Has anyone encountered an issue where the "date" command displays the correct timezone (with correct date/time), but yet the timezone appears incorrect in other areas? For example, the server in question runs Tomcat, and the Tomcat application is pulling the time as if the timezone was set to GMT.
I ran yum update last night which seems to be the issue. It upgraded the following packages:
If I do "yum history undo [latest history id here]" the problem goes away.
Any ideas?
I think this may be a long shot, but worth a try!
Does anyone know how to add the Zimbra GAL as an LDAP address book in Evolution? The following article exists to show how to set this up for multiple mail clients (sadly excludes Evolution), and I cannot seem to adapt any of the examples to Evolution.
https://wiki.zimbra.com/wiki/Mail_Client_LDAP_Configuration
Any ideas? I'd love to get this working as a possible alternative to Outlook for our users.
Alright, I posted to the Zimbra Forums. Once my post is approved by a moderator I'll link it here.
Yes yes, I know, Server 2003 was EOL-ed over a year ago...but it gets worse. So read on. 
I have an ancient application that was set up on a Server 2003 box (which I've at least converted to a VM). However, it is joined to our old NT4 domain (told ya it gets worse). This application was poorly written and you need to log in as a user and leave the server component running (it does not run as a service).
That's fine and dandy, but the person who originally set this up did everything under the domain admin account!
I'd like to un-join this server from the NT4 domain and join it to our more modern Active Directory domain. Is there a way to preserve the domain admin profile? Basically, have the domain admin of the new domain inherit the profile of the old domain admin account?
Any advice would be much appreciated!
For what it's worth we are working on replacing the application...we have put it in the budget, it's just an unknown when the work will be done. I want to get the NT4 domain out of the mix because 1) well, it's older than shit, and 2) I can turn it off once this server is moved from it.
I think I may go down a less elegant, but something I can put together more quickly, method.
I discovered that once I'm logged into the system (it's web based), I can simply browse to the document retrieval URL and stick the appropriate document ID in said URL. This will spit out said document.
I can script this via Lynx on a Linux VM relatively easily.
All we need to do is dump the desired document IDs to a list that I can then read on the Lynx side and, boom, we'll have the docs to do with as we please.
@travisdh1 said in Reverse Engineer Apache Jackrabbit Setup:
@anthonyh said in Reverse Engineer Apache Jackrabbit Setup:
@dafyre said in Reverse Engineer Apache Jackrabbit Setup:
@anthonyh said in Reverse Engineer Apache Jackrabbit Setup:
I think I may go down a less elegant, but something I can put together more quickly, method.
I discovered that once I'm logged into the system (it's web based), I can simply browse to the document retrieval URL and stick the appropriate document ID in said URL. This will spit out said document.
I can script this via Lynx on a Linux VM relatively easily.
All we need to do is dump the desired document IDs to a list that I can then read on the Lynx side and, boom, we'll have the docs to do with as we please.
You could also browse the database tables and figure out where said document IDs live, that way you can simply pull straight from the DB.
If I could do that, I would. The DB is in no way/shape/form readable by anything other than Jackrabbit. This was just confirmed by the vendor of the system. They actually just suggested exactly what I'm working on doing (after my boss had what he calls a "come to Jesus" moment with them).
Hrm, let me guess, they're storing entire tables of values from PHP in single database columns? That is so very highly annoying, and goes against everything relational databases are supposed to be. I've had bad experiences with this in Drupal myself.
No, it's not doing that. What it's doing kinda makes sense (at least from the limited sleuthing knowledge I have), it's just organized for Jackrabbit and not for a human. There are 6 tables:
GOBAL_REVISION - Not sure what this is, we only have one record here. I believe it has to do with clustering (there are 4 app servers and Jackrabbit runs on each app).
JOURNAL - I believe this is something to do with clustering as well.
BINVAL - Where the documents are stored, I believe. There are two colums, BINVAL_ID and BINVAL_DATA.
BUNDLE - Not sure what this is.
NAMES - A reference table for various object names.
REFS - Empty in our implementation.
From what I've researched, the docs are stored in hexidecimal format. However, when I pull the BINVAL_DATA field for a given record and convert from hex to binary, the file is unreadable. Even if I could successfully convert the doc, the IDs for these records do not correspond to the IDs that we see on the front-end. I have not found any sort of relationship table/list in the front-end database, I suspect it's all done via Jackrabbit.
I'm torn, as I have two thoughts:
Unlimited budget means that I can purchase things I've wanted to learn about and grow my skill set in that regard. Toys, toys, TOYS!!!
Budget constraints means that I'd need to flex my muscles in coming up with good solutions that are inexpensive to implement and maintain. This is something I've done my entire career working in the public sector, there's never enough money for anything so thinking outside the box and stretching resources is what I do allll the time.
Given that in both scenarios the positions are the same...this one is tough. If it was unlimited budget but shitty boss, or no budget and great boss...well...I'd go for good management over funds.
@JaredBusch But that's ok as you can simply farm your work out to contractors. 
Hey All,
I'm using XMLStarlet to work with XML files we process with a partnering agency. Basically, we receive an XML file that contains a base64 encoded PDF. We consume the XML, process the document, then return the document to them.
The process I have put together via a BASH script so far was working out great. However, I just hit a roadblock. I've been testing with the smaller documents (2 page documents). Yesterday I decided to test with one of the larger documents (18 pages). When I go to insert the processed base64 into the XML file, the command bombs.
Here is the command:
xmlstarlet ed -L -u "/efile:EFilingData/cse:DocumentBinary/cse:BinaryObject.Base64" -v "$stampedBase64" $workingDir/$fileName
Here is the error:
/usr/bin/xmlstarlet: Argument list too long
I'm pretty confident the reason is because the $stampedBase64 of an 18 page PDF is a shit-ton long, which means I'm hitting some sort of command length limit of some sort.
Is there any way around this limitation? Is there a way I can feed it a value from a file?
For what is' worth the script is running on a CentOS 6 VM.
@scottalanmiller said in XMLStarlet - Argument List Too Long:
Oh, it is READING the PDFs into the command? I see.
Yep. Sorry for not making that clear.
I think I may have a solution...I haven't tried it yet though. It looks like I can append a value to an element. What I'm going to try is splitting the base64 in half and doing two operations. First, I'll update the element with the first half of the base64, then I'll append the element with the second half of the base64.
Here goes nothing...
And I can officially confirm that my rule now works exactly how I expect it to.
Who would've though you had to type things correctly...
Ok, so the consensus so far for a good baseline is:
TCP 80/443 for all
TCP & UDP 53 for DNS servers
UDP 123 for NTP servers
Anything I'm missing? Any others to consider?
@scottalanmiller said in Firewalls & Restricting Outbound Traffic:
Any need for SSH.
I was thinking about that. I may open it up on a case by case basis starting with my workstation.
@anthonyh said in Firewalls & Restricting Outbound Traffic:
Ok, so the consensus so far for a good baseline is:
TCP 80/443 for all
TCP & UDP 53 for DNS servers
UDP 123 for NTP serversAnything I'm missing? Any others to consider?
UPDATE
TCP 80/443 for all
TCP & UDP 5938 for all
TCP & UDP 53 for DNS servers
UDP 123 for NTP servers
@JaredBusch said in Firewalls & Restricting Outbound Traffic:
@anthonyh said in Firewalls & Restricting Outbound Traffic:
Ok, so perhaps the discussion should be...which ports would you blanket block?
- That's it. And it is blocked on every network I have ever had access to the core router of.
You wouldn't want to force DNS at least, too? I'm liking the idea that DNS requests must be made by my DCs. Maybe it's not necessary.
@scottalanmiller said in Firewalls & Restricting Outbound Traffic:
@anthonyh said in Firewalls & Restricting Outbound Traffic:
@scottalanmiller said in Firewalls & Restricting Outbound Traffic:
@anthonyh said in Firewalls & Restricting Outbound Traffic:
@scottalanmiller said in Firewalls & Restricting Outbound Traffic:
@anthonyh said in Firewalls & Restricting Outbound Traffic:
@scottalanmiller said in Firewalls & Restricting Outbound Traffic:
@anthonyh said in Firewalls & Restricting Outbound Traffic:
@JaredBusch said in Firewalls & Restricting Outbound Traffic:
@scottalanmiller said in Firewalls & Restricting Outbound Traffic:
@anthonyh said in Firewalls & Restricting Outbound Traffic:
@JaredBusch said in Firewalls & Restricting Outbound Traffic:
@anthonyh said in Firewalls & Restricting Outbound Traffic:
Ok, so perhaps the discussion should be...which ports would you blanket block?
- That's it. And it is blocked on every network I have ever had access to the core router of.
You wouldn't want to force DNS at least, too? I'm liking the idea that DNS requests must be made by my DCs. Maybe it's not necessary.
Are there cases for that? Okay. But you already control that in other ways. So I'm unclear what benefit you think that this will provide since you are talking about malware, not your users. Does malware looking things up on your DC provide some value to you?
You cannot force client DNS 100% of the time to be what you want in a BYOD environment. If DNS control is a desire, blocking DNS at the router is the simpler method.
It is unrelated to the blanket blocking discussion as it is a decision the business needs to decide if they need to make or not.
What's the difference between blocking DNS at the router vs firewall? The idea being only permitted DNS servers would be allowed to perform DNS requests to the outside world. Everything on the inside would need to use the on premis DNS servers (aka our DCs).
RIght, if you allow unmanaged devices onto your network, then it could make sense to use LAN security to control access to DNS. But I'd ask.. why do you let uncontrolled devices onto your network?
Basically how I see this is an attempt at LAN based security, while also allowing skipping LAN management for the worst of both worlds mixed together.
Where did I say I let unmanaged devices onto my network?
That was the reason that Jared suggested for why you'd want to block DNS POrt 53. If you don't have unmanaged things on your network, what would blocking it get for you? It only makes sense if you have unmanaged things on the network.
It would force any prospective clients on the network to only be able to use my DNS servers. Sure, everything on the (non-guest) network is managed, and I do my best to keep them all clean, but things happen and I know I'm not the worlds perfect sysadmin.
I guess it's dumb after all.
It would force them not to use Google or whatever. But it would not make them point to your AD. So it would break their access. Which might be what you want, but I'd guess not.
Yes, that'd be what I want. If DNS on a given host is ill-configured, it doesn't work. Exactly the behavior I'd expect.
Expect, but want? Why do you want that? I'd rather fail soft than fail hard. If DNS doesn't work properly, it's an accident. If it is blocked and they can't work at all, it's not an accident any more and IT induced a problem. There are cases where that's preferable, but I'd wager that they are extremely rare. What's your benefit from forcing a more dramatic failure?
It would be brought to our attention and we would fix it. A soft failure may remain soft for an indeterminate amount of time.
I've been given a nice and shiny Dell Precision Tower 5810 as a new workstation at work. It's a really nice box. I was not involved in configuring the build, so it came with one SSD and one HDD. I'd like to add a second HDD and mirror the two. It looks like the onboard Intel RSTe SATA controller supports RAID.
This box will be running Fedora 25.
I've been using MD RAID on my current desktop to mirror two 3 TB HDDs and it's worked fine. This was my only choice since this box (Optiplex 3020) doesn't have any hardware RAID support.
Now that I have a "hardware" RAID option, which should I use? Should I create a RAID 1 volume via the Intel RSTe SATA controller or should I do a software RAID via MD?
Thoughts?
P.S. - I put "hardware" in quotes because I don't know how much the RAID functionality of the SATA controller is really in hardware.
@marcinozga Yeah, after doing some research that is what it is. I stumbled across this and I'm thinking sticking with MD is the way to go.
https://superuser.com/questions/461506/intel-matrix-storage-manager-vs-linux-software-raid
@momurda From what I understand, vgextend is for adding additional volumes to the group. I simply grew the size of the existing volume. When doing this, I haven't ever had to touch anything related to the VG. Besides, if that was the case, wouldn't the LV not grow at all? It most certainly grew from it's original ~18 GiB (don't know what it was in GiB exactly, but it was 18 GB for sure) to the current 67.51 GiB