Best posts made by stacksofplates

Out for our anniversary dinner.

@scottalanmiller said:

@johnhooks said:

The "IT Director" at a small cable company I worked for in Florida told me he was trying to "move away" from virtualization. He was complaining because they were "getting slow."

I bet he failed to show any ROI on that move!

Ha he's a disaster. This was the only business in the world with guaranteed income and they still screwed it up. They had a contract with about 6 small HOA's in the area. They were the only cable company allowed to provide cable, internet, and phone (unless it was something like dish). They bragged about their FTTH setup, except they had horribly antiquated equipment that would break if you looked at it sideways.

They were upgrading their Minerva on demand system. Instead of migrating all of the data, they (he) just wiped it clean and installed the new system. So at 2:00 in the afternoon the VOD system went down, all of the movies were gone, and if you were in the middle of a movie too bad. So now the VOD content has to be downloaded again from their providers, BUT all of the old content that won't be released again was gone. So all of the Game of Thrones episodes that were released and weren't being released again were gone.....

They also literally ran their company off of an Access "database" that was designed by some lady who must have thought Access was some fancy spreadsheet application. The database only met the first normal form and that's because it's pretty much impossible to not meet it with a relational database. All of the notes for each address (they kept all of the information on houses as well since they did the installs and had some strange way of doing it) were kept in one memo field on each record. They printed out the actual form in access as work orders and kept paper copies. So when that giant memo clob was corrupted (which happened a good bit for many records) the only data we had was a printed snapshot of that memo field.

In the ordering process. I'll let you know once I get it all done. Prob a couple more months.

That's not really a cure, it just turns it off. The better thing to do is boot into recovery mode by adding rd.break at the end of that same line in the bootloader. Then remount the sysroot directory with mount –o remount,rw /sysroot. Enter /sysroot with chroot /sysroot and completely disable SELinux by setting SELINUX=permissive in /etc/selinux/config. Then creating the autorelabel file in / with touch /.autorelabel. Then exit the chroot. Reboot and let the system and let SELinux relabel everything. Check your logs to make sure there aren't any issues and then finally re-enable SELinux by setting SELINUX=enforcing in /etc/selinux/config. Then reboot again.

Edit: forgot the chroot.

Ha we now have our small intranet and messaging system running off of a raspberry pi.

check your browser history and see if you mistyped the address.

http://arstechnica.com/security/2015/10/xen-patches-7-year-old-bug-that-shattered-hypervisor-security/

How about one of these

I love my safety razor. Smooth shave, and blades are about $0.10 a piece.

Piggybacking off of @scottalanmiller's Jump Box tutorial, I'm going to create a quick tutorial for 2FA on a Jump Box or whatever you would like to use it on.

First create a new Jump Box or use an existing server:

Update the server:

yum update

then install packages:

yum install epel-release unzip fail2ban pam-devel make gcc wget automake autoconf libtool pam-devel qrencode ntp

Download the github repo for Google Authenticator:

wget https://github.com/google/google-authenticator/archive/master.zip

Unzip:

unzip master.zip

Then:

cd google-authenticator/libpam/

Next compile google authenticator:

./bootstrap.sh
./configure
make
make install
ln -s /usr/local/lib/security/pam_google_authenticator.so /usr/lib64/security/pam_google_authenticator.so

Add this line in /etc/pam.d/sshd

auth       required     pam_google_authenticator.so

Next:

sed -r -i 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config

sed -r -i 's/ChallengeResponseAuthentication no/#ChallengeResponseAuthentication no/g' /etc/ssh/sshd_config

Reload ssh:

systemctl reload sshd

Start ntp:

systemctl start ntpd

Finally use this to get the QR code and key

google-authenticator -tdf --rate-limit=3 --rate-time=30 --window-size=17

That's about it. Now you can use 2FA on your Jump Box or whatever server you choose.

I kind of forgot about this. They say you can request a demo now.

https://www.collaboraoffice.com/icewarp-and-collabora-are-working-on-libreoffice-online-document-editing-an-open-source-alternative-to-google-apps-office-365/

Automation and immutable design.

@Minion-Queen said:

Is this day ever going to end?

Can't be over fast enough

I figured this might be a good topic to get deeper into than just chcon -t and chcon --reference.

One other thing that struck me. For some odd reason DNF usually requires the full path to do a provides search. So an easy way to fix that is

dnf provides "*"/command

The asterisk is the wildcard for any path. So an example

[jhooks@megatron ~]$ sudo dnf provides "*"/nslookup
Last metadata expiration check: 3:03:21 ago on Wed Mar 22 16:36:46 2017.
bind-utils-32:9.10.4-2.P3.fc25.x86_64 : Utilities for querying DNS name servers
Repo        : @System

bind-utils-32:9.10.4-2.P3.fc25.x86_64 : Utilities for querying DNS name servers
Repo        : fedora

bind-utils-32:9.10.4-4.P6.fc25.x86_64 : Utilities for querying DNS name servers
Repo        : updates

Had another interview this morning. I think it went OK, the guy said he was happy with it so we will see what happens.

Welcome everyone!

Just got a call from the spice manufacturer for a second interview. Won't hurt to at least do that I guess...

Here's a screenshot. Looks to be working well.

Well left my 2nd interview. Still weird, and it was two hours long....