The warning message below has been displayed after upgrading Debian testing :
W: Possible missing firmware /lib/firmware/i915/kbl_guc_ver9_14.bin for module i915
W: Possible missing firmware /lib/firmware/i915/bxt_guc_ver8_7.bin for module i915
This issue has been referenced in the Debian bug tracking system : #857997
For now, this package does not provide the latest version of Kabylake GuC (9.14) and Broxton GuC (8.7) firmwares.
To remove this warning message, as a workaround, just download them and copy the blob files into the directory /lib/firmware/i915.
Finally, rebuild your initramfs :
update-initramfs -k `uname -r`-u
Upgrade a rpm package on a couple of servers with a quick one-liner in Ansible :
ansible all -b --ask-become-pass -m yum "name=bash state=latest"
servers_list is the text file listing your servers.
Using the ANSIBLE_INVENTORY variable overrides the use of a generate inventory.
This one-liner makes use of the yum Ansible module.
Running sudo commands is possible with these options -b and –ask-become-pass
After a fresh installation of CentOS 7, your main network interface may be disabled. Its name may be enp0s3.
Check its status with :
nmcli dev status
To enable it permanently, look at its configuration file at /etc/sysconfig/network-scripts/ifcfg-enp0s3 and make the change from :
Restart the network service :
systemctl restart NetworkManager
The network interface status should now be as connected :
nmcli dev status
Sometimes, Winbind does not reflect AD group membership change. How to recover from it ?
The below steps have been successfully tested on a Red Hat server :
Get OS version :
Get Winbind version :
Stop Winbind service :
service winbind stop
Flush any Winbind cache :
net cache flush
Delete all tdb files :
rm -rf /var/lib/samba/*.tdb
Restart Winbind service :
service winbind start
Look up details for a given user :
If you push code to a git repo, you might get this error :
remote: error: insufficient permission for adding an object to repository database objects
remote: fatal: failed to write object
Make sure that the system permissions are set properly. Stackoverflow provides some good troubleshooting steps.
The commands below solve the issue :
chgrp -R groupname .
chmod -R g+rwX .
git config core.sharedRepository true
For groupname, make sure it matches the user account details that you use for logging in and pushing code to the git server.
Apache HTTPD : ETag Inode Information Leakage
This is an error that occurs during PCI scans. To remediate it, disable the ETag feature in your Apache configuration file.
Add FileETag None to /etc/httpd/conf/httpd.conf and restart your Apache server :
echo 'FileETag None' >> /etc/httpd/conf/httpd.conf
service httpd restart
Check if the ETag information are present in the http headers sent by your Apache server :
curl -I https://your_server_name/ -k
How to disable CIFS NULL session permitted on a Linux server to meet compliance requirements ?
rpcclient can help retrieve details about this server. Log in with an anonymous user :
rpcclient -U "" server_name
Once logged in, run either of these commands :
To leave rpcclient, run the quit command.
If you were able to logged in and if any of the commands display details, then CIFS null session is permitted.
To disable it, add the following parameters to your smb.conf file :
guest account = nobody
restrict anonymous = 1
Check Samba configuration file syntax with :
Restart Samba daemons :
service smb restart
service nmb restart
service winbind restart
Run once again any of the commands within a new rpcclient session.
Any information should be available now.