Blog

  • How to resolve rsync error: some files/attrs were not transferred

    The following error is generated when rsync is run with the -X option (preserve extended attributes)

    rsync -axHAX --delete /. /tmp/selinux/.
    rsync: rsync_xal_set: lsetxattr("selinux","security.selinux") failed: Permission denied (15)
    rsync error: some files/attrs were not transferred (see previous errors) (code 31) at main.c(1039)

    To resolve this error, filter the ‘/selinux’ filesystem from the command. Run rsync as below;

    rsync -axHAX --delete --filter="- /selinux" /. /tmp/selinux/.

    It is suggested to also excluded /var/run, /var/lock, /proc and /dev from rsync command.

     

     

  • How to Install and Configure VNC on Kali Linux 2020.2 and Debian 9

    How to Install and Configure VNC on Kali Linux 2020.2 and Debian 9

    These steps have been tested to install VNC on Kali Linux and Debian 9. You may encounter errors in installing tightvncserver with apt-get. This guide covers this issue.

    • Login to your server as root.
    • Install VNC server with apt-get install tightvncserver
    • If you get the following error, then you can install tightvncserver from Debian 9 or Kali installation ISO image.

    root@server:/home/user# apt install tightvncserver -y
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    Package tightvncserver is not available, but is referred to by another package.
    This may mean that the package is missing, has been obsoleted, or
    is only available from another source

    E: Package 'tightvncserver' has no installation candidate

    • To install tightvnc from ISO image, Mount Debian or Kali image on /media/cdrom with mount -t iso9660 /dev/sr0 /media/cdrom -o loop

    tightvnc .deb packages [tightvncserver_1.3.9-9.1_amd64.deb xtightvncviewer_1.3.9-9.1_amd64.deb] is located in /media/cdrom/pool/main/t/tightvnc

    • Change directory to /media/cdrom/pool/main/t/tightvnc with cd /media/cdrom/pool/main/t/tightvnc
    • Install tightvncserevr with dpkg -i tightvncserver_1.3.9-9.1_amd64.deb
    • Edit xstartup in /home/youraccount/.vnc/xstartup with vi and add following code:

    #!/bin/sh
    unset SESSION_MANAGER
    unset DBUS_SESSION_BUS_ADDRESS
    startxfce4 &
    [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
    [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
    xsetroot -solid grey &
    vncconfig -iconic &

    • Start vnc server by executing the following command:

    vncserver

    • You will be prompted to enter and verify vnc password. Make sure your password is less than 8 characters else it will be truncated to 8 characters.
    • After vnc password is set you will have the option to set a view-only password which is optional.
    • You may kill any instance of vncserver by executing commands vncserver -kill :1
    • ~/.vnc/xstartup must have executable permission set. You may set these permissions with the command chmod +x ~/.vnc/xstartup
    • If you did the above steps correctly, TightVNC server is already running on your server waiting for an incoming connection.
    • To connect to vnc server from your local PC, install Tight vnc viewer. Open vncviewer and enter the IP address and listening port on the server 87.79.209.99::5906
    • If your vncserver is listening on port :1 then you should enter 87.79.209.99::5901
  • Linux Cluster do not form membership when totem token is set to 30s or longer

    Cluster nodes can form membership if the value of totem token is 29000 ms. Once the totem token is set to value 30000 ms or above, the cluternodes fail to establish a connection between the nodes (inquorate).

    To resolve this issue, update OS to CentOS 8.3

  • Why yum module list show @modulefailsafe

    The command yum module list output @modulefailsafe

    # yum module list --disablerepo=\*
    @modulefailsafe
    Name Stream Profiles Summary
    389-ds 12 [e] 209 Directory Server (base)
    ant 1.9 [e] common Java build tool
    httpd 2.2 [e] common, devel, mini Apache HTTP Server

    In the case of local repositories, Re-build repodata either with reposync --download-metadata or modifyrepo to include the modules.yaml into the repomd.xml

    The issue is usually caused when the module metadata is not available. Unavailability of module metadata happens when the user removes a .repo file or disables a repository via –disablerepo / –repoid or repository is unavailable and has option skip_if_unavailable=true.

  • Enable both password and key based authentication for ssh server

    Add the following option in /etc/ssh/sshd_config

    AuthenticationMethods publickey,password

  • SEOS (ssh server Access Control) – Method for ssh authentication fails for ssh server

    If SEOS authentication method fails than it is not supported by your Linux flavor and should be disabled in /etc/ssh/sshd_config.

  • Unable to add host to cluster of hypervisors in Linux virtualization

    First of all delete host from user interface than add correct selinux context to the log file.

    chcon -t httpd_log_t /var/log/ovirt-engine/logfile.log

    restorecon /var/log/ovirt-engine/logfile.log

    Reattach host via user interface.

  • Restrict ftp user login to ftp server denying access to operating system

    When you create new users for ftp server access, do not assign shell to those users.

    # useradd -s /sbin/nologin webconn

    For existing user, use “usermod -s” to change the user’s shell to /sbin/nologin.

    # usermod -s /sbin/nologin webconn

  • How to add a binary attribute in Linux?

    At the command-line, the following syntax is used;

    attribute:< file:///FILE_FULL_PATH

    Note: There should be no space character between the colon ‘:’ and the less-than sign ‘<‘.

    As an example; jpegPhoto:< file:///home/webconn/picture.png

  • Server hangs for a long time on firewalld service shutting down or on reboot

    Add/edit following option in /etc/firewalld/firewalld.conf;

    CleanupOnExit=no

    Using option CleanupOnExit=yes in /etc/firewalld/firewalld.conf flush firewall rules and try to off-load nf_conntrack module. If server hangs, it is because something is stopping nf_conntrack module from unloading quickly.

    Try running systemctl stop firewalld and see if service hangs. If firewalld service start is success you are likely not having this issue.