How to Fix “Unmanaged Network Interface” Issue in Alma Linux

Managing network connections on Alma Linux systems can sometimes be tricky, especially when encountering issues like an “unmanaged network interface.” In this blog post, we’ll explore a simple solution to this problem using NetworkManager, a popular network management tool in Alma Linux.

Identifying the Issue: You might have come across situations where you try to change the status of a network interface, only to find it set to “unmanaged.” This means you can’t activate or deactivate the interface, which can be frustrating when configuring network connections.

The Solution: Thankfully, there’s a straightforward solution to this problem. By tweaking a few settings in NetworkManager’s configuration file, you can regain control over the network interface.

Step-by-Step Guide:

1. Check Interface Status: Start by checking the status of the network interface using the nmcli -p device command. This will give you an overview of all network interfaces and their management status.
2. Edit NetworkManager Configuration: Open the NetworkManager configuration file located at /etc/NetworkManager/NetworkManager.conf in your favorite text editor.
3. Modify Configuration Settings: Inside the [main] section of the configuration file, add or modify the following lines

[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=true

4. Save and Exit: Save your changes to the configuration file and exit the text editor.

5. Restart NetworkManager: To apply the changes, restart the NetworkManager service with the command:

sudo systemctl restart NetworkManager

6. Verify Interface Status: Once NetworkManager restarts, use the nmcli -p device command again to confirm that the network interface is now managed.

nmap command to scan TCP/UDP ports

Nmap, short for Network Mapper, emerges as a command-line tool capable of scanning networks by sending packets and analyzing the responses. It’s particularly adept at identifying open ports and services running on a target system.

Scanning TCP Ports

Nmap’s TCP port scanning is robust. For instance, scanning ports 1 to 100 on a target:

nmap -p 1-100 <target>

To focus on specific ports, say 80, 443, and 8080:

nmap -p 80,443,8080 <target>

Or a comprehensive scan across all TCP ports (1 to 65535):

nmap -p- <target>

Scanning UDP Ports

UDP port scanning differs due to the protocol’s connectionless nature. Scanning UDP ports 1 to 100:

nmap -sU -p 1-100 <target>

For specific UDP ports, e.g., 53 and 161:

nmap -sU -p 53,161 <target>

Scanning Both TCP & UDP ports

nmap -sU -sT -p 53 <target>

or

`nmap -sUT -p 53 <target>`

Validate SSL certificates from CLI using openssl command

The following steps are used to validate the SSL certificates with openssl command

Check the Certificate Chain: To check the certificate chain and ensure that it’s valid, you can use the openssl verify command. This command will check if the certificate chain is valid up to a trusted root certificate.

openssl verify -CAfile gd_bundle-g2-g1.crt abc.crt

In this command:

• gd_bundle-g2-g1.crt is the file containing the trusted root certificates (the certificate authority bundle).
• abc.crt is the certificate you want to verify.

If the certificate chain is valid, you’ll see a message like: abc.crt: OK.

Check Certificate Details:

To view detailed information about a certificate, you can use the openssl x509 command. For example, to view the details of the abc.crt certificate:

openssl x509 -in abc.crt -text

This will display all the information about the certificate, including its subject, issuer, validity dates, and more.

Check the Private Key and Certificate Match:

To verify if a private key (abc.key) matches a certificate (abc.crt), you can use the openssl rsa and openssl x509 commands together:

openssl rsa -noout -modulus -in abc.key | openssl md5

openssl x509 -noout -modulus -in abc.crt | openssl md5

If the modulus values printed by these commands match, it indicates that the private key and certificate match.

Check Certificate Expiry Date:

To check the expiry date of a certificate, you can use the openssl x509 command:

openssl x509 -enddate -noout -in abc.crt

This will display the certificate’s expiry date.

These OpenSSL commands provide various ways to validate SSL certificates and perform different checks. Adjust the commands based on your specific requirements for certificate validation.

Keepalive ssh sessions for longer durations

 

In general most of the ISP providers will terminate idle sessions as early as possible(maybe in a couple of minutes).

This will be an irritating thing if you work on a remote server with ssh. I had a similar issue with my ISP(Act Fibernet). To fix this issue I have experimented in multiple ways and I am sharing the easiest way to that works.

Add following lines in your /etc/ssh/sshd_config file:

ClientAliveInterval 60
ClientAliveCountMax 5

where ClientAliveInterval 60 seconds will send a null request from your node(client) to server every 60 seconds. ClientAliveCountMax 5 is to give up if it doesn’t receive any response after 5 retries.

After adding the above configurations restart ssh with the following command:

sudo service ssh restart

You can try with different values for ClientAliveInterval based on your ISP. In general most of the ISP’s will persist idle sessions for a couple of minutes. In my case Act Fibernet sessions are not responding after 2 minutes(approximately), so I used 60 seconds.

 

Scheduling conditional statements with crontab

 

Recently while trying to auto-restart a daemon which is down by identifying with ps aux and if condition, it is not worked as intended with crontab.

I used following command which is perfectly running in from command line but not through crontab.

if [ `ps aux | grep nrpe | grep -v grep | wc -l` -eq 0 ]; then service nagios-nrpe-server restart ;fi

After trying with different commands following thing worked for me:

pgrep nrpe; [ $? != 0 ] && /etc/init.d/nagios-nrpe-server restart

where pgrep returns non zero exit code if the process nrep is not running and with $? is used to get the exit code of previous command (in this case pgrep) and start the process.

Nginx – Host/serve an Android apk file

 

To host/serve Android apk with Nginx following changes are required:

• Adding mime type in /etc/nginx/mime.types
• Explicitly adding header *.apk in site conf

Adding mime type in /etc/nginx/mime.types:

Add following line in mime.types file

application/vnd.android.package-archive apk;

Explicitly adding header *.apk in site conf: 

Update following configuration in your site conf file

location ~* \.(apk)$ {
  ......
  add_header Content-Type application/vnd.android.package-archive;
  ......
}

Finally restart Nginx.

sudo service nginx restart

 

Lists/Remove all empty files in a directory

 

To list all empty files in a directory use follwoing command:

for file in `ls`; do if [[ ! -s $file ]]; then echo $file; fi; done

To remove all empty files in a directory use following commad:

for file in `ls`; do if [[ ! -s $file ]]; then echo $file; rm $file; fi; done

ftp – sync data from remote ftp server

 

To sync data from remote ftp server install ncftp with following command:

apt-get install ncftp

Now use following command to sync data from remote ftp server:

ncftpget -R -T -v -u userName -p 'password' ftp_hostname "directoryPathInFtpServer" "directoryPathInLocalMachine"

Get gitlab version number from Gitlab cli

 

To get Gitlab & other dependent modules version numbers use the following command:

gitlab-rake gitlab:env:info

The output will include all details like Gitlab version, git version, git shell version, OS version, Ruby version, Gem version, Bundler version, Rake version, Redis version, Sidekiq version & etc…

Ubuntu/Linux logout all users

 

To force logout all users from any Ubuntu/Linux server use following command:

ps aux | egrep '(tty|pts)' | awk '{print $2}' | xargs -n 1 kill -9

This command will get all PID’s of login sessions and kill them.