## ryan sawhill aroha * [personal site b19.org](http://b19.org/) * facebook, instagram, linkedin, g+ * [my pgp key](rsaw.pgp) which is also available above (see bottom of page for proof) ## ryran * [photographer on flickr](http://www.flickr.com/photos/ryran) * [coder on github](https://github.com/ryran/), creator of: - [xsos](https://github.com/ryran/xsos) - [pyrite](https://github.com/ryran/pyrite) - [upvm](https://github.com/ryran/upvm) - [valine](https://github.com/ryran/valine) - [loggerclones](https://github.com/ryran/loggerclones) - [rsar](https://github.com/ryran/rsar) - [ravshello](https://github.com/ryran/ravshello) - [reboot-guard](https://github.com/ryran/reboot-guard) - [cantboot](https://github.com/ryran/cantboot) - [burg2-mkpasswd-pbkdf2](https://github.com/ryran/burg2-mkpasswd-pbkdf2) - [Rebooty-inspector](https://github.com/ryran/Rebooty-inspector) - [apache-smemstat](https://github.com/ryran/apache-smemstat) - [other fun things, like mwipe, zape2fs, watchlog-trigger, loopcapture-stack, & breakboot](https://github.com/ryran/b19scripts) ## rsaw/rsawhill @ redhat #### stats - [RHCE certification number #100-001-783](https://www.redhat.com/wapps/training/certification/verify.html?certNumber=100-001-783) - Contract Instructor with Red Hat GLS from 2008 - 2010 - Employee since 2012 #### knowledge articles by rsaw Red Hat's Customer Portal divides knowledgebase content into *knowledge articles* and *KCS solutions*. Knowledge articles are allowed to be completely free-form and as lengthy as desired. - [How to distinguish between a crash and a graceful reboot in RHEL 7](https://access.redhat.com/articles/2642741) - [bcrypt support for passwords in /etc/shadow](https://access.redhat.com/articles/1519843) - [All about LUKS, cryptsetup, and dm-crypt](https://access.redhat.com/site/articles/193443) - [CPU usage reporting in ps versus top](https://access.redhat.com/site/articles/260903) - [Entropy & the Linux kernel: /dev/random versus /dev/urandom](https://access.redhat.com/site/articles/221583) - [About local user password hashing algorithms in RHEL](https://access.redhat.com/site/articles/880733) - [Sending Apache httpd access and error logs from multiple virtual hosts to local and remote syslog/rsyslog](https://access.redhat.com/articles/2318351) - [Matrix of rsyslog versions shipped in Red Hat Enterprise Linux](https://access.redhat.com/articles/2482611) #### KCS solutions showcase -- most-influential/most-interesting KCS by rsaw KCS solutions are expected to be as succinct as possible while following very strict format & writing style guidelines and providing a resolution for a specific targeted issue. - [What is GnuPG (GPG) and how to configure it and encrypt/decrypt/sign data with it](https://access.redhat.com/solutions/64839) (each of the 9+ GPG KCS linked in Resolution were also written by & are maintained by rsaw) - [How to test which SSL/TLS protocols & ciphersuites are offered by a server](https://access.redhat.com/solutions/2317691) - [What is LUKS disk encryption and how can it be implemented?](https://access.redhat.com/site/solutions/100463) (each of the 10+ LUKS KCS solutions linked in Resolution were also written by & are maintained by rsaw) - [How can I make RHEL 6 or RHEL 7 FIPS 140-2 compliant?](https://access.redhat.com/solutions/137833) - [Package requirements for FIPS 140-2 compliance in RHEL](https://access.redhat.com/site/solutions/307523) - [Is version X of Red Hat Enterprise Linux FIPS 140-2 certified/validated/compliant?](https://access.redhat.com/site/solutions/303333) - [How to enable boot-time logging (/var/log/boot.log) in Red Hat Enterprise Linux 5?](https://access.redhat.com/site/solutions/9834) (attached patch/method developed by rsaw) - [logger unnecessarily splits messages sent via stdin into 1024 byte chunks](https://access.redhat.com/solutions/2220491) (linked loggerclone tools coded by rsaw) - [How to disable log rate-limiting in Red Hat Enterprise Linux 7](https://access.redhat.com/solutions/1417483) - [How to make custom script that runs automatically during boot up in RHEL7?](https://access.redhat.com/solutions/1163283) - [How to tell if system is Fedora, CentOS, OEL, SUSE, or Red Hat Enterprise Linux?](https://access.redhat.com/site/solutions/238453) - [How to find the number of physical cpus, cpu cores, and logical cpus](https://access.redhat.com/site/solutions/224883) - [How to use UUIDs and labels to identify filesystems](https://access.redhat.com/solutions/19584) - [How to monitor CPU or memory usage on a per-user basis](https://access.redhat.com/site/solutions/239483) - [How to reset the list of trusted CA certificates in RHEL 6 & RHEL 7](https://access.redhat.com/solutions/1549003) - [How to add custom SELinux filename transition rules in RHEL7](https://access.redhat.com/solutions/2220381) #### some of the rest of the KCS solutions by rsaw, organized by category - sysv - [How to configure a command, script, or daemon to run after boot has finished in RHEL 5 and older](https://access.redhat.com/solutions/1751223) - [How could RHEL sysv init shutdown scripts fail to stop a service which can be stopped gracefully by the service command?](https://access.redhat.com/solutions/145323) - [chkconfig --list and service --status-all give no output; service network restart reports unrecognized service](https://access.redhat.com/solutions/2089161) - [How to disable system reboot when pressing Ctrl+Alt+DEL keys in Red Hat Enterprise Linux 3, 4, 5](https://access.redhat.com/solutions/1058) - upstart - [How to configure a command, script, or daemon to run after boot has finished in RHEL 6](https://access.redhat.com/solutions/1751233) - [Configure init in RHEL 6 (Upstart) to auto-start an application on runlevel change like inittab](https://access.redhat.com/solutions/46835) - [How to permanently disable an Upstart job in RHEL 6](https://access.redhat.com/solutions/1994623) - [How to disable Ctrl+Alt+Del causing system reboot in Red Hat Enterprise Linux 6](https://access.redhat.com/site/solutions/449373) - [How to password-protect single user mode in RHEL6?](https://access.redhat.com/site/solutions/45597) - systemd - [How to configure a systemd service like tomcat with Type=notify so that startup completion signifies website availability](https://access.redhat.com/solutions/2682101) - [How to configure a systemd service unit to execute a command or script at system shutdown](https://access.redhat.com/solutions/2608901) - [How to set limits (ulimit) for services run by systemd](https://access.redhat.com/solutions/1346533) - [How to configure a command, script, or daemon to run after boot has finished in RHEL 7](https://access.redhat.com/solutions/1751263) - [How to ensure a RHEL 7 systemd unit waits for chronyd or ntpd to sync before starting](https://access.redhat.com/solutions/2112751) - [How to boot RHEL7 with systemd in an interactive mode (like earlier versions "Press I for interactive mode")](https://access.redhat.com/solutions/2112701) - [systemctl restart rsyslog appends older duplicate log entries (everything in the journal) to log files](https://access.redhat.com/solutions/2112651) - [Does systemd-tmpfiles --clean remove open files?](https://access.redhat.com/solutions/2078313) - [How to make custom script that runs automatically during boot up in RHEL7?](https://access.redhat.com/solutions/1163283) - [How to prevent console and ssh logins until a service has started in RHEL7](https://access.redhat.com/solutions/1341723) - [How to allow a custom service script in RHEL7 to run in the foreground and accept user input](https://access.redhat.com/solutions/1466153) - [How to configure a systemd service in RHEL7 to run as a custom user or group](https://access.redhat.com/solutions/2295041) - SELinux - [How to add custom SELinux filename transition rules in RHEL7](https://access.redhat.com/solutions/2220381) - [How to run httpd from a custom location as a non-root user with SELinux confinement](https://access.redhat.com/solutions/2145151) - [How to create SELinux dontaudit rules to hide avc denied warnings](https://access.redhat.com/solutions/1523643) - [BIND named unable to write log files due to SELinux](https://access.redhat.com/solutions/2078363) - GnuPG - [What is GnuPG (GPG) and how to configure it and encrypt/decrypt/sign data with it](https://access.redhat.com/solutions/64839) - [How to use GnuPG (gpg or gpg2) to generate a PGP key that isn't protected by a passphrase](https://access.redhat.com/solutions/2257691) - [How to use GnuPG (gpg) to non-interactively decrypt or sign without password prompts](https://access.redhat.com/solutions/2257361) - [How to migrate all GnuPG (gpg) public and private keys from one user to another](https://access.redhat.com/solutions/2115511) - [How to gpg sign a file without encryption](https://access.redhat.com/solutions/1541303) - [gpg commands in RHEL 6 work fine, but print error: can't connect to `/home/user/.gnupg/S.gpg-agent': No such file or directory](https://access.redhat.com/solutions/1541213) - [How to enable gpg-agent for a user in RHEL 6](https://access.redhat.com/solutions/1541203) - [How to encrypt a file with a passphrase, without using a gpg key](https://access.redhat.com/site/solutions/2318) - [cron fails to execute gpg encryption commands](https://access.redhat.com/site/solutions/154463) - Webservers / OpenSSL / TLS - [How to use openssl to confirm whether a given SSL/TLS x509 certificate matches up with a given private key](https://access.redhat.com/solutions/2793971) - [How to export environment variables to Apache httpd in RHEL](https://access.redhat.com/solutions/2138981) - [How to create a simple python app with mod_wsgi and Apache httpd or httpd24](https://access.redhat.com/solutions/2204051) - [How to use openssl to generate a self-signed x509 certificate?](https://access.redhat.com/site/solutions/658343) - [How to test which SSL/TLS protocols & ciphersuites are offered by a server](https://access.redhat.com/solutions/2317691) - [https clients (curl, wget, openssl, firefox, etc) on some hosts unable to connect to server](https://access.redhat.com/solutions/1546523) - [How to disallow or disable httpd TRACE requests in httpd](https://access.redhat.com/solutions/198813) - [How to enforce a system-wide crypto policy (specific protocols, MACs, ciphers) in RHEL](https://access.redhat.com/solutions/2740411) - [How to make Apache httpd in RHEL 7 write to /tmp](https://access.redhat.com/solutions/2743521) - [How to run RHEL's Apache httpd as a custom user (not "apache")](https://access.redhat.com/solutions/2743911) - dm-crypt/LUKS, ecryptfs - [What is LUKS disk encryption and how can it be implemented?](https://access.redhat.com/site/solutions/100463) - [How to configure encrypted storage with LUKS using passphrases](https://access.redhat.com/solutions/447423) - [How to configure encrypted storage with LUKS using exportable keys instead of passphrases](https://access.redhat.com/solutions/1121163) - [How to add a passphrase, key, or keyfile to an existing LUKS device](https://access.redhat.com/solutions/230993) - [How to extend a LUKS encrypted volume](https://access.redhat.com/solutions/236543) - [How to extend a volgroup and filesystem backed by LUKS-formatted encrypted physical volumes](https://access.redhat.com/solutions/302923) - [How to change cipher, key-size, hash, master key of existing LUKS device](https://access.redhat.com/solutions/1162843) - [How can a specific directory on a filesystem be encrypted?](https://access.redhat.com/knowledge/solutions/202513) - [How to configure encrypted swap](https://access.redhat.com/solutions/1121603) - [How to recover lost LUKS key or passphrase](https://access.redhat.com/solutions/1543373) - [How to have a root LUKS partition decrypted without a password](https://access.redhat.com/solutions/256833) - FIPS - [How can I make RHEL 6 or RHEL 7 FIPS 140-2 compliant?](https://access.redhat.com/solutions/137833) - [How to disable FIPS mode in RHEL 6 or RHEL 7](https://access.redhat.com/solutions/2422061) - [Package requirements for FIPS 140-2 compliance in RHEL](https://access.redhat.com/site/solutions/307523) - [Is version X of Red Hat Enterprise Linux FIPS 140-2 certified/validated/compliant?](https://access.redhat.com/site/solutions/303333) - [GnuPG (gpg2) and FIPS 140-2 in Red Hat Enterprise Linux](https://access.redhat.com/solutions/2130601) - [Loading unsigned kernel modules in FIPS mode causes panic](https://access.redhat.com/solutions/2111011) - [openssl enc fails in FIPS mode](https://access.redhat.com/solutions/176633) - [Is LUKS in Red Hat Enterprise Linux certified for or compliant with FIPS 140-2?](https://access.redhat.com/solutions/67603) - [How to enable FIPS on a single file system or block device](https://access.redhat.com/solutions/1361103) - logging - [How to exclude specific users or groups when using auditd to watch files](https://access.redhat.com/solutions/2482221) - [How to exclude specific users, groups, or services when using auditd to audit syscalls](https://access.redhat.com/solutions/2477471) - [How to exclude specific processes when using auditd to audit syscalls](https://access.redhat.com/solutions/2482361) - [How to leverage auditd & rsyslog to send select audit events to specific files or hosts](https://access.redhat.com/solutions/2487071) - [How to disable log rate-limiting in Red Hat Enterprise Linux 7](https://access.redhat.com/solutions/1417483) - [Log files (/var/log/messages) written by rsyslog in RHEL7 are empty and logger commands do nothing](https://access.redhat.com/solutions/2140041) - [The systemd journal doesn't show messages from logger or any other program that uses syslog() to generate logs](https://access.redhat.com/solutions/2125721) - [logger unnecessarily splits messages sent via stdin into 1024 byte chunks](https://access.redhat.com/solutions/2220491) - [How can an application in RHEL7 write logs directly to local/remote rsyslog, bypassing journald?](https://access.redhat.com/solutions/2217141) - [systemctl restart rsyslog appends older duplicate log entries (everything in the journal) to log files](https://access.redhat.com/solutions/2112651) - [How to configure permissions of log files created by rsyslog](https://access.redhat.com/solutions/39827) - [How to change the default permission of system log files?](https://access.redhat.com/solutions/24100) - [Rsyslog stops logging to all files after adding a TCP log-forwarding rule](https://access.redhat.com/solutions/221293) - [How to enable boot-time logging (/var/log/boot.log) in Red Hat Enterprise Linux 5?](https://access.redhat.com/site/solutions/9834) - [How to implement audit log rotation with compression based on time instead of size](https://access.redhat.com/solutions/661603) - [How to convert audit.log's timestamp to human readable format](https://access.redhat.com/solutions/666733) - [How to send Apache httpd error logs to a remote syslog server or appliance](https://access.redhat.com/solutions/20745) - [How to save all tomcat.service stdout & stderr in RHEL7 to a file](https://access.redhat.com/solutions/2324691) - GRUB - [How to install GRUB2 after a RHEL6 to RHEL7 upgrade with redhat-upgrade-tool](https://access.redhat.com/solutions/2643721) - [How to convert RHEL system from UEFI & GPT to legacy BIOS & MBR](https://access.redhat.com/solutions/767293) - [How to generate GRUB2 pbkdf2 hashes in RHEL 6](https://access.redhat.com/solutions/1569773) - [How to permanently password-protect (lock) standard RHEL7 menu entries in GRUB2](https://access.redhat.com/solutions/979643) - [How do I secure GRUB with a SHA-2 hashed password in RHEL6?](https://access.redhat.com/site/solutions/68828) - Graphical stuff - [Scrollbar arrow buttons missing in graphical applications in RHEL 7](https://access.redhat.com/solutions/2053413) - [Firefox: How to audit & reset the list of trusted servers/CAs](https://access.redhat.com/solutions/1549043) - Sysadmin scripting - [How to prevent signals (e.g., SIGINT via Ctrl-c) from affecting child process of bash script](https://access.redhat.com/solutions/1539283) - [How to kill processes older than a certain time](https://access.redhat.com/solutions/1349643) - [How to monitor CPU or memory usage on a per-user basis](https://access.redhat.com/site/solutions/239483) - [Using telnet to send test emails over smtp fails when using stdin-redirection (pipes or heredocs)](https://access.redhat.com/solutions/2159321) - [How to copy and paste on a virtual console (one of the fullscreen black terminals, e.g., tty2)?](https://access.redhat.com/site/solutions/125703) - [How to make vim apply /var/log/messages syntax highlighting to other log files](https://access.redhat.com/site/solutions/152623) - [How to find the number of physical cpus, cpu cores, and logical cpus](https://access.redhat.com/site/solutions/224883) - [How to determine number of CPU sockets on a system](https://access.redhat.com/solutions/61791) - [How to reinstall files reported by rpm -V to be missing or corrupted](https://access.redhat.com/site/solutions/183083) - [How to tell if system is Fedora, CentOS, OEL, SUSE, or Red Hat Enterprise Linux?](https://access.redhat.com/site/solutions/238453) - [How to capture and archive bash history from multiple users each day](https://access.redhat.com/solutions/300543) - [How to use UUIDs and labels to identify filesystems](https://access.redhat.com/solutions/19584) - PAM / glibc - [How to allow a user in RHEL7 to login only via the graphical login screen (GUI), disabling all other login capability (ssh, local tty/serial consoles)](https://access.redhat.com/solutions/2818341) - [How to change the default number of rounds done by SHA-2 password-hashing](https://access.redhat.com/solutions/1519833) - [How to verify that user account is disabled or locked?](https://access.redhat.com/site/solutions/35914) - [How to change default password hashing algorithm (passalgo) without reinstalling system](https://access.redhat.com/solutions/187493) - [How to generate a SHA-2 (sha256 or sha512) hashed password compatible with /etc/shadow](https://access.redhat.com/solutions/221403) - Installation / recovery - [How to upload rdsosreport.txt to another system from the dracut emergency shell](https://access.redhat.com/solutions/2126311) - [Boot process hangs with kernel panic after renaming or removing LVM swap space](https://access.redhat.com/solutions/887123) - [PolicyKit failing to start with error: polkit.service: main process exited, code=exited, status=1/FAILURE](https://access.redhat.com/solutions/1543343) - [What log files should I gather to troubleshoot a kickstart or manual installation issue with Anaconda?](https://access.redhat.com/solutions/20358) - Misc. - [How to resize virsh console serial console to be bigger than 80 columns by 24 lines](https://access.redhat.com/solutions/2838931) - [How to set limits (ulimit) for services in RHEL6 and older with upstart, sysvinit](https://access.redhat.com/solutions/253043) - [Run MariaDB in RHEL 7 as a custom user and group](https://access.redhat.com/solutions/1603183) - [How to reset the list of trusted CA certificates in RHEL 6 & RHEL 7](https://access.redhat.com/solutions/1549003) - [Where is the crypt command in Red Hat Enterprise Linux?](https://access.redhat.com/site/solutions/322063) - [How to set a static hostname in Red Hat Enterprise Linux](https://access.redhat.com/solutions/4725) - [When a nameserver in resolv.conf doesn't know about a host, can the system fail over to another nameserver?](https://access.redhat.com/solutions/302063) - [Description and purpose of standard system user accounts in Red Hat Enterprise Linux](https://access.redhat.com/solutions/225183) - [System Hung After "TCP: too many of orphaned sockets" and "Out of socket memory" Errors](https://access.redhat.com/solutions/225223) - [Creating an LVM snapshot in RHEL7 can render the system unbootable](https://access.redhat.com/solutions/2359851) ___ ``` -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 A message from the owner of the PGP key w/ fingerprint FBA472A74C4FFD02 (short 4C4FFD02): Yes I am the same Ryan Sawhill Aroha that also owns b19.org and people.redhat.com/rsawhill. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXRUNLAAoJEG068mEsouvVJ70P/2GxQ2k1XPBkBQeYYBIJpQJu l7bgQAgxYl4lUDXJ/BjUAgjMDxM9THeWB/WShehAqNIM9ORuspvuCQsH0LGZ2P0i Nr22kRdbub3hlzQkQ03aqu29tX12SDlyrPRlMQhAcVLjF5pQXWkSXWwTy6vgEb/d xm/aUwd9cliCZa1ONeYqv1I65j6gqF0t2u83KRWzlA/Bgm+TLagZrm8hsxWJHcJg 6XDsB6ijilO/RvppCzG0SsmMGVDZizGopUzdeEwQtHn3GG94ABHIwYBgpGzdgLgc 2q7OYGOsSwpmduOsRdUAhXNKXuV1RwWIy0lzQHpPLy0U/ws9j5Ye9aEhKfwXDX3g hVknO0e868JtdZSfceKxVctnh0cBdq/BrEVIZUJD+sDZqhMst7M+DphKAL56UDuL eXGCFgs+0vYwiqEKboCdHzS1FqdEFLe8iwOKBiJjyYVo61usAj//VhyyCmX032wQ 2vLPkMqD3zwCuQDwsY9q+hSWR2JrX+/4p/wyfXJNKqdy2Yu+BNsh6BIl1t64O+id u5Mti7V0diFSsZZB0Phx/GCBMLS9hL9chxhXcOLqABBK7b1euvaCwn8YC1kY5UHr DNzypOgBv6yUHMW1KCaYs0vSe+dF3FKNLEFmGZTvrqJe8ei8DtrbZR/lTMDbZryz xp4ujBzDjlf0io/ONmZ3 =dRwj -----END PGP SIGNATURE----- ```