DevHeads.net

Postings by Andrew Holway

Flame war police

Hiya everyone,

Is there a way to disable a thread that has degenerated into flaming? The
recent "discussion" on /var/run descended into some quite nasty places and
perhaps a lid should have been put on it. This seems to happen every few
weeks and is somewhat embarrassing when I'm trying to persuade people of
the "active and friendly Centos community"

It was a shame that no one actually read past the belligerence his original
post enough to come up with a solution.

SELinux - Re: how to prevent files and directories from being deleted?

I am confused why you would want persistence for these objects in any
operating system. Could you show us the relevant errors you are getting
when rebooting?

You mentioned SELinux. Is the problem that you have SELinux enabled and the
packages that you are using do not come with an appropriate SELinux policy
making them unable to open sockets / write pid files?

doing something before everything else

I want to run a script before systemd starts doing stuff but I cant find
anything online about how that could happen. It seems /etc/rc.local is
depreciated now?

Azure Centos Images

Hello,

I was wondering if there is any plan to support an official image for the
Microsoft Azure cloud platform? Currently there is a third party publisher
"OpenLogic" providing an Centos image but I don't know who they are.

Enterprise Linux Slack

Hallo,

Considering the relative decline of IRC (sorry folks) I have set up a Slack
for Enterprise Linux. I've been using "pythondev.slack.com" and honestly,
its a fantastic tool for community support with really nice features for
computer centric discussion.

<a href="https://enterpriselinux.slack.com/shared_invite/MTY4MTM5NjQ2NTc5LTE0OTE5OTkyNTctMjkyNGU1NWQzOA" title="https://enterpriselinux.slack.com/shared_invite/MTY4MTM5NjQ2NTc5LTE0OTE5OTkyNTctMjkyNGU1NWQzOA">https://enterpriselinux.slack.com/shared_invite/MTY4MTM5NjQ2NTc5LTE0OTE5...</a>

My hope is that those running Rhel and Centos can have a common place to
flame war about SystemD, what to do when FreeIPA replication breaks and how
to give your network interfaces sensible names without having to use a
pastebin.

Thoughts?

Server used in DOS attack on UDP port 0

Hi,

One of our AWS machines was used in an DOS attack last night and I am
looking for possible attack vectors.

Screen

Hey

I like to use Ctrl+A and Ctrl+E a lot to navigate my insane big bash one
liners but this is incompatible with Screen which has a binding to Ctrl-A.
Is it possible to move the screen binding so I can have the best of both
worlds?

Ta

Andrew

PHP version not enough for developers

Hi,

So, it seems that the current version of PHP in Centos 7 is PHP 5.4.16
however this version of PHP stopped getting security support from the PHP
people one month ago [1].

Now, our developers want to use the new and shiny PHP because they want to
use the latest version of Zend. They are proposing using this package [2]
but I never heard of this repo.

Other than building the packages ourselves is there a more acceptable way
to run a later version of PHP?

Thoughts? Experiences?

Logrotate problems

Hi Y'all,

We have nginx set up and we are having problems with logrotate.

Firewalld broken on Centos7?

Hi,

I have a standard Centos7 AMI. Can anyone tell me whats happening here?

Thanks,

Andrew
Aug 19 11:17:23 master dhclient[22897]: bound to 10.141.10.49 -- renewal in
1795 seconds.
Aug 19 11:17:24 master network: Determining IP information for eth0... done.
Aug 19 11:17:24 master network: [ OK ]
Aug 19 11:17:24 master systemd: Started LSB: Bring up/down networking.
Aug 19 11:23:43 master firewalld: 2015-08-19 11:23:43 ERROR: Failed to
apply rules.

Some subscribers posts to the list ending up in Gmail spam

Did we work out the technical reason why some users that post to the list
are getting dumped into gmail spam?

Ta,

Andrew

Services supporting Kerberos and/or TLS client certificate authentication

Hello,

We're starting to use FreeIPA in house (which is awesome btw) which means
that Kerberos and TLS client certificate authentication is suddenly quite
easy. Im looking for a list of common Linux services with data on how one
can Authenticate/Authorise for these services.

* httpd support TLS client certificate authentication and Kerberos
* rabbitmq supports TLS client certificate authentication
* dovecot supports Kerberos and ...

etc, etc

Cheers,

Andrew

building RPMs with SELinux

Hello,

Im trying to find some good info on building RPMs that set the correct
SELinux contexts for the installed packages.

Any ideas?

Thanks,

Andrew

ZFS on Linux testing effort

Hey,

<a href="http://zfsonlinux.org/epel.html" title="http://zfsonlinux.org/epel.html">http://zfsonlinux.org/epel.html</a>

If you have a little time and resource please install and report back
any problems you see.

A filesystem or Volume sits within a zpool
a zpool is made up of vdevs
vdevs are made up of block devices.

zpool is similar to LVM volume
vdev is similar to raid set

devices can be files.

Thanks,

Andrew

(no subject)

[root@ipa tftpboot]# semanage fcontext -l | grep tftp
/tftpboot directory
system_u:object_r:tftpdir_t:s0
/tftpboot/.* all files
system_u:object_r:tftpdir_t:s0
/usr/sbin/atftpd regular file
system_u:object_r:tftpd_exec_t:s0
/usr/sbin/in\.tftpd regular file
system_u:object_r:tftpd_exec_t:s0
/var/lib/tftpboot(/.*)? all files
system_u:object_r:tftpdir_rw_t:s0
/var/lib/tftpboot/etc(/.*)?

Authenticating sudo with ipa.

Hello,
I have set up IPA on a private network and have hit some bumps
configuring sudo access for the clients.
kinit seems to work fine for both client and server, user and root.

When I run sudo on the server I see the following in /var/log/messages:

Oct 17 17:53:52 192-168-0-100 [sssd[krb5_child[29237]]]: Decrypt
integrity check failed
Oct 17 17:53:52 192-168-0-100 [sssd[krb5_child[29237]]]: Decrypt
integrity check failed

Thanks,
Andrew

## I see the following in my clients /var/log/messages after starting
sssd on the client.

Oct 17 17:35:46 zabbix sssd: Starting up
Oct 17 17:35:46 zabbi