centos8 – Ansible error when trying to ping Windows 10 host. No winrm module

I’m using this command to ping a Windows host from my CentOS 8 Ansible server

ansible windows -m win_ping

But I get this output when executing it

windows | FAILED! => {
      “msg”: “winrm or requests is not installed: No module named winrm”
}

This is the entry for the Windows machine on my Ansible hosts file

[w10]
windows ansible_host=10.0.10.15
[w10:vars]
ansible_user=someuser
ansible_password=somepassword
ansible_connection=winrm
ansible_port=5986

Winrm is enabled on the Windows machine. I also installed the pywinrm module with the following command, but it didn’t solve my problem

pip3 install pywinrm

What am I doing wrong? Thanks in advance

centos8 – CentOS 8 NTP: Chrony will not Sync with sources, timedatectl showing no sync but NTP active

I have been battling with Chrony for the last few hours and cannot seem to figure out what I’m doing wrong.
I found that my system time was set to 2015 when trying to activate Epel-release in DNF, some certificate errors lead me to trying to resolve time date issues. Below is all my relevant output:

    # timedatectl
               Local time: Wed 2021-05-05 16:24:27 EDT
           Universal time: Wed 2021-05-05 20:24:27 UTC
                 RTC time: Wed 2021-05-05 20:24:27
                Time zone: America/Detroit (EDT, -0400)
System clock synchronized: no
              NTP service: active
          RTC in local TZ: no

I had to set time manually, so this is actually one minute fast so that I could see if it ran correctly.

# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^? ntp.speculation.org           0   9     0     -     +0ns(   +0ns) +/-    0ns
^? c-73-239-136-185.hsd1.wa>     0   9     0     -     +0ns(   +0ns) +/-    0ns
^? 165.227.106.11                0   9     0     -     +0ns(   +0ns) +/-    0ns
^? x.ns.gin.ntt.net              0   9     0     -     +0ns(   +0ns) +/-    0ns

# chronyc activity
200 OK
5 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address

Looking at other people’s sources output this seems not only unrealistic, but just wrong

# systemctl stop chronyd

# chronyd -q
2021-05-05T20:31:16Z chronyd version 3.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 +DEBUG)
2021-05-05T20:31:16Z Frequency -97.480 +/- 1.274 ppm read from /var/lib/chrony/drift
2021-05-05T20:31:16Z Using right/UTC timezone to obtain leap second data
2021-05-05T20:31:27Z No suitable source for synchronisation
2021-05-05T20:31:27Z chronyd exiting

I’m not even sure where to start troubleshooting this, I have tried with and without firewalld running.

# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
server 2.pool.ntp.org iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys

# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

I have edited my conf files a ton, my pools might be a little weird but I wasn’t sure what else to have them set to. before this there was just 1 pool directive that I foolishly removed without backing up.

# ntpstat
unsynchronised
poll interval unknown

Finally by suggestion of a friend, I used ntpstat and it gave me this output..

I have tried chronyc makestep and refresh, both of which have yielding nothing as well

centos8 – Several graphical applications in RDP Linux Centos, do not run

I have a dedicated server with Linux Centos 8 operating system with XFCE desktop environment that I connect to via XRDP and Microsft Desktop. The processor has an integrated GPU but I see that it does not want to run some (several) applications for example Microsoft Edge, Opera, VLC Player, they are simply installed and I am going to run them through the graphical interface (connected remotely) and they never start.

I was wondering what I can do to solve this, since if I install Windows on the server the applications such as VLC, if they work and allow to open, for example, Video, Audio files, etc.

centos8 – unable to install openssh server on centos 8

[error message1Image: Centos 8

Downloaded from osboxes

Goal: Installation of any package for example openssh server

error: attached screenshot

I have checked the following solutions centos yum

But did not really help me in any respect.

I am stuck and surprised i am not sure what can be done. I have been researching on this issue for a while now.

Please help

Regards

s

centos – Cannot access locally hosted website on NginX, CentOS8

I’ve setup a CentOS virtual machine in VMWare on my network with a bridged ethernet adapter and install CWP7 on the OS.

I’m able to access the CWP7 control panel without issue on a static IP defined in the VM’s adapter settings. 10.0.1.38

I’ve created a secondary VM on windows server as a local DNS server on IP 10.0.1.39 and set this IP as my DNS server on the CentOS VM. Using nslookup in the CentOS VM I can see that my crm.local domain is pointing to 10.0.1.38 correctly.

In CWP7 I created a user called crm and a domain called crm.local. Under webserver settings i’ve configured the user crm > Domain: crm.local to point to 127.0.0.1 to loopback to itself on port 8182.

When I hit http://crm.local:8182 I’m getting `Firefox can’t establish a connection to the server at crm.local:8182

I’m stuck and have tried changing all possible configurations I can think of but nothing’s made it work. I have a sample HTML file in the directory home/crm/public_html/index.html that never loads. It is the correct directory matching what’s configured in the cwp7 panel.

centos8 – What is Apache Trying to do that SELinux is blocking?

I have a small web server (CentOS 8) that runs a small php & mysql app. It also runs runs Nagios, BIND, and Postfix running as a secondary MX.

Everything seems to “work”, and I’ve never noticed any problems.
However, selinux routinely logs the following AVC:

time->Sat Dec 12 01:55:16 2020
type=AVC msg=audit(1607756116.608:1381369): avc:  denied  { name_connect } for  pid=631936 comm="httpd" dest=80 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0

Looking at /var/log/httpd/error_log, I see a corresponding Permission Denied for the same pid at the same time:

(Sat Dec 12 01:55:16.608941 2020) (core:warn) (pid 631936) (13)Permission denied: AH00056: connect to listener on (::):80

Is there a way for me to track down, what exactly, Apache is trying to do that is getting blocked? As I mentioned, nothing seems to be broken, so I haven’t tried to build a module to allow this. But I’d like to find the root cause of the AVC denied message here, and either:

  • Allow it if it is harmless and should actually be allowed, OR
  • Configure Apache to stop trying to do whatever it is that it is trying to do

centos – Centos8: Discs IDs broken after moving from VMware ESXi to HyperV

I have moved Centos8 VM from ESXi to the HyperV 2019 core (hdd only)
It seems the disks or partitions IDs are broken so it’s not staring up properly using default/first grub menu option.

But it runs with last (rescue) option.

How can I rebuild “rescue” so default grub menu option will run?

security – centos8 fail2ban not working

I am running fail2ban on CentOS 8 with ssh and Nginx configured. They both are showing ip’s being blocked when I do the fail2ban-client status , but they are not actually being blocked by firewalld. I am being bombarded with ssh attacks and nothing is happening on the firewall side. I am running “tcpdump – i any port 80 or port 443 or port 22” and seeing multiple failed attempts. Again fail2ban sees them and says they are banned, but they are not actually baned. Any suggestions??

[DEFAULT] 
ignoreip = 127.0.0.1 192.168.1.0/24
bantime  = 21600
findtime  = 300
maxretry = 3
banaction = iptables-multiport
backend = systemd

[sshd] 
enabled = true

[nginx-http-auth]
enabled  = true
filter   = nginx-http-auth
port     = http,https
logpath  = /var/log/gitlab/nginx/error.log

[nginx-noscript]
enabled  = true
port     = http,https
filter   = nginx-noscript
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 6

[nginx-badbots]
enabled  = true
port     = http,https
filter   = nginx-badbots
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 2

[nginx-nohome]
enabled  = true
port     = http,https
filter   = nginx-nohome
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 2

[nginx-noproxy]
enabled  = true
port     = http,https
filter   = nginx-noproxy
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 2

[gitlab]
enabled = true
port = http,https
filter = gitlab
logpath = /var/log/gitlab/gitlab_error.log

samba4 – Centos8: Selinux blocking Samba service from starting

My Samba4 service is being blocked from starting using systemctl. The audit log shows:

type=AVC msg=audit(1606428851.446:87): avc:  denied  { execute } for  pid=1748 comm="(samba)" 
name="samba" dev="dm-0" ino=1462831 scontext=system_u:system_r:init_t:s0 
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0

Setting Selinux policy to “permissive” solves the problem …. but it’s not a full time solution.

Samba was built locally. It’s not a repo package.
So as I understand I have to manually enable it’s executable path in Selinux. But how can I do it?

Service definition file looks like:

(Unit)
Description=Samba Active Directory Domain Controller
After=network.target remote-fs.target nss-lookup.target

(Service)
Type=forking
ExecStart=/usr/local/samba/sbin/samba -D
PIDFile=/usr/local/samba/var/run/samba.pid
ExecReload=/bin/kill -HUP $MAINPID

(Install)
WantedBy=multi-user.target