@Pete-S said in MariaDB Package Issues While Updating from CentOS 7 to CentOS 8: But nobody in their right mind... ...uses LTS releases. So we have to accept we are working from a crippled situation anytime that this comes up. It means we are already dealing with politics over function. So knowing that, it should explain why we have to deal with what we have to deal with. Would have been super fast to do a fresh install. But you'd not do a fresh install of CentOS 8 or Streams if it wasn't for politics. We'd be putting in Fedora, Ubuntu, or OpenSuse. So not getting to do a fresh install is just one artefact of many when doing what's best for the application platform isn't what drives decision making.

@travisdh1 said in Run ls as another user?: @Pete-S said in Run ls as another user?: @travisdh1 said in Run ls as apache user?: @Pete-S said in Run ls as another user?: What's the easiest way to run ls as the apache user (which you can't login as)? su -u apache ls Did you mean sudo or su? Because you can't do su apache . You get "This account is currently not available.". I know the -u apache is needed to run a command as a user from su or sudo. I'm thinking the issue might be with the apache account being set to nologin in /etc/passwd. Just be sure to change the shell entry in passwd back when you finish up. -u is the user for either, but sudo is a loginless command and su uses login. To use su like you are thinking, you also need -c to make it a single command. Both will work, but only sudo will work for a non-login user like this without the -c

@IRJ said in Notification mail in linux?: @Pete-S said in Notification mail in linux?: Or is email perhaps not a good way to get notifications when there is a problem? Maybe email in this manner is old-skool and it would be better to use something else? Like external log server, system monitoring (Zabbix) perhaps? Yeah I would use SIEM. Then you'd create and manage your alerts from there. You could send to email, slack, etc. You can use postfix for alerting as JB mentioned. I use postfix on the my personal servers because I don't manage enough to justify a SIEM. I thought that SIEM was only used for security monitoring. What SIEMs for example are we talking about for this type of application?

@DustinB3403 said in Oracle Linux Installation and performance seems insanely bad: @Obsolesce CentOS as a product is dead, the alternatives are RHEL or CentOS Stream. CentOS Stream is a totally different thing. Not what people consider alternatives. It is an alternative in the same way that Ubuntu or Windows is. The real alternatives that are drop in replacements that work exactly the same and cost the same are Oracle Linux, AlamLinux and Rocky Linux.

Thanks, guys. It's actually the most logical solution that the ssh client side decides what keyboard layout to use. So maybe I was mistaken then or it was something else that was off. I'll give it try with some different settings to verify how it works.

@scottalanmiller said in New to Linux Administration: RHEL-Based or Debian-Based OS: I agree, both is the obvious choice. But to truly answer the question, I'd focus on Ubuntu (not Debian) and then RHEL. Debian is great, but it is Ubuntu specifically that has the market. Yes, almost the same is never the same as exactly the same.

I believe Ubuntu just announced that 5.10 was coming in 21.04 as well.

@Dashrender said in Best practice security updates linux servers?: saying Well - Johnny is just better employee than you, so I choose to pay him more, that isn't going to make people happy, it will likely make them less happy... You are looking at it from the employer's perspective. Of course it doesn't help the employer. It helps the employee when they can see what X work is worth. If employee 1 makes X for a job, and employee 2 wants to know their own value, they have something to go on. If you don't know what others are paid you have almost nothing to go on. Remember on Spiceworks when loads of people would claim that $65K was the IT industry cap? Imagine if people (and companies) were able to repeat that without anyone speaking up! People would surmise that if $65K is the top for a CIO, that a system admin must cap out at $50K and a helpdesk tech at $9/hr! But in the real world, we know that CIOs make well into the seven figure range, admins can get well into the multiple six figures. Even good help desk leads can hit six figures. If we didn't have others to compare against, it's easy to see people misunderstanding the scope of the industry by an order of magnitude.

@Pete-S said in YouTube Month in Review: December 2020: @EddieJennings Impressive work Eddie! Thanks

Honestly the best thing in my opinion is put k3os on it and run the stuff in a single node Kubernetes cluster. You'll get experience with k8s and the applications use very little resources when deployed this way.

I use it in pfsense router. It works against script kiddies, bots/botnets, at least partially. It's just another layer of security. And like it was mentioned before, it reduces log noise, with almost no effort.

@JaredBusch said in Redirecting feedback from Linux command: @Pete-S Pretty much what I do not want is the status bar from these two commands. fwconsole ma upgradeall fwconsole chown Well, use grep to match for the progress bar then. First output stderr to a file and look in the file. I don't know how the progress bar looks when it's output as a stream of characters. I'm guessing every update is something like 3076094/3076094 [===========>-------------] 60%<CR> In that case grep for every line that doesn't contain a [ followed by a number of =, > or - and finally a ]. So something like: grep -v '\[[=->]+\]' Or maybe even better: grep -v '\[[=->]{28}\]' Above assuming there are always 28 characters inside the brackets in the progress bar. PS. Funny thing but there seems to be a bug in the forum software. I had to use an extra backslash to get the above regex look right \[[=->]+\\] instead of \[[=->]+\] They look right in the preview though.

Tweaked a bit to provide an output file. https://gitlab.com/EddieJennings/bash-general/-/blob/master/find_files_sort_by_filename.sh

@EddieJennings said in Script for Creating VMs from Template VM in KVM: @travisdh1 said in Script for Creating VMs from Template VM in KVM: @EddieJennings said in Script for Creating VMs from Template VM in KVM: @Pete-S said in Script for Creating VMs from Template VM in KVM: Not the exactly the same thing but you might want to look into how to create a VM from scratch. Meaning a script that will set up a VM with vCPU, memory, storage, network etc and then boot it from iso and have it do an unattended install, create what users you want and install the packages you need. That's one of the next things I'm looking into. @EddieJennings Also remember about things like kickstart in RedHat based operating systems. In Fedora/CentOS/RHOS you can use a kickstart file to automatically select all the install time options for the OS. A short time later you've got a fresh server and all the time it took you to setup was running the creation script on your hypervisor. One of the things I'll need to figure out going the Kickstart route is setting the hostname what I want it to be at the time of installation. Likely not difficult to do, I just have to figure it out. Or perhaps, I can just truly take the approach of just making a clean minimal install, and then later configure to whatever specific thing I'm wanting the VM to do for my lab / testing. Inside the kickstart file you'll find something like this: network --hostname=centos8-4.example.com We use debian as our goto and then it's called a preseed file. The only real thing that can be tricky is to tell the installation what kickstart/preseed file you want to use. You can do it in different ways. If you don't want to rely on dhcp/tftp/pxe etc you can roll your own iso file. I think the kickstart file can also be mounted as a drive that the installation will detect when it starts. I think the best approach is to make an automated installation with same basic settings and some of those will get changed later in the installation. For example you can use a fixed hostname that is later changed from ansible.

@scottalanmiller said in ScreenConnect Unable to Start on Fedora 33: @JaredBusch said in ScreenConnect Unable to Start on Fedora 33: @scottalanmiller said in ScreenConnect Unable to Start on Fedora 33: Some updates can cause this to revert, so be aware that you might want to set something up to verify it. What Updates? I have not seen an update to the Linux server version in months. Something that touches that library. ah, Fedora updates.. Understood.

@Dashrender Gotta love Bob-

@warren-stanley said in Asus ZenBook UX334FLC-AH79 with Linux: @scottalanmiller How's the Aspire Linux support working out ? So far, it's been great. Really liking it.

Checkout https://www.nomachine.com/ https://www.nomachine.com/terminal-server https://github.com/UPC/ravada

@travisdh1 said in YouTube Months in Review: July and August 2020: @EddieJennings You've been busy! That I have. I didn't do a practice session for every objective because I ran out of time before the test. But taking the time to talk through most of them was a good way for me to determine if I needed to go back and review details.

@flaxking said in SSL/TLS client certificates questions: Domain name doesn't matter, unless you're signing with a public CA. I'd think self-signed vs internal CA vs public CA would depend on what the authentication mechanism supports and how you have to manage the certificates. (i.e. if there are going to be a ton of them it might be easier for the authentication mechanism just to trust certificates signed by a certain internal CA rather than having to make each certificate trusted. From what I've seen so far, I've come to the same conclusion.

@scottalanmiller said in Installing Laravel on Ubuntu 20.04: @Pete-S said in Installing Laravel on Ubuntu 20.04: @Pete-S said in Installing Laravel on Ubuntu 20.04: @scottalanmiller said in Installing Laravel on Ubuntu 20.04: @Pete-S said in Installing Laravel on Ubuntu 20.04: OK, if you are not running apache or nginx, you should install the php-cli package instead. So that seems to get installed anyway as a dependency on its own. Yes, it does. But by using the php package and not php-cli, you probably got apache installed on your system as well - by dependencies. You could find out by running: apt list --installed | grep apache Or systemctl status apache2 to see if it's running. Even if it was, Laravel uses Artisan's server. I'm guessing they are invoking php's built-in webserver. Regardless, the point is that if you swap php to php-cli in your install guide you don't get apache and other stuff you don't need.

Yeah this is bread and butter for config management tools. You'd either use a template for the config or the lineinfile module for Ansible. Your template would have something like this: PermitRootLogin {{ root_login_enabled }} In it and then you can control which servers allow root login with the root_login_enabled variable.