Adsense Leaderboard

1.18.2018

Update Search Domains on Red Hat 7, CentOS 7 and Fedora using Network Manager Command Line Interface (nmcli)

Question sent in by Julio from New York, NY.

Q: I am runing Red Hat Enterprise Linux 7 Workstation and am having a hard time adding search domains.  My work has several domains and I want to be able to use the short names.  I have tried the network settings and don't see a place to add search domains. I have also added "search domain1 domain2" to resolv.conf but it gets replaced every reboot by Network Manager.  Any help?

A: This is because Gnome does not give you a place to enter search domains in their Network Settings GUI. Also, the /etc/resolv.conf file is generated every time the Network Manager process starts or restarts which overwrites the manual changes. 

Let's start with why someone would want to add search domains.  Let's say your office used a domain of example.com.  So the servers are named similar to server1.example.com.  If you add example.com to your search domains, you would be able to access the servers using the short name "server1".  The search domains are automatically appended to the end of host names.  If you add multiple search domains they will append one by one until they resolve in DNS.

So, to fix this you have two options...

You can run the Network Manager GUI configuration tool by running the following command:

sudo nm-connection-editor

Once the Network Manager Connection Editor opens, select the network adapter you want to change the settings for and click edit.  Go to the IPv4 Settings page and enter the domains in "search domains" field (separate multiple domains with a comma).

or use the Network Manager Command Line Interface (nmcli).  First run nmcli to find the name of the interface like so:

sudo nmcli

virbr0: connected to virbr0
"virbr0"
bridge, 52:54:00:7B:B3:F0, sw, mtu 1500
inet4 192.168.122.1/24

em1: connected to em1
"Intel Ethernet Connection (3) I218-LM"
ethernet (e1000e), 83:7B:FB:41:6B:78, hw, mtu 1500
ip4 default
inet4 192.168.38.83/22
inet6 fe83::8043:90fb:ff4e:9590/64

wlp2s0: disconnected
"Intel Wireless 7265 (Dual Band Wireless-N 7265)"
wifi (iwlwifi), 62:EF:10:F9:3B:BE, hw

lo: unmanaged
"lo"
loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536

virbr0-nic: unmanaged
"virbr0-nic"
tun, 52:54:00:7B:B3:F0, sw, mtu 1500

DNS configuration:
servers: 192.168.16.40 192.168.16.10
interface: em1




Now if you want to add the search domains to em1 interface use the nmcli command like so:

sudo nmcli con mod em1 ipv4.dns-search "domain1.local,domain2.local,domain3.local"

Check the configuration:

sudo nmcli con show em1 | grep dns-search

output:
ipv4.dns-search:                        domain1.local,domain2.local,domain3.local
ipv6.dns-search:                        --

Now restart Network Manager:

sudo systemctl restart NetworkManager

Now when Network Manager restarts, it should generate the correct settings in /etc/resolv.conf

# Generated by NetworkManager
search domain1.local,domain2.local,domain3.local
nameserver 192.168.16.40
nameserver 192.168.16.10

Good Luck!

12.21.2017

Use DoD CAC Smart Card with Google Chrome in Linux

There are a few steps you need to take in order to use your CAC / smart card with google chrome in Linux.  Here are the steps I took...

First, install all the DoD root certs by following the directions in this post.


Then install some packages...

PSCS Smart Card Libraries, tools and such:

sudo dnf install pcsc-lite -y

sudo dnf install perl-pcsc -y

sudo dnf install pcsc-tools -y

sudo dnf install ccid -y

sudo dnf install opensc -y


Now install coolkey

sudo dnf install coolkey -y

Now make sure chrome is closed and run the following command from your home directory:

modutil -dbdir sql:.pki/nssdb/ -add "CAC Module" -libfile /usr/lib64/pkcs11/libcoolkeypk11.so

That is it... You should now be able to open Google Chrome and use your CAC for authentication on websites.

11.25.2017

Using Color in the Output of Your Bash Script

Let's face it, bash scripts are mostly boring and the output it usually drab and hard to read, especially when there is a lot of it. That's why when I write a script I like to add some color to the output.  Colorizing the output can bring attention to errors, emphasized an important piece of output, or just jazz us a countdown.

The first step in adding color to your bash scripts is understanding the echo command and it's interpretation of backslash-escaped characters.  By using the -e option with echo, you can enable some interesting features to help format your output. In this article we will be using the "enable interpretation" or -e option to colorize our bash output.  You can also use it to sound a terminal bell or format your output in a cleaner fashion.  For a list of backslash-escaped characters see the echo man page.

The most popular colors I use are red and green, often to express something good or bad (error or success) in scripts.  I start by putting the ANSI codes for these colors, and one for no color, into variables.  This makes the colorization easy to use throughout a script.

Example:

GREEN='\033[0;32m'
RED='\033[0;31m'
WHITE='\033[0;37m'
RESET='\033[0m'

Now that you have your variables set, you can all them out using echo or printf, like so.

echo -e "The Italian flag colors are ${GREEN}GREEN${RESET}, ${WHITE}WHITE${RESET}, and ${RED}RED${RESET}."

or you can use them to show success and errors like so:

#!/bin/bash
GREEN='\033[0;32m'
RED='\033[0;31m'
WHITE='\033[0;37m'
RESET='\033[0m'
grep -i savona /etc/passwd
if [ "$?" == "0" ]; then
echo -e "${GREEN}User exists in passwd file${RESET}"
else
echo -e "${RED}User does NOT exist in passwd file${RESET}"
fi

Of course that is a VERY simple example, but you can use your creativity and come up with some really interesting ways to use ANSI color codes.

Here is a list of basic color codes you can use:

Black        0;30
Red          0;31
Green        0;32
Yellow       0;33
Blue         0;34
Magenta      0;35
Cyan         0;36
Light Gray   0;37