Terraform is the least shitty solution to cloud rollouts.
It’s easier than python scripts but not as powerful.
Oh, which one?
Terraform is the least shitty solution to cloud rollouts.
It’s easier than python scripts but not as powerful.
Oh, which one?
Make sure sda2 isn’t your boot partition. It shouldn’t because it need to be at the start of the drive, but i don’t understand why a 1k partition is for
visudo opens $EDITOR
Will be (im)patiently waiting for when you get to PAM hardening and auditd config.
Done a while ago.
The new authselect
tool managed to do all the pam stuff I was interested in via the sssd
profile, but if you do want to manually configure pam, you should do so with a custom authselect
profile.
For auditd
I found a repository with the rulesets they use for OpenSCAP and copied those with some minor modifications.
Nothing more fun than waiting for cloud formation to deploy and waiting for it to tell you whats wrong and then pushing up to Jenkins to wait a while longer.
Periodic reminder that if you put /bin/bash as your shebang I will hunt you down and I will
EOF
uses zsh
still does /bin/bash
what about /usr/bin/env bash
Trying to configure one way trust between a samba ad dc and freeipa is the most infuriating thing I’ve done recently.
Real talk, why are you upset about this?
Oh fuck yeah
--------------------------------------------------------------
Added Active Directory trust for realm "ad.s.my.d"
--------------------------------------------------------------
Realm name: ad.s.my.d
Domain NetBIOS name: AD
Domain Security Identifier:
Trust direction: Trusting forest
Trust type: Active Directory domain
Trust status: Established and verified
Does anyone have access to a AD DC (like a real Windows one, not Samba)? Samba’s kerberos srv records aren’t complete and I want to add the missing one(s).
I just need the output of dig ad.domain.tld" axfr | grep kerberos
(feel free to redact the fqdn).
nvm I think I got it
Permissible though some Linux people will complain
Because not everyone has bash in /bin, whereas /bin/sh is a standard shell and a standard location. I often have to convert bash scripts that don’t work on freebsd to portable shell scripts that do by just changing the shebang and occasionally fixing a few silly things like changing [[ tests to [
Ah, 100% understand now.
I guess #!/usr/bin/env bash
would be acceptable then?
I wasn’t sure if this was hate for bash or the path.
Bash is fine if you must. I understand it has advantages. It adds a few extra dependencies but I can live with that. Hard coding paths in the source repo I am not a fan of. I much prefer to have env determine the path in development code, and let the tooling for packaging swap in the appropriate hard path for each distro/os packaging system. This is a common feature in many packaging systems already.
That’s what I always use.
I don’t use sh because I usually specifically want bash so I can do fun bash things in the curly brackets.
That said, old ass bash on macOS gives me headaches sometimes.
@Eden did you say once that you’ve set up a lot of FreeIPA/Idm domain controllers? Have you ever configured a trust with AD?
I’ve got it partially working, but I’m not really sure what all the way working looks like…
I’ve got a few scripts to change. :shame: