Posts

Showing posts from April, 2015

SystemD and FIFO Sockets in RHEL7

There's a bug with a relevant discussion on systemd's approach to FIFO socket deletion. As of systemd-214 the issue with "stale" sockets was resolved by supplying the `RemoveOnStop` option to its corresponding `.service`. However, at the moment RHEL7 has systemd-208 as the default version; and I am seeing the following errors in `dmesg` output: systemd[1]: systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ) systemd[1]: /usr/lib/systemd/system-generators/anaconda-generator exited with exit status 1. [ +0.056775] systemd[1]: [/usr/lib/systemd/system/lvm2-lvmetad.socket:9] Unknown lvalue 'RemoveOnStop' in section 'Socket' [ +0.000675] systemd[1]: [/usr/lib/systemd/system/dm-event.socket:10] Unknown lvalue 'RemoveOnStop' in section 'Socket' I'm not sure if LVM2 is referencing a feature that's not available in the default systemd version; AFAIK, my configurati…

Power Management and Performance in Enteprise Linux (EL7)

As with most things in Linux, there are an array of different tools and options available when dealing with the performance and power consumption of hardware components. Nevertheless, certain standard or even non-standard defaults always emerge, either distribution-specific or -agnostic. While a greater number of available tools provides greater control and more possible solutions, it also brings with it the possibility of greater potential for confusion and unclear incompatibilities. One such confusion arose when I noticed the inconsistency in my CPU frequency preference across reboots. I was used to using the cpupower utility from the kernel-utils package; however, options in the configuration file in /etc/sysconfig/cpupower had no effect on the system during the boot up process. It turns out that RHEL7 and, by extension, Centos EL7 use the tuned utility by default for performance tuning. As a result, according to a forum post in the Centos forum, ...that service conflicts …

Font Discrepencies in Google Play Books

Image
I have two tablets with Google Play Books installed; the larger tablet has poor font display in Google Play Books when compared to the smaller Nexus7 tablet. I don't know if this is due to different fonts being installed or, perhaps, the difference in the display output. The older, larger tablet is running a custom firmware and, I noticed, the fontScale value is 1.15000; whereas the Nexus7 2013 is running CyanogenMod, and the fontScale value is 1.00000. However, even after changing the global fontScale to "normal" value of 1.00000 the font stays the same as before.

Expanding LVM Partition in RHEL7

Scenario:  I've created a VM with a RHEL7 guest.  The partition layout is a standard, primary partition for /boot and LVM for the rest--namely, /usr, /var, /home, swap and / (rootfs).  After installing updates and some other packages, the /usr directory began to fill up.

In order to mitigate the situation, I created an additional primary partition with an XFS filesystem, as that is the preferred/default FS in RHEL7.

    # parted /dev/vda mkpart P3 xfs 14G 16G

The above command instructs "parted" to operate on the /dev/vda disk and create primary partition 3 with XFS filesystem starting at 14G and ending at 16G.  
Next, I added the physical partition to LVM with the following command: 

# pvcreate /dev/vda

Then, extend the volume group with the physical partition with: 

    # vgextend rhel /dev/vda3

and 

    # lvextend -L+2G /dev/rhel/usr

Finally, to grow the filesystem I executed 

    # xfs_growfs /dev/rhel/usr

Password Aging and Authentication in RHEL7

As I posted in a previous note, the password policy in RHEL 7, and most other linux distributions, is handled by the dynamically-configurable PAM (Pluggable Authentication Modules) system. However, there are a number of other tools implemented in securing the RHEL system. One such tool is the shadow password suite. The shadow suite creates an additional layer of abstraction for the system's login passwords, by removing the account passwords from the /etc/passwd file to a separate file /etc/shadow;while maintaining the unobstructed use of the rest of the accounts system. The Linux Documentation Project explains it: the password is stored as a single "x" character (ie. not actually stored in this file). A second file, called ``/etc/shadow'', contains encrypted password as well as other information such as account or password expiration values, etc. The /etc/shadow file is readable only by the root account and is therefore less of a security risk.
According t…

Password Policy in RHEL 7

In Red Hat Enterprise Linux 7, the pam_pwquality PAM module replaced pam_cracklib, which was used in Red Hat Enterprise Linux 6 as a default module for password quality checking. It uses the same back end as pam_cracklib.
The code was originally based on pam_cracklib module, and the module is backwards compatible with its options.

The pam_pwquality module can be customized and configured in the file /etc/security/pwquality.conf. The possible options in the file are: difok Number of characters in the new password that must not be present in the old password. (default 5)

minlen Minimum acceptable size for the new password (plus one if credits are not disabled which is the default). (See pam_pwquality(8).) Cannot be set to lower value than 6. (default 9)

dcredit The maximum credit for having digits in the new password. If less than 0 it is the minimum number of digits in the new password. (default 1)

ucredit T…