How Do You Get quota Commands to Return Current Data?

Problem scenario
You run a quota -au or quota -ag command to see the latest/up-to-date statistics. You see the number of blocks or inodes is discrepant with what is currently on your system for the user or group. You tried rebooting, but that did not help. How do you get the use blocks and used inodes to be updated with a quota command?

Possible Solution #1
Run a command like this:

sudo quotacheck -vug

If you think something is still misleading/inaccurate, have you enabled quotas? Can you run this next command?

sudo quotaon -ap

The above command lists if quotas have been enabled. The quotaon command is necessary to enable quotas -- the repquota command may show statistics that look promising, but no quotas could be enabled. Grace periods could be counting down or be completely expired.

quotaon -g /file/system # this will enable groups on the "/file/system" path.
quotaon -au # this will enable all users' quotas

Possible Solution #2
If the user has not created any files, the user may not appear in a "repquota" command. If the user can create some files, or you can create files and change the ownership to the user, that could allow the user to be seen in the output of a repquota command.

Are the files in the partition with the quota? If not, that could explain the potential inaccuracy you are seeing.

How Do You Set a Date-Time Value with a Default Year in Python?

Problem scenario
You are printing out some dates with a Python program. You are using the datetime module and the strptime method. The year is always defaulting to 1900 because the log entries have no year designated in them. How do you seed the dates with a specific year of your choice?

Solution
Here is an example of how to seed the dates with the year 2021 (but it assumes you have a file name auth.log with dates without years in it):

import datetime
from datetime import datetime, timezone
log_reader = open('auth.log', 'r')
for line in log_reader:
    dt_of_log = datetime.strptime('2021 ' + line[:6], '%Y %b %d')
    print(dt_of_log)

Is It a Best/Recommended Practice to Rotate Passwords?

Problem scenario
You know hackers and malicious social engineers love passwords. You are considering enforcing password rotations temporally (as a systems administrator, security consultant, or I.T. manager). You want planned periodic password changes to happen in a mandatory way. In theory if a password was once lost, changing it mitigates the damage. This is intuitive and consistent with a variety of sources. Many OSes and LDAPs facilitate built-in password expirations based on time intervals. Is it a recommended practice to force passwords to be changed (or expire) based on an amount of time?

Answer
Maybe.

Here are sources that are in favor of password rotation (because they say it is important or something similar):

… infrequent password rotation increases the risk that cyberattacks on vulnerable IoT devices…

https://venturebeat.com/2022/02/18/password-rotation-can-make-or-break-your-security-posture/

Password rotation should be implemented across every account, system, networked hardware, IoT device, application, service, etc. Passwords should be unique, never reused or repeated, and randomized on a scheduled basis, upon check-in, or in response to specific threat or vulnerability.

https://www.beyondtrust.com/resources/glossary/password-rotation

Page 46 of this PDF (although that page says "36") indicates passwords should expire.

Some companies recommend having strong passwords but recommend changing just one character every time you rotate the password. This bullet is in both sections as it has an ambivalence toward the enterprise's policy itself.

Here are sources that advise against password rotation (or at least mention that there are disadvantages to doing it):

https://www.sans.org/blog/the-debate-around-password-rotation-policies/
https://securityboulevard.com/2020/03/the-pros-and-cons-of-password-rotation-policies/
https://spycloud.com/2020-prediction-the-death-of-the-password-rotation-policy/
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
https://duo.com/decipher/microsoft-will-no-longer-recommend-forcing-periodic-password-changes

Some companies recommend having strong passwords but recommend changing just one character every time you rotate the password. This link is in both sections as it has an ambivalence toward the enterprise's policy itself: https://www.strongdm.com/blog/password-policy-best-practices

FFR
/etc/login.defs is a file that on Linux/Unix machines facilitates expiration of passwords. Some people may find this file to be obsolete or a legacy of an older era.

How Do You Get a Lost Clothes Item in a GE Washer?

Problem scenario
You have a stackable GE washer. The cylindrical basin of the washing machine allows for clothes items to disappear into the cubic chasis/frame of the washing machine. You are missing a washcloth, a sock or a glove. (You may or may not have seen it fall over the cylindrical tub basin into the square body of the washer when taking out the clean clothes. Sometimes an item just spins into the crevice between the agitator basin and the external body of the washer.) You want to get this small clothes item from your washing machine. How do you do this?

Solution
Prerequisite: You will need a flat head screw driver. A butter knife may work however.

Procedures
Open the front side by sticking a flat head screwdriver into the small, inconspicuous depression area under the top portion of the washer. Push it in 1.5 to 2 inches. You should be able to find a groove and the top (of the front metal side of the washing machine) will start to open outwardly closer to you while the bottom of the front metal side will stay in its place. You do this one-side at a time. One person can do it. Try to not scratch the paint.

Can a Container Layer Be Written to?

Question
Are container layers immutable or can one be written to?

Answers
Maybe they can be written to. It depends how you define a layer.

Here are quotes and sources that say you cannot write to a layer:

The layers of a container image are all immutable. Immutable means that once generated, the layer cannot ever be changed.

https://medium.com/@goyalsaurabh66/docker-images-838383b367

One of the principles of Docker containers is that an image is immutable -- once built, it’s unchangeable, and if you want to make changes, you’ll get a new image as a result.

https://www.cloudbees.com/blog/container-image-immutability-power-metadata

Immutable containers are containers that have no state. … Immutability improves security by decreasing the damage that can be done by a local compromise. Immutable images themselves have no secrets and save no state that could get corrupted. Immutable containers are trivial to verify because they never change.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/container_security_guide/keeping_containers_fresh_and_updateable

Here are quotes and sources that say you can write to a layer:

When you start a container, Docker takes all the layers on your image, and adds a new one on top of it – That’s the read-write layer, and the one containing all the changes you do to your filesystem: File changes, file additions, file deletions.

https://blogs.cisco.com/developer/container-image-layers-1

Docker uses storage drivers to store image layers, and to store data in the writable layer of a container. The container’s writable layer does not persist after the container is deleted, but is suitable for storing ephemeral data that is generated at runtime.

https://docs.docker.com/storage/storagedriver/

As we have discussed, a container image is made of a stack of immutable or read-only layers. When the Docker engine creates a container from such an image, it adds a writable container layer on top of this stack of immutable layers.

https://www.oreilly.com/library/view/learn-docker/9781788997027/9459555d-45ab-4046-a403-c12407665717.xhtml

This Stackoverflow.com posting refers to writable layers of Docker.

How Do You Correct a /etc/fstab File That is Read Only?

Problem scenario
You boot up and log in. You cannot write to /tmp/.

What should you do?

Solution
First, mentally identify the file system in the /etc/fstab file (e.g., /dev/desk/by-id/dm-uuid-LVM-abcd1234).

Here is an example of an /etc/fstab file to determine what the file system string you need is:

/dev/disk/by-id/dm-uuid-LVM-abcd1234 / ext4 defaults,quota,grpquota 0 0
# /boot was on /dev/sda2 during curtin installation
/dev/sdc /var ext4 defaults 1 2
/dev/sda /opt ext4 defaults 0 0
/dev/disk/by-uuid/987654321 /boot ext4 defaults 0 0

Procedure
Run a command like this (but replace /dev/desk/by-id/dm-uuid-LVM-abcd1234 with the file system you need):

sudo mount -o remount,rw /dev/desk/by-id/dm-uuid-LVM-abcd1234

Now you should be able to modify the /etc/fstab file.

We appreciate this external posting for assisting with developing this solution.

How Do You Troubleshoot the Python Problem “ValueError: time data … does not match %m”?

Problem scenario
You are trying to parse a log file with Python. The date entries use abbreviated spellings of months -- not integer month values. You get an error like this:

"ValueError: time data 'Jul 15 06:10:32' does not match format '%m %d %H:%M:%S'"

What should you do?

Solution
Replace the "%m" with "%b".

import datetime
log_reader = open('auth.log', 'r')
for line in log_reader:
    dt_of_log = datetime.datetime.strptime(line[:15], '%b %d %H:%M:%S')
    if line.startswith("Jul 15"):
        print(line)

How Do You Find out if a VIN Has a Letter “o” or the Numeral 0?

Question
How do you determine/identify a vehicle identification number having the letter "O" (as in "Oscar") or the numeral 0? The Arabic number 0 can be confused with the letter "O."

Answer
It is numeral 0. The letter "O" is not allowed according to
https://checkventory.com/articles/whats-your-number/
. Apparently letters "I" and "Q" are not allowed either (presumably due to their potential confusion with numerals "1" and "0").

We believe that ISO 3779:P2009 is the document that governs VIN characters.

Why Do yum/dnf Commands Fail with the –installroot Flag and How Do You Fix Them?

Problem scenario
dnf or yum commands always fail when you use the --installroot flag. The destination of the --installroot directory do not matter. You see error messages about epel, version, 404 and reaching external servers.

Solution
Root cause: There is an invocation of chroot behind the scenes (according to https://bugzilla.redhat.com/show_bug.cgi?id=850686).

Procedures
The --installroot=/foo/bar flag should always be used in conjunction with --releasever=X where "X" is the major version of your RedHat server. To find out what version you are using, run this: sudo cat /etc/*-release
For RedHat 9 here is an example of how to install "foobar" in /opt (instead of wherever foobar would have been installed):

sudo dnf -y install foobar --installroot=/opt --releasever=9