machine A (192.168.100.1) provides resource A on port 8888
machine B (192.168.200.1) needs to access resource A
without modifying machine B (not allowed), create machine C and have any traffic to machine C on port 8888 forwarded to machine A. Then tell machine B that machine C is machine A and nobody is the wiser. None of the examples I found online had this working properly.
I routinely used to transfer data between systems using rsync. Since I wanted the communication to be secure I used ssh-keys, I noticed that my trick for using a command in the key isn't terribly well documented, so here is how I do it...
Goal: Keep /opt/before on machine B in sync with /opt/after on machine A.
On machine A, create an ssh key for this
I was trying to allow a user to sudo to another account and run a specific command. I'm not a fan of getting them to run through su since it doesn't make much sense to involve a third tool in the equation. I could get it working with the following:
theiruser ALL=(runasuser) NOPASSWD:/usr/local/bin/script.sh
The user could run script.sh with sudo -u runasuser /usr/local/bin/script.sh and it worked as expected but if they tried sudo -iu runasuser /usr/local/bin/script.sh they got prompted for a password as the command didn't match.
Trying to fix an issue with snmp, I started by building an snmp module using audit2allow. It kept failing to load, and the error message is a little cryptic...
[root@host thomas]# semodule -i snmp.pp libsepol.print_missing_requirements: snmp's global requirements were not met: type/attribute snmpd_t (No such file or directory).
TIL changing security limits on a running process (increasing nofile max open files without restarting process)
Had an sssd process spinning and using 100% cpu. Did an strace on it and saw that it was complaining about too many open files.
pid accept(24, 0xaddress, ) = -1 EMFILE (Too many open files)
getting the number of open files for the process.
# lsof -p $(pidof sssd_pam) |wc -l 1065
Quick intro to using netcat and gnutls-cli to interact with HTTP, IMAP and SMTP and debug problems.
Talk I gave at puppetconf2013 on using exported resources to dynamically configure your system. Using augeas and concat the examples build up a working dns implementation that is automatic. The system was simplified a lot for the talk but the principles of using exported resources to configure the system is powerful.
I knew this script looked familiar, I just wrote the same script as I wrote almost a year ago. I guess I didn't do a good job getting it on the google's, cause I couldn't find it until I started posting about it...github:pass_to_shadow.py
Maybe this time I'll include some of the code in this post.
accessing files under a mount point (getting at the files that have been obscured by another filesystem mounted on top of them)
This has come up 3 times in the last few days so I thought I'd share it. The situation is that there are files at /var/spool/mqueue that are part of the /var filesystem. But there is also another filesystem mounted at /var/spool/mqueue with it's own files. You want to access the files under the mount but you can't. So, there are two ways around this (in this instance).
Thanks everyone who came to the talks, great conference this year. Thanks to puppetlabs for all the support. Getting better every year, looking forward to next year! (just hope it stays smaller than LISA)