Possible missing firmwares for module i915

The warning message below has been displayed after upgrading Debian testing :

W: Possible missing firmware /lib/firmware/i915/kbl_guc_ver9_14.bin for module i915
W: Possible missing firmware /lib/firmware/i915/bxt_guc_ver8_7.bin for module i915

This issue has been referenced in the Debian bug tracking system : #857997
For now, this package does not provide the latest version of Kabylake GuC (9.14) and Broxton GuC (8.7) firmwares.
To remove this warning message, as a workaround, just download them and copy the blob files into the directory /lib/firmware/i915.
Finally, rebuild your initramfs :

update-initramfs -k `uname -r`-u

Upgrade a rpm package on a couple of servers with a quick one-liner in Ansible

Upgrade a rpm package on a couple of servers with a quick one-liner in Ansible :

export ANSIBLE_INVENTORY=servers_list
ansible all -b --ask-become-pass -m yum "name=bash state=latest"

servers_list is the text file listing your servers.
Using the ANSIBLE_INVENTORY variable overrides the use of a generate inventory.
This one-liner makes use of the yum Ansible module.
Running sudo commands is possible with these options -b and –ask-become-pass

Network interface disabled by default in CentOS 7

After a fresh installation of CentOS 7, your main network interface may be disabled. Its name may be enp0s3.

Check its status with :

nmcli dev status

To enable it permanently, look at its configuration file at /etc/sysconfig/network-scripts/ifcfg-enp0s3 and make the change from :

ONBOOT=no
to
ONBOOT=yes

Restart the network service :

systemctl restart NetworkManager

The network interface status should now be as connected :

nmcli dev status

Winbind does not reflect AD group membership change

Sometimes, Winbind does not reflect AD group membership change. How to recover from it ?
The below steps have been successfully tested on a Red Hat server :

Get OS version :
cat /etc/redhat-release

Get Winbind version :
wbinfo -V

Stop Winbind service :
service winbind stop

Flush any Winbind cache :
net cache flush

Delete all tdb files :
rm -rf /var/lib/samba/*.tdb

Restart Winbind service :
service winbind start

Look up details for a given user :
id username

Remote: error: insufficient permission for adding an object to repository database objects

If you push code to a git repo, you might get this error :

remote: error: insufficient permission for adding an object to repository database objects
remote: fatal: failed to write object

Make sure that the system permissions are set properly. Stackoverflow provides some good troubleshooting steps.

The commands below solve the issue :

cd /path/to/repo.git
chgrp -R groupname .
chmod -R g+rwX .

git config core.sharedRepository true
 

For groupname, make sure it matches the user account details that you use for logging in and pushing code to the git server.

 

Apache HTTPD : ETag Inode Information Leakage

Apache HTTPD : ETag Inode Information Leakage

This is an error that occurs during PCI scans. To remediate it, disable the ETag feature in your Apache configuration file.

Add FileETag None to /etc/httpd/conf/httpd.conf and restart your Apache server :

echo 'FileETag None' >> /etc/httpd/conf/httpd.conf

service httpd restart

Check if the ETag information are present in the http headers sent by your Apache server  :

curl -I https://your_server_name/ -k

 

 

CIFS NULL session permitted

How to disable CIFS NULL session permitted on a Linux server to meet compliance requirements ?

rpcclient can help retrieve details about this server. Log in with an anonymous user :

rpcclient -U "" server_name

Once logged in, run either of these commands :

srvinfo
querydominfo

To leave rpcclient, run the quit command.

If you were able to logged in and if any of the commands display details, then CIFS null session is permitted.

To disable it, add the following parameters to your smb.conf file :

guest account = nobody
restrict anonymous = 1

Check Samba configuration file syntax with :

testparm smb.conf

Restart Samba daemons :

service smb restart
service nmb restart
service winbind restart

Run once again any of the commands within a new rpcclient session.
Any information should be available now.