我正在遵循 Red Hat 关于 SELinux 的指南(RHEL 9 的最新文档)并在 AlmaLinuxOS 上进行练习。
我创建了一个 Linux 用户imran和一个 SELinux 用户secman_u。我赋予了 SELinux 用户角色secadm_r。我还赋予了它与 SELinux 用户相同的上下文secadm_u。我映射imran到secman_u。
当我以 身份登录时imran,运行id -Z结果为unconfined_u:unconfined_r:unconfined_t。当我运行它时semanage login -l,我看到它imran映射到 secman。当我运行它时,less /etc/selinux/targeted/seusers我看到imran:secman_u:s0
我运行了以下命令。
semanage login -m -s secman_u -r s0 imran
为何imran没有映射到secman_u?我该如何映射它?
我不太熟悉如何解决这样的问题,有人知道需要做什么来解决这个问题吗?
[randomusr@jumphost ~]$ brew install hello
==> Downloading https://ghcr.io/v2/homebrew/core/hello/manifests/2.12.1
Already downloaded: /home/randomusr/.cache/Homebrew/downloads/1ea4c3c37828c1113de2100e5188b954c72e9c25fcbc67c76cc55cfeec2d4ab6--hello-2.12.1.bottle_manifest.json
==> Fetching dependencies for hello: xz, binutils and gcc
==> Downloading https://ghcr.io/v2/homebrew/core/xz/manifests/5.6.0
Already downloaded: /home/randomusr/.cache/Homebrew/downloads/dae61a60095680979c8a199f93b6d78d4cc0891501b87f0855e924cfd9831dbd--xz-5.6.0.bottle_manifest.json
==> Fetching xz
==> Downloading https://ghcr.io/v2/homebrew/core/xz/blobs/sha256:5828e7adadf0ed4d0cc68c487b6f132355e3e81561500c64fb62a0eb68b5cba3
Already downloaded: /home/randomusr/.cache/Homebrew/downloads/5963177a5744041ad05d9cec10a0d6c65dc586087141ed4684e8e60e16d75835--xz--5.6.0.x86_64_linux.bottle.tar.gz
==> Downloading https://ghcr.io/v2/homebrew/core/binutils/manifests/2.41_1
Already downloaded: /home/randomusr/.cache/Homebrew/downloads/5719c1ab7c1a761142ecbf7e99d196b1a5e6c1cae43737424dae6237609d4b86--binutils-2.41_1.bottle_manifest.json
==> Fetching binutils
==> Downloading https://ghcr.io/v2/homebrew/core/binutils/blobs/sha256:ff5d14a01dbfc4e423713561d02e704b90577eb32feb7ee276b1a4065eb05a47
Already downloaded: /home/randomusr/.cache/Homebrew/downloads/a391417ee34628d4c46248b066ebef5802b87998f610b247dc7e98af7842fee1--binutils--2.41_1.x86_64_linux.bottle.tar.gz
==> Downloading https://ghcr.io/v2/homebrew/core/gcc/manifests/13.2.0-2
Already downloaded: /home/randomusr/.cache/Homebrew/downloads/1d624841f5f550e4bbc04910c0cfb20b89d0fc7f90ab213cead29d1518479e2b--gcc-13.2.0-2.bottle_manifest.json
==> Fetching gcc
==> Downloading https://ghcr.io/v2/homebrew/core/gcc/blobs/sha256:28257893721f3b163e4364b0ae437dcfdf5e3fd22b8d6d703fa8e02821d0dcd2
Already downloaded: /home/randomusr/.cache/Homebrew/downloads/b9f7349e3560b18d9a07e1f287e743c352211c1bdedceb97c283208c9e5ceb98--gcc--13.2.0.x86_64_linux.bottle.2.tar.gz
==> Installing hello dependency: gcc
==> Downloading https://ghcr.io/v2/homebrew/core/gcc/manifests/13.2.0-2
Already downloaded: /home/randomusr/.cache/Homebrew/downloads/1d624841f5f550e4bbc04910c0cfb20b89d0fc7f90ab213cead29d1518479e2b--gcc-13.2.0-2.bottle_manifest.json
==> Installing dependencies for gcc: binutils
==> Installing gcc dependency: binutils
==> Downloading https://ghcr.io/v2/homebrew/core/binutils/manifests/2.41_1
Already downloaded: /home/randomusr/.cache/Homebrew/downloads/5719c1ab7c1a761142ecbf7e99d196b1a5e6c1cae43737424dae6237609d4b86--binutils-2.41_1.bottle_manifest.json
==> Pouring binutils--2.41_1.x86_64_linux.bottle.tar.gz
cp: error writing '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/ld.gold': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/nm': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/objcopy': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/objdump': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/ranlib': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/readelf': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/size': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/srconv': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/strings': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/strip': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/sysdump': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/windmc': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/windres': No space left on device
cp: cannot create directory '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/etc': No space left on device
Error: Failure while executing; `/usr/bin/env cp -pR /var/tmp/homebrew-unpack20240305-117418-bx866h/binutils/. /home/linuxbrew/.linuxbrew/Cellar/binutils` exited with 1. Here's the output:
cp: error writing '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/ld.gold': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/nm': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/objcopy': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/objdump': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/ranlib': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/readelf': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/size': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/srconv': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/strings': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/strip': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/sysdump': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/windmc': No space left on device
cp: cannot create regular file '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/bin/windres': No space left on device
cp: cannot create directory '/home/linuxbrew/.linuxbrew/Cellar/binutils/2.41_1/etc': No space left on device
[randomusr@jumphost /]$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 3.8G 0 3.8G 0% /dev/shm
tmpfs 1.5G 1.6M 1.5G 1% /run
/dev/mapper/rootvg-rootlv 2.0G 583M 1.5G 29% /
/dev/mapper/rootvg-usrlv 10G 2.5G 7.6G 25% /usr
/dev/mapper/rootvg-tmplv 2.0G 47M 2.0G 3% /tmp
/dev/mapper/rootvg-homelv 1014M 630M 385M 63% /home
/dev/mapper/rootvg-varlv 8.0G 932M 7.1G 12% /var
/dev/sda2 496M 302M 194M 61% /boot
/dev/sda1 200M 7.0M 193M 4% /boot/efi
/dev/loop0 41M 41M 0 100% /var/lib/snapd/snap/snapd/20671
/dev/loop1 75M 75M 0 100% /var/lib/snapd/snap/core22/1122
/dev/loop2 20M 20M 0 100% /var/lib/snapd/snap/kubelogin/34
/dev/loop3 18M 18M 0 100% /var/lib/snapd/snap/helm/397
tmpfs 768M 4.0K 768M 1% /run/user/1001
[randomusr@jumphost /]$ df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
devtmpfs 976951 437 976514 1% /dev
tmpfs 982173 1 982172 1% /dev/shm
tmpfs 819200 913 818287 1% /run
/dev/mapper/rootvg-rootlv 1048576 1333 1047243 1% /
/dev/mapper/rootvg-usrlv 5242880 89787 5153093 2% /usr
/dev/mapper/rootvg-tmplv 1048576 55 1048521 1% /tmp
/dev/mapper/rootvg-homelv 524288 12865 511423 3% /home
/dev/mapper/rootvg-varlv 4194304 3460 4190844 1% /var
/dev/sda2 256000 368 255632 1% /boot
/dev/sda1 0 0 0 - /boot/efi
/dev/loop0 658 658 0 100% /var/lib/snapd/snap/snapd/20671
/dev/loop1 14443 14443 0 100% /var/lib/snapd/snap/core22/1122
/dev/loop2 8 8 0 100% /var/lib/snapd/snap/kubelogin/34
/dev/loop3 12 12 0 100% /var/lib/snapd/snap/helm/397
tmpfs 196434 20 196414 1% /run/user/1001
[randomusr@jumphost /]$ echo $HOMEBREW_TEMP
/var/tmp
编辑
使用命令parted,然后print free检查驱动器上的可用空间。然后我找到并按照此处的答案按照建议进行扩展/home。
是否可以在 sshd_config 的 AllowGroups 中使用逻辑运算符?我想要实现的是仅当用户属于两个组时才允许用户访问服务器。ChatGPT 给了我这个答案,但我不相信它......我没有找到任何其他有用的信息,即使在文档中也是如此。
非常感谢您的回答。
即使使用该命令mlocate安装了该软件包,dnf install mlocate该updatedb命令也不会被安排运行。
这意味着locate <filename>返回空结果。
如何在updatedb不创建自己的脚本或 cron 作业的情况下自动运行?
我们有带 DELL 硬件的 Linux 机器,机器有 256G 内存
在添加 32G 的新 DIMM 卡之前,我们验证Configured Clock Speed是 2400MHz
所以后来我们在这台机器上添加了额外的 32G(2 个 DIMM 卡,与机器已有的 DIMM 卡类型相同),机器启动后,我们检查了Configured Clock Speed,dmidecode我们发现它已经改变了
所以Configured Clock Speed从更改2400MHz为1866 MHz
例子
添加新 DIMM 之前
dmidecode | grep "Configured Clock Speed"
Configured Clock Speed: 2133 MHz
Configured Clock Speed: 2133 MHz
Configured Clock Speed: 2133 MHz
Configured Clock Speed: 2133 MHz
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: 2133 MHz
Configured Clock Speed: 2133 MHz
Configured Clock Speed: 2133 MHz
Configured Clock Speed: 2133 MHz
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
添加新 DIMM 后
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: 1866 MHz
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
Configured Clock Speed: Unknown
那么改变的原因可能是什么?,为什么要加一个dimm内存,然后Configured Clock Speed改成这样呢?
Server is Dell PowerEdge R730 and memories are:
Memory Device
Array Handle: 0x1000
Error Information Handle: Not Provided
Total Width: 72 bits
Data Width: 64 bits
Size: 16384 MB
Form Factor: DIMM
Set: 3
Locator: A9
Bank Locator: Not Specified
Type: DDR4
Type Detail: Synchronous Registered (Buffered)
Speed: 2400 MHz
Manufacturer: 002C0632002C
Serial Number: 1B42681B
Asset Tag: 001808A0
Part Number: 18ASF2G72PDZ-2G3D1
Rank: 2
Configured Clock Speed: 1866 MHz
Minimum Voltage: 1.2 V
Maximum Voltage: 1.2 V
Configured Voltage: 1.2 V
我正在使用 rsyslog.conf 获取 sshd 日志,然后将它们写入单独的文件 sshd.log。该代码工作正常,但我注意到它并没有写出所有内容。如果重新启动 sshd,则数据将写入日志,但如果我上传文档,则数据不会写入日志。有没有办法让系统在重新启动和上传文件时将所有内容写入日志?
这是我的代码:
$template myTemplate,"/temp/logs/sshd.log"
:programname, startswith, "sshd" ?myTemplate
谢谢
要删除文件夹下的文件,我们可以使用以下方法查找
find /home -type f -delete
但是如何仅递归删除临时文件夹下存在的文件?
假设我们有以下临时路径示例
/home/bla/bla/temp
/home/test/temp
/home/subf/subf/subf/temp
.
.
.
/home/1/temp
如何更改查找语法以仅删除temp目录下的文件
目标是使用 find 命令以仅匹配临时文件夹并删除临时目录下的文件
我们有 Hadoop 集群,我们正在收集指标收集数据,以调查 Spark 应用程序的缓慢行为
经过对我们的 Hadoop 集群的长期调查
我们从 Prometheus 指标点注意到 node_disk_io_now 的值高于正常值,并且它与数据节点机器上的所有 HDFS 磁盘相关
node_disk_io_now 定义是:
node_disk_io_now (field 9) 唯一应该归零的字段。当请求被提供给适当的结构 request_queue 时递增,并在完成时递减。
我们想知道,调整内核参数是否可以对磁盘性能产生积极影响。
根据 node_disk_io_now 定义,似乎有太多任务在队列中等待,
也许一些内核参数可以帮助改善上述行为,因此队列中的任务不会长时间存在
我们有配置chrony.conf
脚本检查 ping 是否正常ntp1和ntp2(ntp 服务器)
然后脚本将 ntp 服务器插入到/etc/chrony.conf(仅当 ping 成功时)
来自 bash 脚本的示例:
ping -c 1 ntp1
if [[ $? -eq 0 ]];then
echo "server ntp1 iburst" >> /etc/chrony.conf
else
echo "sorry so much but no ping to ntp1 server , /etc/chrony.conf will not configured "
exit 1
fi
ping -c 1 ntp2
if [[ $? -eq 0 ]];then
echo "server ntp2 iburst" >> /etc/chrony.conf
else
echo "sorry so much but no ping to ntp2 server , /etc/chrony.conf will not configured "
exit 1
fi
问题是有时用户决定禁用ping或icmp
那么在那种情况下,我们检查 ping 的场景是不相关的,我们不能将这些行添加到/etc/chrony.conf
所以我们想知道如何测试和服务器以添加ntp1ntp1和chrony配置ntp2ntp2
例如,如果ntp1似乎ntp2不是作为 ntp 服务器,那么我们不会将它们添加到 chrony 配置中
我们想了解net.core.netdev_max_backlog 内核值非常低且不推荐的方面是什么
在我们的 Linux RHEL 机器上,此参数的值为1000
因为我们的机器是 HADOOP 机器(BIGDATA 集群)
我们看到最佳实践是将价值增加到65536
如上所述:
https://datasayans.wordpress.com/2015/11/04/performance-kernel-tuning-for-hadoop-environment/
背景:
内核参数“netdev_max_backlog”是接收队列的最大大小。收到的帧从网卡上的环形缓冲区中取出后,将存储在此队列中。对高速卡使用高价值以防止丢失数据包。在 SIP 路由器等实时应用中,长队列必须分配高速 CPU,否则队列中的数据将过期(旧)。
那么 - 当这个内核参数的值不足时,可能是什么方面?
其他 - 参考 - https://gist.github.com/leosouzadias/e37cd189794bb78de502ac25cb605576
https://www.senia.org/2016/02/28/hadoop-and-redhat-system-tuning-etcsysctl-conf/
https://mapredit.blogspot.com/2014/11/hadoop-server-performance-tuning.html
https://gist.github.com/phaneesh/38b3d80b38cc76abb1d010f598fbc90a