command line

Switching to systemd-networkd for managing your networking interfaces makes things quite a bit simpler over standard networking scripts or NetworkManager.

I’ve decided to start a series of posts called “Chronicles of SELinux” where I hope to educate more users on how to handle SELinux denials with finesse rather than simply disabling it entirely.

I talked a bit about systemd’s network device name in my earlier post about systemd-networkd and bonding and I received some questions about how systemd rolls through the possible names of network devices to choose the final name.

I’ve written about systemd-networkd in the past and how easy it can be to set up new network devices and tunnels.

For those of you in the market for a cheap webcam for videoconferencing or home surveillance, the Logitech C270 is hard to beat at about $20-25 USD.

The world of containers is constantly evolving lately.

One of the first tools I learned about after working with Red Hat was sysstat.

It seems like everyone is embracing systemd these days.

During one of my regular trips to reddit, I stumbled upon an amazingly helpful Linux I/O stack diagram:

My SANS classmates were learning how to set and recognize file permissions on a Linux server and we realized it would be helpful to display the octal value of the permissions next to the normal rwx display.

The thought of using Linux as a manager in a highly Windows- and Mac-centric corporate environment isn’t something to be taken lightly.

Pairing virt-manager with KVM makes booting new VM’s pretty darned easy.

The confined user support in SELinux is handy for ensuring that users aren’t able to do something that they shouldn’t.

Most of my websites run on a pair of Supermicro servers that I purchased from Silicon Mechanics (and I can’t say enough good things about them and their servers).

It’s been a little while since I last posted about installing Xen on Fedora, so I figured that Fedora 19’s beta release was as good a time as any to write a new post.

While rolling through my RSS feeds, I found a great presentation by David Quigley titled “Demystifying SELinux”.

I’ve converted one of my KVM hypervisors from CentOS 6 to Fedora 18 and now comes the task of migrating my virtual machines off of my single remaining CentOS 6 hypervisor.

This post is a quick one but I wanted to share it since I taught it to someone new today.

Changing my ssh port from the default port (22) has been one of my standard processes for quite some time when I build new servers or virtual machines.

The wheel group exists for a critical purpose and Wikipedia has a concise definition:

After many discussions with fellow Linux users, I’ve come to realize that most seem to disable SELinux rather than understand why it’s denying access.

I dragged out an old Aopen MP57-D tonight that was just sitting in the closet and decided to load up kvm on Fedora 18.

After adding some upgrades for icanhazip.

If you install vpnc via MacPorts on OS X, you’ll find that you have no openssl support after it’s built:

Kristóf Kovács has a fantastic post about some lesser-known Linux tools that can really come in handy in different situations.

I found myself stuck in a particularly nasty situation a few weeks ago where I had two git branches with some commits that were mixed up.

A fellow Racker showed me httpry about five years ago and I’ve had in my toolbox as a handy way to watch HTTP traffic.

One of the handiest tools in the OpenSSL toolbox is s_client.

As promised in my earlier post entitled Kerberos for haters, I’ve assembled the simplest possible guide to get Kerberos up an running on two CentOS 5 servers.

I’ll be the first one to admit that Kerberos drives me a little insane.

I sometimes enjoy living on the edge occasionally and that sometimes means I keep up with OpenStack changes commit by commit.

Regular users of Python’s package tools like pip or easy_install are probably familiar with the PyPi repository.

I used to be one of those folks who would install Fedora, CentOS, Scientific Linux, or Red Hat and disable SELinux during the installation.

Although Citrix recommends against using software RAID with XenServer due to performance issues, I’ve had some pretty awful experiences with hardware RAID cards over the last few years.

XenServer 6 is a solid virtualization platform, but the installer doesn’t give you many options for customized configurations.

It’s no secret that I’m a big fan of the Routerboard devices and the RouterOS software from Mikrotik that runs on them.

If you want to forward e-mail from root to another user, you can usually place a .

Before we get started, I really ought to drop this here:

I’ve floated back and forth between graphical IRC clients and terminal-based clients for a long time.

Fedora 15 was released with some updates to allow for consistent network device names.

SELinux isn’t a technology that’s easy to tackle for newcomers.

I’m using SELinux more often now on my Fedora 15 installations and I came up against a peculiar issue today on a new server.

If you haven’t noticed already, full Xen dom0 support was added in the Linux 3.

Some might call me paranoid, but I get nervous when my package manager automatically removes a kernel.

If you push play, the video should scoot out to about the 14m40s mark where MySQLTuner appears on one of the slides.

I was surprised to see coverage about icanhazip.

As promised in one of my previous posts about dual-primary DRBD and OCFS2, I’ve compiled a step-by-step guide for Fedora.

After reading the title of this post, you might wonder “Why would someone pay for a Mac Mini and then not use OS X with it?

E-mailing a binary e-mail attachment from a Linux server has always been difficult for me because I never found a reliable method to get it done.

My daily work requires me to work with a lot of customer data and much of it involves IP address allocations.

This situation might not affect everyone, but it struck me today and left me scratching my head.

One of the most interesting topics I’ve seen so far during my RHCA training at Rackspace this week is SystemTap.

The guide to redundant cloud hosting that I wrote recently will need some adjustments as I’ve fallen hard for the performance and reliability of DRBD and OCFS2.

The pv command is one that I really enjoy using but it’s also one that I often forget about.

If you offer a web service that users query via scripts or other applications, you’ll probably find that some people will begin to abuse the service.

Diagram: OpenVPN to Rackspace Cloud Servers and Slicehost

As my uptime reports have shown, and as some of you have reported, my blog’s load time has increased steadily over the past few weeks.

On most systems, using Fedora’s preupgrade package is the most reliable way to update to the next Fedora release.

One of the most common questions that I see in my favorite IRC channel is: “How can I secure sshd on my server?

When Twitter was still in its early stages, you could track certain search terms in near-realtime via Jabber.

My curiosity is always piqued when I find new ways to manipulate command line output in simple ways.

NOTE: This post is out of date and is relevant only for GlusterFS 2.

It certainly shouldn’t be difficult, but I always have a tough time with OAuth.

Fedora 13 has quite a few changes related to upstart, and one of the biggest ones is how terminals are configured.

When you need to measure network throughput and capacity, I haven’t found a simpler solution than iperf.

Regardless of the type of hosting you’re using - dedicated or cloud - it’s important to take network interface security seriously.

This problem has cropped up for me a few times, but I’ve always forgotten to make a post about it.

About a year ago, I was introduced to the joys of using irssi and screen to access irc servers.

Thanks to a recommendation from [Michael][1] and [Florian][2], I’ve been using [dsh][3] with a lot of success for quite some time.

One of my favorite (and most used) applications on any Linux machine is screen.

Occasionally, I’ll end up with a mailbox full of random data, alerts, or other useless things.

Most linux distributions use some type of mechanism to gracefully stop daemons and unmount storage volumes during a reboot or shutdown.

Just in case some of you out there enjoy nomenclature and theory behind Linux filesystems, here’s some things to keep in mind.

I recently came across a server that was throwing this error into its message log:

By setting a certain bash environment variable, you can limit which commands are kept in the .

Installing new hardware may mean that new kernel need to be loaded when your server boots up.

Using Linux kernel 3.

If your system abruptly loses power, or if a RAID card is beginning to fail, you might see an ominous message like this within your logs:

Apparently, a recent Red Hat Enterprise Linux update for ES3, 4 and 5 caused some Perl applications to throw errors like these:

Create a strong CSR and private key

I’ve struggled at times to get a decent-looking terminal on my desktop, and I believe I’ve found a good one.

A few days ago, I began to install a group of packages with up2date, and the person next to me was surprised that up2date even had this functionality.

In the event that your system is running out of file descriptors, or you simply want to know what your users are doing, you can review their count of open files by running this command:

With RHEL 5 ditching up2date for yum, many Red Hat users might find themselves confused with the new command line flags.

When you create a CSR and private key to obtain an SSL certificate, the private key has some internal data called a modulus.

When you find yourself in a pinch, and you don’t know the limits of a certain Red Hat Enterprise Linux version, you can find this information in one place.

I hear a lot of complaints about Plesk’s backup routines and how they can bring a server to its knees.

If you find yourself in a pinch and you need a temporary fix when your primary IP is blacklisted, use the following iptables rule:

Should you find yourself in the situation where you’ve forgotten the Urchin admin password, don’t worry.

One question I hear quite often is “how do I add IP aliases in FreeBSD?

Add to /etc/make.

With portinstall:

It can be best to upgrade FreeBSD in an offline state, but if you do it online, you can do it like this:

Making Java keystores at the same time as you create a CSR and key is pretty easy, but if you have a pre-made private key that you want to throw into a keystore, it can be difficult.

If you find yourself stuck with over 30,000 files in a directory (text files in this example), packing them into a tar file can be tricky.

One of the main reasons people like passive FTP is that it’s easier to get through firewalls with it.

If you want to get a really basic, wide-open for localhost setup for SNMP, just toss the following into /etc/snmp/snmpd.

If you find that /dev/null is no longer a block device, and it causes issues during init on Red Hat boxes, you will need to follow these steps to return things to normal:

If you find that memory limits differ between root and other users when PHP scripts are run from the command line, there may be an issue with your php.