Archy's Blog

Depending on your compliance strategy, hardening can go very deep with setting kernel tunables using sysctl. I've recently borked my pxeboot using these variables on my kvm-hypervisors: net.ipv4.tcp_sack=0 net.ipv4.tcp_dsack=0 net.ipv4.tcp_fack=0 So, resetting these values was required using the 'sysctl' command: [root@hyv02 ~]# sed -i 's/net.ipv4.tcp_sack=0/net.ipv4.tcp_sack=1/g' /etc/sysctl.d/hardening.conf [root@hyv02 ~]# sed -i 's/net.ipv4.tcp_dsack=0/net.ipv4.tcp_dsack=1/g' /etc/sysctl.d/hardening.conf [root@hyv02 ~]# sed -i 's/net.ipv4.tcp_fack=0/net.ipv4.tcp_fack=1/g' /etc/sysctl.d/hardening.conf [root@hyv02 ~]# sudo sysctl -p hardening.conf Now, the lines can be removed from the file in /etc/sysctl.d: [root@hyv02 ~]# sed -i '/net.ipv4.tcp_dsack=1/d' /etc/sysctl.d/hardening.conf [root@hyv02 ~]# sed -i '/net.ipv4.tcp_sack=1/d' /etc/sysctl.d/hardening.conf [root@hyv02 ~]# sed -i '/net.ipv4.tcp_fack

So with the recent announcement from redhat (I won't take any sides here) regarding their sources and where they're being published to, I decided to check how easy a conversion of any current el9 release to centos9-stream was, I also only found conversions the other way round (centos-stream -> alma / rocky). Now, I will personally stay on a downstream-distro for as long as I can due to compatibility reasons. Anyway, here are the steps required to convert your existing alma9 / rocky9 installation to a centos9-stream installation. First, download the release, repos and gpg-keys packages: [root@server ~]# curl -4kLOX GET 'https://ftp.sh.cvut.cz/centos-stream/9-stream/BaseOS/x86_64/os/Packages/centos-stream-release-9.0-21.el9.noarch.rpm' [root@server ~]# curl -4kLOX GET 'https://ftp.sh.cvut.cz/centos-stream/9-stream/BaseOS/x86_64/os/Packages/centos-stream-repos-9.0-21.el9.noarch.rpm' [root@server ~]# curl -4kLOX GET 'https://ftp.sh.cvut.cz/centos-stre