Configure Google Authenticator on CentOS 7

Image of laptop with hand holding a skeleton key extending outwards through the display.

Intro

As part of the rebuild on my Plex Media Server using CentOS 7, I had intended to configure Google Authenticator but hadn’t gotten around to doing it yet.  As I got into the process recently I discovered that many of the steps that I had used when configuring my CentOS 6 Digital Ocean droplet were out of date to the point of uselessness.

I also discovered that most of the guides that I found either relied on the older 1.0 code release which was also outdated or used a unknown RPM repo.  As such I decided to write up the process that I followed to use the code downloaded from the official GitHub repository.

NOTE: If you are doing this in an enterprise setting, it is likely that your company has particular settings and restrictions that you may need to adhere to (e.g., not running things as the root user). Also, please note that all of my examples use the CentOS defaults unless specifically noted.

Read more

RHEL7 and ncat changes

One of the tools that I use on a regular basis to test network connectivity updates is the “z” option of netcat.  Apparently when RedHat rolled out the latest version of their distribution of RedHat Enterprise Linux (RHEL) they decided to move to using the nmap-ncat package instead of the nc package.  The command options a very different.

So when attempting to test single port like I would have under previous releases I now use the following syntax:

# echo | nc -w1 $host $port >/dev/null 2>&1 ;echo $?

If the result that is returned is a zero then you have successfully connected to the remote host on the desired port. This also applies to CentOS 7 since it is a “clone” or copyleft port of the RHEL7 binaries.

Massive Numbers of Chrome Helper Messages in system logs

Today when attempting to figure out why Google Hangouts would not start on my Mac after the application was re-enabled due to a permissions change, I noticed a large number of messages like the following:

6/10/15 10:20:14.000 AM kernel[0]: Google Chrome He (map: 0xffffff804da160f0) triggered DYLD shared region unnest for map: 0xffffff804da160f0, region 0x7fff99a00000->0x7fff99c00000. While not abnormal for debuggers, this increases system memory footprint until the target exits.

After some research I found that this is a reported issue in the bug tracker for Chromium.  At first I thought that maybe this was the cause of the problem I was having but that turned out to not be the case, simply removing the Hangouts app in Chrome and re-adding it fixed my issue.  However, the sheer number of these errors makes the log a bit unwieldy.  It turns out that there is a way to hide all these messages (thanks to the commenter in the Chromium bug thread!):

[code language=”bash” light=”true”]sudo sysctl -w vm.shared_region_unnest_logging=0[/code]

While it doesn’t help at all with Chrome’s memory issues or other UI issues on Mac OS X, it is rather nice to hide all those spurious messages from the system log.

Checking your password expiration date

While logging into one of the Linux jump boxes at work today, it occurred to me that while I recently got notified about my password expiration from our Active Directory farm, I had no idea when my Linux password would expire or what the password life was.

To find out this information you can easily use the chage command.

Here is what the output looks like:

[code language=”bash”][user@myserver ~]$ chage -l user
Last password change : Apr 09, 2015
Password expires : Jul 08, 2015
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 90
Number of days of warning before password expires : 7
[/code]

It may seem like such a simple thing to do, but knowing when your password expires can be a lifesaver on occasion.

Solaris Tip of the Week: a better du experience

Graphic showing several nested command line terminal application windows.

In my day job as a Systems Engineer I frequently find myself switching between different UNIX and Linux distributions.  While many of the commands exist on both sides of the aisle, I often find vast differences in the command line parameters that can be consumed by a given command when used in, for example, Linux vs Solaris.

Recently I came upon this again with the need to easily ferret out the majority consumer of drive space on a Solaris 10 system.  While we did have the xpg4 specification support available, the du command was still missing my favorite option “max-depth”.

In Linux I use this to limit the output to only the current directory level so that I don’t have to face to possibility of wading through a tremendously large listing of sub-directories to find the largest directory in the level I am in.  Unfortunately, in Solaris, even with xpg4, the du command doesn’t have this option, so my solution was to pipe the results through egrep and use that to filter out the sub-directories.

Read more

Desktop Google Chrome Reader Mode

If you are a Safari user then you are likely used to the “reader mode” which disables all the extra graphical stuff and focuses the view on the content of the article.  Thanks to a tip from Google Plus user Francois Beaufort, here’s how to enable it on the desktop (in Windows at the very least, I haven’t tried in any other OS).

If you’re on desktop, playing with it is as easy as running chrome with the –enable-dom-distiller switch. Once it’s done, you’ll notice a new “Distill page” menu item.

Hopefully this will make it to mainstream with a nice icon.