LinuxAdmin: Expanding Linux SysAdmin knowledge

Subscribe to LinuxAdmin: Expanding Linux SysAdmin knowledge feed
Expanding Linux SysAdmin knowledgelinuxadmin: Expanding Linux SysAdmin knowledge
Updated: 16 sec ago

Apache Proxy for other port over HTTPS

8 hours 54 sec ago


I've setup Oxidized with LibreNMS to make backups of my routers. Now does Oxidized run on port 8888 on HTTP.

I'd like to make this HTTPS over port 443.

Unfortunately my knowledge is far too little of Apache to even think of what to search for. Would someone mind pointing me in the right direction?

Thank you in advance!

submitted by /u/Ramshield
[link] [comments]

Web panel for multiple external email addresses

Fri, 09/21/2018 - 15:43

Hi guys, i need to set up a webclient pane that will allow me to setup multiple external email accounts per user.


i tried roundcube but it does not do what i need since it's single email per account.

submitted by /u/elderlogan
[link] [comments]

Has anyone successfully mounted a Synology NFS share with Kerberos?

Fri, 09/21/2018 - 10:49

I'm trying to emulate how my domain-attached Windows machines mount network drives with GPO for specific user groups, but on my Linux machines instead. I've tried just about everything - automount, CIFS mounting, editing /etc/fstab - but the best I can do is mount with open access for everyone. This isn't great because some shares aren't meant to be accessible by everyone.

I've had the best luck with NFS so far. I can mount the share with AUTH_SYS, but there's a UID/GID mismatch so I can cd through the drive but can't read or write. I guess I could write a script that changes the client user's UID/GID to match, but that feels like a can of worms that won't scale well. I could also write a login script that mounts the drives based on whether or not the user is in the right group...but any user with enough Unix skills could figure out how to get access to everything anyway.

Kerberos seems like the only sane option now.

The problem is, I can't get it to authenticate. I set up permissions and Kerberos settings on the Synology and tried mounting, but it returned with a server denied access error. I think I've narrowed it down to a problem in my keytab file...but I don't know enough about Kerberos and keytabs to know where to go next. Any advice? I've read as many articles as I can find about Kerberos/keytabs/mounting/cifs and I've gotten virtually nowhere.

submitted by /u/waylanddesign
[link] [comments]

Seeking advice

Fri, 09/21/2018 - 10:27

While at work i m mainly a Windows Administrator, i always used linux for smaller project / where i was allowed to use it. Looking at my current servers, i m starting to see that i need a ramp up in this situation and i would like to ask to the more experienced where to start. A small overview of what i have, nearly 15 linux Servers with multiple distributions and multiple versions, from CentOS 5~7 (some already out of support due to legacy systems) to Debian 8;

What i would like to improve:

  • Central Authentication for these Servers (Users, Password's and/or MFA example: keys, in other words Active Directory) also if anyone integrates the Linux and Windows domains or just use Windows or just linux domain;
  • Central management of configurations, patching etc... (pretty much a System Center but for Linux)
  • Central Logging solution (if possible for Windows and Linux)
  • Have HA in some services (i know this is a vage question but, this will depend on the software and the mechanism they have, example databases, app servers, etc.. )

To avoid some one to be angry at this post, i did some research before asking, (example: for Authentication FreeIPA, Management: Chef, Logging) but i would like to know what everyone uses in an hybrid environment so i can make an "educated" decision. thanks in advance

submitted by /u/criostage
[link] [comments]

x-post from /r/sysadmin:

Thu, 09/20/2018 - 21:06

I usually have more computers/laptops available for a thing like that, but I have recently shipped them all to where I will be retiring in a few months (Philippines). Thank goodness I kept my Raspberry Pi here. I post this comment by using that computer.

Plus, granted a keyboard, mouse, TV, and HDMI cable.

submitted by /u/SgtPyle
[link] [comments]

Best way to manage bunch of public ssh keys across multiple devices?

Thu, 09/20/2018 - 16:21


I'm just a home user, but I have 3 Linux boxes, a MacBook, and a vps that I look after.

What's the best way to sync public keys across all devices, so that I can securely SSH into any box from any other box please?

Ansible, rsync, gitlab, something else?

Thanks in advance! :)

submitted by /u/jamithy2
[link] [comments]

Roast my provisioning

Thu, 09/20/2018 - 08:40

Hello /r/linuxadmin!

I figured it's a good way to learn to have a big community of Linux admins see if my thinking is any good. So I ask you if you could critique the way my provisioning works right now? The environment is:

  • Proxmox for virtual machines
  • Only Debian and Ubuntu machines
  • Puppet for config management

We're a pretty small company so we didn't look at the more enterprisey solutions mostly because we think it's too much to do for not enough gain. We used to provision vm's manually - install and connect to puppet and let it deal with all the rest. But now we wanted to automate it so I wrote a simple python script to do it:

  • Script is called from puppet (when we create a new virtual machine resource on hypervisor)
  • It generates preseed files with all the needed configuration, including networking. Then it generates puppet certificates on puppet master and copies all of that to a unique location on the hypervisor which can be accessed trough Nginx.
  • It runs the qm create command, with all the hardware options set and location to pressed configs in the -args section
  • Installation is completely automatic and after it ends, installer runs a script to install puppet and copy hypervisors public key to its' authorized_keys, turn on serial port access, update packages and add needed hosts file entries.
  • Before the first boot the -args section is deleted so it won't install again
  • After it boots the script checks when port 22 opens and copies puppet certificates over to the vm
  • Script configures puppet trough ssh and runs it. At this time vm is fully working
  • After it's all done we get a message on slack that we can use the machine

So I'm wondering if there's any better way to do it? Is my script totally over engineered? Or maybe it's too inflexible? Maybe there are some ready solutions I don't know about?

I looked at puppet razor but to be honest I don't really understand it. With FAI I ran into some issues setting up the PXE server and just gave up. I also tried cloudinit but proxmox has a very limited support for it and I had a lot of problems with setting up my own image. I'm still pretty junior, only got like a year and a half of experience so probably that's why :P

Should I pursue those solutions instead of making my own? Or if it works it works? One big disadvantage of this I guess is I can't provision bare metal servers, but currently we have like only 5 or 6 of them so I don't care that much.

submitted by /u/ivyjivy
[link] [comments]

iSCSI: Disk at 100% after initial operation

Thu, 09/20/2018 - 08:03

We have a disk exported via iSCSI. When writing to this particular disk, following issue manifests:

Initial speed is decent, then after a few gigabytes of writes

i) disk becomes 100% busy

ii) disk write speed drops to 10 MB/s

iii) Disk IOPS drop to 80 transfers / sec

Some (alarming) points to consider:

1) All other disks in our network function properly, that is their speeds when exported as iSCSI targets are normal and sustained.

2) This specific disk functions properly when used locally, and not as iSCSI target.

3) Disk's behaviour was duplicated in a virtual environment. That is, iSCSI target and iSCSI initiator are two virtual machines in the same bare metal machine.

If it wasn't for point 2) we would come to the conclusion that disk is faulty. But current behaviour (problems only for 1 specific disk, only for 1 specific environment) cannot be explained.

Your thoughts?

submitted by /u/_padawan
[link] [comments]

Is Powershell more powerful than Bash ?

Thu, 09/20/2018 - 06:49

1) Is Powershell more powerful than Bash ?

2) Do you feel the Cloud and Automation is affecting jobs and reducing the need of more traditional Sysadmin skills ?

3) Do you prefer Linux or Windows Server and why ?

4) Do you think there is a real alternative to AD & Exchange in the Linux world like Ansible is a little bit to System Center for automating, configuring system etc

submitted by /u/Cloud_Strifeeee
[link] [comments]

YUM private repository on AWS EC2 instance troubleshooting

Thu, 09/20/2018 - 00:24

Having issues with a YUM repository configuration using AWS EC2 instance using Redhat 7 with Apache server(HTTPD) installed. On the YUM server host instance, I have a script using reposync and createrepo to download to updated packages and update the repository. I have created an "internal.repo" file on the client systems that update the baseurl to the repo server ip/rhel_server/rhui-REGION-rhel-server-rh-common/Packages/. I have tried many variations of this, verified permissions, set SELINUX to permissive mode, verified connectivity, and verified HTTPD is active and running. So far nothing seems to work. I've patterned this off a RHEL 6 system that is currently working so I must be missing a configuration somewhere. What am I missing?

submitted by /u/Emersumbigens
[link] [comments]

How are the PAM_SQL modules?

Wed, 09/19/2018 - 12:01

How have the PAM_SQL modules been recently? I am considering trying them again in a lab to see if they are a viable way to tie an application account to a system account.

I also want to find out if SQL based account management is generally easier to manage than Unix and LDAP based management especially with the all of the general purpose SQL tools and the Database Access controls.

Do you have anything to say about PAM_SQL?

submitted by /u/Oflameo
[link] [comments]

Making the switch

Wed, 09/19/2018 - 11:21


I'm currently the admin for an entirely windows-based server setup. While probably 90% of connected computers/users are Windows (7 or 10), the last 10% are Apple based. The server runs active directory, group policies, and a print server. There are a few virtual machines for various services and storage spaces for users.

The previous techs were fine with Windows products - which I understand... but I'm a fan of open source software. I'd like to eventually convert the server setup over to Linux.

What do I need to know? Have any of you gone through this and gained any wisdom worth sharing? Lastly, active directory and group policies allow for some pretty cool controls for individual users and computers - what can I do in Linux that is similar?

submitted by /u/havradir
[link] [comments]

Ubuntu vs CentOS - Should i stay or should i go?

Wed, 09/19/2018 - 06:19

I've been slowly building a Linux environment at work for the past couple of years. Running everything from Elastic stack, MongoDB and several NodeJS applications. The flavour of choice, when I started to build this, was Ubuntu. Mainly because of the rather big community and that just about any problem I could run into, someone would have already figured out.

In the near future, I can see things coming - Docker, Ansible and a general "maturing" of the environment.

As I understand it, CentOS/RedHat is the "industry standard" when it comes to Linux distributions for enterprise use. Using CentOS will give me some kind of guarantee that whatever enterprise product we should choose to use, will work.
On the other hand - I haven't run into any problems using Ubuntu. It's quite annoying that they make these "drastic" changes from one major LTS version to the next. But then again - with 2 years between each major version, there's bound to be some major changes. -And I'm guessing that it's not that different from other distros.

I know it's an almost religious discussion I'm trying to start here :)

Should I keep on using Ubuntu or should I be looking at moving to CentOS?

Pro's and con's?

submitted by /u/BeerBuildMe
[link] [comments]

When using screen with a long running intensive command, why does my client's CPU usage spike and the fans kick on?

Tue, 09/18/2018 - 17:38

I have a Mac. I ssh into an Ubuntu server, issue screen and start up an intensive, long-running command and let it sit. Why is my mac working so hard? If I ctrl+a d to get out of screen my mac stops working so hard. Why does watching the command run (the output) work my mac so hard when shouldn't all the hard work be being done on the server?

submitted by /u/Tie28
[link] [comments]

FreeIPA Web UI: blank page, app.js gives "Error: Couldn't receive translations"

Tue, 09/18/2018 - 11:52

Fedora 28 Server, FreeIPA 4.7.0-1.

My setup is slightly customised, I had to create my own Apache virtual host for FreeIPA by combining the config files it created. Web UI seems to be accessible, index.html and all resources are being loaded, but I get an entirely blank page and Firefox's developer console gives me this:

Using //@ to indicate sourceMappingURL pragmas is deprecated. Use //# instead[Learn More] jquery.js:1

Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help jquery.js:6:8728

Error: Couldn't receive translations app.js:3:14945

freeipa/translations/< https://ipa.[FQDN]/ipa/ui/js/freeipa/app.js:3:14945 runFactory https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:16935 execModule https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:19327 execModule https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:19155 execModule https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:19155 execModule https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:19155 execModule https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:19155 execModule https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:19155 execModule https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:19155 execModule https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:19155 execModule https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:19155 execModule https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:19155 checkComplete/< https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:19788 guardCheckComplete https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:19493 checkComplete https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:19640 onLoadCallback https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:22078 onLoad https://ipa.[FQDN]/ipa/ui/js/dojo/dojo.js:1:25991

Has anyone faced and solved this before? Apache logs have not given me any pointers.


submitted by /u/nerfu
[link] [comments]