Done a while ago.
The new authselect tool managed to do all the pam stuff I was interested in via the sssd profile, but if you do want to manually configure pam, you should do so with a custom authselect profile.
For auditd I found a repository with the rulesets they use for OpenSCAP and copied those with some minor modifications.
Nothing more fun than waiting for cloud formation to deploy and waiting for it to tell you whats wrong and then pushing up to Jenkins to wait a while longer.
Periodic reminder that if you put /bin/bash as your shebang I will hunt you down and I will
EOF
uses zsh
still does /bin/bash
what about /usr/bin/env bash
Trying to configure one way trust between a samba ad dc and freeipa is the most infuriating thing Iāve done recently.
Real talk, why are you upset about this?
Oh fuck yeah
--------------------------------------------------------------
Added Active Directory trust for realm "ad.s.my.d"
--------------------------------------------------------------
Realm name: ad.s.my.d
Domain NetBIOS name: AD
Domain Security Identifier:
Trust direction: Trusting forest
Trust type: Active Directory domain
Trust status: Established and verified
Does anyone have access to a AD DC (like a real Windows one, not Samba)? Sambaās kerberos srv records arenāt complete and I want to add the missing one(s).
I just need the output of dig ad.domain.tld" axfr | grep kerberos (feel free to redact the fqdn).
nvm I think I got it
Permissible though some Linux people will complain
Because not everyone has bash in /bin, whereas /bin/sh is a standard shell and a standard location. I often have to convert bash scripts that donāt work on freebsd to portable shell scripts that do by just changing the shebang and occasionally fixing a few silly things like changing [[ tests to [
Ah, 100% understand now.
I guess #!/usr/bin/env bash would be acceptable then?
I wasnāt sure if this was hate for bash or the path. 
Bash is fine if you must. I understand it has advantages. It adds a few extra dependencies but I can live with that. Hard coding paths in the source repo I am not a fan of. I much prefer to have env determine the path in development code, and let the tooling for packaging swap in the appropriate hard path for each distro/os packaging system. This is a common feature in many packaging systems already.
Thatās what I always use.
I donāt use sh because I usually specifically want bash so I can do fun bash things in the curly brackets.
That said, old ass bash on macOS gives me headaches sometimes.
@Eden did you say once that youāve set up a lot of FreeIPA/Idm domain controllers? Have you ever configured a trust with AD?
Iāve got it partially working, but Iām not really sure what all the way working looks likeā¦
Iāve got a few scripts to change. :shame:
This. Unless youāre writing scripts in perl or something, use /bin/sh like god intended.
edit:
I guess bash does have some advantages, but imho if youāre wanting to do more complicated things than basic scripts that basic sh can handle, something like perl, python, etc. is probably a better fit anyhow.
Or powershell
#!/usr/local/bin/pwsh
"hi"My work offers some free courses from Udemy.
So now I have enrolled in the Chef for beginners course 