@scottalanmiller said in Bind Linux Process to Well Known Web Ports When Not Root:

If you have ever tried to run a user space program on Linux with a port below 1024 you know that this is a security problem and you are not allowed to do so. There is a simple fix for this, but it is not well known.

Once you know the binary that you will be using to open the low number (well known) port you can use this command to grant it permission to use these ports without otherwise compromising security.

setcap cap_net_bind_service+ep /my/binary/file

Now you can run your application. This is most commonly used for user space web applications that want to use port 80 or 443 without requiring that you run a reverse proxy in front of them.

Good to know!

I found this as an example of how to use it and also commands to remove the permission:
https://cwiki.apache.org/confluence/display/HTTPD/NonRootPortBinding

The setcap utility seems to be available in the libcap2-bin package on debian distros.

I haven't checked if it's installed by default.

@travisdh1 said in SUSE Manager for managing CentOS and SUSE servers.:

@openit said in SUSE Manager for managing CentOS and SUSE servers.:

Hi there,

Anyone of you ever came across SUSE Manager?

While it is saying open source and it is letting to download evaluation copy with subscription key on email?

I believe SUSE Manager kind product I'm looking, especially for patching CentOS and SUSE servers.

Any clue?

Why not use Ansible or Salt?

These are what I'd generally recommend.

@openit said in Offsite backup and CentOS Upstream - looking for suggestions.:

CentOS Upstream: Isn't okay for Production Servers anymore?

I assume you mean CentOS Stream?

Honestly it is a more viable solution for a Linux server than CentOS ever was as it is no longer so out dated.

But, I would give the entire RHEL ecosystem a wide berth at this point.

@Pete-S said in MariaDB Package Issues While Updating from CentOS 7 to CentOS 8:

But nobody in their right mind...

...uses LTS releases. So we have to accept we are working from a crippled situation anytime that this comes up. It means we are already dealing with politics over function. So knowing that, it should explain why we have to deal with what we have to deal with. Would have been super fast to do a fresh install.

But you'd not do a fresh install of CentOS 8 or Streams if it wasn't for politics. We'd be putting in Fedora, Ubuntu, or OpenSuse. So not getting to do a fresh install is just one artefact of many when doing what's best for the application platform isn't what drives decision making.

@DustinB3403 said in Oracle Linux Installation and performance seems insanely bad:

@Obsolesce CentOS as a product is dead, the alternatives are RHEL or CentOS Stream.

CentOS Stream is a totally different thing. Not what people consider alternatives. It is an alternative in the same way that Ubuntu or Windows is.

The real alternatives that are drop in replacements that work exactly the same and cost the same are Oracle Linux, AlamLinux and Rocky Linux.

@scottalanmiller said in New to Linux Administration: RHEL-Based or Debian-Based OS:

I agree, both is the obvious choice. But to truly answer the question, I'd focus on Ubuntu (not Debian) and then RHEL. Debian is great, but it is Ubuntu specifically that has the market.

Yes, almost the same is never the same as exactly the same.

@gotwf said in SAMIT: IBM Is Killing Off CentOS:

@scottalanmiller Yes. This I know. But this isn't bare metal but rather SmartOS hypervisor in a Triton datacenter. So I presume all is atop ZFS. I never delved deeper so honestly do not know.

Hopefully not, as ZFS isn't all that fast. But you need XFS touching WiredTiger... what's lower in the stack isn't what it is concerned with. You still control your own filesystem regardless of what the datacenter may or may not use elsewhere.

@Pete-S said in How to use firewall-cmd to verify that tcp 80 & 443 is open?:

One thing that would be nice to have, something that I've used on hardware firewalls, is a command that will simulate packets through the firewall rules to see if they will pass or not.
I've not seen something like that for iptables/netfilter.

Not sure about simulating, but you can always send packets at it and use iptables -v to see the counters.

@marcinozga said in Install Skyetel Postcards on CentOS 7:

@scottalanmiller said in Install Skyetel Postcards on CentOS 7:

@marcinozga said in Install Skyetel Postcards on CentOS 7:

@black3dynamite said in Install Skyetel Postcards on CentOS 7:

Still preferred fallocate instead of dd to create a swap file?

dd if=/dev/zero of=/swapfile count=4096 bs=1MiB && chmod 600 /swapfile && mkswap /swapfile && swapon /swapfile && echo "/swapfile swap swap defaults 0 0">>/etc/fstab

Still using swap file? Memory is cheap. I don't recall a server where I created swap partition or swap file.

Memory is NOT cheap, not at all.

It is if you own it. If you rent your hardware, yeah, it adds up.

Even if I own it, throwing away 2-3GB of RAM makes no sense. Now, if I own it, I can easily assign 4GB of RAM then remove it once installed, by why? That's harder to script and still no benefit.

It's a bad habit to see resources as cheap and so waste them just because you can. Extra memory doesn't improve performance, it hurts it (just the tiniest bit). And it's not free, if you always apply twice as much RAM as you use (or four times, here), that gets costly one way or another. Either you wasted money overspeccing in the beginning, or you are stuck buying more now.

@scottalanmiller said in Deploying NodeBB 1.14 on CentOS 8 with MongoDB 4.2:

By default, NodeBB uses the REDIS NoSQL database,

By default, in 1.15.x it uses Mongo

I'm pretty sure it did in the last version I installed also. But that was months ago and I do not recall clearly.

If you install using the above method, it never tells you the random password assigned to your management interface. But no fear, there is a tool that sets that for you and is super, duper easy.

cd /usr/local/lsws/admin/misc sh admpass.sh

It is interactive. And voila.

@JaredBusch said in Deploying NodeBB 1.13 on CentOS 8 with MongoDB 4.2:

You can only remove this line if you are going to host the reverse proxy on the same instance.

No reverse proxy needed if you are going to just look at it locally without going over the network.

Turns out that there was a wildcard A record in DomainA2.com

The last time I set up Graylog I had to configured SELinux.

Allow the web server to access the network:
sudo setsebool -P httpd_can_network_connect 1

Graylog REST API and web interface:
sudo semanage port -a -t http_port_t -p tcp 9000

Elasticsearch (only if the HTTP API is being used):
sudo semanage port -a -t http_port_t -p tcp 9200

Allow using MongoDB default port (27017/tcp):
sudo semanage port -a -t mongod_port_t -p tcp 27017

@stacksofplates said in Installing Hugo Static Website Generator on Linux:

@scottalanmiller said in Installing Hugo Static Website Generator on Linux:

@stacksofplates said in Installing Hugo Static Website Generator on Linux:

@scottalanmiller said in Installing Hugo Static Website Generator on Linux:

However, they don't have any standard Linux install documentation on their website and only show using Homebrew, a MacOS package that essentially no one on Linux uses. Very odd.

I just looked. I'm not sure what you're talking about. The page clearly shows snaps, dnf, apt, pacman, eopgk, and pkg_add for OpenBSD.

https://gohugo.io/getting-started/installing

Completely different than what I got from the same link this morning. I went to that page, clicked on Linux, and they only showed Brewlinux, which isn't even the current name of the system.

Way back machine shows it's been there since at least the 13th.

https://web.archive.org/web/20191113183617/https://gohugo.io/getting-started/installing/

Very weird. I wonder if it was a cache somewhere? I definitely poked around this morning and Linuxbrew was the only thing that it had and had it from every link that I tried on their site.

Finally released!!

@Obsolesce said in UREs Strike InnoDB on MySQL:

@scottalanmiller said in UREs Strike InnoDB on MySQL:

@Pete-S said in UREs Strike InnoDB on MySQL:

Step one is to remove the drives and clone them with dd or recovery tool to a new drive.
You could probably recover 99.9% of the data - if you want.

As you can guess from all of their previous issues, they don't want to pay for any recovery, they just want it magically fixed for free. They don't own any storage onto which to clone it, either.

Then what is the point of any of it? It appears to have zero value to the business.

I said that to them.

I can't read the phrase "kernel panic" without thinking of this tune:

https://www.youtube.com/watch?v=v6zo5zlIPns

The OKD GitHub page for additional details and the main website.

@DustinB3403 said in MySQL MariaDB password reset without knowing the password:

Just still seems weird to have the password in plaintext on in a config file.

has to be somewhere, how else can an application connect? Look at WordPress, for example, you have to enter the password into the application so that the application can connect to the database. Otherwise, the database would have to have no password protection at all or you'd need a human to log in and enter the password every time a database connection was needed (which is normally thousands of times a minute.)