#sysadmin
Je vais redémarrer #diaspora-fr pour mettre à jour le noyau linux, l'interruption devrait durer moins de 3 minutes.
Scripted shortcut caused double-click #disaster of #sysadmin's own making
source: https://www.theregister.com/2023/10/09/who_me/
Rather than right-clicking on the script and selecting "Edit" to make his small change, Ricardo had instead executed the script. On his production machine. The machine that stored all of his carefully constructed scripting – not to mention absolutely everything else he needed to do his job.
And of course there was no "Are you sure Y/N?" to save Ricardo's skin, was there? With a fraction of a second, the script merrily started eating away the hard drive … and Ricardo's livelihood.
#software #script #fail #administrator #omg #wtf #configuration
Simplifier la génération de certificats SSL avec Let's Encrypt
https://jolicode.com/blog/simplifier-la-generation-de-certificats-ssl-avec-lets-encrypt
#sysadmin
I'm okay, right? #SysAdmin #SysAdmining
# ls -al friendica/log
total 641075504
drwxr-xr-x 2 friendica friendica 4096 Jan 26 04:47 .
drwxr-xr-x 22 friendica friendica 4096 Feb 20 13:47 ..
-rw-r--r-- 1 friendica friendica 307536 Mar 8 14:35 db_log.sql
-rw-r--r-- 1 friendica friendica 939041091 Feb 19 08:17 debug.log
-rw-r--r-- 1 friendica friendica 521392713728 Mar 8 13:17 error.log
-rw-r--r-- 1 friendica friendica 134123690097 Mar 8 15:01 friendica.log
-rw-r--r-- 1 friendica friendica 1 Mar 25 2019 php.out
-rw-r--r-- 1 friendica friendica 3489792 Mar 7 20:33 slow_queries.log
-rw-r--r-- 1 friendica friendica 1 Sep 17 2020 slow_queries_sorted.log
How to Boot ISO Files From GRUB2 Boot Loader - LinuxBabe
https://www.linuxbabe.com/desktop-linux/boot-from-iso-files-using-grub2-boot-loader
Bonjour tout le monde, un nouveau kernel linux est disponible donc je dois redémarrer #diaspora-fr, la coupure ne devrait durer que quelques minutes.
Bonne journée !
Test de charge d'un Peertube en Live avec Auposte
https://www.octopuce.fr/test-de-charge-dun-peertube-en-live-avec-auposte/
#sysadmin #vidéo
https://f-droid.org/en/packages/juloo.keyboard2
A non-modal, no-nonsense Android keyboard with big ass keys providing all writable characters with swipe gestures, Control/Alt/Tab/Arrow keys, and more. Free As in Freedom software and available from the F-Droid app repository.
#android #F-Droid #Keyboard #development #sysadmin #hacker #FreeSoftware
Installer Rocky Linux 8 dans VirtualBox
https://blog.microlinux.fr/install-rl8-virtualbox/
#sysadmin #virtualisation #formation
Installer un poste de travail Linux
https://blog.microlinux.fr/poste-de-travail-linux-formation/
#sysadmin #opensuse #formation
I just released a new version of ksh (the Korn shell), of which I took on the maintenance in May 2020 after AT&T abandoned it and other community efforts went nowhere. The new ksh 93u+m/1.0.0 has roughly a thousand bugs fixed compared to the last decade-old stable release, as well as a good number of enhancements. It is still highly portable; it builds and runs on every Unix-like system under the sun that is not a complete museum piece (and on some that are).
https://github.com/ksh93/ksh/releases/
#KornShell #ksh #Unix #shell #sysadmin
Had anyone used serverpartdeals.com?
The drives are attractively priced, though I feel would be best placed in a RAID array. What's the risk delta using refurbished vs new drives?
#SysAdmin
Mozilla Firefox is slow even if hardware acceleration is enabled?
Try enabling gfx.x11-egl.force-enabled
in about:config
to force the use of EGL1 and then restart the web browser.
If this works, enabling layers.acceleration.force-enabled
can boost your performance even more by enabling OpenGL alongside EGL. 2
This also works on Flatpak if the security permissions are correct (use Flatseal3 if needed).
Tags: #linux #gnulinux #sysadmin #gpu #gpu-linux #gpuacceleration #egl #opengl #x11 #xorg #mozilla #firefox #hack #flatpak #flatseal
https://www.khronos.org/egl/
https://flathub.org/apps/details/com.github.tchx84.Flatseal
https://linuxreviews.org/HOWTO_Make_Mozilla_Firefox_Blazing_Fast_On_Linux
Gain unprivileged access to an overlapped directory in Flatpak
Issue
/usr
and other hierarchies on the host cannot be accessed from Flatpak, because they conflict with the sandbox. Instead, you are presented with a fake, overlapped filesystem hierarchy. Currently, Flatpak alone has no working options to solve this issue, as configuration overrides have no effect on those special filesystem hierarchies. As Linux does not support directory hard links, this is a serious nuisance!
Solution
Luckily, there is a workaround to safely access the original directory without having root access, if your sysadmin (or you, if you own the system) installed the bindfs
package.
The bindfs
command uses a FUSE filesystem to mirror the contents of a directory to another directory:
bindfs /overlapped ~/.overlapped
If high performance is needed:
bindfs -o multithreaded /overlapped ~/.overlapped
If security (read-only access) is needed:
bindfs -o ro /overlapped ~/.overlapped
Example
TASK: access the documentation on a Debian system from a Flatpak app.
user@localhost:~$ mkdir .doc
user@localhost:~$ bindfs -o ro,multithreaded /usr/share/doc .doc
user@localhost:~$ ls .doc
…will grant you fast, read-only access to /usr/share/doc
by visiting .doc
in your user home.
ls .doc
will list the contents of /usr/share/doc
, while .doc
is not a symlink but a simple directory created by you.
You can now eg. use the Flatpak version of Mozilla Firefox to browse file:///home/yourusername/.doc
and it will let you read the files in /usr/share/doc
, which are normally inaccessible under Flatpak.
Note: this is not an official workaround, I've found by accident. If you know better alternatives please feel free to comment so other users can benefit. Thank you.
Tags: #linux #gnulinux #debian #flatpak #sandbox #virtualization #security #hacking #filesystem #fs #docs #sysadmin #sys #documentation
Solution to a common issue with ELF executables
Are you having difficulty executing a file on 64 bit Linux because the executable crashes yelling it cannot find itself?
$ ls
cat.jpg executable* secret.txt
$ ./executable -argument param -argument2 param
./executable: file not found
This is not an existential issue of your filesystem, instead your system is missing the correct libc for the architecture of the software you are trying to execute.
You can verify it by executing:
$ file ./executable
exeutable: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=11e741041c519dd5aee726c7170d345a6abf542c, not stripped
Modern, standard 64 bits executables will have a binary interpreter under /lib64
(eg. /lib64/ld-linux-x86-64.so.2
) and not /lib
(eg. /lib/ld-linux.so.2
); in addition, the file
utility reports explicitly the architecture at the beginning of the output line.
Now you are sure the executable which cannot find itself requires another ELF interpreter!
SOLUTION: install libc6-i386 using apt and the issue will disappear instantly!
#Debian #Android #Linux #androidstudio #sysadmin #system #tip
I've been using CrowdSec for a few weeks now and it's pretty good, if occasionally a little rough round the edges. I particularly like the console which gives nice visualisations and stats on attack types, countries, ASNs, targets and so on. Dual running with fail2ban, CrowdSec didn't miss any of the usual SSH brute force attempts (in fact it seems to pick up more, out of the box) and the shared community blocklist (currently 11k IPs) is a killer feature.
I haven't turned off fail2ban entirely only because CrowdSec doesn't yet have collections for exim and sendmail - if nobody else adds them I might contribute them myself when time permits. However there's-out-of-the-box setup for lots of other common server apps. The installer does a reasonable job of detecting what's running and configuring it for you on first install, and you can install more collections with a single command.
It's worth remembering to update collections from the hub regularly as new attack detections are periodically added. That's just a couple of commands with cscli
, the provided CLI client, which is the main way of seeing what it's doing and configuring it. I've made a few manual tweaks to the config (YAML) to match my setup (log file locations, and ignoring my own IPs for safety) and that's it.