|
That is exactly what is happening.
|
#
?
Nov 24, 2010 04:05
|
|
|
|
| # ? Jun 7, 2024 15:36 |
|
|
I'm exactly halfway through the RH131 course (Red Hat System Administration). I apparently have to option to write an exam at the end of this for an additional $400 to become a "Red Hat Certified Technician". Would that be in any way worth it? I have a stable job, but you never know.
|
|
#
?
Nov 24, 2010 04:48
|
|
|
I saw someone SSH into a server typing something like "ssh user@servernickname" instead of putting in a domain or IP address. I'm assuming he edited some kind of file on his computer that associated that nickname with the server. How do I do that too?
|
|
#
?
Nov 24, 2010 08:38
|
|
|
Ziir posted:I saw someone SSH into a server typing something like "ssh user@servernickname" instead of putting in a domain or IP address. I'm assuming he edited some kind of file on his computer that associated that nickname with the server. How do I do that too? It was probably something his computer could resolve over DNS as-written. If that's not an option for you, /etc/hosts is the file and it has a couple of examples.
|
|
#
?
Nov 24, 2010 08:42
|
|
|
I discovered GNU screen a few years ago and have been using it to make my Irssi sessions and sometimes my bash sessions detachable. But I haven't been doing anything else with it. Until yesterday, when I realized I could be doing so much more with it. Among other things, I've set the splitscreen caption to always show and customized it a bit to show the time, my current screen number, and the other screens in my session. But I just have one teensy little problem. The caption line would be a lot less intrusive at the top of my screen. Is there any way to move it, or will I have to figure out some other method? While Googling around I found a few references to statuses at the top of screen sessions, but I'm obviously overlooking the command to do it in the man page. 
|
|
#
?
Nov 24, 2010 09:30
|
|
|
Ziir posted:I saw someone SSH into a server typing something like "ssh user@servernickname" instead of putting in a domain or IP address. I'm assuming he edited some kind of file on his computer that associated that nickname with the server. How do I do that too? There you can add stuff like code:Of course, it'll work with scp too! 
|
|
#
?
Nov 24, 2010 09:59
|
|
|
Ziir posted:I saw someone SSH into a server typing something like "ssh user@servernickname" instead of putting in a domain or IP address. I'm assuming he edited some kind of file on his computer that associated that nickname with the server. How do I do that too? He's probably got domain or search in his /etc/resolv.conf for the domain the server is in, but he could also have a entry in /etc/hosts or ~/.ssh/config for that name (or a shell alias or a special executable or...).
|
|
#
?
Nov 24, 2010 09:59
|
|
|
FeloniousDrunk posted:I'm exactly halfway through the RH131 course (Red Hat System Administration). I apparently have to option to write an exam at the end of this for an additional $400 to become a "Red Hat Certified Technician". Would that be in any way worth it? I have a stable job, but you never know.
|
|
#
?
Nov 24, 2010 15:05
|
|
|
elite burrito posted:What did you change the TCP timeout to? For this to work, it needs to be greater than the interval at which the irc server pings you (more specifically, greater than the longest interval between any two packets that will match the firewall rule allowing you to connect to the IRC server). Ninja Rope posted:Maybe dd-wrt is removing state table entries after a period of time that is less than the interval between irc server ping attempts. I'm about 90% sure this isn't the case, as irssi's max_lag_before_disconnect (which seems to be driving the ping timeout disconnects) is set to 5 minutes, while the current TCP timeout in dd-wrt is set to 3600s. I do see that the latest build of dd-wrt I flashed to this router now has a drop-down field for 'tcp congestion control' with a bunch of oddly named schemes - I'll do some digging and see if any apply. Otherwise, I'm starting to blame this on NAT table / translation / redirection issues from the 2wire modem that stands infront of the WNDR3700 router. It' a 3800 series 2wire, the router is in DMZ+ mode, and while dhcp is enabled on the 2wire (so I can easily pop back in to check settings as I try to troubleshoot this) it's on a 172.x subnet - so no risk of oddball collision scenarios I don't think. In regards to 2wire, it does sound like a buddy who works for the telco that provides it is having similar issues, and it may be some level of NAT corruption taking place on that series modem/gateway (as it happens well before the NAT table should be anywhere close to full). If the tcp congestion control schemes don't change anything in DD-WRT, I think it's time to order that static IP I've been putting off and force my ISP to give me a new gateway/modem.
|
|
#
?
Nov 24, 2010 15:12
|
|
|
If state aging is indeed the problem, It doesn't have to do with lag, it has to do with an idle connection. If there is nothing going across the TCP socket, irssi won't see any lag. And if nothing goes over the TCP socket for an hour, your TCP socket will be aged from the state table, and only a SYN packet from you to irc server will be allowed through. Simple way to find out for sure: turn full logging on on irssi, and the next time it happens. check to see if anything has come across in the last hour.
|
|
#
?
Nov 24, 2010 15:19
|
|
|
elite burrito posted:If state aging is indeed the problem, It doesn't have to do with lag, it has to do with an idle connection. If there is nothing going across the TCP socket, irssi won't see any lag. And if nothing goes over the TCP socket for an hour, your TCP socket will be aged from the state table, and only a SYN packet from you to irc server will be allowed through. Wow good idea, not sure why I didn't think of upping the log level for irssi to diagnose. I've bumped TCP timeout to 7200 and I'll try irssi logging as well. edit - ok silly question, what do I need to turn on full logging for irssi to watch for those errors / timeouts? Lukano fucked around with this message at 15:27 on Nov 24, 2010 |
|
#
?
Nov 24, 2010 15:20
|
|
|
Not sure what your network is like in terms of active connections, or your dd-wrt's state table memory page is, but you may see some performance implications from increasing state table timeouts. If you do, you can always switch back and go for the ping script fix (or just idle in a super busy channel). State table performance is likely more of a concern for my 40Gbps firewall than for your dd-wrt though.
|
|
#
?
Nov 24, 2010 15:29
|
|
|
/set autolog_level ALL /set autolog on I think.
|
|
#
?
Nov 24, 2010 15:31
|
|
|
elite burrito posted:/set autolog_level ALL Thanks. Those commands worked at the very least, I'll have to wait and dig through logs should I see the timeouts persist (and/or hope that changing TCP Congestion Control to CUBIC and increasing max TCP connections / timeout a bit fixed the issue - though they haven't in the past). Active connections vary, I'd say a few thousand peak at any given time, with my current count being a pretty meager 200-300 (it is a home network after all) on a 25/3 VDSL line.
|
|
#
?
Nov 24, 2010 15:57
|
|
|
I will be moving more of our Linux systems to use LDAP authentication soon. This question probably isn't a major issue, but it would be good to figure out. Anyway, most of our users have their home on a certain NFS share. Some will have this: /zanyserver/home/username Some will have this: /evilserver/home/username And some will have no home set. Users with an existing home log in and have their home on the NFS share. Users with no home would log in with an error that they have no home, and are dropped in / root with no access to anything. Looking up info on creating a home on log in lead me to some info. So I added this to /etc/pam.d/common-session to create a home on login: code:Is there a way for it to have it not try to create a home on the NFS share? Maybe not "cancel login" even if it fails to make a home? I don't know if I'm explaining this correctly.
|
|
#
?
Nov 24, 2010 21:36
|
|
|
Xenomorph posted:I will be moving more of our Linux systems to use LDAP authentication soon. Maybe you could change required to requisite, sufficient, or optional? I don't know much about PAM, but that would be where I look first.
|
|
#
?
Nov 24, 2010 21:39
|
|
|
FISHMANPET posted:Maybe you could change required to requisite, sufficient, or optional? I don't know much about PAM, but that would be where I look first. 'sufficient' and 'optional' allow it to work! (I don't know why I didn't even think to try that. v___v ) It gives the error about unable to create the directory, and then the user logs in. So, now I'm wondering if I could suppress that error so it doesn't frighten users... I may just drop the whole <i>pam_mkhomedir.so</i> part and make sure homes are set up already. Part of the new server upgrade has to be a more logical and common home structure.
|
|
#
?
Nov 24, 2010 21:48
|
|
|
We're thinking of going with CentOS in our production environment. I know it "strives" for 100% binary compatibility with Redhat, but I'm wondering if that ends up being true in reality. Just wondering if anyone has had issues running software meant for Redhat on CentOS. Sorry if this is a dumb question, I'm a Windows guy (for now)
|
|
#
?
Nov 25, 2010 16:39
|
|
|
Loads of people use CentOS on their servers with no trouble. It's great. Do you have a specific program in mind?
|
|
#
?
Nov 25, 2010 16:41
|
|
|
rt4 posted:Loads of people use CentOS on their servers with no trouble. It's great. BackupExec Symantec Endpoint Protection Bigfix Likewise Also, I was in a meeting yesterday with a PCI compliant IT team and they said that their Redhat rep said they don't need to install Antivirus on the Redhat servers. What is up with that?
|
|
#
?
Nov 25, 2010 17:00
|
|
|
kripes posted:We're thinking of going with CentOS in our production environment. I know it "strives" for 100% binary compatibility with Redhat, but I'm wondering if that ends up being true in reality. Just wondering if anyone has had issues running software meant for Redhat on CentOS. Our "main" servers have ridiculous RHEL licenses so we keep that on them, but we've been moving to using CentOS on newer servers that we don't want to add that extra $5000 bill to, and I've been using it on my clients. We used to have nasty problems with different kernels on fedora/ubuntu clients and our RHEL servers causing NFS issues and crap, but after rolling out Cent to all clients, binary compatibility is great (ran into NFS issues once, but it was a kernel at the server level issue, one patch fixed it up). The only problem we had (years and years ago) was installing maple on a Cent box, but the maple installer did a manual check for an actual RHEL kernel, changing one line in the install script allowed it to be installed and run perfectly. You might have to wait a day or so for some packages to be updated, but 99% speaking, it's RHEL without the graphics or licensing. **edit** My new experience in pain will start soon, since our RHEL/Cent servers do nothing but serve files anymore after some major sweeping DNS changes on campus and us being forces to shutdown email serving/etc. . . so I'm looking to move my linux users to authenticating with AD and mounting home directories off of Windows servers. Should be fun! enotnert fucked around with this message at 17:04 on Nov 25, 2010 |
|
#
?
Nov 25, 2010 17:01
|
|
|
kripes posted:Also, I was in a meeting yesterday with a PCI compliant IT team and they said that their Redhat rep said they don't need to install Antivirus on the Redhat servers. What is up with that? lilbean fucked around with this message at 17:12 on Nov 25, 2010 |
|
#
?
Nov 25, 2010 17:10
|
|
|
lilbean posted:It really all depends on the opinion of the QSA validating your environment when you go for compliance. The spec says all systems need AV, so we just have ClamAV scanning home directories and what not once a day and that was enough for that check mark. I wouldn't risk not having it because of third-hand info (even though it's most likely a complete waste of time). Eh, I'd consider it worth it as long as it's not causing performance issues on the server. Anything it catches is a potential annoyance nipped in the bud.
|
|
#
?
Nov 25, 2010 19:16
|
|
|
Yeah and we already have Symantec Endpoint Protection covering our Windows boxes and additional client licenses are around $30 each, so no big deal really to cover the Linux boxes. Thanks for the replies
|
|
#
?
Nov 26, 2010 04:13
|
|
|
As a followup to my question / frustrations detailed on the last page of the thread ; I dropped DD-WRT from my router (WNDR3700) and replaced it with OpenWRT. Now going on 16hrs since doing so, and haven't dropped from IRC once - no missing IM messages via bitlbee - basically none of the issues I was having previously. So something is still funky with DD-WRT (and/or flashing back to the stock firmware then back to a WRT variant fixed it) for that router.
|
|
#
?
Nov 26, 2010 14:55
|
|
|
I've got a pretty hopeless question... Is there any reason certain programs/daemons would not be able to access the network whatsoever even though everything else is working properly? I've got XBMC-Live running on Ubuntu 10.04 LTS. Internet works perfectly from command line, even as the xbmc user. I have other servers and daemons (smb, deluge) that access the network perfectly, as does SSH from my desktop. But for some reason xbmc-live cannot access the network whatsoever. The XBMC forums (The Least Helpful Place On Earth) are of course useless. The only thing I can think is somewhere in the init scripts (it uses upstart) something is happening that the program is being denied internet access when it starts.
|
|
#
?
Nov 26, 2010 17:57
|
|
|
Rescue Toaster posted:I've got a pretty hopeless question...
|
|
#
?
Nov 26, 2010 22:34
|
|
|
When I, for instance, try to scrape, I see some DNS requests: 192.168.1.5 -> 192.168.1.254 DNS Standard Query AAAA api.themoviedb.org and finally a response: 192.168.1.254 -> 192.168.1.5 DNS Standard Query response CNAME[Packet size limited during capture] But there are never any http (or otherwise) attempts after that point. From what I can see, it's the ubiquitous ipv6 & ubuntu incredibly-slow-web-browsing problem screwing up libcurl. Supposedly setting ipv6.disable=1 in the grub kernel line fixes it. I'll have to test that. EDIT: Yeah it was ipv6. I had it before a long time ago on my laptop. Something about my ISP reporting it supports ipv6 at least partially, so ubuntu always tries that first and chokes unless you disable it completely. Rescue Toaster fucked around with this message at 01:07 on Nov 27, 2010 |
|
#
?
Nov 27, 2010 00:22
|
|
|
kripes posted:We're thinking of going with CentOS in our production environment. I know it "strives" for 100% binary compatibility with Redhat, but I'm wondering if that ends up being true in reality. Just wondering if anyone has had issues running software meant for Redhat on CentOS. CentOS is solid, realistically the only issue that you will run into is a vendor who doesn't want to support their software running on it (which is retarded). But another option that you do have is setting up one redhat box with RHN support as a yum mirror and installing 1305213682148135 unsupported redhat boxes not registered with RHN and pointed at your local yum mirror for updates. You will get security patches slightly faster than with CentOS, and can always buy support for those boxes if you need them, or do the shady move of calling in whatever issue you have on your 1 supported box, just have to be sly about it. As far as antivirus on unix, I have been through Level 1 audits with multiple companies and have never seen that. I did have a QSA one time ask me to show him the evidence of antivirus running on my Cisco switches and Routers. He didn't stay around much longer though. elite burrito fucked around with this message at 13:51 on Nov 27, 2010 |
|
#
?
Nov 27, 2010 13:48
|
|
|
elite burrito posted:I did have a QSA one time ask me to show him the evidence of antivirus running on my Cisco switches and Routers. He didn't stay around much longer though. Peel the McAfee sticker off a laptop at Best Buy, and stick it on your router. SEE?!
|
|
#
?
Nov 27, 2010 15:46
|
|
|
I'm having trouble getting my fresh ubuntu 10.0 installation to utilize my Belkin USB Wireless stick ( Belkin f5d805v6 ). Any ideas?
|
|
#
?
Nov 28, 2010 22:13
|
|
|
spaceship posted:I'm having trouble getting my fresh ubuntu 10.0 installation to utilize my Belkin USB Wireless stick ( Belkin f5d805v6 ). Are you sure that's the right model number? Google doesn't find anything about it. Have you tried just using the Windows driver with ndiswrapper?
|
|
#
?
Nov 29, 2010 00:25
|
|
|
Bob Morales posted:Are you sure that's the right model number? Google doesn't find anything about it. Driver page for the card: http://en-us-support.belkin.com/app/answers/detail/a_id/464 I have not tried that yet, I'll give that a shot - thanks!
|
|
#
?
Nov 29, 2010 01:24
|
|
|
Can anyone recommend a mySQL benchmark package for Linux? Bonus points if it also runs on BSD. I tried to build sysbench and super-smack but they were pretty out of date.
|
|
#
?
Dec 1, 2010 23:01
|
|
|
I bet Phoronix Test Suite supports it.
|
|
#
?
Dec 1, 2010 23:06
|
|
|
The MySQL Benchmark Suite comes with MySQL's source distribution. I don't know what benchmarking MySQL independent of any particular application workload accomplishes other than regression-testing on performance between versions, though.
|
|
#
?
Dec 2, 2010 12:17
|
|
|
Just dropping in to tell everybody that I replaced Adobe Flash with Lightspark and it kicks rear end. Having multiple tabs open with Flash would often bring my browser to a crawl. Lightspark uses OpenGL and multithreading or whatever techno babble and it's so much better.
|
|
#
?
Dec 4, 2010 00:36
|
|
|
rt4 posted:Just dropping in to tell everybody that I replaced Adobe Flash with Lightspark and it kicks rear end. I'll give it a spin whenever I get the time.
|
|
#
?
Dec 5, 2010 12:11
|
|
|
Addendum: it works for most Youtube videos and a few other things, but doesn't work for about half of the sites I've tried by now. It's not reliable enough to replace the default Flash player, but it's really great and fast when it does work.
|
|
#
?
Dec 5, 2010 16:18
|
|
|
|
| # ? Jun 7, 2024 15:36 |
|
|
rt4 posted:Addendum: it works for most Youtube videos and a few other things, but doesn't work for about half of the sites I've tried by now.
|
|
#
?
Dec 5, 2010 20:27
|
|