Author: Lisa

December 27, 2024

DNF – Listing Contents of Package Prior to Installation

Voila! Well, install dnf-utils and then …

[lisa@linux03 lisa]# repoquery –list gerbera
Last metadata expiration check: 0:00:48 ago on Mon 27 Dec 2024 12:04:05 PM EST.
/etc/gerbera
/etc/gerbera/config.xml
/etc/gerbera/gerbera.db
/etc/gerbera/gerbera.html
/etc/logrotate.d
/etc/logrotate.d/gerbera
/usr/bin/gerbera
/usr/lib/.build-id
/usr/lib/.build-id/8e
/usr/lib/.build-id/8e/cba8f3a7f9db93d01a462f31a8270f1c8ff975
/usr/lib/systemd/system/gerbera.service
/usr/lib/sysusers.d/gerbera.conf
/usr/share/doc/gerbera
/usr/share/doc/gerbera/AUTHORS
/usr/share/doc/gerbera/CONTRIBUTING.md
/usr/share/doc/gerbera/ChangeLog.md
/usr/share/licenses/gerbera
/usr/share/licenses/gerbera/LICENSE.md
/usr/share/man/man1/gerbera.1.gz
/var/log/gerbera

December 23, 2024

Getting K8s Secrets

A single line command to retrieve the the secrets from a namespace and decode the values:

k8shost:~ # kubectl get secret ca-secret -n mynamespace -o json | jq -r '.data | to_entries[] | "\(.key): \(.value | @base64d)"'
ACCESS_SECRET: X7aB-52p-p2y
API_USER: PM_USER
BASE_URL: https://apiserver.example.com/api/
COMPONENT_ID: 955_18
CPU_MEM_ID: 955_17
INTERFACE_ID: 955_16
INVENTORY_ID: 955_5
RAW_ID: 955_19

December 19, 2024

Wireshark Capture of Source and Dest Pairs

I was trying to use nethogs with a -t switch to see what is causing the large quantity of traffic that gets bucketed as “unknown TCP”. But the display jumped around a lot – I think because they’re attempting to increment the sums at the top of the “page” rather than just stream information to STDOUT. Figured I could more readily see what I wanted to see using Wireshark. Or, more accurately, tshark.

tshark -i any -f "not port 22" -Y "tcp or udp" -T fields -e ip.src -e tcp.srcport -e udp.srcport -e ip.dst -e tcp.dstport -e udp.dstport | tee /path/tonetcap.cap

Yields:

10.5.5.90 56572 10.5.5.91 3306
10.5.5.90 56572 10.5.5.91 3306
10.5.5.91 3306 10.5.5.90 56572
10.5.5.91 3306 10.5.5.90 56572
10.5.5.90 56572 10.5.5.91 3306
10.5.5.90 56572 10.5.5.91 3306
10.5.5.90 56572 10.5.5.91 3306
10.5.5.75 38552 10.5.5.85 443
10.5.5.75 38552 10.5.5.85 443
10.5.5.75 443 40.97.205.53 12160
10.5.5.75 443 40.97.205.53 12160
10.5.5.75 443 40.97.205.53 12160
10.5.5.75 443 40.97.205.53 12160
10.5.5.75 443 40.97.205.53 12160
10.5.5.75 443 40.97.205.53 12160
10.5.5.61 51389 255.255.255.255 6667
10.5.5.61 51389 255.255.255.255 6667
10.5.5.61 51389 255.255.255.255 6667
10.5.5.61 51389 255.255.255.255 6667
10.5.5.61 51389 255.255.255.255 6667

December 17, 2024

Getting QEMU VM Interfaces

Quick script to list interface info for the VMs

#!/bin/bash
for vm in $(virsh list --name); do
    echo "Interfaces for VM: $vm"
    virsh domiflist "$vm"
    echo "--------------------------------"
done

December 16, 2024

Listing Unit Files

I usually know what the name of the unit file for a service is … but sometimes you just need to ask what’s there. Or search for one that isn’t showing up with the expected name.

linux1505:~ # systemctl list-unit-files | grep zfs
zfs-import-cache.service                   enabled
zfs-import-scan.service                    disabled
zfs-import.service                         masked
zfs-load-key.service                       masked
zfs-mount.service                          enabled
zfs-scrub@.service                         static
zfs-share.service                          enabled
zfs-volume-wait.service                    enabled
zfs-zed.service                            enabled
zfs-import.target                          enabled
zfs-volumes.target                         disabled
zfs.target                                 enabled
zfs-scrub-monthly@.timer                   disabled
zfs-scrub-weekly@.timer                    disabled

December 13, 2024

Microsoft Excel: Monospace Formula Bar

In case anyone else has been low-key bothered by the fact their Excel formula bar seems to have turned into a strange monospace font — you can change the default font around & that impacts the formula bar. Arial looks fairly reasonable for me. But there are lots of other fonts to chose from!

Also looks like a future update will include an option to not use monospace fonts for formulae … https://techcommunity.microsoft.com/blog/excelblog/excel’s-formula-bar-gets-a-new-look/3902462

December 12, 2024

Etomology, fake news, and circus kings

Turkish Journalist Sedef Kabaş said “There is also a saying that is the exact opposite: ‘When cattle go into a palace, they don’t become the king; but the palace becomes a barn’ — and, evidently, was arrested for it. The strange thing is that I heard this as “an old Turkish proverb” … since the quote comes from January 14th 2022, I’m not sure old really applies.

It then got repeated with all sorts of things and places – oxen, stables … and clowns with circuses. When a clown goes into a palace, they don’t become the king; the palace becomes a circus.

It would have made a great old proverb, although it looks like we’ll have to wait a few hundred years.

December 11, 2024

Knitting Project – Scarf

A little progress – found that my knitting isn’t so dreadfully tight if I give a little tug as I move the loop to the other needle. This is very slow going!

December 9, 2024

Knitting Project – Scarf

Had to have Anya show me how to knit again, again, again … but I’m starting a scarf for her!

December 8, 2024

SSSD LDAP Schema

I lost access to all of my Linux servers at work. And, unlike the normal report where nothing changed but xyz is now failing, I knew exactly what happened. A new access request had been approved about ten minutes previously. Looking at my ID, for some reason adding a new group membership changed account gid number to that new group. Except … that shouldn’t have actually dropped my access. If I needed the group to be my primary ID, I should have been able to use newgrp to switch contexts. Instead, I got prompted for a group password (which, yes, is a thing. No, no one uses it).

The hosts were set up to authenticate to AD using LDAP, and very successfully let me log in (or not, if I mistyped my password). They, however, would only see me as a member of my primary group. Well, today, I finally got a back door with sufficient access to poke around.

Turns out I was right — something was improperly configured so groups were not being read from the directory but rather implied from the gid value. I added the configuration parameter ldap_schema to instruct the server to use member instead of memberUid for memberships. I used rfc2307bis as that’s the value I was familiar with. I expect “AD” could be used as well, but figured we were well beyond AD 2008r2 and didn’t really want to dig farther into the nuanced differences between the two settings.

From https://linux.die.net/man/5/sssd-ldap

ldap_schema (string)

Specifies the Schema Type in use on the target LDAP server. Depending on the selected schema, the default attribute names retrieved from the servers may vary. The way that some attributes are handled may also differ.

Four schema types are currently supported:

rfc2307
rfc2307bis
IPA
AD

The main difference between these schema types is how group memberships are recorded in the server. With rfc2307, group members are listed by name in the memberUid attribute. With rfc2307bis and IPA, group members are listed by DN and stored in the member attribute. The AD schema type sets the attributes to correspond with Active Directory 2008r2 values.