Configuring rsyslog to rotate log files from log messages streamed to it from a Systemd service

In general, I have moved to writing all of my applications to write their log output to STDOUT. This makes running them on the command line, in an IDE, on a bare metal box, VM, or in a container completely decoupled from how you store and view the logs. No more having multiple logging configs for each flavor of deployment.

In this particular case, I am running an application in a container (but it isn’t necessary that it is in → Continue reading “Configuring rsyslog to rotate log files from log messages streamed to it from a Systemd service”

Edit a Range of Lines Using sed

Let’s say that you have a range of lines in a source file (lines 11 – 17) that you want to comment out with a ‘#’ and a space character before the line.

To do that, you would use sed, specifying a range of lines and then specify a replacement command with a capture group as follows:

sed '11,17{s/\(\w\)/\# \1/}' filename.py
Continue reading “Edit a Range of Lines Using sed”

How To Compile and Install New SELinux Plicy Modules

Following is a quick how-to on compiling and adding addition SELinux modules.

When configuring and deploying new and/or custom services on systems that are enforcing SELinux you will likely have to compile addition SELinux modules.

This how-to includes how to go through each step of compiling a new module one-by-one; similar to the model of breaking down the compilation of C and C++ into it’s composite steps.

Step 1:  Gather the audit.log entries

You will need to determine which → Continue reading “How To Compile and Install New SELinux Plicy Modules”

Adding a New Disk to a Linux Server and Creating an LVM Partition

There are a number of tutorials online for adding a new disk to a machine and then extending an existing LVM partition to use the new device.

This particular tutorial covers the use case of adding a new disk to a Linux server and then creating a NEW LVM partition on it without modifying the existing devices and LVM partitions.

The first thing you will need to do is add the physical device to the server (or VM).

Then, you → Continue reading “Adding a New Disk to a Linux Server and Creating an LVM Partition”

[SOLVED] Unable to Customize Keyboard Shortcuts for Switching Between More Than 4 Workspaces in GNOME on CentOS 7 or RHEL 7

I am working on a VM that is running GNOME under RHEL 7 and I typically run with 12 workspaces.  The default GNOME install only has the keyboard shortcut configurations up to “Switch to workspace 4”.

It turns out that the solutions is to use the gsettings cli tool to add additional shorcuts.

$ gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-5 "[\"<ControlF5\"]"
$ gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-5 "[\"<Alt5\"]"
Continue reading “[SOLVED] Unable to Customize Keyboard Shortcuts for Switching Between More Than 4 Workspaces in GNOME on CentOS 7 or RHEL 7”

How to See SELinux Denials That Do Not Show In the audit.log

Or, otherwise know as: SELinux and Silent Denials.

Sometimes when troubleshooting SELinux issues, you will have added new policies for each of the denial causes written to the audit.log, but SELinux will still be denying access . . . and not giving you any further information about it in the audit.log.

Various processes often execute additional system calls that are above an beyond what they need to do for normal operation.  Many of them are blocked, and in order to → Continue reading “How to See SELinux Denials That Do Not Show In the audit.log”

Mounting a Samba Share From Linux Client to Linux Samba Server

In order to be able to access a Samba share on a remote client as a mounted file system execute the following command, as root on the client:

mount -t cifs -o user=<user-on-samba-share,uid=<uid-on-local-macheine,gid=<gid-on-local-machine,rw,workgroup=<your-workgroup//ip/share /mnt/mount-point-dir

You will be prompted for the password for the user defined on the Samba server.

If you are able to authenticate, and then get the following error:

ls: reading directory .: Permission denied

Check the SELinux context type of the directory on → Continue reading “Mounting a Samba Share From Linux Client to Linux Samba Server”

Solution for Executing Native Process from Java that Requires sudo

If you are building a Java program that requires the ability to execute native commands on the machine which require sudo it requires some additional considerations other than just writing the Java code.

The problem is that sudo, by default, requires a tty for executing sudo such that a password can entered.  Even if you configure sudoers to grant NOPASSWD access to a specific command you will still get the following error

sudo: sorry, you must have a tty to 
Continue reading “Solution for Executing Native Process from Java that Requires sudo”

Blacklisting Kernel Modules

Following is a walkthrough on how to blacklist a kernel module.  The specific example is blacklisting the nouveau driver so that I can install the OEM Nvidia driver.

1. First, blacklist the nouveau driver: Add a line to the textfile /etc/modprobe.d/nouveau-blacklist.conf that contains they keyword ‘blacklist’ and the name of the driver

blacklist nouveau

2. Rebuild the initramfs image file.  First, backup existing initramfs

mv initramfs-3.10.0-327.18.2.el7.x86_64.img initramfs-3.10.0-327.18.2.el7.x86_64.img_2016-06-09.bak

Build new initramfs

dracut -v /boot/initramfs-$(uname -r).img $(uname -r)

3. Reboot the system → Continue reading “Blacklisting Kernel Modules”