In Centos 7 the days of editing the "kernel" line and adding "single" are gone.  On top of that sometimes after a new install passwords do not work (possibly because requirements were not met but the installer never mentioned this?).

1. 1.) On bootup edit the bootline by entering GRUB.
2. Type e
3. Find the line that says "linux16 /vmlinuz"
4. Edit the part that says "ro" and change with "rw init=/sysroot/bin/sh
5. Hit "Ctrl-X"
6. Upon bootup type "chroot /sysroot"
7. password
8. touch ./autorelabel
9. exit
10. reboot

ALTER TABLE existingtable ADD newfieldname VARCHAR(255);

This happened on Centos for no apparent reason with no obvious issue in the logs.  Data could be read fine but not written (possibly due to some corruption or out of memory issue in the OpenVZ container is the best guess).

All mysql update and insert queries failed freezing without any error log on any database and table.

Tried to restart:

service mysqld restart
Timeout error occurred trying to stop MySQL Daemon.
Stopping mysqld:                                           [FAILED]
MySQL Daemon failed to start.
Starting mysqld:                                           [FAILED]



#manually kill mysqld and mysqld_safe

ps aux|grep mysqld
root       876  0.0  0.0   3732   584 ?        S     2017   0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
mysql     1322  2.3  4.2 484384 269240 ?       Sl    2017 12779:34 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
root      2423  0.0  0.0   2360   692 pts/2    S+   13:28   0:00 grep mysqld

After manually killing everything seemed to work OK after that point.

Centos 6 requires GLIBC 2.12 however a lot of new programs you would want to compile may need a newer glibc.  You can't remove the old glibc since the whole OS is based on it but you can install the updated glibc alongside it and do an export pointing to your updated GLIBC.

mkdir ~/glibc_install; cd ~/glibc_install


wget http://ftp.gnu.org/gnu/glibc/glibc-2.14.tar.gz


tar zxvf glibc-2.14.tar.gz


cd glibc-2.14


mkdir build


cd build


../configure --prefix=/opt/glibc-2.14


make -j4


sudo make install


export LD_LIBRARY_PATH=/opt/glibc-2.14/lib


The export should be done in ~/.bashrc or /etc/profile to make it permanent otherwise programs will have unpredictable results.  If you are calling a remote/cron script that needs this GLIBC you should probably do the export in the script itself to be sure.

 $title_clean = substr($title,0,-3);

In the above example the last 3 characters will be removed from the string "$title".  You can of course have the last X removed by changing -3 to -X

MySQL will silently truncate a larger INT than capable.

Check MySQL's own documentation here:

As we can see the maximum size of INT (which is the most commonly used) is 2147483647

A lot of coders make this mistake by using very large values such as 9999999999 but it would actually truncate to 2147483647 which is the maximum size of an INT.  This is dangerous because any value over that would truncate to that exact maximum number causing duplicate or unintended entries.

ALTER TABLE thetable ADD newfield VARCHAR(255)

It's very simple just specify "the table" and then the newfield type

The commands below will help you reset any mysql user password.

use mysql;


update user set password=PASSWORD('thenewpass') where User='theusername';


flush privileges;

1. The first line says to use the "mysql" database which contains all the user info.
2. the second update line sets the new password "thenewpass" for the user "theusername".
3. the third line flushes privileges this is necessary otherwise the new password will not work or actually be applied.

order deny,allow
Deny From All
Allow From 8.8.8.8

A simple and quick way to improve security by only allowing specific IPs to your web application.

In this case the above allows only the IP 8.8.8.8 to access things and everything else is denied.

PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/geoip.so' - /usr/lib64/php/modules/geoip.so: undefined symbol: GeoIP_country_code_by_name_v6 in Unknown on line 0



 Remove the GEOIP from PHP:

php71w-pecl-geoip-1.1.1-1.w6.x86_64

PHP Fatal error:  PHP Startup: apc_shm_create: shmget(0, 67108864, 914) failed: Invalid argument. It is possible that the chosen SHM segment size is higher than the operation system allows. Linux has usually a default limit of 32MB per segment. in Unknown on line 0
PHP Fatal error:  PHP Startup: apc_shm_attach: shmat failed: in Unknown on line 0

Solution

Already found it earlier just edit sysctl kernel.shmmax

/apc_shm_attach_shmat_failed_in_Unknown_on_line_0_apc_shm_create_shmget0_67108864_914_failed_PHP_Solution-1804-articles

Stopping httpd:                                            [  OK  ]
Starting httpd: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load /etc/httpd/modules/libphp5.so into server: /etc/httpd/modules/libphp5.so: cannot open shared object file: No such file or directory
                                                           [FAILED]

I actually installed PHP 7 so the file /etc/httpd/modules in php.conf should be:


libphp5.so

Apache still won't start:

Stopping httpd:                                            [  OK  ]
Starting httpd: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Can't locate API module structure `php5_module' in file /etc/httpd/modules/libphp7.so: /etc/httpd/modules/libphp7.so: undefined symbol: php5_module
                                                           [FAILED]
 

Solution

Look carefully at the whole "Load" line to make sure it makes sense.

LoadModule php5_module modules/libphp7.so

Although I updated the line to say libphp7.so I didn't notice the "Load Module php5_module" so you have to update it the final solution is this:

LoadModule php7_module modules/libphp7.so



Install requirements:


yum -y install gmp-devel mpfr-devel libmpc-devel glibc-devel glibc-devel.i686 zip unzip jar

Download, untar, configure, compile and install GCC



http://mirrors.kernel.org/gnu/gcc/gcc-5.5.0/gcc-5.5.0.tar.gz
tar -zxvf gcc-5.5.0.tar.gz
cd gcc-5.5.0
./configure
make
make install

Now you need to cleanup the old GCC by removing it (ironically it was required to make the new GCC and now we have to toss it away!

yum remove gcc
rm -rf /usr/bin/gcc
rm -rf /usr/bin/c++
rm -rf /usr/bin/cc


ln -s /usr/local/bin/x86_64-unknown-linux-gnu-gcc-5.5.0 /usr/bin/gcc
ln -s /usr/local/bin/x86_64-unknown-linux-gnu-c++ /usr/bin/c++
ln -s /usr/local/bin/x86_64-unknown-linux-gnu-gcc /usr/bin/cc

First find the line number:

awk '/what you are searching for/{ print NR; exit }' input-file

86

Now use sed to replace it:

sed -i  86s/.*/"your replacement text"/ $file

Here is a full sample script to automate it:

file=some/file.txt
linenum=`awk /'your search query/{ print NR; exit }' $file`
newline=`echo -e "your new line here")`
sed -i "$linenum"s/.*/"$newline"/ $file

This just simply outputs what you need a username and password that can be used to authenticate from .htaccess

htpasswd -nb user password
user:Gnb6uE9Lp4gt2
 

If you want to write it straight to a file

htpasswd -cb /tmp/somefile.pw user password

How To Use This In .htaccess

AuthUserFile /tmp/somefile.pw
AuthName GetLost!!
AuthType Basic

#make sure you require a user!

require valid-user 

The Linux Kernel interpretated a very high volume of real traffic as a DDOS attack so it basically ends up blocking your web server.

possible SYN flooding on ctid 42131, port 80. Sending cookies.

Simple fix edit sysctl values for max_syn_backlog
sysctl -w net.ipv4.tcp_max_syn_backlog=5000

To make them permanent edit /etc/sysctl.conf

echo "net.ipv4.tcp_max_syn_backlog=5000" >> /etc/sysctl.conf


In the "last" command in Linux by default it will show the information with the hostname (not very useful at all especially since it normally truncates long hostnames).

To get last to show the IP address use this:

last -i

The -i makes it show the numeric IP instead of hostname.

yum -y install samba
vi /etc/samba/smb.conf

https://www.kernel.org/pub/linux/utils/boot/syslinux/syslinux-6.03.zip
mkdir syslinux;cd syslinux;unzip syslinux-6.03.zip

mkdir -p /tftpboot/libs/

cp bios/com32/modules/linux.c32 /tftpboot/libs/
cp bios/com32/libutil/libutil.c32 /tftpboot/libs/
cp bios/com32/lib/libcom32.c32 /tftpboot/libs/

#add lib path
echo "PATH libs" >> /tftpboot/pxelinux.cfg/default

cp ./bios/com32/elflink/ldlinux/ldlinux.c32 /tftpboot/

#now get WIMBoot
wget http://git.ipxe.org/releases/wimboot/wimboot-latest.zip
unzip wimboot-latest.zip

cp -va wimboot*/wimboot /tftpboot/libs/


mkdir win2012r2
mkdir -p /tftpboot/images/win2012r2

mount -o loop windows-2012-r2-eval-9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_SERVER_EVAL_EN-US-IR3_SSS_X64FREE_EN-US_DV9.ISO win2012r2/
cd win2012r2/
[root@evodal01 win2012r2]# ls
autorun.inf  boot  bootmgr  bootmgr.efi  efi  setup.exe  sources  support


cp bootmgr /tftpboot/images/win2012r2
cp boot/bcd  /tftpboot/images/win2012r2
cp boot/boot.sdi  /tftpboot/images/win2012r2
cp sources/boot.wim /tftpboot/images/win2012r2/


label Win2012R2
com32 linux.c32 libs/wimboot
APPEND wimboot initrdfile=images/win2012r2/bootmgr,images/win2012r2/bcd,images/win2012r2/boot.sdi,images/win2012r2/boot.wim

 

By default Samba SMB/NMB listen on ANY and ALL IPs on your system by binding to 0.0.0.0.  Obviously this is a huge security risk if you have a public facing server with both internal and external access.  Usually when a system administrator sets up a samba server their intention is just to share with a LAN.

To do this you need to the following options under the [global] section in smb.conf

bind interfaces only = yes
interfaces = 192.168.1.10
hosts allow = 192.168.1.


The "bind interfaces only" tells Samba to only bind to the IP specified under "interfaces".

hosts allow is there for good measure (normally hosts allow will the only thing stopping people from the outside from accessing your samba server).  The safest way of course is to firewall on the public WAN side and to not bind to any interface or IP that you don't want to have access.

tftp: client does not accept options

I spent the good portion of a late evening on this double checking settings that I know always worked right for tftp!

This error can also happen if you are trying to boot PXE in UEFI mode.  Enter your BIOS and change it to "Legacy PXE" or non-UEFI PXE mode and you'll be good to go!

Normally lspci will show you just like this and would suggest they are exactly the same card:

1a:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] (rev e7)
1c:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] (rev e7)


lspci -vnn is the answer

As we can see one is a Gigabyte and the other is an MSI card.  What's interesting about Linux is that it says what you may not already know bute the RX 470/480/570/580 are essentially the same cards/family.

1a:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] [1002:67df] (rev e7) (prog-if 00 [VGA controller])
        Subsystem: Gigabyte Technology Co., Ltd Device [1458:22f1]
        Flags: bus master, fast devsel, latency 0, IRQ 33
        Memory at d0000000 (64-bit, prefetchable) [size=256M]
        Memory at e0000000 (64-bit, prefetchable) [size=2M]
        I/O ports at 2000 [size=256]
        Memory at e0300000 (32-bit, non-prefetchable) [size=256K]
        [virtual] Expansion ROM at 000c0000 [disabled] [size=128K]
        Capabilities: <access denied>
        Kernel driver in use: amdgpu
        Kernel modules: amdgpu



1c:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] [1002:67df] (rev e7) (prog-if 00 [VGA controller])
        Subsystem: Micro-Star International Co., Ltd. [MSI] Device [1462:3418]
        Flags: bus master, fast devsel, latency 0, IRQ 36
        Memory at b0000000 (64-bit, prefetchable) [size=256M]
        Memory at c0000000 (64-bit, prefetchable) [size=2M]
        I/O ports at 1000 [size=256]
        Memory at e0200000 (32-bit, non-prefetchable) [size=256K]
        Expansion ROM at e0260000 [disabled] [size=128K]
        Capabilities: <access denied>
        Kernel driver in use: amdgpu
        Kernel modules: amdgpu
 

First of all I got this error after accidentally messing up my usergroup by using usermod -G user group

When I would login using SSH keys it would fail:

sshd[2020]: Authentication refused: bad ownership or modes for directory /home/one


No worries, the fix is simple!

chmod g-w /home/use

This works with lspci and if it's outdated may not give you the exact manufacturer and device model.

For example take these 3 different RX 580's:

1a:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Device 67df (rev e7)
1b:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Device 67df (rev e7)
1d:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Device 67df (rev e7)
 

You can update it like so:

sudo wget -O /usr/share/misc/pci.ids http://pci-ids.ucw.cz/v2.2/pci.ids

Now try again after updating:

1a:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] (rev e7)
1b:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] (rev e7)
1d:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] (rev e7)


pcimodules no longer works it produces nothing probably because the format of /sys/bus/pci is different.

lspci -k doesn't work on older lspci versions.

pciutils can be compiled but it won't work if you have an old system and compile on a newer glibc.

iteriate through /sys/bus/pci/devices/*/modalias

cat /sys/bus/pci/devices/*/modalias
pci:v00008086d00001237sv00000000sd00000000bc06sc00i00
pci:v00008086d00007000sv00000000sd00000000bc06sc01i00
pci:v00008086d00007111sv00000000sd00000000bc01sc01i8A
pci:v000080EEd0000BEEFsv00000000sd00000000bc03sc00i00
pci:v00008086d0000100Esv00008086sd0000001Ebc02sc00i00
pci:v000080EEd0000CAFEsv00000000sd00000000bc08sc80i00
pci:v00008086d00002415sv00008086sd00000000bc04sc01i00
pci:v0000106Bd0000003Fsv00000000sd00000000bc0Csc03i10
pci:v00008086d00007113sv00000000sd00000000bc06sc80i00



compare it to /lib/modules/4.4.98/modules.alias
pci:v00008086d00001237sv00000000sd00000000bc06sc00i00
the part we care about is:
8086d00001237 (note I now truncate more of the end so try again removing the 7 or even the 73 at the end to be more inclusive or you will have a lower success rate).


cat /lib/modules/4.4.98/modules.alias|grep 8086d0000123
alias pci:v00008086d00001234sv*sd*bc*sc*i* pata_mpiix
alias pci:v00008086d00001230sv*sd*bc*sc*i* pata_oldpiix
alias pci:v00008086d00001234sv*sd*bc*sc*i* piix
alias pci:v00008086d00001230sv*sd*bc*sc*i* piix

So bash to the rescue!

iteriate through /sys/bus/pci/devices/*/modalias

compare it to /lib/modules/4.4.98/modules.alias

 bash script that I use in my init

#use this code to do the same thing as pcimodules
for device in `ls -1 /sys/bus/pci/devices/`; do
   device=`cat /sys/bus/pci/devices/$device/modalias`
    #specifying 9:11 or 9:14 with 9:11 being less restrictive and presenting more options
    #9:14 drills down and is more strict giving you less chance of getting the wrong driver
   alias=${device:9:14}
   kernversion=`uname -r`
   module=`cat /lib/modules/$kernversion/modules.alias|grep $alias|awk '{print $3}'`
   if [ ! -z "$module" ]; then
     for mod in $module; do
     echo "module for $device $alias =$module"
     modprobe $module
     done
     else
     echo "No module found for $device $alias"
   fi
done



edit theme css:

Click "Appearance -> Editor -> Stylesheet"

http://yourblog.com/wp-admin/theme-editor.php?file=style.css&theme=twentysixteen

textarea {
    color: #1a1a1a;
    /*font-family: Merriweather, Georgia, serif;*/
    font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif




line 210

edit wp-content/themes/twentysixteen/functions.php

        //return $fonts_url;
        return 0;

#another problem is that in the code this shows up still:
<link rel='stylesheet' id='open-sans-css'  href='https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&#038;subset=latin%2Clatin-ext&#038;ver=4.4.11' type='text/css' media='all' />

edit wp-includes/script-loader.php
line 708:

                $open_sans_font_url = "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets";
                $open_sans_font_url = "";


 Unable to load dynamic library '/usr/lib64/php/modules/php_openssl'

not sure how to fix this

Check for crap in /var/lib/mysql like this

ls -al /var/lib/mysql/
total 20888
drwxr-xr-x 24 mysql mysql     4096 Oct  3 18:30 .
drwxr-xr-x 20 root  root      4096 Oct  3 04:23 ..

-rw-rw-rw-  1 mysql mysql    11776 Oct  3 17:10 c:exp.exe
-rw-rw-rw-  1 mysql mysql    48128 Oct  3 17:10 c:exp1.exe
-rw-rw-rw-  1 mysql mysql    55296 Oct  3 17:10 c:exp2.exe
-rw-rw-rw-  1 mysql mysql    33812 Oct  3 17:10 c:tan.exe
-rw-rw-rw-  1 mysql mysql    45056 Oct  3 17:10 c:tan1.exe
 

This happened to a client who didn't firewall their port 3306 and had a weak root password.

W: GPG error: http://archive.debian.org squeeze Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AED4B06F473041FA NO_PUBKEY 64481591B98321F9

No clue how to fix this.

guestmount -a kvmuserscra.img -m /dev/sda1 mount
libguestfs: error: mount_options: /dev/sda1 on / (options: ''): mount: unknown filesystem type 'ntfs'
guestmount: '/dev/sda1' could not be mounted.
guestmount: Did you mean to mount one of these filesystems?
guestmount:     /dev/sda1 (ntfs)
guestmount:     /dev/sda2 (ntfs)


yum -y install ntfs-3g

still doesn't work
 

This is not just a Linux issue but a general issue most software or hardware players cannot play the resulting exported/backed up format of .h264 from DVR security camera footage for some silly reason.

There is a simple solution in Linux using ffmpeg fortunately.

Convert the .h264 file into mp4

ffmpeg -i yourfile.h264 -codec copy video.mp4

play dvr .h264 file

 ffplay -f h264 yourfile.h264

It's really simple and just a matter of the following line within the subnet declaration.

  deny unknown-clients;

See example below:

subnet 10.25.20.0 netmask 255.255.255.0 {
  range 10.25.20.11 10.25.20.254;
  deny unknown-clients;
  option routers 10.25.20.10;
  option domain-name-servers 208.67.222.222;



   host client05 {
   hardware ethernet aa:bb:cc:dd:ee:ff;

   }



}

After that only clients with a declared host statement will be able to get a DHCP lease increasing security a little bit.

In Thunderbird in a very large folder suddenly all of my e-mail list became blank/white even though you could click on the invisible/white/blank lines and it would show the e-mails.  I tried to close and reopen but only going to Folder -> Properties and clicking Repair Folder fixed it (basically it had to redownload/rebuild the entire index and all e-mails).

add this style="background-size: contain;max-width: 100%; height: auto;" to your img code.
Example: <img style='background-size: contain;max-width: 100%; height: auto;' src="/some/pic.jpg">

This code is really essential because in responsive mode on a phone it will cause images to be cut off and unviewable past the width of the device.

Another nice trick is to add this as css to the img tag based on maximum screen width (this way no html code has to be changed):

@media only screen and (min-width: 300px) and (max-width:1024px) {
       img {
        background-size: contain;max-width: 100%; height: auto
           }
}

If you want to center the image use this:

margin-left:auto;margin-right:auto

       img {
        background-size: contain;max-width: 100%; height: auto; margin-left:auto;margin-right:auto

           }

So you've got a responsive site with tables but it breaks them so anything not viewable on the screen is now cut off.

Here is a simple solution that will allow users to scroll horizontally so they can see the whole table:

<div style="overflow-x:auto;">
  <table>
     <tr>

         <td></td>

     </tr>
  </table>
</div>

Basically just put it inside a div with the 'style="overflow-x:auto;".

This is important as unfortunately Centos may designate a package obsolete and the replacement breaks everything (eg. you have a config file and the new replacement is not at all compatible with it and it breaks your application).

This is where disabling obsoletes comes into play, it can be done from yum but it doesn't work at the time I find.

yum --setopt=obsoletes=0 install someapp  However I find it still installs the new app and not the one you ask for until the second run which is kind of pointless.
I recommend just turning this feature off from yum.conf

vi /etc/yum.conf

obsoletes=0
 

ob_start();

include "yourfile.php";

$stored_value=ob_get_clean();


Upgrading from PHP 5.3 to 5.4+ there are many challenges basic things like mysql_connect() do not work anymore.

I'm having trouble making it work on very shaky video the result seems kind of warped/blurry/fish eye like and not as good as some other examples I've seen:

ffmpeg -i MVI_1285.MOV -vf vidstabdetect=shakiness=10:accuracy=15 -f null MVI_1285.trf
ffmpeg -i MVI_1285.MOV -vf vidstabtransform=smoothing=30:input="transforms.trf" MVI_1285.MOV.mp4


I've played around with the shakiness, accuracy etc.. but not the smoothing part.

I am not sure why this happened I think it's because the file was in use by another duplicate process or script.

 userdel user
userdel: cannot lock /etc/passwd; try again later.
 

myguy@devbox:~$ sudo mdadm -As


myguy@devbox:~$ cat /proc/mdstat |grep sdf
md125 : inactive sdf3[2](S)

sudo mdadm --manage /dev/md125 --run
mdadm: started /dev/md125


 

A great way if you have a bunch of drives and mdadm connected and are looking for backups/archives and don't know what is where!

 for md in `cat /proc/mdstat|grep md[0-99]|awk '{print $1}'`; do mkdir /mnt/$md; mount /dev/$md /mnt/$md; done


You are using Centos 5 which is deprecated so nothing in yum will work until you follow this post to use the vault:

http://realtechtalk.com/Centos_59_Working_Vault_Repo_file-1921-articles

yum update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * epel: fedora-archive.ip-connect.vn.ua
Traceback (most recent call last):
  File "/usr/bin/yum", line 29, in ?
    yummain.user_main(sys.argv[1:], exit_code=True)
  File "/usr/share/yum-cli/yummain.py", line 309, in user_main
    errcode = main(args)
  File "/usr/share/yum-cli/yummain.py", line 178, in main
    result, resultmsgs = base.doCommands()
  File "/usr/share/yum-cli/cli.py", line 345, in doCommands
    self._getTs(needTsRemove)
  File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 101, in _getTs
    self._getTsInfo(remove_only)
  File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 112, in _getTsInfo
    pkgSack = self.pkgSack
  File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 661, in <lambda>
    pkgSack = property(fget=lambda self: self._getSacks(),
  File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 501, in _getSacks
    self.repos.populateSack(which=repos)
  File "/usr/lib/python2.4/site-packages/yum/repos.py", line 260, in populateSack
    sack.populate(repo, mdtype, callback, cacheonly)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 168, in populate
    if self._check_db_version(repo, mydbtype):
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 226, in _check_db_version
    return repo._check_db_version(mdtype)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1229, in _check_db_version
    repoXML = self.repoXML
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1392, in <lambda>
    repoXML = property(fget=lambda self: self._getRepoXML(),
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1384, in _getRepoXML
    self._loadRepoXML(text=self)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1374, in _loadRepoXML
    return self._groupLoadRepoXML(text, ["primary"])
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1358, in _groupLoadRepoXML
    if self._commonLoadRepoXML(text):
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1204, in _commonLoadRepoXML
    result = self._getFileRepoXML(local, text)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 985, in _getFileRepoXML
    cache=self.http_caching == 'all')
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 822, in _getFile
    http_headers=headers,
  File "/usr/lib/python2.4/site-packages/urlgrabber/mirror.py", line 412, in urlgrab
    return self._mirror_try(func, url, kw)
  File "/usr/lib/python2.4/site-packages/urlgrabber/mirror.py", line 398, in _mirror_try
    return func_ref( *(fullurl,), **kwargs )
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 934, in urlgrab
    return self._retry(opts, retryfunc, url, filename)
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 852, in _retry
    r = apply(func, (opts,) + args, {})
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 920, in retryfunc
    fo = URLGrabberFileObject(url, filename, opts)
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1008, in __init__
    self._do_open()
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1091, in _do_open
    fo, hdr = self._make_request(req, opener)
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1200, in _make_request
    fo = opener.open(req)
  File "/usr/lib/python2.4/urllib2.py", line 358, in open
    response = self._open(req, data)
  File "/usr/lib/python2.4/urllib2.py", line 376, in _open
    '_open', req)
  File "/usr/lib/python2.4/urllib2.py", line 337, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.4/site-packages/M2Crypto/m2urllib2.py", line 82, in https_open
    h.request(req.get_method(), req.get_selector(), req.data, headers)
  File "/usr/lib/python2.4/httplib.py", line 810, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.4/httplib.py", line 833, in _send_request
    self.endheaders()
  File "/usr/lib/python2.4/httplib.py", line 804, in endheaders
    self._send_output()
  File "/usr/lib/python2.4/httplib.py", line 685, in _send_output
    self.send(msg)
  File "/usr/lib/python2.4/httplib.py", line 652, in send
    self.connect()
  File "/usr/lib/python2.4/site-packages/M2Crypto/httpslib.py", line 47, in connect
    self.sock.connect((self.host, self.port))
  File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/Connection.py", line 159, in connect
    if not check(self.get_peer_cert(), self.addr[0]):
  File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/Checker.py", line 88, in __call__
    fieldName='subjectAltName')
M2Crypto.SSL.Checker.WrongHost: Peer certificate subjectAltName does not match host, expected fedora-archive.ip-connect.vn.ua, got DNS:mirror.ip-connect.vn.ua



[Wed Sep 20 15:34:44 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Sep 20 15:34:44 2017] [error] Init: Unable to read server certificate from file /www/ssl-certs/server.crt
[Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error


This happened when I accidentally used a .csr as a .crt.  If in doubt check the contents of the file it complains about and you may be surprised that the contents are not what they are supposed to be!

Have you have a command ask a question such as cp or move?

You can do this:

echo y|cp * /tmp/othercopy

However it may still fail if your bashrc aliases have the "-i" flag see this post here.

This through me for a loop when I would do a cp -rf or mv -f nothing would get overwritten even if piping y or yes to the command.

Type alias and you'll see why:

alias cp='cp -i'
alias l.='ls -d .* --color=auto'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias mv='mv -i'
alias rm='rm -i'

The -i is a safeguard against messing things up but however does mess things up worse when you know what you're doing and trying to update or upgrade applications/files etc...

alias is a built-in feature of bash where you can have an alias eg. type a command and above it will actually execute a different command or append switches transparently and automatically with you the user seeing or noticing.

You can usually find alias entries in ~/.bashrc or if it doesn't exist in /etc/bashrc:

cat .bashrc
# .bashrc

# User specific aliases and functions

alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

# Source global definitions
if [ -f /etc/bashrc ]; then
    . /etc/bashrc
fi
 

Solution

You can remove those aliases if you like because it really requires interaction to overwrite files based on those aliases and even piping yes/y to the answers has no impact since it is not truly interactive.

mysqldump or mysql query of a larger file/table

ERROR 2006 (HY000) at line 567: MySQL server has gone away

Add this to /etc/my.cnf

max_allowed_packet=64M

service mysqld restart

The code may lead you to believe you have an incompatible template but if you are not trying to use an old template currently that is not the issue.  I actually deleted all 3.x style templates to make sure.

What the issue is, is old plugins that are not compatible but Vbulletin does not seem to account for this except that you'll see a fatal PHP error.  You should disable all plugins and then enable one by one until you find the one that is causing the issue.

[Tue Sep 26 00:54:18 2017] [error] [client 184.65.124.41] PHP Stack trace:
[Tue Sep 26 00:54:18 2017] [error] [client 184.65.124.41] PHP   1. {main}() /www/vhosts/forums.int.com/forums/index.php:0
[Tue Sep 26 00:54:18 2017] [error] [client 184.65.124.41] PHP   2. require() /www/vhosts/forums.int.com/forums/index.php:43
[Tue Sep 26 00:54:18 2017] [error] [client 184.65.124.41] PHP   3. require_once() /www/vhosts/forums.int.com/forums/forum.php:67
[Tue Sep 26 00:54:18 2017] [error] [client 184.65.124.41] PHP   4. eval() /www/vhosts/forums.int.com/forums/global.php:29
[Tue Sep 26 00:54:18 2017] [error] [client 184.65.124.41] PHP   5. fetch_template() /www/vhosts/forums.int.com/forums/global.php(29) : eval()'d code:197
[Tue Sep 26 00:54:18 2017] [error] [client 184.65.124.41] PHP   6. vB_Bootstrap->process_templates() /www/vhosts/forums.int.com/forums/includes/functions.php:4208
[Tue Sep 26 00:54:18 2017] [error] [client 184.65.124.41] PHP Fatal error:  Call to a member function query_first() on null in /www/vhosts/forums.int.com/forums/includes/class_bootstrap.php(433) : eval()'d code on line 146
[Tue Sep 26 00:54:18 2017] [error] [client 184.65.124.41] PHP Stack trace:

iptables -t NAT -A PREROUTING -s 24.30.44.0/24 -j DNAT --to-destination 10.10.10.1
iptables v1.4.7: can't initialize iptables table `NAT': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Solution

# it is case sensitive "nat" and DO NOT use "NAT" or you will get this error!

iptables -t nat -A PREROUTING -s 24.30.44.0/24 -j DNAT --to-destination 10.10.10.1

Linux Set Date
date -s "YYYY-MM-DD HH:MM:SS"
date -s '2014-12-25 12:34:56'

BSD Unix Set Date

date yymmddhhmmss
date 170809121156

I have never had this error on Linux and this is running FreeBSD as root:


Wed Aug  9 04:29:34 2017 us=329050 Cannot allocate TUN/TAP dev dynamically
Wed Aug  9 04:29:34 2017 us=329832 Exiting due to fatal error

The Solution you need a kernel module that is for some reason not automatically loaded like Linux:

kldload if_tap

This happens if you are running a kdenlive script from the shell of a remote machine without using SSH "-X" forwarding and it will also cause any areas where you write text to be a white screen for that duration.

melt FusionFestival.kdenlive
No LADSPA plugins were found!

Check your LADSPA_PATH environment variable.
[producer_xml] failed to load transition "qtblend"
[producer_xml] failed to load transition "qtblend"
[producer_xml] failed to load transition "qtblend"
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+
|1=-10| |2= -5| |3= -2| |4= -1| |5=  0| |6=  1| |7=  2| |8=  5| |9= 10|
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+
+---------------------------------------------------------------------+
|               H = back 1 minute,  L = forward 1 minute              |
|                 h = previous frame,  l = next frame                 |
|           g = start of clip, j = next clip, k = previous clip       |
|                0 = restart, q = quit, space = play                  |
+---------------------------------------------------------------------+
WARNING: QApplication was not created in the main() thread.
Current Position:        967
 

So if executing a script remotely you have to ssh in like this:

ssh -X user@host.com

 virt-list-partitions kvmusertest.img
/usr/bin/supermin-helper exited with error status 1.
To see full error messages you may need to enable debugging.
See http://libguestfs.org/guestfs-faq.1.html#debugging-libguestfs at /usr/bin/virt-list-partitions line 177.


#solution

update-guestfs-appliance

sudo mount -a
Unable to find suitable address.


[35758.706993] CIFS VFS: Error connecting to socket. Aborting operation.
[35758.707247] CIFS VFS: cifs_mount failed w/return code = -111
[35795.476160] CIFS VFS: Error connecting to socket. Aborting operation.
[35795.476346] CIFS VFS: cifs_mount failed w/return code = -111


When the above happens "Unable eto find suitable address" it usually means the smb name cannot be found for some reason (perhaps the system is down or smb is not running).

myisamchk can fix it

But be careful and use the right options to avoid losing data.  In fact if you haven't you should make a backup or at least manually copy /var/lib/mysql.

Replace "YourDB" with the name of your database

Replace "yourcrashedtable" with the name of your crashed table.

The -o option is the safest and should avoid dataloss whereas -r is more aggressive and is a last option (I have lost data using -r and only discovered it later).

myisamchk -o /var/lib/mysql/YourDB/yourcrashedtable.MYI

To get the first X letters of a word:

It's very simple you can just pipe it to head with

• -c 1 (gives the first letter and so on)
• -c2 (2 gives the first 2 letters). 

 echo "dsjfsdlksjdklf;jlsd;kflasdj;kl"|head -c 2

Returns ds
 

To get the last X letters of a word:

Now we use tail with -c but it works differently.  You will want to start with 2 otherwise you will get the end of the string which is nothing.

 echo "dsjfsdlksjdklf;jlsd;kflasdj;kl"|tail -c 2

Returns "l"

 echo "dsjfsdlksjdklf;jlsd;kflasdj;kl"|tail -c 3

Returns "kl"
 

Sep 12 18:16:25 vps pluto[7299]: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.5.6.2 port 20640, complainant 192.5.6.2: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]

Some say changing the "leftprotoport=17/%any" will fix this but I have not found this to be the case.

Essentially it means at least one end is blocking the ipsec packets.  Sometimes the %any allows an alternative port to be used for smart clients but generally I have not seen this fix problems (especially if a network or country is intentionally blocking ipsec packets).

Centos 5 is not supported running yum will produce an error like this:

YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
 Eg. Invalid release/
removing mirrorlist with no valid mirrors: /var/cache/yum/base/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: base

Solution - Update this file CentOS-Base.repo

# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-5.9 - Base
#mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=$basearch&repo=os
baseurl=http://vault.centos.org/5.9/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#released updates
[updates]
name=CentOS-5.9 - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=$basearch&repo=updates
baseurl=http://vault.centos.org/5.9/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#additional packages that may be useful
[extras]
name=CentOS-5.9 - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=$basearch&repo=extras
baseurl=http://vault.centos.org/5.9/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-5.9 - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=$basearch&repo=centosplus
baseurl=http://vault.centos.org/5.9/os/$basearch/centosplus/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#contrib - packages by Centos Users
[contrib]
name=CentOS-5.9 - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=5.9&arch=$basearch&repo=contrib
baseurl=http://vault.centos.org/5.9/os/$basearch/contrib/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5


Just a note before you do this you should have a sure, guaranteed way into the system such as local, KVM or preferably publickey making bruteforce SSH absolutely impossible since there is no password to bruteforce and even if someone knew the password they wouldn't be able to login except from the local console (presumably you should make sure no one unauthorized has physical access).

1. Edit /etc/ssh/sshd_config

Find the section like this:

#PasswordAuthentication no
 

2. Uncomment it like so:

PasswordAuthentication no
 

3. Restart SSH

After this you won't be able to login with password.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).


The easiest way to recover or mount an off-line ecryptfs directory is the built-in command from ecryptfs

sudo ecryptfs-recover-private  It will find your wrapped passphrase and ask for your password and mount it in tmp.  Much easier especially when your current active OS is using ecryptfs too.

This a fantastic tool when going through old backups.

A great way when moving your equipment to a new location, new router/switch etc to help confirm what MAC has what IP:

for ip in `arp -na|awk '{print $2}'|sed s/(//g|sed s/)//g`; do
echo ping $ip
ping -c 1 -w 1 $ip > /dev/null
if [ "$?" == 0 ]; then
   echo "$ip UP"
fi

done

It is not obvious but the rsync --help

 rsync --help|grep port
     --port=PORT             specify double-colon alternate port number

--port does not do anything at all actually for some strange reason it still uses 22

You have to specify a manual ssh command to make it work:

-e 'ssh -p 2210'

The snippet above is what you add for port 2210 change it to whatever port you need.

Full Example Below of Rsync using an alternative port number:

rsync -Phaz -e 'ssh -p 2210' /somedir/ root@somehost.com:/someremotedir
 

I am not sure why this is happening neither the hostnode or VM changed.  All I did was reboot the hostnode and startup the Centos VM again, also note it happened with the original kernel on the VM and also the latest 6.9 kernel as of this writing as shown below.

Host Node: Centos 6.9

Kernel: 2.6.32-696.6.3.el6.x86_64 

Kernel: 2.6.32-042stab123.9

Same result in any kernel above

=========

VM Node: Centos 6.6 originally (this is where the error started but chrooting and upgrading did not fix it).

Kernels: 2.6.32-504.el6.x86_64,  2.6.32-696.6.3.el6.x86_64

I have tried different kernels on the host node and in the VM it made no difference.

I restored the same VM image and so far it boots fine but I have not made any changes to see if it boots again.  As mentioned even chrooting into the VM and upgrading the kernel and rebuilding initramfs has not fixed it.

Kernel panic - not syncing: Attempted to kill init!


Pid: 1, comm: init Not tained 2.32-696.6.3.el6.x86_64 #1


Call Trace:


[] ? panic+0xa7x0x179


[] ? perf_event_exit_task<+0xc0/0x340


[] ? do_group_exit+0x0/0xd0


[] ? fput+0x25/0x30


[] ? do_group_exit+0x58/0xd0


[] ? sys_exit_group+0x17/0x20


[] ? system_call_fastpath+0x16/0x1b

I have never had this error on Linux and this is running FreeBSD as root:


Wed Aug  9 04:29:34 2017 us=329050 Cannot allocate TUN/TAP dev dynamically
Wed Aug  9 04:29:34 2017 us=329832 Exiting due to fatal error

The Solution

You need a kernel module that is for some reason not automatically loaded like Linux:

kldload if_tap

First of all check to see which version if any you have available for a downgrade:

apt-cache showpkg packagename

Downgrade/Install old package:

apt-get install package=version

Example

apt-cache showpkg caja
Package: caja
Versions:
1.10.3-1+rafaela (/var/lib/apt/lists/packages.linuxmint.com_dists_rafaela_import_binary-amd64_Packages) (/var/lib/dpkg/status)
 Description Language:
                 File: /var/lib/apt/lists/packages.linuxmint.com_dists_rafaela_import_binary-amd64_Packages
                  MD5: 2d27e6d6f085ec92e7532bd116bd9d0a


apt-get install caja=1.10.3-1+rafaela

In Debian/Ubuntu this is called "holding".

To hold/exclude a package from being installed or upgraded:

sudo apt-mark hold packagename

To allow the upgrade/installation unhold:

sudo apt-mark unhold packagename

Intel NUC J3455 vs Vorke V1 J3160

Both are excellent units but the J3160 is nicer if you require even lower power usage (6W vs the Intel 10W).  The price is attractive on the Vorke V1 as well.  It's been said that the Intel J3455 NUC has a buggy BIOS and some other issues that require attention.

The Intel J3455 is still nice because it has 2 RAM slots but it does get hotter due to lack of fan.

The Vorke V1 runs cooler, uses less power and seems to run well out of the box.

The only consideration that should be given is really power, cost and the biggest feature the Vorke V1 loses out on is the single RAM slot which makes this a tossup and close tie.

Both are excellent units, if the single RAM slot on Vorke V1 is not an issue then go for it as the Vorke V1 does the rest better with less power and heat to boot.

Amazon Affiliate links where we've purchased these boxes from:

The more expensive one comes with RAM and HDD already.

 sudo tar --ignore-failed-read  -czvf mycomputer-backup.tar.gz --exclude=/home/otheruser/* --exclude=/proc/* --exclude=/sys/* /

Note the --exclude clauses and modify/add according to your needs