Once again, today is the last Friday of July, which means that today is Sysadmin’s Day! Congratulations to all system, network, database, etc administrators out there. Today is your day. I wish you all receive some appreciation from your users and management. Don’t stay in the office for too long. Go out and celebrate!
If you are anything like me and don’t want to disable SELinux upon installation of Fedora Linux, then I have a hint for you.
List all files from
selinux-policy-targeted and look at the output. You will the list of all files in the RPM package. Few of those files are SELinux manuals for better tweaking.
/usr/share/man/man8/ftpd_selinux.8.gz /usr/share/man/man8/httpd_selinux.8.gz /usr/share/man/man8/kerberos_selinux.8.gz /usr/share/man/man8/named_selinux.8.gz /usr/share/man/man8/nfs_selinux.8.gz /usr/share/man/man8/nis_selinux.8.gz /usr/share/man/man8/rsync_selinux.8.gz /usr/share/man/man8/samba_selinux.8.gz /usr/share/man/man8/ypbind_selinux.8.gz
I just fixed two problems easily after looking into the documentation.
One was with
bind, which was complaining with “Permission denied” on any incoming zone transfer (slave zone).
named had all the access there is to all folders, but still couldn’t write. This command (mentioned in
man 8 named_selinuhelped immediately:
setsebool -P named_write_master_zones 1
Anoner problem was with
Apache, which wasn’t showing anything in user’s
man 8 httpd_linux suggested the solution that worked:
setsebool -P httpd_enable_homedirs 1 chcon -R -t httpd_sys_content_t ~user/public_html
My boss has left the company. I had to delete his account and clean some groups and other access lists. It felt very weird. It felt like a beginning of the end. Although it’s not.
Not to mention that removing one of the global administrators, who had access virtually to every corner of the network, is not a trivial job…
I’ve heard a few harsh words about Subversion before. Mostly these came from sysadmins who complained about all bits and pieces Subversion requires to work properly. Some mentioned that it is not trivial to compile with the set of options that is different from the default.
Today I spent about three hours together with The Master of Strace trying to make Subversion command line client
svn work on one of our old machines that runs Red Hat Linux 6.2. The only way to success, it seems, was to compile the static version of
svn. Since we needed support for https:// URLs, we had to build with OpenSSL. OpenSSL is not trivial to compile statically too, because of it enourmous love of Kerberos5. While trying to make it work we also jumped through a number of versions of Subversion and other components.
Finally, we managed to build everything. In case you’ll ever need a statically compiled version of
svn (from Subversion version 0.17.1 (r4503)), you can get it here (the binary is about 7 MB):
As far as I am concerned it works just fine. It runs on Red Hat Linux 6.2 and can work (import, checkout, commit, etc) with repository running on one of the recent versions (1.1.4 if I recall correctly).
Needless to say that today I’ve heard a few more not-for-kids-ears words and phrases towards Subversion developers.
If you have upgraded to Fedora Linux Core 3 recently (or planning to do so), there are probably a couple of questions you have about SELinux. If you have, then check out SELinux FAQ. Maybe it will help you. Maybe it will not. At least I tried. :)
That NoName 100 Mbps switch that I was using for my internal network has strangely died today. I’ve experienced problems with it before, but it was different all the time. I always had a hub as a temporary backup solution, but I gave it away some time ago. Thanks to my brother, I now have a brand new 3Com 100Mbps switch. It is only 5 ports instead of 8 ports of the dead one, but it should be enough. I have only 3 ports occupied now, so there are another 2 for my guests.
The funny coincidence is that two days ago I had to repeat three times that network administration is not my biggest interest. :)
MRTG (Multi Router Traffic Grapher) is monitoring utility, which runs on many platforms and is capable of collecting and graphing statistical information such as network traffic, CPU/Memory/Disk space usage, etc. MRTG can gather information using both SNMP protocol and external scripts. Below are few pieces of my MRTG config file together with scripts, which I felt like sharing.