Palemoon 64-bit for Linux and Flash Player Plugin

  1. Install Palemoon using the pminstaller.sh from http://linux.palemoon.org/download/installer/
  2. Visit the main page at https://get.adobe.com/flashplayer/otherversions/ or use this direct link: https://get.adobe.com/flashplayer/download/?installer=FP_27.0_for_Linux_64-bit_(.rpm)_-_NPAPI&stype=7768&standalone=1 and install it.
  3. Load the libraries in the directory Pale Moon looks in:
    sudo ln -s /usr/lib64/flash-plugin/libflashplayer.so /usr/lib/mozilla/plugins/
    

References

My links

  1. https://bgstack15.wordpress.com/2017/12/07/palemoon-64-bit-for-linux-and-google-talk-plugin/
Advertisements

Fedora 27 ssh and default kerberos config

On my new Fedora 27 system which I joined to my FreeIPA domain, I encountered an error I hadn’t seen before.
In the past I could just say “ssh remotehost” and it would connect me with GSSAPI auth using my kerberos key– no password or ssh key needed! It was wonderful. However, I ran into this issue, as seen with ssh -v remotehost

debug1: Unspecified GSS failure.  Minor code may provide more information
Server host/remotehost@IPA.EXAMPLE.COM not found in Kerberos database

But I know for a fact it’s in the kerberos database!
I duckducked (new verb) the error message and found the culprit.
In file /etc/krb5.conf, this variable should be set to this value:

[libdefaults]
  dns_canonicalize_hostname = true

The default is true according to man krb5.conf. but for whatever reason, whether by joining the domain, or some default of some package in Fedora 27, it was set to false.

For the followers of my bgscripts package, just use this command:

sudo updateval -a /etc/krb5.conf -s '[libdefaults]' '^(\s*dns_canonicalize_hostname\s*=\s*).*' '  dns_canonicalize_hostname = true'

References

Weblinks

  1. https://superuser.com/questions/1166094/ssh-single-sign-on-with-kerberos/1166101#1166101

Palemoon 64-bit for Linux and Google Talk Plugin

  1. Install Palemoon using the pminstaller.sh from http://linux.palemoon.org/download/installer/
  2. Visit gmail and initiate a call, which will cause it to prompt you to download the google talk plugin. Install it.
  3. Load the libraries in the directory Pale Moon looks in:
    pushd /usr/lib/mozilla/plugins 1>/dev/null 2>&1
    sudo ln -s ../../../../opt/google/talkplugin/libnpo1d.so
    sudo ln -s ../../../../opt/google/talkplugin/libnpgoogletalk.so
    popd 1>/dev/null 2>&1

    You don’t even need to close and re-open the browser!

You will still get the warning “Hangouts phone calls will temporarily stop working in Firefox.” When making an outgoing call, you can dismiss the warning. However, I was unable dismiss the warning when receiving a call, which means I was not able to receive calls. I don’t know how to fix that part.

Also, on occasion, it simply wouldn’t make an outgoing call. Just cancel and try again, and then it will work.

References

Weblinks

https://askubuntu.com/questions/906315/install-java-plugin-in-pale-moon-browser/906341#906341

Original research

rpmrebuild google-talkplugin_current_x86_64.rpm

Python get Linux-compatible password hash

This snippet gets you a sha-512 ($6) password hash suitable for putting in /etc/shadow.

# Reference: https://www.shellhacks.com/linux-generate-password-hash/
# python 2
import crypt, getpass, sys;
if len(sys.argv) >= 2: 
 thisraw=str(sys.argv[1]);
else:
 thisraw=getpass.getpass(prompt='New password: ')
 #sys.exit(1)
print(crypt.crypt(thisraw,crypt.mksalt(crypt.METHOD_SHA512)))

Ansible tasks for auditd and logrotate

Auditd does not play nicely with logrotate on CentOS7.

Here is my solution, in ansible format:

tasks

---
# the intention with auditd is to minimize the disk usage of the logs

# modify auditd.conf which notifies the handler
- name: auditd does not keep logs
  lineinfile:
    path: "{{ auditd_conf }}"
    regexp: "{{ item.r }}"
    backrefs: yes
    line: "{{ item.l }}"
    create: no
    state: present
  notify: auditd handler
  with_items:
  - { r: '^max_log_file_action.*$', l: 'max_log_file_action      =  ignore' }
  - { r: '^max_log_file.*$', l: 'max_log_file             =  0' }

# tarball and cleanup any existing audit.log.1 files
- name: list all old auditd logs which need to be compressed and cleaned up
  shell: warn=no find /var/log/audit -regex {{ auditd_log_cleanup_regex }}
  register: cleanup_list
  ignore_errors: yes

- name: touch archive file
  file:
    path: "{{ auditd_log_dir }}/old-audit.log.tgz"
    state: touch
    owner: root
    group: root
    mode: 0600

- name: archive and cleanup existing audit.log.1 files
  archive:
    dest: "{{ auditd_log_dir }}/old-audit.log.tgz"
    #path: "{{ auditd_log_dir }}/audit.log.*"
    path: "{{ cleanup_list.stdout_lines }}"
    format: gz
    owner: root
    group: root
    remove: yes
  ignore_errors: yes
  #check_mode: yes

- name: apply logrotate script for audit
  copy:
    src: etc/logrotate.d/audit
    dest: "{{ auditd_logrotate_conf }}"
    owner: root
    group: root
    mode: 0644
    backup: yes

- name: run logrotate
  shell: warn=no /sbin/logrotate -f "{{ auditd_logrotate_conf }}"
  register: run_logrotate

- debug:
    msg: "{{run_logrotate}}"

vars or defaults

auditd_conf: /etc/audit/auditd.conf
auditd_log_dir: /var/log/audit
auditd_log_cleanup_regex: '.*audit\.log\.[0-9]+'
auditd_service: auditd
auditd_logrotate_conf: /etc/logrotate.d/audit

Debug the values passed to a function in python

Tested on python 2.

import inspect

def caller_args():
   frame = inspect.currentframe()
   outer_frames = inspect.getouterframes(frame)
   caller_frame = outer_frames[1][0]
   return inspect.getargvalues(caller_frame)

def updateval(infile,regex,result,verbose=False,apply=False,debug=0,stanza="",stanzaregex="",atbeginning=False):
   print caller_args()

It’s that simple!

Reference

Weblinks

  1. https://stackoverflow.com/questions/29935276/inspect-getargvalues-throws-exception-attributeerror-tuple-object-has-no-a/29935277#29935277