New Job

I started a new job yesterday. Today was my second day at the new place.

I have not dug into anything yet as I’m still getting my account and development laptop set up. The office is very nice and it’s the best environment I’ve ever experienced.

I’ve been in this industry in the last 21 years. This makes me feel that good things come after working diligently for many years.

I can’t wait to actually contribute to the team and the company.

journalctl -f

I had port 22/tcp traffic from outside to my router and to my main Linux machine. This means that I could ssh into my machine from outside. I’ve had it open for a while.

Just out of curiosity, I ran the following command.

sudo journalctl -f -e

-f option means “Show only the most recent journal entries, and continuously print new entries as they are appended to the journal.”

So with these options, I can continuously monitor what’s going on with the daemons. I saw a bunch of logs like the following.

Nov 18 21:00:38 linux-mint sshd[17600]: Failed password for root from 222.186.173.154 port 60182 ssh2

This looks totally suspicious. Who is trying to logon to my machine as root? You can see the IP address and I decided to check on it on abuseipdb.comSure enough this IP address was reported many times. With this kind of data, I immediately closed the port 22. It’s probably a zombie PC that keeps scanning IP addresses all over the world looking for open ports to attack. This is really annoying because I can’t open ports for ssh and/or RDP. I mean I can but it’s much more risky than using a solution like VPN.

If you have port 22 open to one of your machines, it’s pretty interesting to see how many machines from outside trying to get a root access to your machine. That’s why it’s very important to have a complex password even if it’s for your personal use.

Building Bash Muscle (14)

When you are doing system administrations, you often deal with daemon type of applications. When things are not going so well, you can check log files under /var/log but you can also use journalctl to “query the systemd journal”.

journalctl -e lets you view the latest log instead of showing all logs from the beginning.

$ sudo journalctl -e

If you add -x to the option, you get view more detailed information.

$ sudo journalctl -xe
Nov 18 01:10:15 ol8 systemd[18878]: Reached target Default.
-- Subject: Unit UNIT has finished start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit UNIT has finished starting up.
-- 
-- The start-up result is RESULT.
Nov 18 01:10:15 ol8 systemd[18878]: Startup finished in 79ms.
-- Subject: User manager start-up is now complete
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- The user manager instance for user 0 has been started. All services queued
-- for starting have been started. Note that other services might still be starting
-- up or be started at any later time.
-- 
-- Startup of the manager took 79574 microseconds.
Nov 18 01:10:15 ol8 systemd[1]: Started User Manager for UID 0.
-- Subject: Unit user@0.service has finished start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit user@0.service has finished starting up.
-- 
-- The start-up result is RESULT.
Nov 18 01:10:15 ol8 sshd[18872]: pam_unix(sshd:session): session opened for user root by (u>
Nov 18 01:17:01 ol8 sssd[kcm][18823]: Shutting down
Nov 18 01:21:40 ol8 adcli[18929]: GSSAPI client step 1
Nov 18 01:21:40 ol8 adcli[18929]: GSSAPI client step 1
Nov 18 01:21:40 ol8 adcli[18929]: GSSAPI client step 1
Nov 18 01:21:40 ol8 adcli[18929]: GSSAPI client step 2

-f option allows you to monitor the log just like tail -f option.

$ sudo journalctl -f

If you want to view a particular daemon, you can specify the name of it.

$ sudo journalctl -e -u sshd

It’s really good to know some basic options to use with journalctl.

System Properties Window for Changing Environment Variables

Often time, I want to access Environment Variables on Windows. I would usually get to the old Control Panel –> System –> Advanced system settings –> Environment Variables…

Too many steps. You can directly open System Properties window by executing SystemPropertiesAdvanced from Run (right click Windows button and Run).

Or if you can remember this, you can directly open  Environment Variables window.

rundll32.exe sysdm.cpl,EditEnvironmentVariables

I don’t think I’m going to remember it so maybe I will create a batch file.

Just some Windows tips and tricks. 🙂

Integrating Puppet Enterprise with Active Directory

I have Active Directory running at home. I’ve been using it as a centralized credential store.

Puppet Enterprise can authenticate against Active Directory. I just successfully integrated them, so here are the parameters I’m actually using. I used this documentation for reference.

Directory name
homenet.iriumi.ad

Hostname
pdc01.homenet.iriumi.ad

Port
389

Lookup user (optional)
CN=svcldap,OU=UsersOU,DC=homenet,DC=iriumi,DC=ad

Lookup password (optional)
* Use the password for svcldap

Connection timeout (seconds)
60

Validate the hostname?
Yes

Allow wildcards in SSL certificate?
Yes

Base distinguished name
dc=homenet,dc=iriumi,dc=ad

User login attribute
sAMAccountName

User email address
mail

User relative distinguished name (optional)
* empty

Group object class
group

Group membership field
member

Group name attribute
name

Group lookup attribute
cn

Group relative distinguished name (optional)
cn=UsersOU

Turn off LDAP_MATCHING_RULE_IN_CHAIN?
No

Search nested groups?
Yes

One thing is that when you first login as an Active Directory user, you may get denied. Once you see it, logout and login as the local admin (root) user and then you will see your Active Directory user created in Puppet Enterprise. You can add the user to the Administrators group so that you can do administrative work as yourself.

The configurations I showed in this blog entry is actually working, so I hope this helps someone out there.