Bitbucket is a web-based version control repository hosting service owned by Atlassian, for source code and development projects that use either Mercurial or Git revision control systems. This is one of several products in this arena along the likes of Gitlab and Github. This is one way to script out a quick installation on a minimal install of CentOS 8….
Read More »
There are many articles on this subject, but you need to read many articles to complete a successful Spacewalk installation. There are fewer articles that tackle Spacewalk beyond the installation. Hopefully, this will fill in some of those blanks. What it is. Spacewalk is an open source Linux systems management solution. Spacewalk is the upstream community project from which the…
Read More »I have had several of my scripts break, that had worked on CentOS 6 and CentOS 7, when applying them to CentOS 8. Here are a couple of examples and their fixes. curl A script inspired by 802.1x in Lion for Macbook Air needing AD domain authentication and a script on GitHub contained a line similar to the following. # curl…
Read More »You may find yourself in front of a Gitlab install and completely forgot the password. The following method works flawlessly, so I haven’t changed any of the steps. To reset your root password, first log into your server with root privileges. Start a Ruby on Rails console with this command: gitlab-rails console -e production Wait until the console has loaded….
Read More »
Ansible Tower (formerly ‘AWX’) is a web-based solution that makes Ansible even more easy to use for IT teams of all kinds. It’s designed to be the hub for all of your automation tasks. Installation There are quite a few good scripts that are already circulating around. This script resolves a few issues with the others I have seen. I…
Read More »
DUO is a self-described “easy-to-use” two-factor authentication method that protects access to federated cloud and on-premises applications and servers. DUO offers several pricing plans and a free tier. The free tier is quite generous providing dual factor authentication to up to 10 users. This article assumes that you have created a DUO account, logged into the admin dashboard and ready…
Read More »
In this exercise, Tomcat 9 will be installed with OpenJDK 8 using a self-signed certificate using the http2.Http2Protocol protocol. I’ve updated and simplified the script since my last attempt at a similar Tomcat 9 installation. I have also added SELinux context, log rotation, and speed! Enjoy Tomcat Screenshot from an earlier version, but the end result is the same.
Read More »
MySQL 5.6.xx logs may contain a “Note” message that the “Plugin ‘FEDERATED’ is disabled.” The plugin has been available since MySQL 5.0.3 and is a storage engine that accesses data in tables of remote databases rather than local tables. There is a resolution to this. Log Entries 2019-11-12 21:52:18 2338 [Note] Plugin ‘FEDERATED’ is disabled. Resolution Then edit the my.cnf…
Read More » MySQL 5.6 logs may contain a “Note” message that the RSA private key file not found … and [s]ome authentication plugins will not work. There is a resolution to this. Log Entries 2019-11-12 21:22:15 897 [Note] RSA private key file not found: /var/lib/mysql//private_key.pem. Some authentication plugins will not work. 2019-11-12 21:22:15 897 [Note] RSA public key file not found: /var/lib/mysql//public_key.pem….
Read More »One virtual machine for some unknown reason is utilizing thin provisioned logical volumes. This one virtual machine is the only one in a series of virtual machines. In any case, I didn’t understand what it meant to have a system running thin provisioned logical volumes until it crashed and I couldn’t revive it. Fortunately, there was a snapshot that the…
Read More »Sudo Flaw Permits Restricted Root Runas Access. sudo configured to allow a user run commands as another user with the ALL keyword using the runas command specifying the user ID -1 or 4294967295 can run commands as root even when explicitly disallowed. The PAM session will not run for the command. This vulnerability is assigned as CVE-2019-14287 and affects sudo…
Read More »
The last few releases of the scap-security-guide have changed dramatically which has force changes in the way that the guide may be applied to the CentOS 7 or CentOS 8 system. The RHEL 7 has also made changes, but the largest one seems to be the direction in which the scap-security-guide handles STIG and CUI and CentOS. scap-security-guide Install yum…
Read More » With security being the focus these days, tools are more readily available for use to assist in remediation. One such tool is the OpenSCAP command-line tool. oscap is Security Content Automation Protocol (SCAP) toolkit based on OpenSCAP library. It provides various functions for different SCAP specifications (modules). This article is intended to identify the options that are available along with…
Read More »The syslog server comes standard on CentOS/RHEL 7+ and is a system utility providing support for message logging. Support of both internet and unix domain sockets enables this utility to support both local and remote logging. With a couple of configuration changes can become a central monitoring server. There are syntax changes pre CentOS/RHEL 7.4 and CentOS/RHEL 7.4+ for semanage…
Read More »Securing a CentOS 7 install doesn’t have to be tough. Code already exists, we just have to find it and execute it. Prerequisites yum install openscap scap-security-guide -y Verification The version of the scap-security-guide that was tested is 0.1.40. Version 0.1.43 has removed the DISA STIG from the CentOS guide ssg-centos7-ds.xml; however, there is a work-a-round. Article coming soon. scap-security-guide.noarch…
Read More »
I have an ansible playbook that has worked for months. It still works but, now has a DEPRECATION WARNING that looks ominous along with a python error. Problem BECOME password[defaults to SSH password]: [DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user configurable on deprecation. This…
Read More »While doing a little house cleaning on a VM, I discovered I was unable to reboot it. Basically, I had a logical volume that was rather large and wanted to remove it. I used the lvremove to remove the logical volume that spanned across two hard drives. There was no other logical volume on those drives. Shutdown the server and…
Read More »