How to globally change a Gnome/Unity schema setting for your desktop

Simply do the following:

  1. Edit the attribute you need to change in a specific schema inside /usr/share/glib-2.0/schemas/[your_schema_name], e.g.
    sudo vi /usr/share/glib-2.0/schemas/com.canonical.canonical.indicator.session.gschema.xml
  2. Change the value you need, in my case I wanted to disable the user-show-menu key, so I changed it from the default value of true to false
  3. After you’re done, just run:
    glib-compile-schemas /usr/share/glib-2.0/schemas

Enjoy!

Sources:

  1. http://www.techytalk.info/customize-default-desktop-environment-settings-gnome-centric-linux-distributions/
  2. https://wiki.gnome.org/HowDoI/GSettings
  3. https://developer.gnome.org/platform-overview/stable/tech-gsettings.html.ru
Advertisements
Posted in Linux | Tagged , , , , , , | Leave a comment

How to install Dell OMSA on Ubuntu 16.04

I use Dell OMSA to manage iDrac, and to be able to do that, I need to install it on my Ubuntu 16.04 laptop.

The instructions on the Dell OpenManage page doesn’t specify the correct key servers, so please use the following commands instead to add the correct key:

sudo gpg --keyserver hkps.pool.sks-keyservers.net --recv-key 1285491434D8786F
sudo gpg -a --export 1285491434D8786F | sudo apt-key add -

Now add the repo:

sudo echo 'deb http://linux.dell.com/repo/community/ubuntu xenial openmanage' | sudo tee -a /etc/apt/sources.list.d/linux.dell.com.sources.list

Finally, refresh your packages and install the base package (without the web server):

sudo apt update
sudo apt install srvadmin-base srvadmin-idracadm7

If you want more than just the base package, pick any of the following:

srvadmin-all Install all OMSA components
srvadmin-base * Install only base OMSA, no web server
srvadmin-idrac * Install components to manage iDRAC
srvadmin-idrac7 * Install components to manage iDRAC7
srvadmin-idracadm8 Install components to manage iDRAC8
srvadmin-webserver * Install Web Interface
srvadmin-storageservices * Install RAID Management
dtk-scripts Install DTK
dcism Install iDRAC Service Module

Enjoy!

Sources: http://linux.dell.com/repo/community/ubuntu/

Posted in Linux | Tagged , , , , | Leave a comment

How to check which files are taking the most space in Google Drive

I was getting almost out of quota and had to remove many files. However, I didn’t know which files are taking the most space, as there wasn’t an obvious way to to that from the Google Drive interface! I had a LOT of files!

Just head to https://drive.google.com/drive/quota and you will find all the files sorted by size from largest to smallest:

Workspace 1_768

Enjoy!

Sources:

  1. https://lifehacker.com/find-the-files-taking-up-the-most-space-in-google-drive-1666863242
Posted in General | Tagged , , | Leave a comment

Integrating SSH PKI with Active Directory using PBIS-Open on Ubuntu 16.04

Long Article Warning! You can skip all this and go directly to the script at the end.

This resolves the dilemma of managing SSH public keys on servers that are integrated with Active Directory using PBIS-Open, it allows you to do the following:

  1. Password-less remote SSH access of users to servers, without any setup on the client side
  2. Centralized Management of the users’ SSH Public Keys on Servers through Active Directory
  3. Prevent saving of ssh public keys locally on servers
  4. Prevent unauthorized access through keys if the user’s AD account is disabled/locked/expired
  5. The user can still login to the servers using his AD account credentials as a second means of authentication, in case he hasn’t registered a public key or lost his private key

Prerequisites

  1. PBIS-Open to be installed and server joined to the Active Directory
  2. userusedtojoinAD credentials are stored encrypted inside /etc/krb5.keytab
    sudo /opt/pbis/bin/ktutil
    
    add_entry -password -p userusedtojoinAD -k 1 -e aes256-cts-hmac-sha1-96
    
    write_kt /etc/krb5.keytab
  3. Changes to SSH Server

    The following additions and changes need to be done on the SSH server configuration file found in /etc/ssh/sshd_config:

    Attributes to be modified

    AuthorizedKeysFile /dev/null #to disable looking up the keys on the local filesystem

    Attributes to be added

    AuthorizedKeysCommand /ad_pki_checker.sh #The file that the SSH server looks up at first to see if there are any corresponding public keys returned
    AuthorizedKeysCommandUser root #The user used by the SSH server to execute the AuthorizedKeysCommand, must be root to be able to read from the keytab file.

    Note: The SSH server needs to be restarted before the new settings take effect.

Where and how to add SSH Public Keys to AD

The user’s SSH Public key is saved in the AD attribute “altSecurityIdentities” in the form of:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCstmuV8LOtWseiMO5nlSVr8Z9RQBGtKyx80PwMFmbyIrIKOY7+CoLAdABZi+ZGds9VLtnHaDunQilbyqJAOmPj1Dt4RMLn7UXhwACiWsukG2vLaend9CDakUls4d7q4jzD0sroDwXevaRgB/wPKmOiG/dEswo/eT+e1ToJQRA96sBIuVfieeqwqVyaqMLxCsl9ufH9KDRm0+9NGQMzuY/dHUjrsTJmMXGdVSrjpnHxY/xbYdqIYtFgiJDJNJzXPFskdiaAuvFD5j+iflRNr5CBEgoaifSOiSISOLCrUbblQLSx5XcDP7HVTHZOt0Q/SnIYMQujWyoA4h+6DoMAliFD

This can be performed using the powershell or any AD management tool:

As an administrative user, run the following:

set-aduser username -Add @{ altSecurityIdentities = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCstmuV8LOtWseiMO5nlSVr8Z9RQBGtKyx80PwMFmbyIrIKOY7+CoLAdABZi+ZGds9VLtnHaDunQilbyqJAOmPj1Dt4RMLn7UXhwACiWsukG2vLaend9CDakUls4d7q4jzD0sroDwXevaRgB/wPKmOiG/dEswo/eT+e1ToJQRA96sBIuVfieeqwqVyaqMLxCsl9ufH9KDRm0+9NGQMzuY/dHUjrsTJmMXGdVSrjpnHxY/xbYdqIYtFgiJDJNJzXPFskdiaAuvFD5j+iflRNr5CBEgoaifSOiSISOLCrUbblQLSx5XcDP7HVTHZOt0Q/SnIYMQujWyoA4h+6DoMAliFD" }

Script

The script needs to be placed on a local filesystem, we will add it as /ad_pki_checker.sh, the owner should be root, and the permissions to be 755. The purpose of the this script is to retrieve the public key – if any – of the user trying to login. It will return either the public key or an empty result, in the latter case the user will have to authenticate with his AD credentials instead. The password is saved encrypted in /etc/krb5.keytab.

#!/bin/bash
# This script is used for integrating PKI with AD

/opt/pbis/bin/kinit -k userusedtojoinAD #produce a ticket for adjoiner, whose credentials are saved encrypted inside /etc/krb5.keytab

export username=$(echo $1 | sed 's@.*\\@@') #to remove the domain name and the backslash from the username entered, i.e. mydomain\
export validornot=`/opt/pbis/bin/adtool -a search-object --filter '(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName='$username'))' -t` #If AD account has any status that prevents user from logging in, e.g. disabled, expired, locked...etc

#validornot will be empty if the user is disabled/expired/locked, i.e. userAccountControl:1.2.840.113556.1.4.803:=2 If not, it will contain the AD user account details

if [[ ! -z "${validornot// }" ]] #if the validornot contains some data, it will remove all empty spaces as well
then
 echo $validornot | /opt/pbis/bin/adtool -a lookup-object --dn=- --attr=altSecurityIdentities #get the corresponding public key inside the altSecurityIdentities attribute
fi

Hope it helps!

Enjoy!

Sources: A LOT! Almost all of the articles from stackoverflow talking about this topic and Thanks to all who helped me

Posted in Linux | Tagged , , , , , , , , | Leave a comment

How to update davmail gateway configuration with new ssl certificate

Davmail calculates the SHA-1 hash for any exchange server that it connects to and places it in its davmail.properties configuration file.

When the exchange server changes the SSL certificate, you have to update it in the davmail.properties file, or else you will face the following exception in any client trying to connect to it:

Connect exception: javax.net.ssl.SSLHandshakeException java.security.cert.CertificateException: User rejected certificate

To resolve this, you have to calculate the SHA-1 hash of the new certificate.

There are many ways to do this, you could either use the gnutls utility:

sudo apt install -y gnutls-bin && gnutls-cli -p 443 mail.server.url | grep SHA

You should then grab the SHA-1 fingerprint value and place it in the file (will explain that in the next step, cause it needs a small tweak).

The second way is to just use a browser like chrome, visit the url and click the secure icon next to the it, then click the certificate (whether valid or invalid) and copy the SHA-1 Fingerprint value:

Workspace 1_767

Last step would be to do the following (VERY IMPORTANT):

  1. Convert all characters to capital letters
  2. Make sure a colon and a preceding backslash are put between each pair
  3. Remove all zeros

For example:

5e12f249a94e49273de0d3104c83420b023c226C

will be converted to

5E\:12\:F2\:49\:A9\:4E\:49\:27\:3D\:E0\:D3\:10\:4C\:83\:42\:B\:2\:3C\:22\:6C

Now finally copy that string and paste it inside your davmail.properties file in davmail.server.certificate.hash, i.e.:

davmail.server.certificate.hash=5E\:12\:F2\:49\:A9\:4E\:49\:27\:3D\:E0\:D3\:10\:4C\:83\:42\:B\:2\:3C\:22\:6C

Restart the davmail service, and you’re done!

Enjoy!

Sources:

  1. https://sourceforge.net/p/davmail/mailman/message/34218836/
  2. https://sourceforge.net/p/davmail/mailman/message/34109741/

 

Posted in Linux | Tagged , , , , | Leave a comment

7za extract file to target folder

7za x compressed_file.001 -o/scratch

where:

x: to extract

compressed_file.001: The file which is going to be extracted

-o: specify output folder

/scratch: the output folder

That’s it, Enjoy!

Source: http://7zip.bugaco.com/7zip/MANUAL/commands/extract_full.htm

Posted in Linux | Leave a comment

How to quickly divide a file into smaller segments with 7zip on RedHat

I have a very large file ~ 1.7 TB that’s causing me some issues with its transfer over NFS.

I use 7z to split it into into multiple smaller files and then transfer them:

7za -v900g -mx0 a MY_BIG_FILE_SPLITTED.7z /MY_BIG_FILE

Where:

7za: is the 7zip executable

-v900g: the size of the splitted files, here it’s 900 GB, you can alternatively use g, m, k or b

-mx0: Zero compression ratio, in other words: copy mode

a: destination file

Note: To install 7zip on RedHat, just use “yum install p7zip”

Enjoy!

Sources:

 

Posted in Linux | Tagged , , , , | Leave a comment