Sysadmin Mega Thread

Friends in high places

Did you guys know you can force password authentication in single user mode?

Take that you fucking lock picking social engineering sleuths. Physical access MY DICK.

It helps to keep a firearm in or around the server closet too. Forgive no one for attacking your systems.

Hmmm, really? Didn’t know that.

We only have about 20 devices, but having a 100 dhcp pool is healthy IMO.

Plenty of space for guests, should I ever have any

I do something similar with my network.

Dream bigger

I assume this is for the home network?
Any reason you don’t want to break a few of those devices into Vlans?

Because I don’t need vlans (yet).

There’s still plenty of address space to where I don’t need to subnet yet.

For network security vlans are on my radar but there are other things ahead in the queue.

1 subnet with pvlans would be the big brain move.

Why not 10.0.0.0/8?

It makes things so much easier.

10.site.vlan.host

You may only be single site at the moment, but… things have a habit of changing. And if you’re on the 10 network you have plenty of scope. 192.168.0.0/16 isn’t big enough for business use imho once you start incorporating VLANs.

edit:
oh, unless this is for home?

At home I just have 10.48.0.0 (I treat my home as just another site I could connect to work - I have 10.4x.0.0 reserved for “test” sites - 10.44.0.0/16 routes to my VM workstation on prep at work for instance) but on premise at home its just almost entirely DHCP on 10.48.2.0/24 apart from my router and switches

Apple ZeroConf /mDNS for the win.

I guess I really dislike 192.168.x.x because its more to type for every damn IP address, only 16 bit in size and if you split it up into a significant number of chunks you need to play with funky net mask sizes and site boundaries aren’t obvious. Not so much an issue at home, but still… I’ve learned with my current employer that things always grow bigger than initially expected - including network address space requirements.

IPv6 takes this thinking to the next level. Minimum suggested subnet size is a /64 to make boundaries clear and unambiguous. Also to make autoconfiguration work… I just don’t see the point in being stingy with subnets like 192.168.x.y forces you to be these days.

Without VLANs, I’d maybe even just use 10.0.0.0/16 at home. Don’t even split into /24s, and use the third octet for device type. Will make your IPs dead simple to remember for static assignment rather than arbitrary numeric boundaries. e.g., you have one printer, 10.0.3.x is printers, its going to be 10.0.3.1, isn’t it? (unless you start your host IPs at 10 or something so you can put VLANs in easier later without having to re-address all your hosts. subnet mask/gateway would need to change, but DNS, firewall rules, etc. would not)

work smarter, not harder

I do exactly this.

Also, I use 192.168.x.x addresses for openvpn site-to-sites. The 2 x’s are the site numbers so you get the 2 addresses you need for the tunnel and a pair of addresses for every combination of sites.

Imagine making a /27 for non-meme purposes.

no 172 love?

i use that sometime when i mistake 127 and 172 … good thing that it not a public ip XD

Reserved for future use?

botnet network?

So here’s a fun one.

What do you do if you see a large amount of disk space in use but when you check the size of the files it doesn’t add up?

Note: this server is a live database host so you can’t just reboot it.

uhhh, IIRC, files can be “deleted” but not yet cleaned out of the FS if there’s still something like a database server still using them.

There are signals you can send the various servers to flush their files, IIRC. Might just be a reload though.

I’ve also seen servers run out of available inodes when there’s a persistent disk cache filled millions of tiny files. It doesn’t fill up the available space per say, but does stop anything that’s running from allocating more space on that partition.

That’s where df -i is helpful.