Category: Linux

MySQL Plugin FEDERATED is disabled resolution

MySQL 5.6.xx  logs may contain a "Note" message that the "Plugin 'FEDERATED' is disabled." The plugin has been available since MySQL 5.0.3 and is a storage engine that accesses data in tables of remote databases rather than local tables. There is a resolution to this. Log Entries 2019-11-12 21:52:18 2338 [Note] Plugin 'FEDERATED' is disabled. Resolution Then edit the my.cnf...Read More »

MySQL RSA private key file not found resolution

MySQL 5.6  logs may contain a "Note" message that the RSA private key file not found ... and [s]ome authentication plugins will not work. There is a resolution to this. Log Entries 2019-11-12 21:22:15 897 [Note] RSA private key file not found: /var/lib/mysql//private_key.pem. Some authentication plugins will not work. 2019-11-12 21:22:15 897 [Note] RSA public key file not found: /var/lib/mysql//public_key.pem....Read More »

Thin Provisioned Logical Volumes

One virtual machine for some unknown reason is utilizing thin provisioned logical volumes.  This one virtual machine is the only one in a series of virtual machines.  In any case, I didn't understand what it meant to have a system running thin provisioned logical volumes until it crashed and I couldn't revive it.  Fortunately, there was a snapshot that the...Read More »

Sudo Flaw Permits Restricted Root Runas Access

Sudo Flaw Permits Restricted Root Runas Access.  sudo configured to allow a user run commands as another user with the ALL keyword using the runas command specifying the user ID -1 or 4294967295 can run commands as root even when explicitly disallowed.  The PAM session will not run for the command.  This vulnerability is assigned as CVE-2019-14287 and affects sudo...Read More »

How to Create a Centralized Log Server with Rsyslog in CentOS/RHEL 7.4+

The syslog server comes standard on CentOS/RHEL 7+ and is a system utility providing support for message logging. Support of both internet and unix domain sockets enables this utility to support both local and remote logging.  With a couple of configuration changes can become a central monitoring server. There are syntax changes pre CentOS/RHEL 7.4 and CentOS/RHEL 7.4+ for semanage...Read More »

Create an Ansible script for DISA STIG and execute it in CentOS 7

Securing a CentOS 7 install doesn't have to be tough.  Code already exists, we just have to find it and execute it. Prerequisites yum install openscap scap-security-guide -y Verification The version of the scap-security-guide that was tested is 0.1.40. scap-security-guide.noarch 0.1.40-13.el7.centos @updates Test The purpose of this test is to determine if the scap-security-guide supports DISA STIG. oscap info /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml...Read More »

Ansible TRANSFORM_INVALID_GROUP_CHARS settings warning [resolution]

I have an ansible playbook that has worked for months.  It still works but, now has a DEPRECATION WARNING that looks ominous along with a python error. Problem BECOME password[defaults to SSH password]: [DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user configurable on deprecation. This...Read More »

How to remove a bad disk from LVM2

While doing a little house cleaning on a VM, I discovered I was unable to reboot it.  Basically, I had a logical volume that was rather large and wanted to remove it.  I used the lvremove to remove the logical volume that spanned across two hard drives. There was no other logical volume on those drives.  Shutdown the server and...Read More »