Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Setting Up Google 2F Authentication for Automated (Crontab) rsync
Operating Systems Linux Setting Up Google 2F Authentication for Automated (Crontab) rsync Post 303038403 by MadeInGermany on Monday 2nd of September 2019 02:34:59 PM
Old 09-02-2019
A non-interactive password/passphrase/key authentication requires full trust of the involved tools.
Openssl/Openssh? Okay, can be trusted. But Google? And do you trust the 2nd factor device?
This User Gave Thanks to MadeInGermany For This Post:
RavinderSingh13
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Setting crontab

Hey all, I would like to know how to set a cron job to run from 8:15 am to 4:00 pm? Or do I have to do this in 2 seperates cron? Thanks! (4 Replies)
Discussion started by: mpang_
4 Replies

2. Linux

Setting up crontab, still cant get it to work

OK I have been working on this simple action for a while and I cannot get it to work. First off im new to the linux command line world. I feel like I am missing something simple. What I am trying to achieve is that I want this command: tcpdump -s2000 -w'flowroute-%H%M.pcap' -G900 -W36 &to... (13 Replies)
Discussion started by: Nasasdge
13 Replies

3. Shell Programming and Scripting

Crontab setting error

Hi All, I have created crontab using following steps- 1) crontab -e (edited the file with) 0 10 * * 1-5 /home/user01/exercise/cron.sh 2) then saved this file with :wq 3) cron.sh contains the code- #!/bin/bash DAY=`date +%a` mkdir abc_${DAY} 4) done the execut permision... (3 Replies)
Discussion started by: pspriyanka
3 Replies

4. UNIX for Dummies Questions & Answers

Need some help on setting up rsync

I need to "sync" a directory from a prod server to a test server. Rsync is working but it prompts for a password and I'd like to automate the process. The directory on the prod/source server is owned by root, and some subdirectories are only readable by root. On the test/destination servers, I can... (1 Reply)
Discussion started by: LAToro
1 Replies

5. UNIX for Advanced & Expert Users

Error while running Rsync through Crontab

hi All, i have implemented Rsync in my source and destination server. while running through command prompt it is working fine: ksh rsync_bravo_db.ksh usa0300uz1252.apps.mc.xerox.com /uv1402/u207/home/bravodba/bin/rsync-3.0.9/config/mrsx_rsync.cfg but later on i created a another ksh and... (4 Replies)
Discussion started by: lovelysethii
4 Replies

6. UNIX for Dummies Questions & Answers

Crontab setting

Hi Team, Please help me to set one script in crontab. I have one script and inside script, its creating one log file for saving ouptut of script. i have to out that script in crontab. When i put the script in cronatab, it executed and log file created but no data in log. like this i put in... (3 Replies)
Discussion started by: shivshankar
3 Replies

7. Linux

Trouble setting up basic user authentication on apache2 web server

Hey guys! So I decided to set up some basic user authentication on my apache2 server, and I am running into some problems. I followed the documentation provided by apache on their website, but I cant create the password file for some reason. I did a little trouble shooting myself, and found... (40 Replies)
Discussion started by: LinuxIntern445
40 Replies

8. Shell Programming and Scripting

Crontab setting

Hi All, Can anyone tell me how to schedule the dbshell.sh script to run on sunday. I have scheduled as 1 19 7 * * /home/svr/dbshell.sh. kindly confirm confirm whether coded "7" or it should set to '0'. unix:$ crontab -l 0 19 6 * * /home/svr/dbemail.sh 1 19 7 * * /home/svr/dbshell.sh (2 Replies)
Discussion started by: arun888
2 Replies

9. UNIX for Advanced & Expert Users

Crontab authentication failure

Dear all, I noticed in syslog that i receive authentication failure from cron: Mar 11 23:19:01 s1 CRON28789]: Authentication failure Mar 11 23:19:01 s1 cron: Authentication failure Mar 11 23:19:01 s1 cron: Authentication failure Mar 11 23:19:01 s1 CRON: Authentication failure Mar 11... (3 Replies)
Discussion started by: mydove
3 Replies

LEARN ABOUT XFREE86

dnssec-trust-anchors.d

DNSSEC-TRUST-ANCHORS.D(5)				      dnssec-trust-anchors.d					 DNSSEC-TRUST-ANCHORS.D(5)

NAME

       dnssec-trust-anchors.d, systemd.positive, systemd.negative - DNSSEC trust anchor configuration files

SYNOPSIS

       /etc/dnssec-trust-anchors.d/*.positive

       /run/dnssec-trust-anchors.d/*.positive

       /usr/lib/dnssec-trust-anchors.d/*.positive

       /etc/dnssec-trust-anchors.d/*.negative

       /run/dnssec-trust-anchors.d/*.negative

       /usr/lib/dnssec-trust-anchors.d/*.negative

DESCRIPTION

       The DNSSEC trust anchor configuration files define positive and negative trust anchors systemd-resolved.service(8) bases DNSSEC integrity
       proofs on.

POSITIVE TRUST ANCHORS

       Positive trust anchor configuration files contain DNSKEY and DS resource record definitions to use as base for DNSSEC integrity proofs. See
       RFC 4035, Section 4.4[1] for more information about DNSSEC trust anchors.

       Positive trust anchors are read from files with the suffix .positive located in /etc/dnssec-trust-anchors.d/, /run/dnssec-trust-anchors.d/
       and /usr/lib/dnssec-trust-anchors.d/. These directories are searched in the specified order, and a trust anchor file of the same name in an
       earlier path overrides a trust anchor files in a later path. To disable a trust anchor file shipped in /usr/lib/dnssec-trust-anchors.d/ it
       is sufficient to provide an identically-named file in /etc/dnssec-trust-anchors.d/ or /run/dnssec-trust-anchors.d/ that is either empty or
       a symlink to /dev/null ("masked").

       Positive trust anchor files are simple text files resembling DNS zone files, as documented in RFC 1035, Section 5[2]. One DS or DNSKEY
       resource record may be listed per line. Empty lines and lines starting with a semicolon (";") are ignored and considered comments. A DS
       resource record is specified like in the following example:

	   . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5

       The first word specifies the domain, use "."  for the root domain. The domain may be specified with or without trailing dot, which is
       considered equivalent. The second word must be "IN" the third word "DS". The following words specify the key tag, signature algorithm,
       digest algorithm, followed by the hex-encoded key fingerprint. See RFC 4034, Section 5[3] for details about the precise syntax and meaning
       of these fields.

       Alternatively, DNSKEY resource records may be used to define trust anchors, like in the following example:

	   . IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=

       The first word specifies the domain again, the second word must be "IN", followed by "DNSKEY". The subsequent words encode the DNSKEY
       flags, protocol and algorithm fields, followed by the key data encoded in Base64. See RFC 4034, Section 2[4] for details about the precise
       syntax and meaning of these fields.

       If multiple DS or DNSKEY records are defined for the same domain (possibly even in different trust anchor files), all keys are used and are
       considered equivalent as base for DNSSEC proofs.

       Note that systemd-resolved will automatically use a built-in trust anchor key for the Internet root domain if no positive trust anchors are
       defined for the root domain. In most cases it is hence unnecessary to define an explicit key with trust anchor files. The built-in key is
       disabled as soon as at least one trust anchor key for the root domain is defined in trust anchor files.

       It is generally recommended to encode trust anchors in DS resource records, rather than DNSKEY resource records.

       If a trust anchor specified via a DS record is found revoked it is automatically removed from the trust anchor database for the runtime.
       See RFC 5011[5] for details about revoked trust anchors. Note that systemd-resolved will not update its trust anchor database from DNS
       servers automatically. Instead, it is recommended to update the resolver software or update the new trust anchor via adding in new trust
       anchor files.

       The current DNSSEC trust anchor for the Internet's root domain is available at the IANA Trust Anchor and Keys[6] page.

NEGATIVE TRUST ANCHORS

       Negative trust anchors define domains where DNSSEC validation shall be turned off. Negative trust anchor files are found at the same
       location as positive trust anchor files, and follow the same overriding rules. They are text files with the .negative suffix. Empty lines
       and lines whose first character is ";" are ignored. Each line specifies one domain name which is the root of a DNS subtree where validation
       shall be disabled.

       Negative trust anchors are useful to support private DNS subtrees that are not referenced from the Internet DNS hierarchy, and not signed.

       RFC 7646[7] for details on negative trust anchors.

       If no negative trust anchor files are configured a built-in set of well-known private DNS zone domains is used as negative trust anchors.

       It is also possibly to define per-interface negative trust anchors using the DNSSECNegativeTrustAnchors= setting in systemd.network(5)
       files.

SEE ALSO

       systemd(1), systemd-resolved.service(8), resolved.conf(5), systemd.network(5)

NOTES

	1. RFC 4035, Section 4.4
	   https://tools.ietf.org/html/rfc4035#section-4.4

	2. RFC 1035, Section 5
	   https://tools.ietf.org/html/rfc1035#section-5

	3. RFC 4034, Section 5
	   https://tools.ietf.org/html/rfc4034#section-5

	4. RFC 4034, Section 2
	   https://tools.ietf.org/html/rfc4034#section-2

	5. RFC 5011
	   https://tools.ietf.org/html/rfc5011

	6. IANA Trust Anchor and Keys
	   https://data.iana.org/root-anchors/root-anchors.xml

	7. RFC 7646
	   https://tools.ietf.org/html/rfc7646

systemd 237														 DNSSEC-TRUST-ANCHORS.D(5)
All times are GMT -4. The time now is 04:52 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy