Solve sudo sending useless emails “problem with defaults entries”

Whenever a user (whether sssd-ad authenticated user, or local user, or root) uses sudo, it works. But it also sends the administrator a useless email. This problem is caused by sudo looking for directives in a place it cannot find them: sss.
Check the /etc/nsswitch.conf file and modify the sudoers entry.

 sudoers: files sss 

The sss should not be there. The sssd-ad package adds itself there, but very few environments store sudoers directives in sss. It’s far more likely your directives are local, so you should have a /etc/nsswitch file entry like the following:

 sudoers: files 

Thanks to this post for pointing the above out:
https://bgstack15.wordpress.com/2016/06/06/solve-sudo-sending-useless-emails-problem-with-defaults-entries/

AD Powershell

After running Windows Server 2016 recently with a DC, I’ve started using Powershell to perform AD functions. Here are a few basics.

New-ADUser cmdlet to create a new user:

 New-ADUser -Name John.Smith 

The above would only create the username, create a new user with more associations:

 New-ADUser -Name John Smith -GivenName John -Surname Smith -Path "OU=Staff,DC=Company,DC=Com" 

Add the password for above account:

 $password = "Strong Password" | ConvertTo-SecureString -AsPlainText -Force
New-ADUser -Name John.Smith -GivenName John -Surname Smith -Path "OU=Staff,DC=Company,DC=Com" 

Bulk Import Users with New-ADUser:

$Import =Import-CSV "c:\utils\aduserimport.csv"
$OU = "OU=staff,DC=ausinfotech,DC=local"
Foreach ($user in $Import)
{
$password = $user.Password | ConvertTo-SecureString -AsPlainText -Force
New-ADUser -Name $user.Name -GivenName $user.FirstName -Surname $user.LastName -Path $OU -AccountPassword $Password -ChangePasswordAtLogon $True -Enabled $True
}

The above script imports the CSV file, sets the standard OU and calls each data record (line of your CSV), writes the password and creates the user account. We are using a “Foreach”-loop, which loads each user record with its parameters from the CSV file.

See here for more info:
http://activedirectoryfaq.com/2016/04/ad-powershell-basics-new-aduser

rclone

Rclone is a command line program to sync files and directories to and from:

  • Google Drive
  • Amazon S3
  • Openstack Swift / Rackspace cloud files / Memset Memstore
  • Dropbox
  • Google Cloud Storage
  • Amazon Drive
  • Microsoft OneDrive
  • Hubic
  • Backblaze B2
  • Yandex Disk
  • SFTP
  • The local filesystem

Features:

  • MD5/SHA1 hashes checked at all times for file integrity
  • Timestamps preserved on files
  • Partial syncs supported on a whole file basis
  • Copy mode to just copy new/changed files
  • Sync (one way) mode to make a directory identical
  • Check mode to check for file hash equality
  • Can sync to and from network, eg two different cloud accounts
  • Optional encryption (Crypt)
  • Optional FUSE mount (rclone mount)

More info at https://rclone.org/

cmder

Cmder http://cmder.net/ is a software package created out of pure frustration over the absence of nice console emulators on Windows. It is based on amazing software, and spiced up with the Monokai color scheme and a custom prompt layout, looking sexy from the start.

Highly recommend installing the full version as it provides all the Linux utils including ls for a dir in Windows!

snap – snapcraft.io

Package any app for every Linux desktop, server, cloud or device, and deliver updates directly. Snap packages are a great way of running apps in an isolated state without using VMs or Containerisation. The website http://snapcraft.io has more details and examples such as this to get going:

A snap is a fancy zip file containing an application together with its dependencies, and a description of how it should safely be run on your system, especially the different ways it should talk to other software. Most importantly snaps are designed to be secure, sandboxed, containerised applications isolated from the underlying system and from other applications. Snaps allow the safe installation of apps from any vendor on mission critical devices and desktops.

Try this (you may need to install snapd)

 $ sudo snap install hello-world 

Now you have installed a snap. You can take a look inside the snap very easily, it shows up as a new directory on your system:

$ cd /snap/hello-world/current/

$ tree
.
├── bin ← this directory structure is just for convenience
│ ├── echo there is no hardcoded structure requirement other
│ ├── env than meta/snap.yaml
│ ├── evil
│ ├── sh
│ ├── showdev
│ └── usehw
└── meta ← your snap must have this directory
├── icon.png ← no prizes for guessing what this is
└── snap.yaml ← this is the required metadata

 

How do I stop and start EC2 instances at regular intervals using AWS Lambda?

Issue:
I want to reduce my Amazon EC2 usage by stopping and starting instances at predefined times or utilization thresholds. Can I configure AWS Lambda and AWS CloudWatch to help me do that automatically?

Short Description:
You can use a CloudWatch Event to trigger a Lambda function to start and stop your EC2 instances at scheduled intervals.

Resolution:
See AWS Web Page for more: https://aws.amazon.com/premiumsupport/knowledge-center/start-stop-lambda-cloudwatch/ 

 

LXD Update Script

Simple shell script wrapper to update all lxd container hypervisor images running Debian or Ubuntu Linux. Run the below script on the host of your lxd server to update all the lxd containers running Ubuntu or Debian. Could be modified to suit CentOS/RedHat OS and/or you container OS of choice.

Script:

#!/bin/bash
# A simple shell script to update all lxd container hypervisor
# URL: https://bash.cyberciti.biz/virtualization/shell-script-to-update-all-lxd-container-hypervisor/
# Tested on : Ubuntu 16.04 LTS lxd server
# Tested on : Ubuntu/Debian lxd container hypervisor only
# ----------------------------------------------------------------------------
# Author: nixCraft
# Copyright: 2016 nixCraft under GNU GPL v2.0+
# ----------------------------------------------------------------------------
# Last updated 14 Aug 2016
# ----------------------------------------------------------------------------
# Set full path to bins
_apt="/usr/bin/apt-get"
_lxc="/usr/bin/lxc"
_awk="/usr/bin/awk"
# Get containers list
clist="$(${_lxc} list -c ns | ${_awk} '!/NAME/{ if ( $4 == "RUNNING" ) print $2}')"
# Use bash for loop and update all container hypervisor powered by Debian or Ubuntu
# NOTE: for CentOS use yum command instead of apt-get
for c in $clist
do
echo "Updating Debian/Ubuntu container hypervisor \"$c\"..."
${_lxc} exec $c ${_apt} -- -qq update
${_lxc} exec $c ${_apt} -- -qq -y upgrade
${_lxc} exec $c ${_apt} -- -qq -y clean
${_lxc} exec $c ${_apt} -- -qq -y autoclean
done

Reference:
https://bash.cyberciti.biz/virtualization/shell-script-to-update-all-lxd-container-hypervisor/

 

Attic – De-Duplicating Backup Application

Attic is a deduplicating backup program written in Python. The main goal of Attic is to provide an efficient and secure way to backup data. The data deduplication technique used makes Attic suitable for daily backups since only the changes are stored.

Features:

  • Space efficient storage
    Variable block size deduplication is used to reduce the number of bytes stored by detecting redundant data. Each file is split into a number of variable length chunks and only chunks that have never been seen before are compressed and added to the repository.
  • Optional data encryption
    All data can be protected using 256-bit AES encryption and data integrity and authenticity is verified using HMAC-SHA256.
  • Off-site backups
    Attic can store data on any remote host accessible over SSH as long as Attic is installed.
  • Backups mountable as filesystems
    Backup archives are mountable as userspace filesystems for easy backup verification and restores.

More information and Download Install instructions are available from the site:https://attic-backup.org

Check RAM Speed and type in Linux

To see what RAM speed and type you have run this command:

 sudo dmidecode --type 17 

The output will look something like this:

# dmidecode 2.11
SMBIOS 2.8 present.
# SMBIOS implementations newer than version 2.7 are not
# fully supported by this version of dmidecode.

Handle 0x003F, DMI type 17, 40 bytes
Memory Device
Array Handle: 0x003E
Error Information Handle: Not Provided
Total Width: 64 bits
Data Width: 64 bits
Size: 8192 MB
Form Factor: SODIMM
Set: None
Locator: DIMM 1
Bank Locator: Channel A Slot 0
Type: DDR3
Type Detail: Synchronous
Speed: 1600 MHz
Manufacturer: Kingston
Serial Number: 097054251107
Asset Tag: 9876543210
Part Number: 9905428-087.A00G
Rank: 2
Configured Clock Speed: 1600 MHz

Obviously you should or would be only running this on a physical box.

The detox utility

The detox utility renames files to make them easier to work with. It removes spaces and other such annoyances. It’ll also translate or cleanup Latin-1 (ISO 8859-1) characters encoded in 8-bit ASCII, Unicode characters encoded in UTF-8, and CGI escaped characters.

Sequences:
detox is driven by a configurable series of filters, called a sequence. Sequences are covered in more detail in detoxrc(5) and are discoverable with the -L option. Some examples of default sequences are iso8859_1 and utf_8.

Options:

The main options:

-f configfile
Use configfile instead of the default configuration files for loading translation sequences. No other config file will be parsed.
-h –help
Display helpful information.

-L’ List the currently available sequences. When paired with -v this option shows what filters are used in each sequence and any properties applied to the filters.

-n –dry-run
Doesn’t actually change anything. This implies the -v option.

-r’ Recurse into subdirectories.

-s sequence
Use sequence instead of default.

–special
Works on special files (including links). Normally detox ignores these files.

-v’ Be verbose about which files are being renamed.

-V’ Show the current version of detox.

Reference:
http://detox.sourceforge.net/