Month: January 2021

How to Install and Configure VNC on Debian 9 and Kali Linux 2020.2

This is a quick guide to installing VNC on Debian 9 and Kali Linux

  • Login to your server as root.
  • Install VNC server with apt-get install tightvncserver
  • If you get the following error then you can install tightvncserver from Debian or Kali installation ISO image.

root@server:/home/user# apt install tightvncserver -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package tightvncserver is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'tightvncserver' has no installation candidate

  • To install tightvnc from ISO image, Mount Debian or Kali image on /media/cdrom with mount -t iso9660 /dev/sr0 /media/cdrom -o loop

tightvnc .deb packages [tightvncserver_1.3.9-9.1_amd64.deb xtightvncviewer_1.3.9-9.1_amd64.deb] is located in /media/cdrom/pool/main/t/tightvnc

  • Change directory to /media/cdrom/pool/main/t/tightvnc with cd /media/cdrom/pool/main/t/tightvnc
  • Install tightvncserevr with dpkg -i tightvncserver_1.3.9-9.1_amd64.deb
  • Edit xstartup in /home/youraccount/.vnc/xstartup with vi and add following code:

startxfce4 &
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey &
vncconfig -iconic &

  • Start vnc server by executing the following command:


  • You will be prompted to enter and verify vnc password. Make sure your password is less than 8 characters else it will be truncated to 8 characters.
  • After vnc password is set you will have the option to set a view-only password which is optional.
  • You may kill any instance of vncserver by executing commands vncserver -kill :1
  • ~/.vnc/xstartup must have executable permission set. You may set these permissions with the command chmod +x ~/.vnc/xstartup
  • If you did the above steps correctly, TightVNC server is already running on your server waiting for an incoming connection.
  • To connect to vnc server from your local PC, install Tight vnc viewer. Open vncviewer and enter the IP address and listening port on the server
  • If your vncserver is listening on port :1 then you should enter
  • If your vncserver is listening on port :2 then you should enter
  • Make sure to check on which port your vnc server is running and then edit port :5901 in vncviewer on your local PC/Server.

How to setup FTP in Linux based server

  • Login to the server as root and install vsftpd with yum install vsftpd ftp -y
  • Use vi editor to open /etc/vsftpd/vsftpd.conf [vi /etc/vsftpd/vsftpd.conf] and add/change following options:


  • Enable and start the vsftpd service.

systemctl enable vsftpd
systemctl start vsftpd

  • Allow the ftp service and port 21 via firewall.

firewall-cmd --permanent --add-port=21/tcp
firewall-cmd --permanent --add-service=ftp

  • Reload firewall

firewall-cmd --reload

If you want users to restrict to their home directories, change permissions of home directory with

chmod -R go-rx /home/userdirectory

To test FTP server from client-side:


How to change the port of discovery container

  • Use podman to create new network podman network create
  • Check under /etc/cni/net.d/ you will find file /etc/cni/net.d/cni-podman-2.conflist
  • In your favorite file editor open /usr/share/containers/libpod.conf
  • Change line cni_default_network = "podman" in configuration file /usr/share/containers/libpod.conf to cni_default_network = "cni-podman2"
  • Reboot server
  • Restart container with podman start discovery dsc-db
  • Check the network status.
  • A new network cni-podman2 will be present with a new IP

How Anisble Manage Configuration Files

This article will discuss, where the Ansible configuration files are located and how Ansible selects them and how we can edit default settings.

Configuring Ansible:

The Ansible behavior can be customized by modifying settings in the Ansible configuration files. Ansible chooses its configuration file from one of many locations on the control node.

  •  /etc/ansible/ansible.cfg
    This file contains the base configuration of the Ansible. It is used if no other configuration file is found.
  • ~/.ansible.cfg
    This ~/.ansible.cfg configuration is used instead of the /etc/ansible/ansible.cfg because Ansible for .ansible.cfg in the home directory of the user.
  • ./ansible.cfg
    If the Ansible command is executed in the directory where the ansible.cfg is also present ./ansible.cfg will be used.

Recommendations of Ansible configuration files:

Ansible recommends creating a file in the directory from where you run the ansible command.


To define the location of the configuration file Ansible gives you a more handy option to define the configuration file by allowing you to change the environment variable named ASNIBLE_CONFIG. If you define this ANSIBLE_CONFIG variable, Ansible uses the configuration file that the variable specifies instead of any of the previously mentioned configuration file.

Configuration File Precedence:

Ansible Configuration File Precedence Table
First preference Environment variable ANSIBLE_CONFIG overrides all other configuration files. If this variable is not settled, then second preference will be taken
Second preferenceThe directory in which the ansible command was run is then checked for configuration file ‘ansible.cfg’. If this file is not present, then Ansible goes to third preference.
Third PreferenceThe user’s home directory is checked for a .ansible.cfg file.
fourth preferenceThe global /etc/ansible/ansible.cfg file is only used if no other configuration file is found.


Due to Ansible’s capability to handle configuration from multiple locations, sometimes it makes the user confused to determine the active configuration file.

So how use can determine which file is active?

How to check which Ansible configuration file is being used?

You can run the ansible –version command to identify which version of Ansible is installed and which configuration file is used.

[ali@controller /]$ ansible --version
ansible 2.9.16
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/ali/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Aug 24 2020, 17:57:11) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
[ali@controller /]$

If you need servers to practice Ansible or Linux?

SeiMaxim is a leading Dutch web hosting company and provides resources to learn Ansible and Linux. If you want to get virtual servers to learn Ansible you can place your order and use code SE-ANSIBLE211 to rent two servers in just 18 USD.

How to configure a bonding device in a Linux server

Multiple bonding modes in a Linux operating system are given below:

  • balance-alb (fault tolerance and load balancing)
  • balance-tlb (fault tolerance and load balancing)
  • active-backup (fault tolerance)
  • broadcast (fault tolerance)
  • balance-rr (fault tolerance and load balancing)
  • 802.3ad (fault tolerance and load balancing)
  • balance-xor (fault tolerance and load balancing)

We will use Network Manager CLI to add a bonding device to a Linux server.

  • Run the nmcli command as root on SHELL nmcli con add type bond ifname mode active-backup
  • Assign IP address with nmcli connection modify ipv4.addresses
  • Make static IP address nmcli connection modify ipv4.method manual
  • Add bond slave to bonding device with nmcli con add type bond-slave ifname master
  • Add the second slave with nmcli con add type bond-slave ifname master
  • check bonding configuration with nmcli connection show
  • Restart server network with systemctl restart network

YUM error: Peer cert cannot be verified or peer cert invalid” or ‘certificate verify failed`

The error produced during the yum update

Error: failed to retrieve repodata/-primary.xml.gz
error was [Errno 14] Peer cert cannot be verified or peer cert invalid

Perform the following steps to resolve the yum error:

  • check and correct the date and time of the server.
  • Disable SSL verification by adding sslverify=false in /etc/yum.conf
  • Delete all repos and create a new yum repository.
  • Check /etc/hosts file for any false DNS resolutions of servers.

Kickstart fails to form boot partition [Not enough space in filesystems for the current software selection]

The kickstart automatic installation of the Linux operating system fails but the normal install is successful. To resolve this issue follow the steps given below:

  • Add clearpart --all --drives=${devname} --initlabel in kickstart disk section. This will delete partition table of disk.
  • If the above option does not resolve the issue add zerombr option above clearpart command. The zerombr option will initialize and destroy all invalid partition tables.
  • If above both steps does not work than boot into rescue mode of Linux OS and use dmraid or wipefs as follows:

dmraid -r -E /dev/sda
wipefs -fa /dev/sda

How to enable audit for file on nfs server?

  • Add -w /NFS-MOUNT/ -p wa -k NFS-MOUNT line at the end of file /etc/audit/audit.rules

[root@COMPUTE ~]# cat /etc/audit/audit.rules
## This file is automatically generated from /etc/audit/rules.d
-b 8192
-f 1
-w /NFS-MOUNT/ -p wa -k NFS-MOUNT

  • Execute the following command to restart auditd service

service auditd restart

SELinux prevents /usr/lib/cups/daemon/cups-lpd from read access on the sock_file cups.sock in Linux server

In spite of /usr/lib/cups/daemon/cups-lpd denial to read access sock_file cups.sock, cups-lpd will successfully migrate print jobs received via LPD to the local CUPS server. You can either ignore this issue or create a custom SELinux policy module. The steps to create a custom SELinux policy module are listed below:

  • yum -y install setools-console yum-utils policycoreutils-devel rpm-build make
  • Create a file named local_cupslpd-read-cupssock.te in vi with the following contents.

module local_cupslpd-read-cupssock 1.0;

require {
type cupsd_var_run_t;
type cupsd_lpd_t;
class sock_file read;

#============= cupsd_lpd_t ==============
allow cupsd_lpd_t cupsd_var_run_t:sock_file read;

  • Compile the SELinux policy module with make -f /usr/share/selinux/devel/Makefile local_cupslpd-read-cupssock.pp
  • Install the policy module with semodule -i local_cupslpd-read-cupssock.pp

IPv6 communication do not occur while interface is in firewalld drop zone

IPv6 requires ICMPv6 neighbour solicitation and neighbour advertisement packets to create IPv6 connectivity. These packets are used to resolve IPv6 addresses to link-layer (ethernet).

  • Add new icmptypes for neighbour solicitation and neighbour advertisement

firewall-cmd --permanent --new-icmptype=neighbour-solicitation

firewall-cmd --permanent --new-icmptype=neighbour-advertisement

  • Remove destination IPv4

firewall-cmd --permanent --icmptype=neighbour-solicitation --remove-destination=ipv4

firewall-cmd --permanent --icmptype=neighbour-advertisement --remove-destination=ipv4

  • Attach icmptypes to the –zone=drop list of –add-icmp-block

firewall-cmd --permanent --zone=drop --add-icmp-block=neighbour-solicitation

firewall-cmd --permanent --zone=drop --add-icmp-block=neighbour-advertisement

  • Invert the icmptype block.

firewall-cmd --permanent --zone=drop --add-icmp-block-inversion

Confirm icmp-block-inversion from output of following command.

firewall-cmd --permanent --list-all --zone=drop

How to copy an instance between two Openstack environments

  • Turn off the instance, and then using the nova image-create command, create a snapshot of the nova instance.

openstack server list
openstack server image create server2 --name server2-snapshot

  • After the snapshot is created, it will be visible at a glance.
  • Confirm snapshot in a glance with;

openstack image list

  • Download snapshot image

openstack image save --file server2-snapshot-image2.qcow2 jkhuyt67-y6ry-jjhj-t65f-mmmjngy78657

  • Copy snapshot image to the new environment using SCP.
  • Upload the image

openstack image create server2-snapshot-image2-glanceimage2 --container-format bare --disk-format qcow2 --file server2-snapshot-image2.qcow2

How to clear ceilometer in OpenStack

To clean up old ceilometer data in OpenStack, perform the following steps:

  • First of all, stop the Telemetry service.

systemctl stop openstack-ceilometer-collector openstack-ceilometer-notification openstack-gnocchi-metricd openstack-gnocchi-statsd openstack-aodh-evaluator openstack-aodh-listener openstack-aodh-notifier openstack-ceilometer-central

  • Stop MongoDB service by entering the following on shell prompt.

systemctl stop mongod

  • Delete all files in /var/lib/mongodb and then restart MongoDB.

cd /var/lib/mongodb

rm -r *

  • Restart MongoDB.

systemctl start mongodb

  • Create a MongoDB master node.

mongo --host MONGOHOST --eval 'rs.initiate()'

  • Fing listener IP by entering the following command.

ss -tlnp|grep mongo

  • Add resulting IP to MongoDB replication file.

mongo --host MONGOHOST --eval 'rs.add("controler1_mongodb_IP:PORT"); rs.add("controler2_mongodb_IP:PORT"); '

  • Create a ceilometer database.

mongo --host MONGOHOST --eval 'db.getSiblingDB("ceilometer").addUser({user: "ceilometer", pwd: "MONGOPASS", roles: [ "readWrite", "dbAdmin" ]})'

  • Start Telemetry service using systemctl.

systemctl start openstack-ceilometer-collector openstack-ceilometer-notification openstack-gnocchi-metricd openstack-gnocchi-statsd openstack-aodh-evaluator openstack-aodh-listener openstack-aodh-notifier openstack-ceilometer-central