I have been trying to open oracle db. It gives below error.
ORA-27515: inadequate memlock limit
So I put below lines in limits.conf.
* soft memlock 60397977
* hard memlock 60397977
However even after reboot, it doesn't take effect.
Both these files contains below line ./etc/pam.d/su and /etc/pam.d/sshd:
session required pam_limits.so
Figured out that UsePam was set 'no' in /etc/ssh/sshd_config file.
I made it 'yes', rebooted the node and it worked.
Add:
UsePAM yes to your /etc/ssh/sshd_config
and
You don't need to reboot. Just restart sshd service.
You restart by one of the following commands:
Debian/Ubuntu
sudo systemctl restart ssh.service
OR
sudo systemctl restart ssh
Red Hat/CentOS
sudo systemctl restart sshd.service
OR
sudo systemctl restart sshd
macOS
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist then sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist
FreeBSD/OpenBSD
/etc/rc.d/sshd restart
Credit GH P's answer of adding UsePAM=yes to sshd_config.
Related
I want to run the following commands one after the other upon reboot of the server after I do shutdown -r now but not sure how to do it:
getenforce
setenforce 0
systemctl start httpd.service
I'm running CentOS 7.x
Technically you can crontab it
sudo crontab -e
and add the line
#reboot /somewhere/myscript.sh
and put the 3 commands in the myscript.sh with the proper rights.
But it is a bad idea since you can you just make these changes permanent:
systemctl enable httpd
and
vim /etc/selinux/config
to set the SELINUX variable to permissive
This will make the configuration permanent across reboot.
I have made changes in :
cat /etc/pam.d/common-session-noninteractive
sudo vi /etc/pam.d/cron
sudo vi /etc/security/limits.conf
after rebooting system crontab stop working when I check syslog it shows below error:
PAM (cron) illegal module type: ession
cron[4936]: Permission denied
I have been making some custom shell scripts for my nagios machine. I was able to make them run just fine but for some reason some commands in the script don't seem to be working.
For instance commands like echo, cut , ps , grep work fine but commands like touch, useradd dont seem to work, even with sudo. If I run the script from the terminal, all the commands in the script work.
How can I give nagios permissions to run these commands?
I'm running nagios3 on ubuntu 14.04.5 lts
Edit: Added a few lines of code which aren't being run
sudo useradd -m $USERNAME
(echo $PASSWORD; echo $PASSWORD) | sudo smbpasswd -s -a $USERNAME
Standard way is setup permission for Nagios user on monitored server, for instance NRPE, in /etc/sudoers file.
1. method
Try add something like this in your sudoers file.
Defaults:nrpe !requiretty
nrpe ALL= NOPASSWD: useradd -m
nrpe ALL= NOPASSWD: smbpasswd -s -a
PS: For easy editing sudoers file you can use visudo command ;-)
2. method
Or you can try add Nagios user to sudo group via sudo usermod -aG sudo <username>
-a stands for add
G is for group
Tell nagios to run the script as sudo in your .cfg file...
Assuming its permissions problem.
Edit /etc/sudoers file using visudo, this allows automatic file check for errors.
Defaults:nrpe !requiretty
nrpe ALL=(root) NOPASSWD: /path/to/your/command/or/script
Verify sudo has assigned the above permissions to the user in this case nrpe
sudo -U nrpe -l
you should see the command you added listed within the outpul
Edit /etc/nagios/nrpe.cfg
Add your command to the end of the file
e.g.
command[your_command]=/usr/bin/sudo /path/to/your/command/or/script
Restart nrpe
Centos: systemctl restart nrpe (use the command available based on your Operating system)
When I sudo to root vi mode is turned off, so that I need to either run set -o vi or change root's profile to use vi mode. I don't want to change the profile as this will impact other engineers and I don't want to have to type set -o vi every time I sudo. I read man sudo and tried sudo -i and sudo -sE, but neither of these preserved $SHELLOPTS where vi mode is set.
I did find that setting env_keep += SHELLOPTS in /etc/sudoers fixed the issue, but this file is being maintained by a config mgmt system and I don't want to make such a global change just because I prefer vi as my command line editor. So, ultimately is there a way I can set this when sudoing that will not require making changes to shared and/or managed config files?
[user#host:~]$ echo $SHELLOPTS
braceexpand:hashall:histexpand:history:interactive-comments:monitor:vi
[user#host:~]$ sudo -i
[root#host:~]# echo $SHELLOPTS
braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor
[user#host:~]$ sudo -sE
[root#host:~]# echo $SHELLOPTS
braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor
Is there any simple and lightweight monitoring tool like well-known htop, but with web interface? For Debian / Repberry Pi. All solutions I've seen was complicated and resource-intensive.
I've found an interesting solution to run htop (and any other interactive console application) in browser — shellinabox
Install shellinabox
[sudo] apt-get install shellinabox
Stop shellinabox daemon
[sudo] service shellinaboxd stop
Disable shellinaboxd autostart (in default configuration shellinaboxd serves http-ssh session on 4200 port)
[sudo] update-rc.d -f shellinaboxd remove
Now start shellinaboxd with own parameters
[sudo] shellinaboxd -t -b -p 8888 --no-beep \
-s '/htop_app/:nobody:nogroup:/:htop -d 10'
Options:
-t — disable ssl (if necessary, not recommended for public servers)
-b — run in background
-p — web server port number
--no-beep — disable annoying beeps
-s '…commands…' — session configurstion, where
/htop_app/ — URL
nobody:nogroup — user and group for session (nobody:no group chosen for security reasons)
htop -d 10 — command (actually session shell): run htop with -d 10 argument (means update every second)
Now go to browser and navigate to
http://you_server_address:8888/htop_app/
Should look something like this (screenshot)
glances is great! Use that!
https://nicolargo.github.io/glances/
https://iotrant.com/2019/09/03/keep-tabs-on-your-raspberry-pi-with-glances/
Very light dependencies -- basically just Python, psustil, bottle if you want to see it as a webservice...
Thanks everything works well!
In debian wheezy:
[sudo] service shellinaboxd stop
Becomes (without the letter 'd')
[sudo] service shellinabox stop
The same applies to update-rc.d line
[sudo] update-rc.d -f shellinabox remove