|
RFC2324 posted:My US based company is converting from Solaris to SUSE. I have no idea why, tbh, I would have expected them to go RHEL, since we already have some RHEL from prior to the decision to move to a Linux platform. You could defend choosing between SEL or RHEL easily, but defending supporting two different linuces? Ehhhh...
|
#
?
Aug 30, 2014 15:56
|
|
|
|
| # ? May 30, 2024 18:57 |
|
|
spankmeister posted:You could defend choosing between SEL or RHEL easily, but defending supporting two different linuces? Ehhhh... I actually officially support Solaris 5, 6, 7, 8, 9, and 10, SEL, RHEL 4, 5 and 6, and I think we have a couple HPUX boxes still active. My company does not update anything if its not forced on us, but we do install new stuff when we do new builds. Some of those solaris 6 boxes have uptimes of over a thousand days, and upper management will not let us even reboot them for fear they will not come back(its happened once with a production critical server since I have been here)
|
|
#
?
Aug 30, 2014 16:03
|
|
|
RFC2324 posted:I actually officially support Solaris 5, 6, 7, 8, 9, and 10, SEL, RHEL 4, 5 and 6, and I think we have a couple HPUX boxes still active. I know this is super pedantic, but there never was a Solaris 5 or 6. There was Solaris 2.5 and 2.6
|
|
#
?
Aug 30, 2014 16:54
|
|
|
evol262 posted:I know this is super pedantic, but there never was a Solaris 5 or 6. There was Solaris 2.5 and 2.6 and even 10 is actually 5.10. Their versioning doesn't match up to what anyone actually calls it.
|
|
#
?
Aug 30, 2014 17:16
|
|
|
It's the same when people say Red Hat 7 or w/e. They mean RHEL 7 but if you want to get anal about it it's not. Nobody really cares, though.
|
|
#
?
Aug 30, 2014 17:18
|
|
|
Except there actually was a Red Hat 7.
|
|
#
?
Aug 30, 2014 17:19
|
|
|
pseudorandom name posted:Except there actually was a Red Hat 7. Exactly, but nobody acutally means that old-rear end release when they talk about Red Hat 7 these days, they mean RHEL.
|
|
#
?
Aug 30, 2014 17:20
|
|
|
spankmeister posted:It's the same when people say Red Hat 7 or w/e. They mean RHEL 7 but if you want to get anal about it it's not. If somebody says Red Hat Linux 7, they mean RHL, not RHEL. At least inside Red Hat.
|
|
#
?
Aug 30, 2014 17:20
|
|
|
RFC2324 posted:and even 10 is actually 5.10. Their versioning doesn't match up to what anyone actually calls it. Sure, in some cases. Nobody calls 7,8,9,10,11 5.anything, but I've never heard anyone talk about Solaris 5/6, either. Maybe it's because the last time I saw 2.6 was in 2003, but there was a very clear distinction between "Solaris 2.x" and "Solaris X" at the time. Also, 5.10 isn't... It's SunOS 5.X, not Solaris 5.X, if we want to keep being pedantic. evol262 fucked around with this message at 18:38 on Aug 30, 2014 |
|
#
?
Aug 30, 2014 18:35
|
|
|
evol262 posted:Sure, in some cases. Nobody calls 7,8,9,10,11 5.anything, but I've never heard anyone talk about Solaris 5/6, either. Maybe it's because the last time I saw 2.6 was in 2003, but there was a very clear distinction between "Solaris 2.x" and "Solaris X" at the time. Holy crap, even the guy I work with who spent 25 years at Sun doesn't call it SunOS.
|
|
#
?
Aug 30, 2014 19:09
|
|
|
RFC2324 posted:Holy crap, even the guy I work with who spent 25 years at Sun doesn't call it SunOS. Because SunOS effectively died with Solaris 2.x, which effectively died with Solaris 7, but "uname" -> 5.11 is SunOS 5.11, not Solaris 5.11. It's Solaris 11. But 5.6 is SunOS 5.6, Solaris 2.6, not Solaris 6. SunOS was a very different thing, but they kept continuity in naming (plus retroactively naming SunOS 4.x Solaris 1.x) to not scare people, despite SunOS and Solaris having different lineages and being basically incompatible. Naming for marketing is hard. SunOS until Solaris Solaris -> SunOS 5 Solaris 2.6 until 2.7 Solaris 2.7 -> Solaris 7 Solaris 11 -> SunOS 5.11 Doesn't matter anyway. Just saying that I've never seen anyone talk about Solaris 5 or 6, and Sun didn't either. They differentiated minor -> major at 7, though there was some talk of making Sol11 Solaris 3.x/SunOS 6.x
|
|
#
?
Aug 31, 2014 00:17
|
|
|
evol262 posted:Because SunOS effectively died with Solaris 2.x, which effectively died with Solaris 7, but "uname" -> 5.11 is SunOS 5.11, not Solaris 5.11. It's Solaris 11. But 5.6 is SunOS 5.6, Solaris 2.6, not Solaris 6. Weird. The handful we still have on 6(which all report SunOS 5.6) all all referred to as Solaris. I don't remember what the one or two that still ran 5 were referred to as other that 'that piece of poo poo again?' You would think a fortune 500 company would want to spend a little on keeping a consistent environment, but noooooo...
|
|
#
?
Aug 31, 2014 00:37
|
|
|
I love Linux version number discussion.
|
|
#
?
Aug 31, 2014 01:32
|
|
|
Suspicious Dish posted:I love Linux version number discussion. It's more fun to plot upgrade naming from RH7.2 to RHEL Server to AS to RHEL to whatever the Fedora Workstation/Server groups turn into downstream in 8
|
|
#
?
Aug 31, 2014 02:15
|
|
|
It's a Beefy Miracle
|
|
#
?
Aug 31, 2014 02:26
|
|
|
I like the really old red hat ones like Mothers Day, Colgate, Cartman, Zoot, Guinness etc...
|
|
#
?
Aug 31, 2014 09:19
|
|
|
I've been accumulating various web-facing services that I run from my Ubuntu PC, for personal use (e.g. RStudio Server, IPython notebook). I access them by specifying a port. They each have their own authentication process, some of which seem more secure than others. The next step, it would seem, would be to have separate URLS for each service, so I don't have to remember the port numbers. Even better would be to handle authentication there so I don't have to implement it separately for each service (is there some way I can use the SSH keys I'm already using? that feel secure). It would also allow me to close all those ports and just use one HTML port, I think. Can someone point me in the direction of what I should be reading to learn the next steps? Is this where Apache comes in? I know very little about this kind of thing, and I really do want to learn myself instead of having someone tell me what to do. But I don't know where to start.
|
|
#
?
Aug 31, 2014 19:41
|
|
|
SurgicalOntologist posted:I've been accumulating various web-facing services that I run from my Ubuntu PC, for personal use (e.g. RStudio Server, IPython notebook). I access them by specifying a port. They each have their own authentication process, some of which seem more secure than others. Check out nginx, it's a web server that's built specifically to 'reverse proxy' to other services like what you want to do. Digitalocean.com has some decent tutorials on setting it up and configuring it too: https://www.digitalocean.com/community/tags/nginx?secondary_filter=popular This one is nodejs-specific but you can ignore that and just check out the nginx configuration: https://www.digitalocean.com/community/tutorials/how-to-host-multiple-node-js-applications-on-a-single-vps-with-nginx-forever-and-crontab As far as authentication goes, the situation kind of sucks. HTTP basic authentication alone is not safe for anything because your password is sent in effectively clear text (it's base64 encoded but that's trivial to decode). HTTP digest authentication is more secure but not many servers support it well (including unfortunately nginx). What a lot of people fall back on is forcing their pages to go over SSL so they're encrypted and then using HTTP basic authentication. That way you've got a basic means of auth and are also secure from people sniffing the connection and getting your password. You have to be careful to make sure your sites are only accessed over SSL though, because if they aren't over SSL then the password is just being sent in the clear. You can configure each nginx path to make sure it redirects to an SSL version if accessed over non-SSL. This does require SSL to be setup which can be a pain, but you might look at cheap/free places to get an SSL cert like startssl.com. You can also generate a self-signed SSL certificate that will work great for encryption but make your browser freak out and throw warnings. Can find info on setting up your own cert with nginx here: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-12-04 If the apps are just for you, I would go the self signed cert route and just ignore the browser warnings. The connection is still encrypted so its secure, it's just that the browser can't verify the server being accessed is the one that generated the SSL cert.
|
|
#
?
Aug 31, 2014 20:07
|
|
|
Excellent, thank you. I've already navigated the SSL stuff and am using a self-signed cert for the IPython Notebook. It sounds like that's the hardest part. Looking into nginx.
|
|
#
?
Aug 31, 2014 20:13
|
|
|
Completely unrelated question. The ~. escape sequence to quit an idle ssh session doesn't seem to work from fish shell. Any idea why? Google turns up nothing.
|
|
#
?
Aug 31, 2014 20:27
|
|
|
I've been playing around with Linux directory solutions the past week or so in my spare time. All I'm really interested in producing is central user account authentication with a secure file-system. I'm purely curious because this is an area of Linux I'm not versed in at all. Here's the things I've tried: OpenLDAP with Debian server/clients. Worked fine, set up some users and then NFS. Put NFS share in client fstab and the users basically get roaming profiles when you map a home directory. Client setup was a breeze. Then I discover NFS basically has zero security, you can root a machine and change your UID and get access to anything. No go. FreeIPA with Fedora server/clients. Works fine for authentication, easiest setup on client/server. Could not get NFS to run kerberized following any guide whatsoever. I'd get as far as everything working and wouldn't be able to remove auth=sys from the NFS export, so it wasn't any better than OpenLDAP. Disappointed that there is no ipa-client for Debian distros either. Samba, Debian server/Deb+Win7 clients. Successfully added a Win 7 machine to the domain, user home directories map to H:. Working on getting a Debian workstation on the domain, but I'm finding it's actually more complex to do a client than setting up the goddamn server was. Anyway, am I missing anything? Am I in over my head or is every directory solution on Linux really this obtuse, complex, and decentralized? The sanest Linux solution for this seems to be just mounting poo poo with sshfs or smb piecemeal. The whole experiment has really made me appreciate that I administer Active Directory for my living. Anything else out there that I should try? babies havin rabies fucked around with this message at 04:29 on Sep 1, 2014 |
|
#
?
Sep 1, 2014 04:27
|
|
|
babies havin rabies posted:I've been playing around with Linux directory solutions the past week or so in my spare time. All I'm really interested in producing is central user account authentication with a secure file-system. I'm purely curious because this is an area of Linux I'm not versed in at all. Here's the things I've tried: Not sure how its implemented, but I know in my work environment root does not actually have access to the contents of an NFS share, and I am unable to remount certain NFS filesystems as root, and this is using an LDAP implementation, so I think you may be missing something there.
|
|
#
?
Sep 1, 2014 06:12
|
|
|
root_squash means your client's root will map to nobody on the nfs server but you can change your uid and access other people's files, yes.
|
|
#
?
Sep 1, 2014 07:49
|
|
|
spankmeister posted:root_squash means your client's root will map to nobody on the nfs server but you can change your uid and access other people's files, yes. This really works in an LDAP environment? I have never tried, outside of su(which I assume is the main flaw in all N*X security, become root and you are EVERYONE) but that seems awful easy, even without gaining root.
|
|
#
?
Sep 1, 2014 08:09
|
|
|
RFC2324 posted:This really works in an LDAP environment? I have never tried, outside of su(which I assume is the main flaw in all N*X security, become root and you are EVERYONE) but that seems awful easy, even without gaining root.
|
|
#
?
Sep 1, 2014 16:35
|
|
|
Misogynist posted:NFS was designed in a time where NFS shares were accessed by restricted, professionally-administered computer labs, not personal computers owned by someone with administrative access. Like most protocols, security was an afterthought. NFSv4 supports NT-style ACLs enforced server-side if you use Kerberos authentication. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s3-nfs-security-hosts-nfsv4.html
|
|
#
?
Sep 1, 2014 16:49
|
|
|
SamDabbers posted:NFSv4 supports NT-style ACLs enforced server-side if you use Kerberos authentication. 
|
|
#
?
Sep 1, 2014 16:56
|
|
|
Misogynist posted:NFS was designed in a time where NFS shares were accessed by restricted, professionally-administered computer labs, not personal computers owned by someone with administrative access. Like most protocols, security was an afterthought. Things i don't miss: running AFS cells. Or writing client code for AFS.
|
|
#
?
Sep 1, 2014 17:02
|
|
|
I was having problems with NetworkManager so I switched to wicd. But I still get disconnected every so often and I don't know why (because I'm generally clueless). Sorry for posting long logs but here is what it looks like when I connect:code:code:
|
|
#
?
Sep 1, 2014 17:33
|
|
|
This doesn't give any indication at all of anything to do with wireless, other than that you connected and wicd's dhclient.conf is probably broken on Ubuntu. But not setting the hostname shouldn't kill your wifi. What happens when it disconnects? Does it reconnect? Does it not? Does it show connected but wifi just doesn't work?
|
|
#
?
Sep 1, 2014 18:09
|
|
|
Thanks for responding. It reconnects and works fine. It disconnects and reconnects every few minutes (sometimes within a minute, sometimes after 30).
|
|
#
?
Sep 1, 2014 19:11
|
|
|
fuf posted:Thanks for responding. It reconnects and works fine. It disconnects and reconnects every few minutes (sometimes within a minute, sometimes after 30). There's no good way to tell from the logs you posted, since it doesn't show a disconnect (or reason for disconnect). Is that the wicd log? What problems were you having with NM? What's your wireless chipset? Signal strength? lspci -kv? iwlist ${nic} scan? (you can cut the last down to just your SSID)
|
|
#
?
Sep 1, 2014 19:18
|
|
|
Yeah that's the wicd log. NM would also disconnect, but when it tried to reconnect it would get stuck on "authenticating" and eventually give up. I would have to turn wifi off and on again. lspci -kv: code:code:fuf fucked around with this message at 19:42 on Sep 1, 2014 |
|
#
?
Sep 1, 2014 19:38
|
|
|
You may want to read through this and try the suggestions.
|
|
#
?
Sep 1, 2014 20:01
|
|
|
I created an EC2 image using Packer, based off of the most recent available paravirtual AMI for Ubuntu 12.04.5. At boot, it hangs waiting for network to become available. If I attach the EBS volume to another system so I can view /var/log/syslog, I see ADDRCONF(NETDEV_UP): eth0: link is not ready, and I never see any subsequent messages about eth0. Any idea what might be up?
|
|
#
?
Sep 2, 2014 05:26
|
|
|
Misogynist posted:Any idea what might be up? Not eth0 thats for sure  But its probably udev persistent network device naming. i.e. the network device gets eth1 and it keeps waiting on an eth0 that doesn't exist. Scrub (empty) the file /etc/udev.rules.d/70-persistent-net.rules (from memory, might be a bit different) and try again.
|
|
#
?
Sep 2, 2014 07:04
|
|
|
fuf posted:Should I install dhcpd? The arch wiki says you shouldn't have dhcpd running alongside wicd (I'm using ubuntu not arch).
|
|
#
?
Sep 2, 2014 15:48
|
|
|
Misogynist posted:I created an EC2 image using Packer, based off of the most recent available paravirtual AMI for Ubuntu 12.04.5. At boot, it hangs waiting for network to become available. If I attach the EBS volume to another system so I can view /var/log/syslog, I see ADDRCONF(NETDEV_UP): eth0: link is not ready, and I never see any subsequent messages about eth0. Any idea what might be up? Serial output for the console may help grab dmesg, at least.
|
|
#
?
Sep 2, 2014 16:05
|
|
|
I almost feel bad asking this question but I really am out of my depth. I have a little Linux server running on an ARM CPU that runs TTRSS with a MySQL server with innodb. Roughly once a week, the MySQL server losses it's mind, declares a page corrupted and then proceeds to restart about once every few minutes to hours, successfully coming back up each time but then hitting the same bad page eventually. Rebooting the machine fixes absolutely everything until it reoccurs (with a different page this time). Using innochecksum doesn't find any problems with the database after a reboot. There aren't any filesystem problems that I can see either (I usually do a sudo touch /forcefsck before rebooting). I don't know what it's issue is. The storage for this machine is an SDcard which I assume MySQL doesn't care for. Here is a snippet from my MySQL error log: code:edit: Mysql version is 5.5.38-0ubuntu0.14.04.1, the database was created originally with a slightly different version I think. edit2: Is my reading that this is mostly likely caused by a hardware error (faulty memory etc) correct? Naffer fucked around with this message at 00:29 on Sep 3, 2014 |
|
#
?
Sep 3, 2014 00:13
|
|
|
|
| # ? May 30, 2024 18:57 |
|
|
What's the most ideal Linux rescue disk and HDD data recovery? Currently I have SystemRescueCd installed on a USB and I'm considering whether or not I should change it.
Titor fucked around with this message at 00:44 on Sep 3, 2014 |
|
#
?
Sep 3, 2014 00:31
|
|
