@scottalanmiller Ah, yes. That would be a more efficient way of doing it. I was too excited from finally gaining some understanding of mount point concepts, I didn't think though the best way to move the data. 🙂

@Dashrender said in Linux: Creating a Filesystem:

I'm assuming LVM will be covered separately - I'm trying to understand what it's purpose is versus just using mkfs.

It will be. And it is unrelated. mkfs and lvm do totally different things. Neither replaces the other in any way.

@thwr said in Kickstart with LUKS:

@scottalanmiller said in Kickstart with LUKS:

@thwr said in Kickstart with LUKS:

@thwr said in Kickstart with LUKS:

But if the server walks, the TPM walks with it and the security has been totally bypassed. In fact, IMHO, if you have the key on TPM and it decrypts automatically on start up and you had to state if the system was encrypted or not, at best you could say "sort of." While you might get away with saying that it is encrypted, if asked the other way "is the data wide open", the answer would also be yes because it's not encrypted when someone looks at it.

Ah, sorry, misunderstood your posting in the first place. Well, that's chicken-egg. You can either have it decrypt automatically or not. If going for automatic decryption, we have to make sure the machine can't decrypt e.g. when it gets stolen or sold.

For this, storing the key on the host alone, even with TPM, may not be enough (don't know enough about TPM at this point. Sealing to system state seems quite safe, but...). Thus, we need to bring in another factor. Let's call it "location awareness", e.g. pulling the actual key from the network and TPM stores just something to authenticate against the "key server". Server offsite -> no decryption.

Past boot, it is up to you to secure the server by traditional means. Strong passwords, no or strongly secured RS232 TTY and so on.

Exactly, something externally has to trust that the system is where it is supposed to be physically so that it will release the key. We considered using this but decided that security trumped downtime and kept the system requiring human intervention and just accepted large downtimes in the event of a reboot.

Agree, downtime due to a misconfiguration, some failure on the network or the key server would be an issue. What if we look at some back approach: If some removeable storage with a key is present at boot, LUKS will use this key. Otherwise, it tries to pull it from the key server as described above? Should be pretty solid and a backup is in place (key on USB stick) in case something goes south.

This surely is an approach for environments requiring a very high level of security, but I like the idea.

I've seen places do that, pop in a key and use that, but you have to trust that people will remove it immediately and store it somewhere.

Looks like that one is working, thanks.

@johnhooks said in Linux: Looking for Large Folders with du:

I've always just used -h for human readable. I never realized -m would give you the MB size.

I have the "advantage" of having learned this stuff before the human readable flag was added 😉

Remember, the issue is NOT a violation of the ZFS licensing, it is a violation (supposedly) of the Linux licensing. It is Linux being violated, not ZFS according to the FSF.

@DustinB3403 said in Using Google Authenticator to Set Up Two Factor Authentication for Linux:

This at all doesn't seem like a bad thing, especially if you're doing this on your own personal systems. Doing this in an organization seems like a crazy step to implement.

Also what happens if you're phone dies, how do you update the authentication device?

There is a hidden file in the root account with the one time use codes and the key for the app. Local console access doesn't require 2FA, only SSH.

If you set it up in PAM correctly that is, I didn't read through this guide. I did one a while ago on here with steps for everything, and doing it that way only requires 2FA codes with SSH, not local console access.

I'm currently finding myself in a bad situation. A customer has Outlook 2013 and is connecting via IMAP to RackSpace email (non Exchange). After their recent upgrade to Windows 10, they discovered that IMAP wasn't syncing things correctly back to RackSpace. They lost all of their sent mail and several people lost random stuff from within folders. It's a very bizarre situation.

They are looking to leave RackSpace now and move to Hosted Exchange/O365.

@DustinB3403 said in Linux: Checking Filesystem Usage with df:

Will there be a topic on "managing inode in linux"

Yes, but it is going to go into an "Advanced Topics" section. Just as LVM and MD will have high level "normal" admin sections and eventually delve much deeper in advanced sections. I want to cover everything in a "normal admin" capacity like you would learn from the RHCE up front. Then go back and cover the nitty gritty details that other admin books don't. So it will basically take two passes but the hope is that the first pass will take you from "starting point" to "competent Linux Admin" then the second part will go where normal admin guides don't tread.

@Ambarishrh said in LAMP replication to DR site:

How about setup MySQL replication to remote site and then enable MySQLdump local backup on the DR site as well with increased frequency than daily ( may be twice a day). This way we have an up to date/latest copy and in case let's say there was a drop table command on master, and primary site failed, I can still switch to secondary, use the latest mysql backup to restore and make it up and running.

Yup, that's what I would do. Get HA and DR all in one setup. Have it take backups 24 times a day if you want. The impact is pretty much zero.

@tonyshowoff said in Linux: Zip and 7Zip:

Sorry if this was mentioned but I didn't see it directly mentioned for clarity:

If your compression is unavailable directly in tar (-J being essentially 7zip, my favourite), you can tar it first (without compression) and then compress the tar, this maintains both Unix metadata and also gives the benefit.

Also, if you compress something already compressed you won't get the best benefit, at least not when it comes to using something as powerful as LZMA/7zip.

I believe that that is mentioned in the tar article.

It doesn't update as "new" when I just update the list. Only if I comment on the thread.

Who knows, everyone is pretty confused by this one.

@Dashrender said in From Windows to UNIX: Monolithic to Modular Design:

I suppose it's less of an issue as well, since Linux Distros are free, you just have another VM running the other software.
Windows, you'd have the Windows tax.

Exactly. A VM or a container or an application jail. Lots of options for mediation if you want the conflicting packages.