Linux

rsync between hosts using commands embedded into authorized_keys (ssh-keys)

Submitted by thomas on Tue, 12/03/2013 - 01:44

I routinely used to transfer data between systems using rsync. Since I wanted the communication to be secure I used ssh-keys, I noticed that my trick for using a command in the key isn't terribly well documented, so here is how I do it...

Goal: Keep /opt/before on machine B in sync with /opt/after on machine A.

On machine A, create an ssh key for this

Wordpress category: 
Linux

sudo -iu not working as expected

Submitted by thomas on Tue, 11/05/2013 - 19:24

I was trying to allow a user to sudo to another account and run a specific command. I'm not a fan of getting them to run through su since it doesn't make much sense to involve a third tool in the equation. I could get it working with the following:


theiruser ALL=(runasuser) NOPASSWD:/usr/local/bin/script.sh

Wordpress tag: 
sudo
Wordpress category: 
Linux

semodule - global requirements not met

Submitted by thomas on Thu, 10/24/2013 - 19:21

Trying to fix an issue with snmp, I started by building an snmp module using audit2allow. It kept failing to load, and the error message is a little cryptic...


[root@host thomas]# semodule -i snmp.pp
libsepol.print_missing_requirements: snmp's global requirements were not met: type/attribute snmpd_t (No such file or directory).

Wordpress tag: 
linux selinux
Wordpress category: 
Linux

TIL changing security limits on a running process (increasing nofile max open files without restarting process)

Submitted by thomas on Thu, 10/03/2013 - 00:38

Had an sssd process spinning and using 100% cpu. Did an strace on it and saw that it was complaining about too many open files.


pid accept(24, 0xaddress, [110]) = -1 EMFILE (Too many open files)

getting the number of open files for the process.


# lsof -p $(pidof sssd_pam) |wc -l
1065

Wordpress category: 
Linux

Pages