Notes and Stuff
This error happens when the service was executed manually and failed to create a pid file. The process was already running and it was not possible to spawn a new one.
Kill the running process and start the service again.
# ps -elf | grep [service] | grep -v grep | awk '{print $4}' | xargs kill -9
# systemctl start [service]
The pam_pwquality (previously pam_cracklib) module is used to check password complexity against a set of rules. It checks if the password is found in a dictionary; if not, it will continue with additional checks.
The config file is /etc/security/pwquality.conf but, if in use, it can be configured in /etc/pam.d/system-auth.
To add the password policies, just add the options you need in system-auth, on pam_pwquality.so line:
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= minlen=16 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1
minlen – minimum password lenghtlcredit – minimum number of lowercase lettersucredit – minimun numer of uppercase lettersdcredit – minium number of digitsocredit – minimum number of special charactersIn this case, -1 means that the password must have at least one character of that type. You can change this number as you prefer.
If you need to enforce the policies even for the root user, use the enforce_for_root option.
You can also add policies using the authconfig command:
authconfig --enablereqlower --enablerequpper --enablereqdigit --enablereqother --passminlen=8 --update
After upgrading to kernel-3.10.0-957.21.3.el7 on a CentOS server, I experienced connection timeout issues on Windows servers trying to access SMB shares. On the contrary, I was able to access the share using a Linux system without any problem.
The bug was reported in CentOS Bug Tracker and it’s caused by one of the patches applied to address CVE-2019-11478.
Some applications set tiny SO_SNDBUF values and expect TCP to just work.
Recent patches to address CVE-2019-11478 broke them in case of losses, since re-transmits might be prevented.
To (temporarily) fix this issue, I increased SO_SNDBUF value in /etc/samba/smb.conf:
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=65536 SO_SNDBUF=65536
In the GRUB menu, select the kernel to edit and press e.
Go to the line starting with linux16 and add rd.break. You can remove rhgb quiet to see the boot process. Press Ctrl+x to boot in single user mode.
To access the system type mount -o remount,rw /sysroot and chroot /sysroot to treat sysroot as root directory.
Use passwd to change root password or pam_tally2 to unlock the account.
touch /.autorelabel to tell SELinux to do a restoreconf on next boot.
Exit and reboot.
Using the -S option, Apache will list all configured virtual hosts (and their configuration file) and perform a syntax check:
/usr/sbin/httpd -S
To recover GRUB, you’ll need the OS ISO image, in this case CentOS 7, and boot from it.
From the ISO menu, choose Trobleshooting -> Rescue a CentOS system and then 1) Continue; the system will be mounted under /mnt/sysimage.
To make your system the root environment run:
chroot /mnt/sysimage
Identify GRUB installation:
ls /sbin | grep grub
Install GRUB:
/sbin/grub2-install /dev/sdX
Exit and reboot.
When trying to mount a Windows share using mount, I ran into this problem:
mount -v -t cifs -o username=username,password=password //hostname/sharename /mnt
mount.cifs kernel mount options: ip=XXX.XXX.XXX.XXX,unc=\\hostname\sharename,user=username,prefixpath=sharename,pass=********
mount error(112): Host is down
In my case, the error was due to a protocol mismatch when trying to mount the share: in the latest versions of Windows Server, SMBv1 is disabled.
To reach this conclusion, I ran smbclient in debug mode:
smbclient -L //hostname/sharename -U username -d 3
protocol negotiation failed: NT_STATUS_CONNECTION_RESET
To overcome this issue, I specified the protocol when using mount:
mount -t cifs -o username=username,password=password,vers=3.0 //hostname/sharename /mnt
If you want to use smbclient, add the -m option:
smbclient -L //hostname/sharename -U username -m SMB3
Windows shares can be mounted using cifs option:
mount -t cifs -o username=username,password=password //hostname/sharename /mnt
By default, Windows shares are mounted with 0777 permissions in Linux.
You can change the default permissions using dir_mode and file_mode options in mount:
mount -t cifs -o username=username,password=password,dir_mode=0755,file_mode=0755 //hostname/sharename /mnt
To make the mount persistent, add the entry to /etc/fstab:
//hostname/sharename /mountpoint cifs _netdev,username=username,password=password,dir_mode=0755,file_mode=0755,uid=500,gid=500 0 0