Linux Archives - Page 4 of 11

Posted on October 4, 2021October 14, 2021 by geralexgr — Leave a comment

Create and manage users with Ansible – automatically create sudo users

Creating users is a very trivial task that requires time, especially if there is not a Active Directory mechanism integrated with the Linux servers. In order to make your life easier as an administrator you can run the below playbook that will create users based on a list and add them sudo capabilities.

Task 1
creates the users that have been specified on the loop section.

Task 2
creates the appropriate sudoers file

  1 ---               
  2 - name: create sudoers users based on request
  3   hosts: localhost
  4   become: true    
  5   tasks:          
  6     - name: create users based on a list
  7       user:       
  8         name: "{{ item }}"
  9         password: "{{ '#Passw0rd#' | password_hash('sha512') }}"
 10         shell: /bin/bash
 11       loop:       
 12         - user1
 13         - user2
 14                   
 15     - name: create sudoers file for user
 16       copy:       
 17         content: '{{ item }} ALL = (ALL) ALL'
 18         dest: "/etc/sudoers.d/{{item}}"
 19       loop:       
 20         - user1
 21         - user2

Run the playbook and verify that the password is correct and user has sudo capabilities.

ansible-playbook createusers.yml

Posted on September 21, 2021September 21, 2021 by geralexgr — Leave a comment

Log commands for all users on Linux – Redhat auditd

As security is one of the most important things on your infrastructure, you should enable logging for all commands and actions that a user performs (logins included).

In this article I will explain the procedure using auditd which comes preinstalled with many Linux distributions.

First things first, check if auditd is already installed and started on your system.

Then go to the rules file and open it with your favorite editor.

vi /etc/audit/rules.d/audit.rules

Add the below two rules to the end of the file.

-a exit,always -F arch=b32 -S execve -k auditcmd
-a exit,always -F arch=b64 -S execve -k auditcmd

Then execute on terminal:

augenrules

You should then restart the service. Trying to do so with systemctl you may encounter the below error:

Execute auditd stop and start using the below commands:

service auditd stop
service auditd start

Verify existing rules:

auditctl -l

You are now ready and you can test the logging functionality. Perform a sudo action with a non root user.

Locate the action from logs.

Posted on July 27, 2021July 27, 2021 by geralexgr — 2 Comments

PHP Warning: Module “xxx” is already loaded in Unknown on line 0

After updating a php installation on a webserver I noticed the error that is listed below. This indicates that a module tried to be loaded, but it was running successfully. As a result you should have a duplicate entry of loading the module somewhere.

The error will be shown if you type for example php -v

PHP Warning:  Module "igbinary" is already loaded in Unknown on line 0

Try to locate which module has a duplicate entry. In my example it was igbinary.

php --ini | grep igbinary

Remove the duplicate load and the warning should be dismissed.

Posted on July 9, 2021July 9, 2021 by geralexgr — Leave a comment

Ansible loop over nested dictionary subelements – list object has no attribute

Sometimes it could be tricky in Ansible to loop over a nested key-value list. Take for example the below dictionary which includes a nested list of disks. The upper element of the .yml file is vms which includes name, folder, cpus, sockets, memory and disk.

The disk element consists of disksize and disktype. This .yml file has been created on a previous post which explains how to automatically provision VMware servers.

 vms:
 name: test1-ansible
 folder: ansible
 cpus: 1
 sockets: 1
 memory: 64
 disk:
  - disksize: 64
    disktype: thin
  - disksize: 100
    disktype: thin

If you try to loop over this list you will probably get an error like list object has no attribute.

With the subelements command you can loop over your main list (vms) and access your nested one (disk) with a different index.

In order to retrieve the vm name you should use item.0. The nested values are placed under item.1

---
- name: test playbook 
  hosts: localhost 
  vars_files: vms.yml
  tasks:
    - name: loop over nested
      debug:
        msg: '"{{ item.1.disksize }}"  "{{ item.1.disktype }}"'
      loop: "{{ vms| subelements('disk') }}"

By performing a debug print, we can successfully get the nested keys values.