Category: Infrastructure

Posted on by Leave a comment

Extend swap size on Redhat – Installer up to 128GB

If you try to allocate more than 128GB on swap partition for a Redhat installation you will notice that is not possible through installer. This is a known bug on Redhat bugzilla that is mentioned as resolved. However I tried to allocate 256GB swap with a RedHat 8.2 installer and I got the maximum size which is 128GB. In this article you will learn how to increase swap size manually.

First validate that there is available space on the volume group. (140g available on my case)

Then extend the swap logical volume

Deactivate swap file

format swap

Reactivate swap partition.

You can verify swap space with 

free -g
Posted on by Leave a comment

Create and manage users with Ansible – automatically create sudo users

Creating users is a very trivial task that requires time, especially if there is not a Active Directory mechanism integrated with the Linux servers. In order to make your life easier as an administrator you can run the below playbook that will create users based on a list and add them sudo capabilities.

Task 1
creates the users that have been specified on the loop section.

Task 2
creates the appropriate sudoers file

  1 ---               
  2 - name: create sudoers users based on request
  3   hosts: localhost
  4   become: true    
  5   tasks:          
  6     - name: create users based on a list
  7       user:       
  8         name: "{{ item }}"
  9         password: "{{ '#Passw0rd#' | password_hash('sha512') }}"
 10         shell: /bin/bash
 11       loop:       
 12         - user1
 13         - user2
 14                   
 15     - name: create sudoers file for user
 16       copy:       
 17         content: '{{ item }} ALL = (ALL) ALL'
 18         dest: "/etc/sudoers.d/{{item}}"
 19       loop:       
 20         - user1
 21         - user2

Run the playbook and verify that the password is correct and user has sudo capabilities.

ansible-playbook createusers.yml

Posted on by Leave a comment

Cannot change boot order VMware – items cannot be modified in user mode

Recently I had a problem changing the boot order on a Windows VM hosted on vSphere 6.7 with BIOS configured as boot software.

When I tried to change the boot order I could locate the message:

All items on this menu cannot be modified in user mode. If any items require changes, please consult your system Supervisor.

As a result I could not boot from the CD device. This happens because the boot order is defined on the .vmx file of the virtual machine. In more detail the bios.bootOrder attribute should be changed accordingly.

Download and edit .vmx. You should add cdrom as the first option.

Rename the existing .vmx for backup purposes


Force a BIOS boot on setup screen

Upload the .vmx file on VM datastore folder.

Then the boot will be performed from CD as expected.

Posted on by Leave a comment

Log commands for all users on Linux – Redhat auditd

As security is one of the most important things on your infrastructure, you should enable logging for all commands and actions that a user performs (logins included).

In this article I will explain the procedure using auditd which comes preinstalled with many Linux distributions.

First things first, check if auditd is already installed and started on your system.

Then go to the rules file and open it with your favorite editor.

vi /etc/audit/rules.d/audit.rules

Add the below two rules to the end of the file.

-a exit,always -F arch=b32 -S execve -k auditcmd
-a exit,always -F arch=b64 -S execve -k auditcmd

Then execute on terminal:

augenrules 

You should then restart the service. Trying to do so with systemctl you may encounter the below error:

Execute auditd stop and start using the below commands:

service auditd stop
service auditd start

Verify existing rules:

auditctl -l

You are now ready and you can test the logging functionality. Perform a sudo action with a non root user.

Locate the action from logs.