Tracy Phillips

While in a CentOS OpenVZ virtual machine the other day, I had setup sudo to root and encountered the following message:

[server][user][~]$ sudo su -
Password:
audit_log_user_command(): Connection refused

No harm in that, but it was unpleasant to look at none the less.

It finally got the better of me and I finally decided to go about fixing it.

This bug is in Redhat’s bugzilla located here. The fix is to patch your current version of sudo or use a newer version of sudo than sudo-1.6.9.p13. I opted to install the latest version of sudo as of t his writing, sudo 1.7.

This was a fresh install, so I needed to install a few rpm’s with yum.

[server][root][~]# yum install gcc pam-devel make

Then I did the build

[server][root][~]# wget http://www.gratisoft.us/sudo/dist/sudo-1.7.0.tar.gz
[server][root][~]# tar xzvf sudo-1.7.0.tar.gz
[server][root][~]# cd sudo-1.7.0
[server][root][~]# ./configure
[server][root][~]# make
[server][root][~]# make install

That’s all there was to it. Now you can sudo til’ your hearts content without that annoying little message.

Now I can finally get ready for the Super Bowl party

Just the other day I was moving /home out of the / partition and in doing so I wanted to record all of the actions and output so that I could save them for later user… or to blog about ;)

There are a couple of ways to go about saving all of that output.

The easiest way is to do this is to run the script command

[server][root][~]# script

By default, this creates the output as typescript

If you wanted to change the name of the output file, you would invoke it as

[server][root][~]# script output.txt

or any other file of your choosing.

That starts a recording session that will record what goes on during your terminal session.

If you want to record users shell session from login to exit

In the user’s .bash_profile, put something like

exec /path/to/ttyrec session-log-$(date +%Y%m%d-%H%M)

That will create a log file in the form of session-log-YYYYMMDD-HHMM

Pretty nifty stuff.

On Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5, LVM2 can be configured via the /etc/lvm/lvm.conf file to exclude devices that the volume manager is not allowed to access. To exclude a list of devices, use the filter keyword to specify a list of accessible devices.

An example of the filter keyword is shown below:

[server][root][~]# grep filter /etc/lvm/lvm.conf
filter =[ "a|loop|", "r|/dev/hdc|", "a|/dev/ide|", "r|.*|" ]

Pattern matching is based on the following logic:

• If any name matches any ‘a’ pattern, the device is accepted
• Otherwise if any name matches any ‘r’ pattern it is rejected
• Otherwise it is accepted.

NOTE: Be sure to only specify one filter line in /etc/lvm/lvm.conf since only one filter pattern is expected.

After changes are made to the lvm configuration file, it will be necessary to run the command vgscan in order for the changes to become active. Shown below is an example of running vgscan in extended debug output mode to activate the changes in the configuration file.

[server][root][~]# vgscan -vvvv

You need to run this as root:

[server][root][~]# for user in $(cut -f1 -d: /etc/passwd); do crontab -u $user -l; done

that will loop over each user in /etc/passwd listing out their crontab. The crontabs are owned by the respective users so you will not be able to see another user’s crontab without doing this as root.

Have you ever looked at your email headers to see that sendmail was attaching an X-Authentication-Warning warning because Apache is the sender of an email as a different user other than the system user “apache”?

This is what the email header would look like:

X-Authentication-Warning: mail.domain.com: apache set sender to sales@domain.com using -f

To keep sendmail from adding the warning, you need to setup your apache user as a trusted sender. In my case my apache user is “apache”. Sometimes the user might be called httpd.

You will need to add your apache user to /etc/mail/trusted-users

[server][root][~]# vi /etc/mail/trusted-users

Your sendmail.cf should be ready for that:

[server][root][~]# grep trusted /etc/mail/sendmail.cf
Ft/etc/mail/trusted-users

Otherwise force the trusted user with a line like:

Tusername

If you build your sendmail.cf from sendmail.mc, use:

FEATURE(use_ct_file)dnl

If anyone is looking to implement a NAS type of storage solution, you may want to take a look at Openfiler. Openfiler is kind of a cross between a NAS and a SAN.

*NOTE* Make sure that samba is installed on your box before you begin. Maybe something like yum install samba or aptitude install samba will do it for you.

First make sure that your Linux box can see your Windows box:

smbclient -L 192.168.1.12 -U winuser

Where 192.168.1.12 is your windows box and winuser is the user on your windows box.

Next create the directory that you want to use to mount the windows share:

mkdir /mnt/windows

You could just as easily have mounted it as /usr/local/mywindowsbox. I just like to keep things nice and tidy under /mnt/

Next you will want to actually mount the windows share:

mount -t smbfs -0 username=winuser,password=mypassword //192.169.1.12/:share: /mnt/windows

The previous should all be on one line and :share: is the name of the share on your windows box.

Now your all set… what?… you want it to work automatically after you reboot?

Ok… here goes:

Open up /etc/fstab and put this in:

//192.168.1.12/:share: /mnt/windows smbfs \
user,rw,iocharset=utf8,uid=500,gid=500,fmask=775,dmask=775, \
password=mypassword,username=winuser 0 0

The previous should all be on one line so omit the \ at the end of line 1 and line 2

I was reading the other day about Redhat pushing for XEN support to be included in the kernel. I now see why they were pushing for it so hard. They want to include it in RHEL 5 which is due out late next year. I surely hope they will include some great command line tools to manage XEN with.
read more