad:f1:da:dd:fa:a4:27:1e:5e:e1:60: 1b:18:80:71:ab:05:ed:5d:58:b5:8c:c9:3e:eb:c0: 1b:30:de:45:5d:f6:7b:39:d3:99:81:5f:58:ba:3d: 6b:5c:24:ef:34:32:7d:eb:da:77:fe:f4:2a:12:6e: ac:e4:a0:61:28:50:28:c9:5c:2a:31:12:44:27:b7: e8:a1:6f:3a:4a:41:12:4a:36:0a:05:e0:ee:c1:06: dd:8e:99:55:93:e2:37:3d:9a:29:2a:8b:a6:0c:34: 94:8d:95:bd:3d:09:71:3e:80:9f:49:f3:91:2b:3e: e3:4d:74:eb:95:53:ed:2c:fe:38:09:be:f5:15:9c: 5e:78:c6:ba:59:79:c5:bd:f6:28:a1:83:20:47:29: 42:78:f7:a8:86:9a:66:21:a3:00:39:bd:b6:1a:27: 10:27:c7:c8:e5:fa:9f:ab:72:b8:61:6d:64:cb:4d: 9e:68:bf:2d:b6:5b:f6:30:81:3b:11:76:ea:0b:44: fa:fb:ea:12:ec:85:bf:11:1a:f7:70:51:07:49:4e: 75:87:88:05:84:f0:1d:57:19:6d:01:b8:d7:e9:88: 06:01:a6:a7:3d:1e:02:2d:61:f4:08:64:cb:6d:19: 35:10:35:1e:96:c6:1b:7a:d3:5b:34:de:29:2c:eb: 5e:ee:6c:ec:e2:68:d8:74:df:8e:fc:6e:12:1a:4e: 24:c0:9c:35:8f:f0:da:8f:19:de:a8:85:97:ab:1d: 01:ab:2f:29:e2:6e:7b:e8:0b:f8:02:e6:4e:d5:17: 1a:ed:b9:44:ce:72:a4:16:e9:92:59:c4:75:35:1e: ce:a8:bd:1a:b2:94:66:80:1a:50:93:c8:97:be:a6: 9b:32:5d:81:f9:24:f6:cb:74:ae:25:50:2b:a0:01: 68:99:2a:b3:58:9e:d1:67:9e:1c:9d:eb:9f:70:72: ea:96:bc:53:fb:1b:7c:60:f2:a1:35:e0:b7:60:6e: a9:17:b9:ca:5b:f2:b6:3c:6d:1e:d6:32:d9:cb:66: db:7b:c8:46:d8:84:c8:77:32:88:c5:c8:80:37:ac: f4:bf:1f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment, Certificate Sign X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Alternative Name:, Signature Algorithm: sha256WithRSAEncryption 0b:a7:80:0e:f1:61:1c:61:ae:d6:d7:98:9c:2e:31:dc:ef:da: ab:ac:1c:c7:11:79:80:81:3a:98:95:70:54:26:60:c3:99:36: 7a:f7:91:6c:e8:ed:26:fd:16:46:08:a0:f6:96:ce:35:0c:c9: 30:b0:c3:b0:7b:88:69:09:56:63:e1:0b:8e:cf:f5:91:93:44: df:3d:f7:83:3d:5e:c5:98:d5:1c:20:6e:31:ef:32:6d:df:29: 7b:3e:9e:40:0a:21:3a:43:2b:36:a4:2a:84:b6:99:40:b1:00: 73:31:0f:74:a1:bc:09:b6:2a:e0:dd:7c:bc:20:b3:46:db:fb: 3c:90:d2:35:8c:7a:e6:5e:4e:18:a0:d8:a4:47:fd:8c:d2:04: 4d:d2:85:88:96:4c:3c:4e:32:a0:cf:4e:2f:1c:53:6d:7f:77: e2:40:51:b5:22:76:2c:23:6a:11:44:97:1b:24:0c:0b:18:3e: 99:ed:b3:68:23:7a:62:8e:21:25:5e:52:1d:fb:96:c8:9b:66: fb:2b:7a:ac:48:b2:47:ff:76:72:a1:27:d6:cd:a6:10:d7:f2: 98:6b:7e:cf:4d:bf:66:13:02:7c:cf:16:0c:28:9e:f1:12:e1: 6b:31:ef:54:7b:c3:ce:7f:2e:e2:f7:4c:8c:00:45:e2:5c:67: 32:45:67:3e:95:79:fe:68:bc:06:8d:a1:63:8e:57:a9:d9:fb: d6:db:e9:e8:12:88:f1:5d:a8:f5:7e:db:f4:0e:8f:01:8d:39: 48:cf:c4:6d:69:58:06:bd:cb:db:13:1f:29:39:53:94:d0:87: f3:bd:45:36:bf:4a:6b:cb:1f:42:fc:7e:62:d1:9b:d9:79:f2: 8a:b0:75:4a:84:d7:e7:49:6a:1c:bd:34:fb:c8:2a:01:46:f4: ab:e9:f8:f7:3f:1b:0b:ca:ea:bb:53:df:68:23:3f:c7:cf:71: 28:cb:dc:fe:ee:d0:73:6f:4b:fc:9a:54:84:48:e5:11:21:70: 0b:05:bd:c6:e8:82:a3:b6:c7:d4:6d:49:d2:74:b6:97:8c:37: fc:a7:f7:f7:49:e9:bf:d1:b2:c0:ab:db:be:ea:e4:80:4a:d9: ed:bc:36:39:d1:c7:8f:87:c8:e4:d3:4d:93:34:e3:e7:d4:85: b4:85:4c:7f:fe:9d:b2:fe:7d:48:77:61:ad:5c:47:4e:19:17: c2:71:91:7d:01:e1:f2:71:ce:0d:35:7b:94:d5:b4:8d:63:3f: e9:69:cb:ff:7f:3e:6b:a8:73:cf:fd:d4:f3:77:07:b7:55:22: e4:39:0d:84:af:12:6a:c5:6e:a4:a5:e1:62:5a:cf:6d:be:20: d6:f3:9c:12:7c:39:fe:e3 -----BEGIN CERTIFICATE----- MIIFJzCCAw+gAwIBAgIQRkPRYnrOVLI96ywHlzdTPDANBgkqhkiG9w0BAQsFADAT MREwDwYDVQQKEwhrbGluLXBybzAeFw0xODA2MjMwMTIxNDJaFw0zODAzMTAwMTIx NDJaMBMxETAPBgNVBAoTCGtsaW4tcHJvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAm47axfMmRfUZdI+Ee860sV34Io6I0+47apvhXITogSuhY8UwOsUn XGX1LNVuRYku4LlV8/yOpkomOrz6Ws8yt83OrEUkVU2UC+Ymld2MX6E8D+KGzXiT zfSK5adOz0T6kWsXPG4Zf7zBv4ZMrfHa3fqkJx5e4WAbGIBxqwXtXVi1jMk+68Ab MN5FXfZ7OdOZgV9Yuj1rXCTvNDJ969p3/vQqEm6s5KBhKFAoyVwqMRJEJ7fooW86 SkESSjYKBeDuwQbdjplVk+I3PZopKoumDDSUjZW9PQlxPoCfSfORKz7jTXTrlVPt LP44Cb71FZxeeMa6WXnFvfYooYMgRylCePeohppmIaMAOb22GicQJ8fI5fqfq3K4 YW1ky02eaL8ttlv2MIE7EXbqC0T6++oS7IW/ERr3cFEHSU51h4gFhPAdVxltAbjX wJw1j/DajxneqIWXqx0Bqy8p4m576Av4AuZO1Rca7blEznKkFumSWcR1NR7OqL0a spRmgBpQk8iXvqabMl2B+ST2y3SuJVAroAFomSqzWJ7RZ54cneufcHLqlrxT+xt8 YPKhNeC3YG6pF7nKW/K2PG0e1jLZy2bbe8hG2ITIdzKIxciAN6z0vx8CAwEAAaN3 MHUwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD AjAPBgNVHRMBAf8EBTADAQH/MDMGA1UdEQQsMCqCEnRlc3QxLmtsaW4tcHJvLmNv bYEUc3VwcG9ydEBrbGluLXByby5jb20wDQYJKoZIhvcNAQELBQADggIBAAungA7x YRxhrtbXmJwuMdzv2qusHMcReYCBOpiVcFQmYMOZNnr3kWzo7Sb9FkYIoPaWzjUM yTCww7B7iGkJVmPhC47P9ZGTRN8994M9XsWY1RwgbjHvMm3fKXs+nkAKITpDKzak KoS2mUCxAHMxD3ShvAm2KuDdfLwgs0bb+zyQ0jWMeuZeThig2KRH/YzSBE3ShYiW TDxOMqDPTi8cU21/d+JAUbUidiwjahFElxskDAsYPpnts2gjemKOISVeUh37lsib ZvsreqxIskf/dnKhJ9bNphDX8phrfs9Nv2YTAnzPFgwonvES4Wsx71R7w85/LuL3 TIwAReJcZzJFZz6Vef5ovAaNoWOOV6nZ+9bb6egSiPFdqPV+2/QOjwGNOUjPxG1p WAa9y9sTHyk5U5TQh/O9RTa/SmvLH0L8fmLRm9l58oqwdUqE1+dJahy9NPvIKgFG 9Kvp+Pc/GwvK6rtT32gjP8fPcSjL3P7u0HNvS/yaVIRI5REhcAsFvcbogqO2x9Rt SdJ0tpeMN/yn9/dJ6b/RssCr277q5IBK2e28NjnRx4+HyOTTTZM04+fUhbSFTH/+ nbL+fUh3Ya1cR04ZF8JxkX0B4fJxzg01e5TVtI1jP+lpy/9/Pmuoc8/91PN3B7dV IuQ5DYSvEmrFbqSl4WJaz22+INbznBJ8Of7j -----END CERTIFICATE-----

openssl x509 -in intermca.crt -text

Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha256WithRSAEncryption Issuer: O=abc Validity Not Before: Jun 24 05:01:06 2018 GMT Not After : Sep 22 05:01:06 2018 GMT Subject: C=USA, ST=CA, L=San Francisco, O=SQ, OU=IT, Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:bd:4a:2a:9f:2e:69:41:9f:3d:84:bb:92:97:c5: 4d:b0:e8:07:51:02:9f:aa:fd:ca:ad:af:64:d0:84: cf:5b:fb:27:ad:d1:45:35:73:ae:a9:f9:a2:ab:ed: 57:a3:dc:39:96:49:5d:a1:b4:e3:14:d0:3d:b0:05: ef:d5:de:17:91:d5:c0:db:eb:d9:64:25:0c:12:40: a0:d1:d8:98:90:f6:96:06:1f:e6:c7:f9:f3:ea:f0: 0b:b9:83:ec:9e:b5:41:f5:60:5b:06:4a:ec:1c:7a: 26:77:dd:51:94:e4:f1:12:74:0c:02:b0:28:68:4a: a7:1b:b1:3c:e9:91:71:81:47:b5:e1:59:fa:75:c7: b5:73:f0:89:7d:ed:31:ae:45:bc:c1:86:1d:e6:a9: 19:0d:c4:ba:b4:92:a5:79:f2:d6:d8:bb:af:55:61: f3:1b:38:90:9d:6f:9a:b6:bd:b7:dd:9a:eb:c8:3a: 39:94:f9:27:49:3f:e5:cb:00:6c:34:45:6b:4b:7a: c7:6f:40:28:b6:0f:5f:6b:79:77:6b:54:79:54:02: 52:48:81:eb:60:57:13:b0:25:89:77:92:2c:e9:52: 7c:27:6f:19:3a:8e:35:e4:65:d7:97:95:0b:9f:c3: e5:55:d8:04:ff:ad:a4:d9:e9:1d:38:d8:69:22:40: d7:25 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Alternative Name:, Signature Algorithm: sha256WithRSAEncryption 92:2c:b9:ac:44:85:4c:cb:5f:69:0c:82:7e:ab:b6:b1:90:24: b8:56:b1:27:3e:c5:2f:d6:47:60:e2:b7:f2:3b:0f:20:2b:74: 11:d7:96:11:ec:7d:4c:a8:28:0a:0d:ca:79:ee:95:f3:45:1f: 47:28:57:c8:27:ef:89:05:36:c1:c3:9b:27:1e:90:29:1f:a0: ae:db:81:71:7d:c0:b7:26:97:ba:14:b8:e3:36:e2:52:17:3f: 3d:64:0f:ba:5f:a7:f2:3b:c9:7a:54:e5:cd:96:86:46:4f:c7: 6c:40:17:92:f3:a9:6e:6e:3b:92:2c:8d:9b:98:9f:d9:68:0a: a4:da:7f:83:5e:34:e2:b7:34:82:93:c3:f2:8a:15:38:7e:56: 03:50:5e:60:08:a2:31:4a:e7:1c:c0:dd:7c:07:fc:c1:3e:bb: 86:96:e6:85:b8:88:8d:84:c3:13:2f:25:f0:5e:7d:79:a5:63: 0c:98:52:c8:b7:b0:cc:fb:8e:6f:f6:13:0d:0b:9f:78:32:bb: a1:41:88:03:32:f4:a1:25:c3:3a:77:24:46:e8:76:7a:f2:6a: 5f:13:b5:4a:6a:5b:e1:49:b6:ef:70:f7:54:a9:ba:36:3d:6a: 19:dc:8b:97:19:93:7e:6e:17:cb:e6:c8:cc:ff:28:7f:94:33: 82:33:c2:a3:83:8a:dd:f0:e5:8f:48:e5:fe:61:37:e3:83:93: 91:99:05:d0:c3:50:cf:5e:92:36:6d:4c:1c:e4:74:3a:94:7c: d6:95:a8:8e:9d:a9:ed:b4:62:29:48:73:b2:d3:17:40:de:77: b9:c3:fd:24:ad:6f:c8:e0:34:45:28:1c:15:fa:70:76:04:36: 67:c8:52:96:79:d1:ac:c3:00:45:d2:d3:67:1f:b1:50:f2:f4: 0c:b4:b1:28:bf:33:99:96:6b:43:b1:e6:3f:30:b8:27:bf:d4: 93:d1:32:62:05:83:ca:08:94:c7:2d:24:b2:6b:3c:f1:9a:03: f5:6a:b1:9d:99:80:22:d0:a6:6f:39:77:be:fa:35:7b:6d:22: 12:f5:ca:43:0f:9e:95:86:cf:34:32:41:ba:da:86:f3:3b:d3: 4f:5e:db:aa:f5:1d:e4:11:07:3e:6b:3a:1c:45:68:71:c7:ad: 54:ba:ef:5d:22:de:0c:a4:12:18:af:7f:3b:a8:00:18:ec:a9: db:0a:e0:c9:bf:cf:cb:2c:d4:b8:a2:a5:8c:33:ed:36:ac:54: 4b:06:2c:a3:68:fa:58:c2 -----BEGIN CERTIFICATE----- MIIEajCCAlKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQKEwhrbGlu LXBybzAeFw0xODA2MjQwNTAxMDZaFw0xODA5MjIwNTAxMDZaMGoxDDAKBgNVBAYT A1VTQTELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xCzAJBgNV BAoTAlNRMQswCQYDVQQLEwJJVDEbMBkGA1UEAxMSdGVzdDEua2xpbi1wcm8uY29t MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUoqny5pQZ89hLuSl8VN sOgHUQKfqv3Kra9k0ITPW/snrdFFNXOuqfmiq+1Xo9w5lkldobTjFNA9sAXv1d4X kdXA2+vZZCUMEkCg0diYkPaWBh/mx/nz6vALuYPsnrVB9WBbBkrsHHomd91RlOTx EnQMArAoaEqnG7E86ZFxgUe14Vn6dce1c/CJfe0xrkW8wYYd5qkZDcS6tJKlefLW 2LuvVWHzGziQnW+atr233ZrryDo5lPknST/lywBsNEVrS3rHb0Aotg9fa3l3a1R5 VAJSSIHrYFcTsCWJd5Is6VJ8J28ZOo415GXXl5ULn8PlVdgE/62k2ekdONhpIkDX JQIDAQABo3IwcDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEG CCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wLgYDVR0RBCcwJYISdGVzdDEua2xp bi1wcm8uY29tgQ9zdXBwb3J0QGFiYy5jb20wDQYJKoZIhvcNAQELBQADggIBAJIs uaxEhUzLX2kMgn6rtrGQJIpMclcM42UtiAvL8ZsEXKPKou6Pi5v2qpcn9AbjUhtE /ME+u4aW5oW4iI2EwxMvJfBefXmlYwyYUsi3sMz7jm/2Ew0Ln3gyu6FBiAMy9KEl wzp3JEbodnryal8TtUpqW+FJtu9w91SpujY9ahnci5cZk35uF8vmyMz/KH+UM4Iz wqODit3w5Y9I5f5hN+ODk5GZBdDDUM9ekjZtTBzkdDqUfNaVqI6dqe20YilIc7LT F0Ded7nD/SStb8jgNEUoHBX6cHYENmfIUpZ50azDAEXS02cfsVDy9Ay0sSi/M5mW a0Ox5j8wuCe/1JPRMmIFg8oIlMctJLJrPPGaA/VqsZ2ZgCLQpm85d776NXttIhL1 ykMPnpWGzzQyQbrahvM7009e26r1HeQRBz5rOhxFaHHHrVS6710i3gykEhivfzuo ABjsqdsK4Mm/z8ss1LiipYwz7TasVEsGLKNo+ljC -----END CERTIFICATE-----

Is there something wrong with my x509v3 extensions? What am I missing?

submitted by /u/juniorsysadmin1
[link] [comments]

Spacewalk repo down?

Sun, 06/24/2018 - 01:37

I think the Spacewalk yum repository is down, I'm trying to upgrade to 2.8 and getting this on my Spacewalk server:

lts/@spacewalkproject/java-packages/epel-7-x86_64/repodata/repomd.xml: (28, 'Connection t

Trying other mirror.

Looks like it might be down for everyone:

Is there some way I can notify them?

submitted by /u/carp3tguy
[link] [comments]

KVM 2cowq backups.

Fri, 06/22/2018 - 16:46

I'm a Windows admin, that was hired to run a Linux environment. Its been a crash course, but I need some help. I have a few hypervisors running Ubuntu server, with libvirt, and virtual machines in qcow2 format. I want to copy the disk while the machine is running to a NAS for quick and easy recover if I loose the hypervisor. What is the best and easiest way to accomplish this?

Some post have said rsync while others say its a bad idea.

I've read some about block copy.

I've considered running the disk off the NAS, because the NAS takes hourly snapshots, but now I see thats a bad idea because it will be too much stress on my NAS.

submitted by /u/3L3ET
[link] [comments]

Can't login with user/pass but ssh-key allowed

Fri, 06/22/2018 - 14:59

I have been locking down some servers according to DISA STIGS (RHEL 7). I don't know if I goofed somewhere in a setting but I can't login using a user/pass, even though I know the password is correct. Thankfully I already had ssh-keys setup prior. I only found out user/pass didn't work because another user tried to login and he didn't have keys setup. Looking at /var/log/secure I see the following lines.

Jun 22 14:23:41 capncrunch sshd[13856]: pam_faillock(sshd:auth): Unknown option: account

Jun 22 14:23:41 capncrunch sshd[13856]: pam_faillock(sshd:auth): Unknown option: required

Jun 22 14:23:41 capncrunch sshd[13856]: pam_faillock(sshd:auth): Unknown option:

Jun 22 14:23:43 capncrunch sshd[13854]: error: PAM: Authentication failure for cc from

Jun 22 14:23:46 capncrunch sshd[13871]: pam_faillock(sshd:auth): Unknown option: account

Jun 22 14:23:46 capncrunch sshd[13871]: pam_faillock(sshd:auth): Unknown option: required

Jun 22 14:23:46 capncrunch sshd[13871]: pam_faillock(sshd:auth): Unknown option:

Jun 22 14:23:48 capncrunch sshd[13854]: error: PAM: Authentication failure for cc from

submitted by /u/Khalepos
[link] [comments]

Server performance issues after RHEL 7 upgrade

Fri, 06/22/2018 - 13:54

I did a clean install on our newest production server from RHEL 6 to RHEL 7. Previously this was our most powerful server but now its our slowest. We use it for web applications so Tomcat/Apache/MySQL are the main services running.

Our applications are just running slower, in some instances 4x slower than my dev and test servers.

I tried a couple simple Java "stress test" apps, here is an example

Local Dev: 63ms / 58ms / 61ms

Test server: 194ms / 174ms / 176ms

Prod Server: 226ms / 221ms / 221ms

I am not really a sysadmin by trade, more of a dev that has to handle the servers. So as far as how to diagnose whats going on or where to even start is kind of beyond me. Can anyone help me please?

submitted by /u/raydawg2000
[link] [comments]

Website request spam containing weird/fake referrer addresses

Thu, 06/21/2018 - 19:37

Starting around a week ago, we've noticed a lot of requests to our website's front page containing bogus referrer links. These originate from tens of thousands of different IP addresses, and the referrer can be from one of 300+ websites. Initially we thought this was some sort of DDoS attack, but now we're thinking it is some sort of attempt to boost the web rankings of these sites. We're minimizing the impact to our site's performance by both redirecting these requests back to their source with a temporary redirect and dropping connections at the firewall using fail2ban.

Has anyone else experienced anything like this?

Here are some examples of what these requests look like:

"GET / HTTP/1.1" 307 187 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" "GET / HTTP/1.1" 307 187 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" "GET / HTTP/1.1" 307 187 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" "GET / HTTP/1.1" 307 187 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.69 Safari/537.36" "GET / HTTP/1.1" 307 187 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" "GET / HTTP/1.1" 307 187 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" "" "GET / HTTP/1.1" 307 187 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" submitted by /u/LambdaTheory
[link] [comments]

How do you read your email on your Linux workstation?

Thu, 06/21/2018 - 19:26

Most Linux admins work for companies that probably don't use Linux as their standard desktop platform.

If you actually use a Linux machine to do your day to day work, how do you read your email?

Do you run O365 with a web browser?

Do you use pine or mutt?

Do you work for a G Suite company and use webmail?

Or what?

submitted by /u/crankysysadmin
[link] [comments]

Learning to code

Thu, 06/21/2018 - 11:19

I got about a decade of experience managing linux boxes. I like my job, and am pretty familiar with bash.

I think coding would be a good addition to my resume and skillset, especially with all that DevOps and SRE stuff being thrown around nowadays.

Been doing the CodeAcademy Python course, and that shit is freaking hard, goddamnit!

I'm feeling a little bit lost, doubting that I can make it, and would be thankful any insights and experience you guys might have.

submitted by /u/tehtrb
[link] [comments]

Atom remote FTP not working

Thu, 06/21/2018 - 10:11



I am trying to use Atom text editor to edit remote files. It works fine on my Oracle Enterprise Linux boxes but refuses to connect to my SLES 11 SP3 systems.


There are no network firewall issues and I have stopped the local firewall to test. SSH works fine to all the SLES boxes.


Looking for advice on where to check next.


Thanks in advance.

submitted by /u/i_sed_it_twice
[link] [comments]

what to do if you removed a file with rm and want it back ?

Thu, 06/21/2018 - 07:43

it did not happen with me - yet - but since i am new as a sysadmin i am afraid that one day i may do it ( and i have seen many admins did it and removed files they need ) so i want to be ready if one day i removed a file by mistake is this case what do i use to get it back ?

submitted by /u/MinaEdwar
[link] [comments]

How do I set up a simple samba share, with backups, and the ability to add servers to the pool, automatically?

Wed, 06/20/2018 - 12:13

I'm assuming this type of thing is done all the time in industry. I know how to do this all manually, and could probably hack together a couple storage VPS's to make it work, but I'm really curious how this sort of thing is done in industry.

submitted by /u/t40
[link] [comments]

How do you backup your environment?

Wed, 06/20/2018 - 09:54


We have a dozen server running, nameservers, cPanel, webservers, etc.

We are looking for a all-in-one OpenSource solution, something like Bareos, but simpler, and with out-of-the-box MariaDB/MySQL backup possibilities, and incremental/full backup option.

Hopefully someone can suggest something good, thank you in advance!

submitted by /u/Ramshield
[link] [comments]