|
fletcher posted:Config test looks like it's ok, so maybe not that. Yeah, you need that WantedBy bit. In order for a systemd service to run at boot, it needs to be enabled. In order to enable it, it must have that WantedBy bit, or systemd does not know when/where to enable it. If you add the same "WantedBy=multi-user.target" bit you see in your other services, then do a "systemctl daemon-reload" to reread the unit file, and finally do "systemctl enable nginx" you should be good to go. Why the chef cookbook does not include it I do not know, however, it probably should not be touching /usr/lib/systemd/system/nginx.service at all. That file is reserved for the nginx service file included with the nginx package, and should be correct by default: code:kujeger fucked around with this message at 15:55 on Nov 15, 2016 |
#
?
Nov 15, 2016 11:49
|
|
|
|
| # ? Apr 19, 2024 22:24 |
|
|
kujeger posted:If you add the same "WantedBy=multi-user.target" bit you see in your other services, then do a "systemd daemon-reload" to reread the unit file, and finally to "systemd enable nginx" you should be good to go. s/systemd/systemctl/
|
|
#
?
Nov 15, 2016 14:05
|
|
|
ToxicFrog posted:s/systemd/systemctl/ whoops, yes, brainfart there. I'll edit that up..
|
|
#
?
Nov 15, 2016 15:54
|
|
|
kujeger posted:Why the chef cookbook does not include it I do not know, however, it probably should not be touching /usr/lib/systemd/system/nginx.service at all. That file is reserved for the nginx service file included with the nginx package, and should be correct by default: This was on RHEL7. I'm not using a package based install though, I'm installing nginx from source. Thanks for all the helpful info!
|
|
#
?
Nov 15, 2016 18:11
|
|
|
fletcher posted:This was on RHEL7. I'm not using a package based install though, I'm installing nginx from source. That sounds like a fun way to make your life miserable.
|
|
#
?
Nov 15, 2016 18:15
|
|
|
RFC2324 posted:That sounds like a fun way to make your life miserable. Yea it's a bit of a pain, changing that aspect is on the to do list!
|
|
#
?
Nov 15, 2016 18:19
|
|
|
Just to follow up on an earlier post of mine, with the Mesa 13.0.1 bugfix release Dolphin is now successfully running on my AMD Radeon RX 460 with Vulkan using the open source Vulkan driver and it takes a card that was marginal with Dolphin on OpenGL and gets me up to 60fps stable with every game I try other than the Rogue Squadron games (expected, and I think those are CPU bound anyway) and the Sand Ocean level of F-Zero GX if too many other cars are on-screen. (Which lags worse on every other system I've tried it on.) Impressive. Although somehow running Dolphin for long periods of time causes the USB audio on my monitor to drop out (according to kernel logs it disconnects itself from the system) or crash, necessitating unplugging and replugging it. I don't even. Onboard audio is stable, and I'd be using HDMI audio if my GPU drivers supported it, so I'm just finally getting a better pair of speakers since the audio on there monitor has always been flakey on any OS over USB and I have even less of an idea on how to report this bug.
|
|
#
?
Nov 15, 2016 21:21
|
|
|
Thanks for the advice on distributions last week! I installed OpenSUSE Tumbleweed. It's nice!
|
|
#
?
Nov 17, 2016 05:49
|
|
|
I've set up tiny tiny rss, and everything seems to be working, except the updater is one hour off from system time. Do I have to set the timezone in php or apache, or maybe that's a tiny tiny rss config option I missed?
|
|
#
?
Nov 17, 2016 08:01
|
|
|
mike12345 posted:I've set up tiny tiny rss, and everything seems to be working, except the updater is one hour off from system time. Do I have to set the timezone in php or apache, or maybe that's a tiny tiny rss config option I missed? Via /etc/php.ini set date.timezone or date_default_timezone_set() at the beginning of your application.
|
|
#
?
Nov 17, 2016 18:25
|
|
|
nem posted:Via /etc/php.ini set date.timezone or date_default_timezone_set() at the beginning of your application. got it, thank you e: eh, ok, apparently tiny tiny rss doesn't care and uses UTC internally no matter what. at least the frontend has it right mike12345 fucked around with this message at 20:26 on Nov 17, 2016 |
|
#
?
Nov 17, 2016 20:16
|
|
|
That's actually what you want, store dates in as neutral a format as is possible and save all the horrible conversions for the code that's displaying it to a user. It saves massive headaches down the road when you change time zones or are trying to merge two sets of data.
|
|
#
?
Nov 17, 2016 20:31
|
|
|
yeah, that makes sense. interesting
|
|
#
?
Nov 17, 2016 21:13
|
|
|
Looks like Mutter will be getting support for NVIDIA proprietary drivers on Wayland soon. Some patches just went through for Gnome 3.24, which is due March 20-22. Fedora 25 might backport the patches, which I think would make it the first distro to support Wayland on NVIDIA.
|
|
#
?
Nov 17, 2016 21:28
|
|
|
I got one of these tiny 128GB usb flash drives and I want to turn it into a permanent linux bootable recovery/utility drive. The thing that's throwing me off is I want to have persistence for the live Linux, but I also would like a partition that I can use on a windows(or any OS) host just as regular USB flash storage to transfer files. I don't really understand how I should confiure the partitions for this. As I understand, the persistence partition is supposed to be named "casper-rw" and the live distro will look for a partition with that name, and it doesn't matter what fs type it is? And this casper-rw partition is separate from the partition that the iso is written to? And then, assuming I get the partitions set up right, is there anything particular that these bootable USB creator apps do besides dd an iso onto a partition?
|
|
#
?
Nov 18, 2016 05:41
|
|
|
peepsalot posted:I got one of these tiny 128GB usb flash drives and I want to turn it into a permanent linux bootable recovery/utility drive. IIRC windows has problems with multi-partition USB drives (maybe fixed with win10 ?)
|
|
#
?
Nov 18, 2016 14:43
|
|
|
kujeger posted:IIRC windows has problems with multi-partition USB drives (maybe fixed with win10 ?) IIRC, the casper persistence stuff will also work with a file named "casper-rw" in the root of the drive as long as it's an ext4 filesystem image, or something to that effect. There are also distros that have explicit support for storing persistence as a single file rather than a partition, like Puppy Linux and TinyCore Linux. In either of these cases, you can just format the entire drive as FAT, make it bootable using syslinux (BIOS) or systemd-boot (EFI), put the kernel and initrd in there somewhere, and then your persistence is just a big ol' data file on there that windows doesn't need to care about. This is the approach I generally take.
|
|
#
?
Nov 18, 2016 17:21
|
|
|
peepsalot posted:I got one of these tiny 128GB usb flash drives and I want to turn it into a permanent linux bootable recovery/utility drive. Rather than mess around with all the casper stuff, I've always preferred to just do this on any convenient computer: boot the installer of your favorite distro from one USB drive, and then do a normal installation to the target USB instead of to a local hard drive. You'll probably have to do the partitioning yourself, but you can keep it simple: a big ext4 mounted at /, and a couple of gigs for swap. No reason you couldn't also have a fat32 partition in there too (probably mounted somewhere under your home directory) that a Windows machine should also be able to read and write. At the end of it, you get a perfectly ordinary, completely persistent Linux install on the USB, that you can boot on just about any machine. e: Just make sure you pick the USB drive to install the bootloader to! If you're at all worried about messing things up on the machine you do this on, just unplug the hard drive completely before doing anything. That way, the worst you can possibly do is need to wipe the USB and start over. Powered Descent fucked around with this message at 21:11 on Nov 18, 2016 |
|
#
?
Nov 18, 2016 21:05
|
|
|
kujeger posted:IIRC windows has problems with multi-partition USB drives (maybe fixed with win10 ?) That depends on the firmware on the USB stick. If the firmware says that the stick is USB flash/removable drive, then Windows will only see one partition on it. If the stick claims to be a USB hard drive, then Windows can use any of the partitions on it. This discussion talks about the issue more.
|
|
#
?
Nov 19, 2016 00:12
|
|
|
I was always under the impression that if a software is available on the package manager for your distribution then you shouldn't download the source and compile it yourself. No reasons other than just "hearing" that it's a bad idea to do this. But someone in the general programming thread recommended that I just download OpenBLAS and compile it myself because something about the versions from apt get er al to have "iffy performance." So that got me thinking. Are there any actual reasons other than effort against just installing whatever stable LTS flavor of Linux is good these days and just compiling my own gcc/make/etc toolkit and throwing it all in e.g. $HOME/local/ (for a single user machine) or even just creating a non root "opt" user and making $HOME/opt accessible to groups? The only thing I see is if I want a package foo from the manager and it requires package bar, then it'll want me to install bar from the package manager even though I've got it compiled and installed elsewhere, so I might end up having multiple bars installed. But that might not be a bad idea to just let all the package manager packages depend on things from the official repositories.
|
|
#
?
Nov 19, 2016 10:49
|
|
|
You're removing the whole point of package managers which is managing packages for you. If you think manually building and keeping up-to-date all the software you use along with all dependencies sounds like good use of your time, then go ahead.
|
|
#
?
Nov 19, 2016 13:10
|
|
|
The main reason to deviate from the packages in the distribution is for new features. LTS releases can provide some really outdated software and if you want to use their new gizmos you got a tough decision to make. I generally draw the line at libraries though. Like on a red hat system I will just live with the python it ships with because replacing it is a colossal pain in the rear end. GCC is the same.. if a user wants a newer compiler they install it in their home area or find a newer os release. Gnome and KDE are right out too. But different versions of libraries can easily coexist so I'll install whatever.
|
|
#
?
Nov 19, 2016 14:49
|
|
|
Boris Galerkin posted:I was always under the impression that if a software is available on the package manager for your distribution then you shouldn't download the source and compile it yourself. No reasons other than just "hearing" that it's a bad idea to do this. But someone in the general programming thread recommended that I just download OpenBLAS and compile it myself because something about the versions from apt get er al to have "iffy performance." With a package manager it is MUCH easier to deal with bugfixes. Every time you have to upgrade to close a security hole, you are going to have to recompile, and if it turns out you have a new security fix every month or so, that will get old pretty drat fast compared to just typing a single command and being done with it.
|
|
#
?
Nov 19, 2016 14:50
|
|
|
Boris Galerkin posted:I was always under the impression that if a software is available on the package manager for your distribution then you shouldn't download the source and compile it yourself. No reasons other than just "hearing" that it's a bad idea to do this. If you can build your application on an OS with no changes to the shipped packages, that's the ideal situation. However it's pretty common that for a specific application you may need to compile certain libraries (or other dependencies) from scratch in order to obtain/enable the necessary set of features, or improve performance, or whatever. That's totally fine, but the more dependencies included here then the greater baggage there is in maintaining your application and the greater the attack surface if those dependencies are security sensitive. So, yes, depending what your application needs are compiling your own version of OpenBLAS may be beneficial or even necessary. But, while your application may also depend on something like Bash, it probably doesn't need the latest version of Bash and compiling/maintaining your own version of Bash is almost certainly an unwanted liability.
|
|
#
?
Nov 19, 2016 17:50
|
|
|
Being able to pull in package versions newer than what your distro ships tends to be better done if you can manage it with a supplemental package source like a PPA on Ubuntu. That way it's still being tracked by the package manager, if nothing else.
|
|
#
?
Nov 19, 2016 18:39
|
|
|
RFC2324 posted:With a package manager it is MUCH easier to deal with bugfixes. Every time you have to upgrade to close a security hole, you are going to have to recompile, and if it turns out you have a new security fix every month or so, that will get old pretty drat fast compared to just typing a single command and being done with it. And that's the real killer. I had a Fedora 24 desktop that I hadn't installed updates for 28 days and it had 402 packages needing to be updated. The idea of recombiling all of that software every month is just as insane as it sounds. And then there's the effort to check if any of your software has received security updates at least once a week. The big advantage Red Hat Enterprise Linux are the constant emails about security updates for different software with list of your servers that need to be updated. But I admit the problem is real and distributions with outdated software can be an annoyance. I remember a decade ago when I was writing a backup script for tar and I couldn't get some feature to, until I realised the version in debian was too old. And here I thought tar had become feature complete in the last millennia. At the same time the solution to this problem is not combiling everything, or anything at all. The first option is to choose a dsitribution that has the software and versions you need. If that isn't possible or practical you might try something like debian/Ubuntu backports or software manufacturer repository. Then is the option of 3rd party repository, like RPM Fusion, or binary packages from manufacturer if they have correct variety available. If none of those are possible you should probably build your own binary package you can install on the system and directly compiling would be the last resort.
|
|
#
?
Nov 19, 2016 19:26
|
|
|
Can anyone have a stab at why tty7 is being used right after a reboot on this ubuntu box? I've got luks/dm-crypt enabled, and I use a YubiKey to inject the passphrase on startup so that I don't need a monitor on it. I have got a desktop environment enabled on boot (LXDE), purely because the command line version of SpiderOak is a pain. A search reveals that tty7 on ubuntu is comminly used by the X server, so is it that? I'm not concerned about tty7 logging in right after boot because it's undoubtedly something being done in the OS. Just curious. code:
|
|
#
?
Nov 20, 2016 10:51
|
|
|
apropos man posted:Can anyone have a stab at why tty7 is being used right after a reboot on this ubuntu box? Yes.
|
|
#
?
Nov 20, 2016 11:14
|
|
|
Keito posted:Yes. So, on X server enabled systems (particularly Ubuntu), tty7 is run at boot and killed on shutdown. Thanks.
|
|
#
?
Nov 20, 2016 12:39
|
|
|
Does Ubuntu still use tty7 for X? I know Fedora appears to use tty1 nowadays.
|
|
#
?
Nov 20, 2016 13:42
|
|
|
apropos man posted:So, on X server enabled systems (particularly Ubuntu), tty7 is run at boot and killed on shutdown. Thanks. If you have physical access to the machine, pressing ctrl-alt-F7 will switch to tty7 and you'll probably see a graphical login screen waiting for you. You can also 'pgrep -laf bin/X' and you'll probably see the X server running with command line args pointing it at tty7: pre:$ pgrep -laf /X
2228 /usr/bin/X -nolisten tcp -auth /run/sddm/{e36100ad-cc89-4af2-b0be-e41fe5ff815b} -background none -noreset -displayfd 18 vt7
RFC2324 posted:Does Ubuntu still use tty7 for X? I know Fedora appears to use tty1 nowadays. Ubuntu, SUSE, and Nix all use tty7 for X11. Fedora is the only one I know of that switched to tty1.
|
|
#
?
Nov 20, 2016 14:22
|
|
|
My laptop (Fedora 24) says this in response to 'pgrep -laf bin/X':code:Logging into my Ubuntu box and running 'pgrep -laf bin/X' gives no output. My workstation currently has Ubuntu running Cinnamon DE and that gives no output, either, but I'm able to cycle through tty1 to tty8, with tty7 being the exception as that switches to X. I've currently got a radio stream running on the workstation and the music cut out when I switched tty but it corrected itself and carried on playing no problem. So it would seem that alsa and X are both directly connected to tty7 on Ubuntu. ToxicFrog posted:
Yep. This is handy on the Raspberry Pi too. I have a couple of scripts to change into either graphical or commandline boot in my home directory in Raspbian, via running one of these two: code:
|
|
#
?
Nov 20, 2016 21:42
|
|
|
I have fail2ban running on my CentOS server. sshd jail is running and I've switched CentOS to use iptables instead of FirewallD When I purposely input the wrong password a few times fail2ban adds the following rule to iptables: code:Adding the following rule manually, however does work: code:Edit: for what it's worth, the same thing happened with FirewallD.
|
|
#
?
Nov 21, 2016 23:53
|
|
|
Ur Getting Fatter posted:I have fail2ban running on my CentOS server. sshd jail is running and I've switched CentOS to use iptables instead of FirewallD
|
|
#
?
Nov 22, 2016 00:15
|
|
|
Is the f2b-sshd chain actually being processed? The two rules you posted are not identical.
|
|
#
?
Nov 22, 2016 00:16
|
|
|
efb
|
|
#
?
Nov 22, 2016 00:20
|
|
|
Also do you have a "10.10.10.10/32 -j ACCEPT" rule before the fail2ban chain processing in your INPUT chain? -I places the rule at the front of your INPUT chain, so the DROP will supersede any whitelisting.
|
|
#
?
Nov 22, 2016 01:30
|
|
|
Kind of a dumb question, but is there a Linux equivalent to Microsoft's RDWeb?
|
|
#
?
Nov 22, 2016 02:36
|
|
|
nem posted:Also do you have a "10.10.10.10/32 -j ACCEPT" rule before the fail2ban chain processing in your INPUT chain? -I places the rule at the front of your INPUT chain, so the DROP will supersede any whitelisting. No, it's the only rule for that IP (plus it happens with any IP). I think it's most likely that like someone else mentioned, iptables is not processing fail2ban chains. Any ideas on how to trouble shoot that?
|
|
#
?
Nov 22, 2016 03:08
|
|
|
|
| # ? Apr 19, 2024 22:24 |
|
|
You need add or check for a rule to the input chain telling it to jump to the f2b-sshd chain. So there needs to be a rule somewhere with '-A INPUT -j f2b-sshd' in it.. probably one that has a dport of 25, so that any incoming ssh connections get fed through the chain. I'm garbage at writing iptables rules without testing them several times so I won't even try.
|
|
#
?
Nov 22, 2016 03:19
|
|