The new authselect tool managed to do all the pam stuff I was interested in via the sssd profile, but if you do want to manually configure pam, you should do so with a custom authselect profile.
For auditd I found a repository with the rulesets they use for OpenSCAP and copied those with some minor modifications.
Nothing more fun than waiting for cloud formation to deploy and waiting for it to tell you whats wrong and then pushing up to Jenkins to wait a while longer.
Does anyone have access to a AD DC (like a real Windows one, not Samba)? Sambaās kerberos srv records arenāt complete and I want to add the missing one(s).
I just need the output of dig ad.domain.tld" axfr | grep kerberos (feel free to redact the fqdn).
Because not everyone has bash in /bin, whereas /bin/sh is a standard shell and a standard location. I often have to convert bash scripts that donāt work on freebsd to portable shell scripts that do by just changing the shebang and occasionally fixing a few silly things like changing [[ tests to [
Bash is fine if you must. I understand it has advantages. It adds a few extra dependencies but I can live with that. Hard coding paths in the source repo I am not a fan of. I much prefer to have env determine the path in development code, and let the tooling for packaging swap in the appropriate hard path for each distro/os packaging system. This is a common feature in many packaging systems already.
This. Unless youāre writing scripts in perl or something, use /bin/sh like god intended.
edit:
I guess bash does have some advantages, but imho if youāre wanting to do more complicated things than basic scripts that basic sh can handle, something like perl, python, etc. is probably a better fit anyhow.