|
There are two weird things going on in my Fedora + Gnome system. First, when it goes to sleep it wakes up again a few seconds later. There are two monitors, so it's this cycle where one monitor sleeps then the other, then one wakes up with the login screen, then the lock screen moves to the middle of the two monitors and the other wakes up, then the lock screen moves back to just one of the monitors. It's super annoying when I'm meeting someone in my office and the monitors are just flashing on and off. However, it apparently does sleep eventually because when I come into the office in the morning it's not flashing anymore. I've never stuck around long enough to see how this happens though. Second, Gnome gets really slow after it's been running for a few hours. Disabling all my extensions doesn't help, but restarting the shell fixes it. gnome-system-monitor shows 10-20% CPU for gnome-shell. Any ideas?
|
#
?
Apr 28, 2016 18:32
|
|
|
|
| # ? May 29, 2024 00:09 |
|
|
SurgicalOntologist posted:There are two weird things going on in my Fedora + Gnome system. First, when it goes to sleep it wakes up again a few seconds later. There are two monitors, so it's this cycle where one monitor sleeps then the other, then one wakes up with the login screen, then the lock screen moves to the middle of the two monitors and the other wakes up, then the lock screen moves back to just one of the monitors. It's super annoying when I'm meeting someone in my office and the monitors are just flashing on and off. However, it apparently does sleep eventually because when I come into the office in the morning it's not flashing anymore. I've never stuck around long enough to see how this happens though. I've had almost the same thing -- but only on one particular brand, if I used another monitor it worked fine. Switching from DVI to DP also fixed it on the same monitor, so you could try changing that.
|
|
#
?
Apr 28, 2016 22:33
|
|
|
SurgicalOntologist posted:There are two weird things going on in my Fedora + Gnome system. First, when it goes to sleep it wakes up again a few seconds later. There are two monitors, so it's this cycle where one monitor sleeps then the other, then one wakes up with the login screen, then the lock screen moves to the middle of the two monitors and the other wakes up, then the lock screen moves back to just one of the monitors. It's super annoying when I'm meeting someone in my office and the monitors are just flashing on and off. However, it apparently does sleep eventually because when I come into the office in the morning it's not flashing anymore. I've never stuck around long enough to see how this happens though. I get this under Arch so it's not distro specific. My best guess is that it's forgetting that a monitor exists and shifts it to the left or right since it's a single monitor setup now. Doing that makes it freak the gently caress out and unsuspend but when it's unsuspending it recognizes the prior monitor once again. I just disabled suspend since it's a Chromebox, it uses such little electricity and it's fanless as well so when I'm done I just turn the monitors off by hand. I also get the other problem but only after a few days.
|
|
#
?
Apr 30, 2016 14:13
|
|
|
Does the monitor have its own power saving somewhere in the menu? I have a Samsung monitor which does this, and disabling the built-in power saving fixed it
|
|
#
?
Apr 30, 2016 15:34
|
|
|
It has been years since I've done anything linux. Have a rasperry pi 3, and would like to be able to read/write to the pi home directory over samba. I've followed this guide. http://www.daedtech.com/create-a-windows-share-on-your-raspberry-pi/ My smb.conf looks exactly like what is shown in the link.  I can see the share, and open files just fine. I don't seem to have permission to write anything though. I would like to fix that, as the main reason I am setting this up is so that I can edit the files on my local computer.
|
|
#
?
Apr 30, 2016 18:21
|
|
|
Your user IDs aren't mapped. The easiest way to do this is to just use [homes]
|
|
#
?
Apr 30, 2016 19:49
|
|
|
I've got two hard drives in my server with identical directory structures for media (2 2tb hard drives). I just purchased a 6tb drive and would like to consolidate everything onto one drive. The structure is below; there won't be any duplicates in the Movies directories, but some of the TV shows will have seasons on different drives. My plan was to cp everything from drive A to drive C, but how to I merge drive B's files neatly into drive C? There's a possibility that browsing the directories using my Macbook left hidden files around.code:
|
|
#
?
Apr 30, 2016 20:28
|
|
|
rsync does this very easily rsync -a /path/to/a /path/to/c Repeat for b. I like "rsync -avH --progress --stats" if you want to see what it's doing (there are probably short flags for --progress and --stats if you care)
|
|
#
?
Apr 30, 2016 21:20
|
|
|
evol262 posted:rsync does this very easily rsync -aPhSHAX is my preferred rsync invocation: -a: archive: recurse, preserve ownership, permissions, and timestamps, preserve symlinks, and preserve devices and special files -SHAX: options that should be in -a but aren't: preserve sparse files, hardlinks, ACLs, and xattrs -P: equivalent to --progress --partial; show progress information, keep partially transferred files if interrupted, and use those files to resume next time if possible. -h: use human-readable units instead of blocks or bytes for progress There's no short flag for --progress on its own or for --stats, though.
|
|
#
?
May 1, 2016 00:06
|
|
|
evol262 posted:rsync does this very easily
|
|
#
?
May 2, 2016 04:06
|
|
|
What's a good way to automatically reconnect to ssh sessions when I open my laptop and the wifi reconnects? I'm sure I used to use autossh for exactly this, but it's not working for some reason - the connection just freezes and I have to close the terminal window completely (as opposed to regular ssh which just disconnects with the "broken pipe" message). Unless I'm missing an option somewhere? This is on the new Ubuntu 16.04 with the default gnome terminal app.
|
|
#
?
May 2, 2016 15:54
|
|
|
fuf posted:What's a good way to automatically reconnect to ssh sessions when I open my laptop and the wifi reconnects? try mosh
|
|
#
?
May 2, 2016 16:02
|
|
|
fuf posted:What's a good way to automatically reconnect to ssh sessions when I open my laptop and the wifi reconnects? I use mosh. It's wonderful, although ssh has more features.
|
|
#
?
May 2, 2016 16:08
|
|
|
Thanks, mosh seems cool.
|
|
#
?
May 2, 2016 17:35
|
|
|
If you really liked Arch Linux and really hated Debian, what would you want to run on a fleet of ~300 servers? (Is it FreeBSD?) I want a simple distribution with a simple package manager, but more stability than a rolling release.
|
|
#
?
May 3, 2016 19:27
|
|
|
xtal posted:If you really liked Arch Linux and really hated Debian, what would you want to run on a fleet of ~300 servers? (Is it FreeBSD?) CentOS/RHEL.
|
|
#
?
May 3, 2016 19:28
|
|
|
RFC2324 posted:CentOS/RHEL. Seconded. You want 10 year support cycles and attention to security? You got it.
|
|
#
?
May 3, 2016 20:18
|
|
|
xtal posted:If you really liked Arch Linux and really hated Debian, what would you want to run on a fleet of ~300 servers? (Is it FreeBSD?)
|
|
#
?
May 3, 2016 23:25
|
|
|
xtal posted:If you really liked Arch Linux and really hated Debian, what would you want to run on a fleet of ~300 servers? (Is it FreeBSD?) The question is "how are you going to manage ~300 servers?" If you're gonna redeploy everything from containers or whatever (or new AMIs/glance/whatever), configure the hosts with cloud-init and/or some CM system, the answer is very different than it would be if you're managing ~300 "traditional" servers, where Arch/coreos/Alpine/etc would frankly be a nightmare
|
|
#
?
May 4, 2016 03:19
|
|
|
Odd question: At 5:30p yesterday, my cron job notification emails from one of my servers started coming in as 'tech@mydomain.com; on behalf of; Cron Daemon <root@mydomain.com>' instead of just from 'tech@mydomain.com' It runs postfix, it's an Ubuntu 12.04 server. I didn't change anything yesterday at all. Probably wasn't even logged into that server. Emails from that server from other things (some php scripts that run etc) didn't change. Would Rackspace have changed something on their end (our email provider). The other weird thing is in the email headers there is one new line: Sender: tech@mydomain.com That line was never there in the earlier emails. Weird. Oddly enough 'last' told me wtmp didn't exist so I had to re-create that. I only noticed because my Outlook rule wasn't putting all those in the 'Cron Jobs' folder, they were flooding my inbox all evening. Any idea what would cause this? I looked at all the files that changed in the last 24 hours and nothing looked odd.
|
|
#
?
May 4, 2016 15:02
|
|
|
I  'd recently and I have to return my current work laptop. The hard drive inside it, though, is mine so I don't have to scramble too quickly to back up my Linux stuff.How feasible is it to drop an existing Linux install into new hardware? My Windows experience tells me it's best to do a clean install of an OS when you change up hardware, is that a good rule for Linux too? I have / and /home on separate partitions so it wouldn't be a big deal to reinstall, I'm just worried about losing my PPAs and other customizations that don't reside in /home. IAmKale fucked around with this message at 16:34 on May 4, 2016 |
|
#
?
May 4, 2016 15:18
|
|
|
IAmKale posted:I Bringing the old disk up on new HW has been pretty straightforward for me. Your network interfaces might get incremented/renamed which can be a little speedbump, but nothing too tricky. My (pre-systemd) cheatsheet has about whacking /etc/udev/rules.d/70-persistent-net.rules for example.
|
|
#
?
May 4, 2016 16:15
|
|
|
IAmKale posted:I Linux is flexible on this. The only problems you are likely to see are device names changing, and possibly xwindows having an issue because of a video driver not working.
|
|
#
?
May 4, 2016 16:19
|
|
|
So I'm running Gentoo ~amd64 and want to fart about with wayland. I've set the wayland useflag and am running the kde overlay with sddm as my login manager and plasma 5 as my main DE. I get offered Plasma (wayland) as a possible login session, but logging in to it just gets me a blank screen and then I have to restart sddm to get a login screen back. Using Weston does work, but is, well, kinda pointless. The laptop is a Skylake system with nVidia optimus, but for now I'm just running the i915 driver and not even bothering with nVidia. Any ideas where I should start looking?
|
|
#
?
May 5, 2016 17:01
|
|
|
evol262 posted:I only have a small deployment, but I really, really like it. Dogtag is nice if you need smartcard/yubikey/whatever support, but it's somewhat bloated and doesn't move very fast. I don't know any caveats for cfssl, but if I were starting a new deployment for a large environment, it'd be on a short list Is it possible for a single cfssl API server to run several intermediate CAs (obviously, with their own certificates), or am I running several container instances?
|
|
#
?
May 6, 2016 20:30
|
|
|
So I leased a dedicated server for a few months to play around with. I want to set it up with nzbget (usenet downloader), a plex server, and openvpn for now. I have a few questions. I'm running the latest version of CentOS 7 by the way. Is there a best practice partitioning guide for setting up a server? On my own boxes I've always just followed what the RHEL install guide suggests: a 500 MB /boot, 10 GB /, a /home partition, and a 4 GB swap partition, in that order. The RHEL guide also recommends xfs over ext4. I've always stuck with ext4 since I don't know any better. Should I bother futzing around with more partitions, logical or llvm partitions, RAID partitions? I consider all the data on this box expendable and I wouldn't lose any sleep over anything breaking. A lot of security guides recommend or mention installing fail2ban to lock down ssh, but I noticed this wasn't in the official CentOS repositories but in the EPEL repository. Since CentOS/RHEL is used for servers I thought that was kind of odd because why wouldn't there be an "official" thing for ssh security? Is there a different tool that's recommended instead of fail2ban, or is this really the gold standard and there's some reason why it's not a part of the official repository? Speaking of fail2ban, it looks like it wants to install firewalld. I've never really heard of firewalld before, but I have heard lots about iptables which I thought was the gold standard. Again back to the previous question, if fail2ban isn't part of the official repository in an OS used primarily for servers, and if it wants me to install a non-standard firewall, that seems odd. Basically should I be using firewalld or iptables? Last question for now: It is my understanding that if I'm running a server, it's in my best interest to compartmentalize my different servers/processes (daemons?). This is for security but also resource allocation. A few pages ago I asked about docker and what it did for me as a simple user to which the answer is apparently nothing, but if I'm setting up a server then I guess I'd want to use docker to keep my nzbget, plex, and openvpn servers separated from each other right? Like I can have nzbget running in a docker container downloading files to say /home/user/downloads, and then have plex running in it's own docker container but with read access to /home/user/downloads, all the while I'd have openvpn server running in it's own container as well without access to /home/user/downloads and if someone where to break into my openvpn server they wouldn't be able to access anything else on the system. Is that the right idea? Thanks in advance.
|
|
#
?
May 9, 2016 10:04
|
|
|
Boris Galerkin posted:Is there a best practice partitioning guide for setting up a server? A 4 GB swap partition is kind of big, but otherwise fine. A lot of people run servers without any swap. Some swap space is useful so that the OS can page out unused-but-never-needed dirty pages and stuff like that. I personally never bother with more than 1 GB of swap. ext4 is standard and fine for most tasks. xfs is better if you're regularly churning through a bunch of small files. At one time there was greater risk of data loss during crash and power events in xfs than ext3 and even ext4. I don't know if xfs ever adopted ext4's sync on rename/truncate semantics. Personally I'd stick with ext4 for / and only use xfs for a specific data partition, like a news spool (if you were running a news server), assuming you don't just go and use zfs. If the machine doesn't already have hardware RAID, I would setup a RAID 1 mirror of everything to avoid downtime in the event of a disk failure. If you don't care about having to rebuild the machine in the event of a disk failure though, then it's not necessary. LVM is great for systems with many partitions, but see above on partitioning advice. Logical partitions are a hold-over from the MBR partitioning format, which doesn't support EFI or 2 TB+ disks. These days I'd use GPT+LVM or GPT alone, and you probably have to use GPT if it's an EFI machine. Boris Galerkin posted:A lot of security guides recommend or mention installing fail2ban to lock down ssh, The reality is that most RHEL servers don't use fail2ban and run sshd on port 22 with nothing fancy. So long as they have strong credentials they don't get hacked. They might a massive /var/log/btmp though from failed login attempts. Boris Galerkin posted:Basically should I be using firewalld or iptables? Boris Galerkin posted:It is my understanding that if I'm running a server, it's in my best interest to compartmentalize my different servers/processes (daemons?).
Boris Galerkin posted:This is for security but also resource allocation. Boris Galerkin posted:Like I can have nzbget running in a docker container downloading files to say /home/user/downloads, and then have plex running in it's own docker container but with read access to /home/user/downloads, all the while I'd have openvpn server running in it's own container as well without access to /home/user/downloads and if someone where to break into my openvpn server they wouldn't be able to access anything else on the system. Is that the right idea? ExcessBLarg! fucked around with this message at 16:38 on May 9, 2016 |
|
#
?
May 9, 2016 16:22
|
|
|
I already disabled both root and password logins so that's not an issue. I guess if fail2ban and such aren't a big deal then I won't bother with that.ExcessBLarg! posted:Compartmentalization has been all the rage since Docker/containers came out, and VMs generally before that. They're really good for a few things: None of that matters to me. It's just I figured I might as well learn something new (docker) you know? quote:You can already do this, without Docker, using standard user/group permissioning. Give the nzbget user write access to /home/user/downloads (or maybe just /home/nzbget), the plex user read access, and OpenVPN runs as nobody:nogroup by default. Huh, should I be installing/running all those services as a different user?
|
|
#
?
May 9, 2016 16:44
|
|
|
Boris Galerkin posted:Huh, should I be installing/running all those services as a different user?
|
|
#
?
May 9, 2016 16:49
|
|
|
ExcessBLarg! posted:You should, but they may already be by default. I'm not familiar with nzbget and plex, but check "ps aux" to see what user they're running as, and if they're running as root you may be able to change that in their configuration files or in the init scripts. I haven't installed those services yet but thanks. I'll check it out later tonight. To be perfectly clear, I wouldn't/shouldn't have to manually do a useradd plex etc right? It'll just make the user when I set it up (assuming it makes its own user)?
|
|
#
?
May 9, 2016 17:03
|
|
|
Boris Galerkin posted:I haven't installed those services yet but thanks. I'll check it out later tonight. To be perfectly clear, I wouldn't/shouldn't have to manually do a useradd plex etc right? It'll just make the user when I set it up (assuming it makes its own user)? Check to see if it is running as its own user. If not, you will probably need to create an account to run it as.
|
|
#
?
May 9, 2016 17:11
|
|
|
firewalld is just a front end to iptables. i ran fail2ban for a while but it's more of a cosmetic thing to see ips getting banned vs rejected logins. the best thing you can do is disable password logins. also changing the ssh port away from the default will cut down on drive by attempts too.
|
|
#
?
May 9, 2016 18:59
|
|
|
hifi posted:also changing the ssh port away from the default will cut down on drive by attempts too. Definitely do this. I was getting north of 1k attempts/day on the standard SSH port before I switched to a different port.
|
|
#
?
May 9, 2016 22:05
|
|
|
I understand samba 4 is pretty ok at being an active directory style authentication source these days, at least in some ways. Would it be possible to set up a samba machine that auths clients like AD but backends using whatever PAM stack is on the system? In this case I'm asking because there's a setup where TACACS is the main stop for users and it would be neat to allow vcenter to auth against it through a samba server (since vcenter more or less wants to talk to AD). Anyone done something like this? Setting up PAM to auth against TACACS isn't hard and I've set up samba to act as an AD client before, but not as a fake AD server with a random PAM backend.
|
|
#
?
May 9, 2016 23:37
|
|
|
I just found a better option for hosting my server. More ram, hd space, bandwith et al. I'm told the best way to transfer the server is via Rsync. What shouldn't be rsynced over? /dev and /proc?
YouTuber fucked around with this message at 03:12 on May 10, 2016 |
|
#
?
May 10, 2016 01:26
|
|
|
The content on your server is probably all held under a single directory, so just rsync that. You don't want to rsync the entire directory tree. If you have a database or logs or whatever, it's probably held under /var somewhere. If so, you should dump the database to a file, rsync that file, then re-import it into the database on the new server.
|
|
#
?
May 10, 2016 02:09
|
|
|
RFC2324 posted:Check to see if it is running as its own user. If not, you will probably need to create an account to run it as. If you (or anyone) was interested, the nzbget defaults to running the daemon as root but you can easily change that in the configuration file. I made a system user and a services file like this one from the Arch wiki and seems to work just fine. The only thing is that running the daemon opens up a built in webserver for the web client accessible by anyone and the authentication method seems to be a plain text password. Plus if you're in the web client then you can upload your own nzb files and I presume this could be easily abused. So as soon as I saw nzbget was working I shut it down overnight until I figured out how to deal with this. I'm thinking of the following firewall setup: - allow ssh from all incoming but with only public key authentication - allow vpn from all incoming but with only public key authentication (that's a thing, right?) - allow access to nzbget et al. only from the internal IP address Does that sound about right for basic security? Anyway while we're talking about iptables I was following this guide yesterday and had some questions about the following: code:code:Also what's the point of the match/state flags? Is it just an explicit way to say "only accept this input if the connection to port 22 is new?" What does established mean in this case? If I only had the NEW state flag set then would iptables just drop all ssh commands from me other than the initial one to connect? (Feel free to point me to a basic tutorial if I'm asking too many stupid questions. I've tried googling but unfortunately a lot of the websites and such I find just say "do this!" and doesn't really explain anything which doesn't help, and man iptables doesn't tell me anything about the states.)
|
|
#
?
May 10, 2016 08:37
|
|
|
That firewall script is overspecified and unnecessarily complex. You're right that the DROP commands are redundant, and specifying the source port of the incoming connection is pretty pointless. Honestly you can get away with something as simple as:code:The "-m state --state ESTABLISHED,RELATED" bit enables connection tracking and is necessary to allow incoming packets for connections that originate on your server, otherwise you never get any trafffic back. Although it looks cryptic, it's found pretty much in every default-deny iptables policy.
|
|
#
?
May 10, 2016 13:59
|
|
|
Xenomorph posted:Apparently I may have switched to 4.2/4.3 after it was broken - possibly by the very security update I was going for (Badlock). Anyone following this (come on, it can't just be me here) should be relieved to know that this was fixed in Samba 4.2.12, 4.3.9, and 4.4.3 (May 2nd). (https://bugzilla.samba.org/show_bug.cgi?id=11872)
|
|
#
?
May 10, 2016 16:53
|
|
|
|
| # ? May 29, 2024 00:09 |
|
|
So, this morning my VMWare Ubuntu guest would autoresize the resolutoin when I resized the VMWare window. Then this happened: 1. Booted the VM with a gparted live cd and resized some partitions. 2. Booted the VM back into Ubuntu. 3. Will no longer autoresize the resolution when I resize the VMWare window. 4. Will only go up to a resoltuoin of 1360x768...even if I press the VMWare fullscreen button. It definitely used to resize it to 1920x1200 at this point. How do I get back the old behavior?
|
|
#
?
May 10, 2016 20:45
|
|
