Sysadmin Mega Thread

Terraform is the least shitty solution to cloud rollouts.

It’s easier than python scripts but not as powerful.

Oh, which one?

1 Like

Make sure sda2 isn’t your boot partition. It shouldn’t because it need to be at the start of the drive, but i don’t understand why a 1k partition is for :frowning:

visudo opens $EDITOR

1 Like

Will be (im)patiently waiting for when you get to PAM hardening and auditd config.

1 Like

Done a while ago.

The new authselect tool managed to do all the pam stuff I was interested in via the sssd profile, but if you do want to manually configure pam, you should do so with a custom authselect profile.

For auditd I found a repository with the rulesets they use for OpenSCAP and copied those with some minor modifications.

1 Like

Nothing more fun than waiting for cloud formation to deploy and waiting for it to tell you whats wrong and then pushing up to Jenkins to wait a while longer.

Periodic reminder that if you put /bin/bash as your shebang I will hunt you down and I will
EOF

2 Likes

uses zsh
still does /bin/bash

what about /usr/bin/env bash


Trying to configure one way trust between a samba ad dc and freeipa is the most infuriating thing I’ve done recently.

2 Likes

Real talk, why are you upset about this?

2 Likes

Oh fuck yeah

--------------------------------------------------------------
Added Active Directory trust for realm "ad.s.my.d"
--------------------------------------------------------------
  Realm name: ad.s.my.d
  Domain NetBIOS name: AD
  Domain Security Identifier:
  Trust direction: Trusting forest
  Trust type: Active Directory domain
  Trust status: Established and verified

Does anyone have access to a AD DC (like a real Windows one, not Samba)? Samba’s kerberos srv records aren’t complete and I want to add the missing one(s).

I just need the output of dig ad.domain.tld" axfr | grep kerberos (feel free to redact the fqdn).


nvm I think I got it

Permissible though some Linux people will complain

Because not everyone has bash in /bin, whereas /bin/sh is a standard shell and a standard location. I often have to convert bash scripts that don’t work on freebsd to portable shell scripts that do by just changing the shebang and occasionally fixing a few silly things like changing [[ tests to [

1 Like

Ah, 100% understand now.

I guess #!/usr/bin/env bash would be acceptable then?

I wasn’t sure if this was hate for bash or the path. :smiley:

Bash is fine if you must. I understand it has advantages. It adds a few extra dependencies but I can live with that. Hard coding paths in the source repo I am not a fan of. I much prefer to have env determine the path in development code, and let the tooling for packaging swap in the appropriate hard path for each distro/os packaging system. This is a common feature in many packaging systems already.

1 Like

That’s what I always use.

I don’t use sh because I usually specifically want bash so I can do fun bash things in the curly brackets.

That said, old ass bash on macOS gives me headaches sometimes.

1 Like

@Eden did you say once that you’ve set up a lot of FreeIPA/Idm domain controllers? Have you ever configured a trust with AD?

I’ve got it partially working, but I’m not really sure what all the way working looks like…

I’ve got a few scripts to change. :shame:

2 Likes