jason.sh jason-idk

## facls.txt
All About FACLs on Linux... (POSIX) Cheat Sheet and Examples…

Viewing ACLs for file:

root@server # getfacl /tmp/test
# file: test    —> File name
# owner: root   —> Owner of file
# group: root   —> Group owner of file
user::rw-       —> Standard file permissions for owner
user:john:rw-   —> First ACL given to user John

## auditd.txt
System Auditing with Auditd:

About: auditd is the user-space component of the Linux auditing subsystem. When auditd is running audit messages sent by the kernel
will be collected in the log file configured for auditd (normally /var/log/audit/audit.log). If auditd is not running for any reason
kernel audit messages will be sent to rsyslog.


Configuration files:
- /etc/sysconfig/auditd	(startup options)
- /etc/audit/auditd.conf (main config file)

## pam_tally2.txt
Enabling pam_tally2 on RHEL/CentOS 6:

It is important to understand that if you place the pam_tally2 entries in the same order in
both /etc/pam.d/system-auth and /etc/pam.d/password-auth and use sudo, your account
will be marked as a failed login from tally even if the password is correct.

Please edit the following files accordingly:

FILE ---> /etc/pam.d/system-auth:

## chef-notes.txt
CHEF Notes:
################################################################################################################

~ How it works at a high level:
	1. Push configs from admin workstation to the chef server.
	2. Chef server then pushes recipes out to the nodes.

**You really don't need to know Ruby to use Chef.**


## mysql-notes.txt
Random MySQL Notes:

#### Login to MySQL on Plesk by issuing:
If you cannot access DB on Ubuntu, check /etc/mysql/debian.cnf it will be in clear text... Im not joking...

(only on debian based systems… this is definitely a hack and not supposed to be widely used.)
mysql -u admin -p`cat /etc/psa/.psa.shadow`


## persistent-journalctl.txt
Enabling a persistent journal can be done by using the following steps:

1. Create the directory /var/log/journal.

        [root@demo ~]# mkdir /var/log/journal

2. Set the group ownership of the new directory to systemd-journal, and the permissions to 2755.

	[root@demo ~]# chown root:systemd-journal /var/log/journal
	[root@demo ~]# chmod 2755 /var/log/journal

## securing-console-access.txt
##### Securing Console Access #####

Securing GRUB bootloader:
    - Setting GRUB password
    - Setting Operating specific GRUB password


In environments where physical console access can not be prohibited, or as a layer of additional authentication on the console,
a systems administrator can add a password to the GRUB bootloader... You can do so using the following command:

## calculate-maxclients.txt
### Calculate the average apache process memory size… ###

ps --no-headers -o "rss,cmd" -C httpd | awk '{ sum+=$1 } END { printf ("%d%s\n", sum/NR/1024,"M") }'

Example with output:
# ps --no-headers -o "rss,cmd" -C apache2 | awk '{ sum+=$1 } END { printf ("%d%s\n", sum/NR/1024,"M") }'
10M

## secure-bash-scripting
Error handling:

Command:              Behavior:                                                    Recommendation:
#!/bin/bash -p        Prevents loading the initialization scriots.                 Recommended, but wwill need to set the PATH
                                                                                   variable manually.

set -o pipefail       Will return error codes thrown by command. set -e            Recommended for error handling.
                      will just crash if a command returns error code.


## rke2-windows-debug-commands.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                jason-idk
                / rke2-windows-debug-commands.md
            
            
              Created
              June 17, 2024 12:59
                — forked from rosskirkpat/rke2-windows-debug-commands.md
            
              
                RKE2 Windows and Linux Troubleshooting and Debugging
              
          
    RKE2 Windows Troubleshooting

High Level Notes


For any and all RKE2 Windows Clusters, v1.22.x or higher of RKE2 needs to be used. This is due to a Calico 3.19.x bug in v1.21.x of RKE2 that Tigera will not backport.
The minor version of Calico was changed midway through the RKE2 v1.22 lifecycle.

rke2 v1.22.3+rke2r1 through v1.22.6+rke2r1 have Calico 3.20.x (3.20.1 for v1.22.3+rke2r1 only and then 3.20.2 until v1.22.7+rke2r1)
rke2 v1.22.7+rke2r1 and up have Calico 3.21.4 (or higher)


Calico on Windows Limitations
	All About FACLs on Linux... (POSIX) Cheat Sheet and Examples…

	Viewing ACLs for file:

	root@server # getfacl /tmp/test
	# file: test —> File name
	# owner: root —> Owner of file
	# group: root —> Group owner of file
	user::rw- —> Standard file permissions for owner
	user:john:rw- —> First ACL given to user John
	System Auditing with Auditd:

	About: auditd is the user-space component of the Linux auditing subsystem. When auditd is running audit messages sent by the kernel
	will be collected in the log file configured for auditd (normally /var/log/audit/audit.log). If auditd is not running for any reason
	kernel audit messages will be sent to rsyslog.


	Configuration files:
	- /etc/sysconfig/auditd (startup options)
	- /etc/audit/auditd.conf (main config file)
	Enabling pam_tally2 on RHEL/CentOS 6:

	It is important to understand that if you place the pam_tally2 entries in the same order in
	both /etc/pam.d/system-auth and /etc/pam.d/password-auth and use sudo, your account
	will be marked as a failed login from tally even if the password is correct.

	Please edit the following files accordingly:

	FILE ---> /etc/pam.d/system-auth:
	CHEF Notes:
	################################################################################################################

	~ How it works at a high level:
	1. Push configs from admin workstation to the chef server.
	2. Chef server then pushes recipes out to the nodes.

	You really don't need to know Ruby to use Chef.
	Random MySQL Notes:

	#### Login to MySQL on Plesk by issuing:
	If you cannot access DB on Ubuntu, check /etc/mysql/debian.cnf it will be in clear text... Im not joking...

	(only on debian based systems… this is definitely a hack and not supposed to be widely used.)
	mysql -u admin -p`cat /etc/psa/.psa.shadow`
	Enabling a persistent journal can be done by using the following steps:

	1. Create the directory /var/log/journal.

	[root@demo ~]# mkdir /var/log/journal

	2. Set the group ownership of the new directory to systemd-journal, and the permissions to 2755.

	[root@demo ~]# chown root:systemd-journal /var/log/journal
	[root@demo ~]# chmod 2755 /var/log/journal
	##### Securing Console Access #####

	Securing GRUB bootloader:
	- Setting GRUB password
	- Setting Operating specific GRUB password


	In environments where physical console access can not be prohibited, or as a layer of additional authentication on the console,
	a systems administrator can add a password to the GRUB bootloader... You can do so using the following command:
	### Calculate the average apache process memory size… ###

	ps --no-headers -o "rss,cmd" -C httpd \| awk '{ sum+=$1 } END { printf ("%d%s\n", sum/NR/1024,"M") }'

	Example with output:
	# ps --no-headers -o "rss,cmd" -C apache2 \| awk '{ sum+=$1 } END { printf ("%d%s\n", sum/NR/1024,"M") }'
	10M
	Error handling:

	Command: Behavior: Recommendation:
	#!/bin/bash -p Prevents loading the initialization scriots. Recommended, but wwill need to set the PATH
	variable manually.

	set -o pipefail Will return error codes thrown by command. set -e Recommended for error handling.
	will just crash if a command returns error code.