Archive for the ‘ Linux ’ Category

Allowing sudo command

How to Add Users to Sudo Group

By default, Redhat-based linux has a user group called the “wheel” group. Members of the wheel group are automatically granted sudo privileges. Adding a user to this group is a quick and easy way to grant sudo privileges to a user.

Step 1: Verify the Wheel Group is Enabled

Your CentOS 7 installation may or may not have the wheel group enabled.

Open the configuration file by entering the command:

visudo

Scroll through the configuration file until you see the following entry:

## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

If the second line begins with the # sign, it has been disabled and marked as a comment. Just delete the # sign at the beginning of the second line so it looks like the following:

%wheel        ALL=(ALL)       ALL

Then save the file and exit the editor.

Step 2: Add User to Group

To add a user to the wheel group, use the command:

usermod -aG wheel NewUser

As usual, replace NewUser with the name of the user receiving sudo privileges.

 

 

If the above doesnt work: Add User to Sudoers Configuration File

If there’s a problem with the wheel group, or administrative policy prevents you from creating or modifying groups, you can add a user directly to the sudoers configuration file to grant sudo privileges.

Step 1: Open the Sudoers File in an Editor

In the terminal, run the following command:

visudo

This will open the /etc/sudoers file in a text editor.

Step 2: Add the New User to File

Scroll down to find the following section:

## Allow root to run any commands anywhere
root ALL=(ALL) ALL

Right after this entry, add the following text:

NewUser ALL=(ALL) ALL

Replace NewUser with the username you created in Step 2. This section should look like the following:

## Allow root to run any commands anywhere
root ALL=(ALL) ALL
NewUser ALL=(ALL) ALL

Save the file and exit.

2024
11/20
CATEGORY
Commands
Linux
Write comment

/boot partition is full

On some of our servers, the /boot partition get’s 100% full and then things like yum updates stop working.

Instead of attempting a dangerous and complicated manoeuvre to resize the (boot!) partition we can just take the following steps to stop the /boot partition from filling up in the first place:

Delete all old kernel versions

# dnf remove --oldinstallonly

Then edit the yum conf:

# vi /etc/yum.conf

Update the install limit to 2:

[main]
gpgcheck=1
installonly_limit=2
clean_requirements_on_remove=True
best=True
skip_if_unavailable=False
2024
09/19
CATEGORY
Commands
Linux
Write comment

Locked out of Webmin after IP address changed

Sometimes your provider changes your IP address and if you have IP Access Control turned on, you will not be able to access Webmin anymore. And of course you won’t be able to update your IP address in Webmin if you can’t access it anymore.

So in that case you need to use SSH and edit this config file:

# vi /etc/webmin/miniserv.conf

Look for the line “allow” and edit the IP address(es) as needed:

error_handler_404=404.cgi
error_handler_403=403.cgi
error_handler_401=401.cgi
allow=151.248.55.185 77.109.118.242 80.211.197.221
alwaysresolve=0
libwrap=
trust_real_ip=0
2024
09/06
CATEGORY
Commands
Linux
Security
Write comment

CentOS 8 yum breaks

Doing a yum update, I received this error and the update quit:

Errors during downloading metadata for repository 'appstream':
  - Curl error (6): Couldn't resolve host name for http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=AppStream&infra=stock [Could not resolve host: mirrorlist.centos.org]
Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: Curl error (6): Couldn't resolve host name for http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=AppStream&infra=stock [Could not resolve host: mirrorlist.centos.org]

Because CentOS 8 reached end-of-life, the yum repositories at “mirrorlist.centos.org” stopped working and need to be updated to new CentOS 8 Stream repos.

You can batch edit all the files in /etc/yum.repos.d/ with these commands:

sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo
sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo
sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo

The content of the repo files will change like this:

[baseos]
name=CentOS Stream $releasever - BaseOS
#mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra
baseurl=http://vault.centos.org/$contentdir/$stream/BaseOS/$basearch/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
2024
08/21
CATEGORY
Commands
Linux
Write comment

Gandi servers stuck on reboot (GRUB)

The Gandi servers suck so bad that when you reboot them, sometimes they don’t come back online. If this happens, you need to do this:

  1. Launch the emergency SSH console.
  2. At the GRUB > prompt, enter: 
    configfile (xen/xvda1)/boot/grub2/grub.conf
  3. Select the newest kernel version (at the top) and click “e” to continue with editing.
  4. Scroll to the bottom of the config info and delete the 16 from linux16 and initrd16 
    linux16  /boot/................
initrd16 /boot/................
  5. Next type Ctrl+X to boot the machine up.
  6. Say a prayer and cross your fingers.
2024
01/13
CATEGORY
Linux
Write comment

Enable passive FTP connections in vsftpd

Passive FTP connections rely of the server being able to offer a range of ports to the user. The quantity of ports you need is relative to the number of concurrent users you are expecting to serve. To allow passive FTP, we must first tell vsftpd which ports to use, and then edit the firewall rules to allow connections to those ports.

Edit: /etc/vsftpd/vsftpd.conf

And add:

pasv_enable=Yes
pasv_min_port=12000
pasv_max_port=12100

We then need to modify the firewall to open a range of ports. Ideally, you would restrict access to your own IP address for extra security. On web1 I did this:

-A INPUT -s 12.34.56.78 -p tcp -m tcp -m multiport --dports 12000:12100 -m state --state NEW -j ACCEPT
2021
04/21
CATEGORY
FTP
Linux
Write comment

yum fail: “package is not signed”

I was not able to yum update web1 today because it would get stuck on one package:

Package gandi-hosting-vm2-2.34-1.noarch.rpm is not signed

I then learned I could bypass this by adding the clause: --nogpgcheck to the command:

yum update --nogpgcheck gandi-hosting-vm2

This way that package alone got updated, which meant I could go ahead and launch the full yum update again without failures.

 

2019
12/04
CATEGORY
Commands
Linux
Write comment

Checking a URL redirection via its headers

curl --verbose --head --location windeurope.org/dailywind

Gets you:


* About to connect() to windeurope.org port 80 (#0)
*   Trying 213.167.242.87... connected
* Connected to windeurope.org (213.167.242.87) port 80 (#0)
> HEAD /dailywind HTTP/1.1
> User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: windeurope.org
> Accept: */*
>
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< Date: Wed, 11 Apr 2018 10:18:46 GMT
Date: Wed, 11 Apr 2018 10:18:46 GMT
< Server: Apache
Server: Apache
< Location: https://windeurope.org/dailywind
Location: https://windeurope.org/dailywind
< Content-Type: text/html; charset=iso-8859-1
Content-Type: text/html; charset=iso-8859-1

<
* Connection #0 to host windeurope.org left intact
First redirect is from HTTP to HTTPS
* Issue another request to this URL: 'https://windeurope.org/dailywind'
* About to connect() to windeurope.org port 443 (#1)
*   Trying 213.167.242.87... connected
* Connected to windeurope.org (213.167.242.87) port 443 (#1)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=windeurope.org,OU=Gandi Standard SSL,OU=Domain Control Validated
*       start date: Jan 03 00:00:00 2017 GMT
*       expire date: Feb 18 23:59:59 2020 GMT
*       common name: windeurope.org
*       issuer: CN=Gandi Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR
> HEAD /dailywind HTTP/1.1
> User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: windeurope.org
> Accept: */*
>
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< Date: Wed, 11 Apr 2018 10:18:46 GMT
Date: Wed, 11 Apr 2018 10:18:46 GMT
< Server: Apache
Server: Apache
Second redirect to the Daily Wind sub-page
< Location: https://windeurope.org/about-wind/daily-wind/
Location: https://windeurope.org/about-wind/daily-wind/
< Content-Type: text/html; charset=iso-8859-1
Content-Type: text/html; charset=iso-8859-1

<
* Connection #1 to host windeurope.org left intact
* Issue another request to this URL: 'https://windeurope.org/about-wind/daily-wind/'
* Re-using existing connection! (#1) with host windeurope.org
* Connected to windeurope.org (213.167.242.87) port 443 (#1)
> HEAD /about-wind/daily-wind/ HTTP/1.1
> User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: windeurope.org
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Wed, 11 Apr 2018 10:18:46 GMT
Date: Wed, 11 Apr 2018 10:18:46 GMT
< Server: Apache
Server: Apache
< Set-Cookie: wfvt_1398057934=5acde1079f955; expires=Wed, 11-Apr-2018 10:48:47 GMT; path=/; secure; httponly
Set-Cookie: wfvt_1398057934=5acde1079f955; expires=Wed, 11-Apr-2018 10:48:47 GMT; path=/; secure; httponly
< Set-Cookie: PHPSESSID=v62a1us6nrh5u85vl92mdkb551; path=/
Set-Cookie: PHPSESSID=v62a1us6nrh5u85vl92mdkb551; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
Pragma: no-cache
< Link: ; rel="https://api.w.org/"
Link: ; rel="https://api.w.org/"
< Link: ; rel=shortlink
Link: ; rel=shortlink
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8

<
* Connection #1 to host windeurope.org left intact
* Closing connection #0
* Closing connection #1
2018
04/11
CATEGORY
Apache
Bash
Commands
Linux
Write comment

Fixing locale issues on new Gandi VPS

So we had this problem on the new backup server:

[root@backup jason]# locale
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
LANG=en_US.UTF-8
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=en_US.UTF-8

And I finally fixed it with:

localedef -v -c -i en_US -f UTF-8 en_US.UTF-8

My output is now:

[root@backup jason]# locale
LANG=en_US.UTF-8
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=en_US.UTF-8
2018
01/02
CATEGORY
Commands
Linux
Write comment

Webmin TCP Wrappers

On a Centos installation, perl TCP wrappers aren’t installed automatically. There are some steps you have to go through to enable IP access control in Webmin:

yum -y install tcp_wrappers-devel perl-CPAN perl-devel && perl -MCPAN -e "install Authen::Libwrap"
2017
12/31
CATEGORY
Commands
Linux
TAGS






Write comment