Linux

Using iptables to proxy a port on a remote machine on a different network

Scenario

machine A (192.168.100.1) provides resource A on port 8888
machine B (192.168.200.1) needs to access resource A

without modifying machine B (not allowed), create machine C and have any traffic to machine C on port 8888 forwarded to machine A. Then tell machine B that machine C is machine A and nobody is the wiser. None of the examples I found online had this working properly.

Wordpress category: 

rsync between hosts using commands embedded into authorized_keys (ssh-keys)

I routinely used to transfer data between systems using rsync. Since I wanted the communication to be secure I used ssh-keys, I noticed that my trick for using a command in the key isn't terribly well documented, so here is how I do it...

Goal: Keep /opt/before on machine B in sync with /opt/after on machine A.

On machine A, create an ssh key for this

Wordpress category: 

sudo -iu not working as expected

I was trying to allow a user to sudo to another account and run a specific command. I'm not a fan of getting them to run through su since it doesn't make much sense to involve a third tool in the equation. I could get it working with the following:


theiruser ALL=(runasuser) NOPASSWD:/usr/local/bin/script.sh

Wordpress tag: 
Wordpress category: 

semodule - global requirements not met

Trying to fix an issue with snmp, I started by building an snmp module using audit2allow. It kept failing to load, and the error message is a little cryptic...


[root@host thomas]# semodule -i snmp.pp
libsepol.print_missing_requirements: snmp's global requirements were not met: type/attribute snmpd_t (No such file or directory).

Wordpress tag: 
Wordpress category: 

TIL changing security limits on a running process (increasing nofile max open files without restarting process)

Had an sssd process spinning and using 100% cpu. Did an strace on it and saw that it was complaining about too many open files.


pid accept(24, 0xaddress, [110]) = -1 EMFILE (Too many open files)

getting the number of open files for the process.


# lsof -p $(pidof sssd_pam) |wc -l
1065

Wordpress category: 

Pages