vsftpd – Inverse Name Search by UID (CentOS 8) – Retrieves last created with same UID

I am working with CentOS 8 and I have a problem with UIDs and User Names. I have installed VestaCP to manage my websites. The user by the name of “user123” and UID 1007 is the owner of all the websites (user in VestaCP). Then I have created individual FTP users for each website. Each FTP user has the following name format: “user123_random”, where random is a random text. Each FTP user has a different name, but they all share the same UID (1007) (this is the default behavior when creating new FTP users).

Now the problem happens when I am checking the ownership (user) of each website or file inside that website. So technically, the owner belongs is UID 1007. The problem here is that CentOS 8, for some reason, it is showing “user123_random” as the owner of the websites instead of “user123”.

The curious thing is that when I do a “id -nu 1007”, it returns the name of the last FTP user created with the prefix “user123_”. So I assume, this is what CentOS 8 does internally, showing the last username (with same ID 1007) as the owner of a file/directory. This is not how CentOS 7 worked. CentOS 7 would show “user123” as the owner of the files, irrespective of adding new FTP users with the same UID.

The question is…is there a way to change this behavior in CentOS 8, so that it behaves as CentOS 7? So that the inverse name search by UID returns the “first created user” with that UID.

Centos 8.1 installer cannot see SAS disks attached to Perc 6/i

How to get Centos 8.1 installer to see Perc 6/i attached SAS disks?

The Dell t7400 hardware boots MS-Windows properly from Perc 6/i attached SAS disks.
Dell Bios A11 shows 3 virtual drives at initialization.

There are four 285gb disks attached to the Perc 6/1 of which disks 0+1 are Raid-1 and are bootable and boot MS-Windows (i.e. 3 VDs).

The other 2 disks are raid0 and I want to install linux on the 3rd / 4th disks and use grub to dual boot.

Centos 8.1 is on usb-pen-drive from which I boot, but it cannot see any of the 4 SAS drives for the “installation destination”.

Perc 6/i has bios 6.2.0-0013 and firmware 1.22.02-0612, bios controller is enabled and vd 0 is bootable.

Suggestions?

openssl – generate CSR with SAN does not seem to work. on centos 8

I have been trying to generate a CSR which includes a san of type OtherName.

the generated CSR does not seem to have the SAN field.

this is the configuration file:

distinguished_name = req_distinguished_name
(req_distinguished_name)
countryName                 = Country Name (2 letter code)
stateOrProvinceName         = State or Province Name (full name)
localityName               = Locality Name (eg, city)
organizationName           = Organization Name (eg, company)
commonName                 = Common Name (e.g. server FQDN or YOUR name)
(v3_req_client)
extendedKeyUsage = clientAuth
subjectAltName = @alt_names
(alt_names)
otherName = 1.3.6.1.4.1.311.20.2.3;UTF8:user@localhost

I generate the CSR as this:

openssl req -out user.csr -newkey rsa:2048 -nodes -keyout private.key -config openssl.conf

but the resulting CSR does not have subjectaltNames field:

ertificate Request:
Data:
    Version: 1 (0x0)
    Subject: C = co, CN = user
    Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
            RSA Public-Key: (2048 bit)
            Modulus:
                00:df:19:be:1d:55:7d:f9:3a:29:e8:11:f6:ce:50:
                76:61:6b:5b:36:10:a7:b0:ac:99:83:0f:0f:a4:c6:
                1d:d7:c2:33:96:16:7b:5e:52:65:25:9f:e7:00:79:
                7d:b6:92:73:bb:5a:37:6d:ee:1f:18:09:71:bb:46:
                7c:65:95:1b:03:83:cf:ef:a8:79:0c:d0:bd:99:a5:
                34:5d:97:c3:29:d3:b6:59:4b:90:8c:57:65:aa:7d:
                9a:c3:7d:22:50:36:b0:e7:ba:c5:59:b0:f8:f0:90:
                26:4e:09:5b:5c:75:f2:1d:db:f4:aa:47:c0:65:b1:
                79:b6:10:7e:df:88:1f:9b:25:e4:20:69:09:36:8f:
                0e:ca:7c:2f:35:e2:7a:1e:c1:87:0f:20:0c:de:9e:
                94:17:8d:d3:4a:73:53:6d:88:d1:8b:e6:00:ca:e2:
                0c:99:ff:0b:6b:cb:5a:2d:e0:d0:27:5c:c0:66:ae:
                ce:b0:11:4a:9a:2c:30:f7:e2:bc:b0:2e:ac:eb:69:
                dd:db:9d:b5:84:85:24:80:d8:64:b5:c0:bc:d5:de:
                16:b7:0f:82:9c:8a:5b:9a:c8:21:40:20:42:cd:0b:
                64:55:55:76:56:11:af:b5:0b:3d:dc:81:28:61:d2:
                ff:c9:fd:43:2b:e3:1e:2e:c8:66:7b:21:14:4d:8d:
                45:c7
            Exponent: 65537 (0x10001)
    Attributes:
        a0:00
Signature Algorithm: sha256WithRSAEncryption
     23:b2:58:69:c3:93:b9:f4:45:2e:45:fa:af:e8:69:09:8d:3f:
     65:cb:6e:aa:3a:95:04:6a:21:81:02:c2:2f:fc:f4:98:cf:71:
     5a:4f:36:8e:e7:f5:09:a2:d3:8f:3d:49:55:6b:93:ed:bb:7e:
     78:c2:43:26:c1:6d:bf:9d:3c:29:3a:29:67:90:04:5a:fd:4f:
     9c:9d:7f:bb:98:67:ce:ab:66:be:0e:d5:af:4a:e5:fb:3b:72:
     c4:9c:cd:d7:f4:1c:81:2e:32:c5:8a:c5:d7:d7:9f:bc:1d:c9:
     51:94:0e:30:70:92:e1:ac:d4:d7:93:d8:9a:b8:5e:83:fc:cb:
     ab:6c:d4:f1:7f:70:96:f6:61:b8:48:14:d9:dc:1e:02:d3:ae:
     e5:90:1c:46:67:f3:99:2e:6e:4b:52:8e:71:0d:d2:31:2e:e6:
     0b:f9:88:b2:b8:a9:63:7a:5b:60:08:a4:ce:b8:5e:08:a7:cb:
     58:29:28:e4:30:85:2e:63:ae:bf:2b:51:ec:cc:29:96:16:72:
     20:80:d7:df:63:05:e8:f4:eb:59:d9:98:a2:f5:81:9f:7f:48:
     28:96:3f:bd:0f:e4:93:1a:d1:8d:53:d2:12:67:aa:52:3b:fe:
     f0:cf:c0:e5:7f:e4:96:16:c7:44:3f:5e:60:7a:f9:87:a8:e0:
     53:af:35:cd

but if a generate a certificate like this:

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -out test.pem -outform PEM -keyout test_key.pem -subj "/CN=user" -extensions v3_req_client -config openssl.conf -verbose

the resulting certificate has the subject alternative names:

X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Subject Alternative Name:
othername:

but how i can just get a CSR with the SAN? what is missing in my csr request command to have it?

I am running CentOS Linux release 8.0.1905 (Core) with openssl version 1.1.1 FIPS

note I do not consider this to be a duplicate of: Missing X509 extensions with an openssl-generated certificate
as the SAN is not even in the CSR

Centos 6 USB memory stick for booting iso


Hi Im trying to use a memory stick for installing centos 8 so I formatted first kingston memory stick but it went numb so then I figured out my mistake was that I formatted it to fat16 so in short its hard to reformat so I got pissed the galout and I purchased new kingsron memory stick of 16 gigas so I went to use it with programs such as

iso2usb

universal usb installer

unetbootin

and they dont find my new memory stick they tell me I shall format my usb memory to fat32 .So gentry I ask you?

Truly firstly I dont want to purchase another memory usb so the choices on my centos 6 available on formatting are

For compatibility with all FAT systems,should I use this?

bind – DNS zone on CentOS 7 not working

I have server with CentOS 7, when i have DNS and domain learn-linux.eu. My domain works but only without www.
my /etc/named.conf file

options {
        listen-on port 53 { 127.0.0.1; 193.33.111.185; };
        #listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost; 193.33.111.0/24; };

        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.root.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "learn-linux.eu" IN {
        type master;
        file "/var/named/learn-linux.db";
        allow-update {none;};
};

zone "111.33.193.in-addr.arpa" IN {
        type master;
        file "/var/named/193.33.111.db";
        allow-update {none;};

};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

My DNS zone:

$TTL 14400
@ IN  SOA     ns1.learn-linux.eu. root.learn-linux.eu. (
                                                13    ;Serial
                                                1H      ;Refresh
                                                15M     ;Retry
                                                2H      ;Expire
                                                1H      ;Minimum TTL
                                                )

;Name Server Information
@      IN  NS      ns1.learn-linux.eu.
learn-linux.eu. IN A 193.33.111.185
www.learn-linux.eu.     IN A 193.33.111.185
;IP address of Name Server
ns1.learn-linux.eu.     IN      A 193.33.111.185
www     IN  A       193.33.111.185

my reverse zone

@ IN  SOA     ns1.learn-linux.eu. root.learn-linux.eu. (
                                                        6    ;Serial
                                                        1H      ;Refresh
                                                        15M     ;Retry
                                                        4H      ;Expire
                                                        1D      ;Minimum TTL
                                                        )
;Name Server Information
@ IN  NS      ns1.learn-linux.eu.

;Reverse lookup for Name Server
185        IN  PTR     www.learn-linux.eu.

command dig www.learn-linux.eu result

 <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.3 <<>> www.learn-linux.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43694
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.learn-linux.eu.            IN      A

;; ANSWER SECTION:
www.learn-linux.eu.     14400   IN      A       193.33.111.185

;; AUTHORITY SECTION:
learn-linux.eu.         14400   IN      NS      ns1.learn-linux.eu.

;; ADDITIONAL SECTION:
ns1.learn-linux.eu.     14400   IN      A       193.33.111.185

;; Query time: 0 msec
;; SERVER: 193.33.111.185#53(193.33.111.185)
;; WHEN: Mon May 18 15:15:22 CEST 2020
;; MSG SIZE  rcvd: 97

command dig learn-linux.eu result

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.3 <<>> learn-linux.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60013
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;learn-linux.eu.                        IN      A

;; ANSWER SECTION:
learn-linux.eu.         14400   IN      A       193.33.111.185

;; AUTHORITY SECTION:
learn-linux.eu.         14400   IN      NS      ns1.learn-linux.eu.

;; ADDITIONAL SECTION:
ns1.learn-linux.eu.     14400   IN      A       193.33.111.185

;; Query time: 0 msec
;; SERVER: 193.33.111.185#53(193.33.111.185)
;; WHEN: Tue May 19 09:46:35 CEST 2020
;; MSG SIZE  rcvd: 93

named-checkzone

(pawel@learn-linux ~)$ sudo named-checkzone learn-linux.eu /var/named/learn-linux.db
zone learn-linux.eu/IN: loaded serial 13
OK

named status

(pawel@learn-linux pawel)# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2020-05-19 09:37:45 CEST; 4s ago
  Process: 1593 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 1608 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 1605 ExecStartPre=/bin/bash -c if ( ! "$DISABLE_ZONE_CHECKING" == "yes" ); then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 1610 (named)
   CGroup: /system.slice/named.service
           └─1610 /usr/sbin/named -u named -c /etc/named.conf -4

May 19 09:37:45 learn-linux.eu named(1610): zone 111.33.193.in-addr.arpa/IN: loaded serial 8
May 19 09:37:45 learn-linux.eu named(1610): zone localhost/IN: loaded serial 0
May 19 09:37:45 learn-linux.eu named(1610): zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
May 19 09:37:45 learn-linux.eu named(1610): zone learn-linux.eu/IN: loaded serial 14
May 19 09:37:45 learn-linux.eu named(1610): zone localhost.localdomain/IN: loaded serial 0
May 19 09:37:45 learn-linux.eu named(1610): all zones loaded
May 19 09:37:45 learn-linux.eu named(1610): running
May 19 09:37:45 learn-linux.eu systemd(1): Started Berkeley Internet Name Domain (DNS).
May 19 09:37:45 learn-linux.eu named(1610): managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
May 19 09:37:45 learn-linux.eu named(1610): resolver priming query complete

On firewall i added 53/udp port.
In /etc/resolv.conf i added

nameserver 193.33.111.185

in /etc/sysconfig/network-scripts/ifcfg-eth0 i added

DNS1=193.33.111.185

But my zone still not working with www and without www. In the company where I bought the domain, I set the ns domain to ns1.learn-linux.eu. What i do wrong? I’ve been trying to fix it since yesterday, but to no avail.

centos – Redis don’t stop or restart on CentOS7

I’ve installed Redis version 3.2.12 on one CentOS 7 node of a cluster with Cloudera Manager 6.3 and my redis never stop. I want to add a password but it don’t want to restart.
Everything is on default, I just added the password, but that has no effects because I can’t restart.

My instalation was:

sudo yum -y install redis

sudo service redis start

When I type redis-cli, CLI starts normally at 127.0.0.1:6379. when I try shutdown, the console shows ‘not connected’, but with lsof -i :6379 I can identify that the ‘redis-service’ jobs die and return with another PID, celery jobs always stay alive.
If I try to kill celery and redis jobs, it always return with another PID. There are aproximately 67 jobs reunning.

service redis stop Return ‘Redirecting to /bin/systemctl stop redis.service’ but has no effects.

If I try service redis restart then service redis status it returns:

redis.service: main process exited, code=exited, status=1/FAILURE
Unit redis.service entered failed state.

Option daemonize is no

Someone can please help me as a way to debug or understand what is happening? It’s my first time with Redis.

centos – netstat how to exclude localhost from the result when using grep

When I run this command in my terminal:

netstat -an | egrep ":80|:443" | sort

I got this following output:

tcp        0      0 172.104.10.125:48310    172.104.10.125:8081     TIME_WAIT  
tcp        0      0 172.104.10.125:48316    172.104.10.125:8081     TIME_WAIT    
tcp        0      0 172.104.10.125:48428    172.104.10.125:8081     ESTABLISHED
tcp        0      0 172.104.10.125:80       0.0.0.0               LISTEN     
tcp        0      0 172.104.10.125:80       5.111.110.185:23784     SYN_RECV   
tcp        0      0 172.104.10.125:80       89.109.64.166:42690     TIME_WAIT  
tcp6       0      0 ::1:443                 ::                    LISTEN     
tcp        0      0 172.104.10.125:443      60.51.33.253:65270      ESTABLISHED
tcp        0      0 172.104.10.125:443      66.249.79.94:49202      ESTABLISHED
tcp6       0      0 172.104.10.125:8080     172.104.10.125:39668    TIME_WAIT  

The 172.104.10.125 is my IP address, how do I exclude the above result that have ‘172.104.10.125’, ‘0.0.0.0’ and ‘::’ on the 5th column ? Because those are trusted localhost IP and protocol.

If I use this:

egrep -v "172.104.10.125|::|0.0.0.0" 

it will exclude everything not on the 5th column

centos – Connection issue to Mysql from Apache server

I am operating on Centos7 and Mysql 5.6.46. I needed to move the default datadir location to an encrypted partition and I changed my default /etc/my.cnf file accordingly:

# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html

(mysqld)
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/NEW_FOLDER/mysql
socket=/NEW_FOLDER/mysql/mysql.sock

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

# Recommended in standard MySQL setup
#sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES 
sql_mode=""

(mysqld_safe)
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

(client)
port=3306
socket=/NEW_FOLDER/mysql/mysql.sock

After restarting, I verify that I can connect to Mysql by writing: mysql -u <USERNAME> -p, no issue there.
What my issue is has to do with when my CGI-based server is trying to access the DB. I get the error: Error connecting to database: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) which does not make much sense to me since the default socket directory has changed.

I looked into the Apache error log and I see this:

DBI connect('testuser:localhost','testdb',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) at /srv/www/TestSite/perl-lib/Database.pm line 31.

I go to line 31 and I see this:

my $dsn = "DBI:mysql:testdb:localhost";
    $dbh = DBI->connect($dsn, 'testuser', 'testpasswd')
      or throw Portal::DatabaseError("Error connecting to database: $DBI::errstr");

The way I see it, Apache is trying to access Mysql but it cannot use the mysql.socket from the new default mysql datadir location. Any ideas what to do?