It is unfortunate that LXC's dir mode is completely insecure and allows way too much information from the host to be seen. I wonder if there will eventually be a way to break into the host filesystem or other container's storage?
OpenVZ better security:
[root@ev ~]# cat /proc/mdstat
cat: /proc/mdstat: No such file or directory
/dev/simfs 843G 740G 61G........
By default at least on Centos 7 nfs only allows 8 connections and starts 8 nfsd daemons.
To fix this edit this file:/etc/sysconfig/nfs
Edit the line "RPCNFSDCOUNT" (uncomment it so it looks like this:
In the example above we are setting 30 nfsd daemons to run (or in other words 30 connections are possible this way).........
Having a network bridge allows you to bridge traffic under multiple devices so they can talk natively without using any special routing, iptables/firewall or other trickery.
To create your bridge you need the bridge-utils package for brctl and if you want to do things like bridge VMs that run on a tap device you will need the uml-utilities which provides "tunctl".
Install the utilities to make our bridge
sudo apt-get install........
chroot which stands for change root allows you to virtually operate in another operating system even though you haven't booted it. It is commonly used to deploy new distros, applications and to fix a broken Linux/Unix install or prep a new system image without having to physically boot the drive or disk.
So in this example let's say we have a drive that has a Linux OS installed on /dev/sdb1 and we have mounted this partition on /mnt/sdb1
The key point is to edit the &quo........
initiator = client
target = server
These are the first concepts you should understand which is that in iscsi essentially the "initiator" is the client and the "target" is the server.
iSCSI is derived from the old fashioned SCSI that us oldtimers grew to love. The "i" stands for Internet and the SCSI stands for "Small Computers Systems Interface" (SCSI).
iSCSI Target (Server)Setup
targetcli is the pac........
Cisco's CUCM (Cisco Unified Communication Manager) is a system that combines voice, video, data and mobile products into a single unified management suite. At its core, the CUCMis like a "Super PBX" that controls the flow of all communications through an organization even single or multiple site deployments.
Cisco's CUCMmakes communication more effective and simple through centralized management and unification of communications resources.........
systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system.
The key commands or arguments you will use with systemctl are the following:
list-units [PATTERN...] List loaded units
You'll have to violate the iso9660 standards but it is necessary if you want to preserve your filesystem and filenames and shouldn't be an issue as long as you are using a modern OS like Linux.
genisoimage -o Backup-Myfiles.iso -r -J -joliet-long /some/path/
You will get errors like below (even enabling joliet-long didn't help)
genisoimage: Error: /some/filename.pdf have the same Joliet name
Joliet tree sort failed. The -joliet-lo........
zenity is a nice utility as part of the gnome window manager that allows you to script from bash and retrieve the input from the user. It could also be helpful in just notifying a user when they login with a popup window.
I'll give an overview of what's available with zenity:
--calendar Display calendar dialog
--entry Display tex........
sudo apt-get install nfs-kernel-server #oops there are no exports so it won't startsudo /etc/init.d/nfs-kernel-server start* Not starting NFS kernel daemon: no exports.
#we will use the /tmp/nfstestshare directory for our NFS share
#add it to /etc/exports (basically what NFS checks to determine what to make an NFS share)
So I have a domain "testdomain.com".
Inside test domain.com's root is the following .htaccess:
Options +FollowSymLinks -Indexes
ErrorDocument 403 /launch/index.html
Deny From All
Allow From 192.168.1.2
When you visit anything other than root things work fine. Eg. if you visit http://testdomain.com/somedirfile.html
It will show the right error in /launch/........
It takes some tinkering the main thing is that the "-dmS" flag allows screen to start without a session which of course sudo won't have.
/usr/bin/sudo -u user /usr/bin/screen -dmS nameyouchoose /script/start.bash
this doesn't work at all:
/usr/bin/sudo -u user "/usr/bin/screen /script/s........
Deny From All
Allow From 220.127.116.11
A simple and quick way to improve security by only allowing specific IPs to your web application.
In this case the above allows only the IP 18.104.22.168 to access things and everything else is denied.........
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/geoip.so' - /usr/lib64/php/modules/geoip.so: undefined symbol: GeoIP_country_code_by_name_v6 in Unknown on line 0
Remove the GEOIP from PHP:
PHP Fatal error: PHP Startup: apc_shm_create: shmget(0, 67108864, 914) failed: Invalid argument. It is possible that the........
Sep 12 18:16:25 vps pluto: ERROR: asynchronous network error report on eth0 (sport=500) for message to 22.214.171.124 port 20640, complainant 126.96.36.199: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Some say changing the "leftprotoport=17/%any" will fix this but I have not found this to be the case.
Essentially it means at least one end is blocking the ipsec packets. Sometimes the %any allows an alt........
This sounds silly but if you don't know you don't know and the cable name is "RP-SMA" and allows you to extend your wifi antenna as long as the cable goes.........
PHP Fatal error: PHP Startup: apc_shm_create: shmget(0, 67108864, 914) failed: Invalid argument. It is possible that the chosen SHM segment size is higher than the operation system allows. Linux has usually a default limit of 32MB per segment. in Unknown on line 0
PHP Fatal error: PHP Startup: apc_shm_attach: shmat failed: in Unknown on line 0
This error is not at all fun because it actually prevents Apache/httpd from starting or working at all. It will........
CPanel says you can access 98% of the functions through CLI which experienced Unix/Linux admins prefer for simplicity and for scripting. I've never found CPanel easy to use from the admin panel, it seems everything is hard to find and a simple task becomes a series of hunts.
So for people like me here's the list: http://cpanel.net/system-administrators/command-line-scrip........
Iread this article and still don't understand the issue.
If I understand correctly the client negotiates after the first SSLconnection and then gets the correct hostname and thus correct certificate.
To their credit I know I'm not using SNIbecuase Iget this message in the Apache log :)
[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
I just realized I have some blank users which I deleted butI can still login to this dummy account without a password for some reason.
mysql -u -p
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 5
Server version: 5.1.69 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation an........
I flashed an LSI Logic firmware to it and it broke the BIOS (cannot do Ctrl+R) for booting purposes but allows other functionality to work normally.
I tried downgrading to a Dell firmware for Perc 6i but it won't work, not even with MegaCli
--2013-08-26 12:53:39-- http://downloads.dell.com/FOLDER00416606M/1/SAS-RAID_Firmware_W83M2_LN32_6.3.1-0003_A14.BIN
I'm using ecryptfs and was suddenly unable to access or even ls my home directory (but every subfolder is accessible). It just hangs and throws this message in messages/dmesg:
Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
I read somewhere that perhaps some file or folder is owned by root somehow, sure enough there are some and sudoing to root allows me to........
This is something I often setup for clients because it's very helpful for people in datacenters, this allows custom OS installs on demand, you can customize it more by using kickstart etc.. but here's a base I use before customizing more:
This little script below will install everything you need to get booting by PXE Linux.
It also assumes you set a local IP (be sure not to overwrite your existing IP) on eth0:0 (note the :0) as 192.168.1.10 and it........
I really am a Linux fan but my comments here may not show it. Although I'm quite familiar with Linux CLI to administer servers, I find Linux GUI OS's like Ubuntu at times very clunky.
This is partially because there's no such thing as a "self-made" Linux from scratch where the UIwas designed by a single team. Linux is made up of several different projects that are generally completely separate and this lack of integratiion is a key issue that makes things f........
One of the purposes of rsync is to backup whole filesystems and archive them but how can you do that properly and restore things to normal if all permissions and ownerships are not preserved from your root filesystem?
It's not desirable to have everything running as root, especially not just for an rsync.
The Easy rsync preserve permission solution for non-root users
sudo is the answer and all you have to do is edit /etc/sudoers
At the end o........
This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc..
curlftpfs - mount a ftp host as a local directory
Before we start I take no responsibility for this, you should have a backup and if you make a mistake during this process you could wipe out all of your data. So backup somewhere else before starting this as a precaution, or make sure it's data you could afford to lose.
The RAID 1 Setup (Hardware Wise)
I've already setup my 2 x 1TB (Seagate) drives with identical partitions, make sure your new hard drive (the empty one) is setup like your curr........
I decided on using yum to help me decide even though I normaly use proftpd I decided to see what else I could find.
yum search ftp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: ftp-stud.fht-esslingen.de
* base: mirrors.netdna.com
* updates: updates.interworx.info
* addons: yum.singlehop.com
* extras: mirrors.netdna.com
E-mail (Thunderbird) with GnuPG encryptionThis is great tool for Mozilla Thunderbird which allows you to encrypt your e-mails so only you and the receiver can view it even if the e-mail is intercepting or obtained by another person.
The only small catch is that you of course have to install an extension to Thunderbird and then configure each account you want to use it with. Really it can probably all be done in a few minutes and the effort is worth it.........
Use Mozilla Firefox, not Internet Explorer - You'll be glad!Hey guys,
I just thought I'd recommend that everyone switch to Mozilla Firefox as their web browser. You can find it at http://mozilla.org
It is free and it is much better than IE. It has a built-in popup blocker which works great and most importantly, it doesn't have a million critical security flaws which could compromise your security such as passwords for on-line banking etc..........
This really is a difficult and confusing process for non-Mandarin speakers, but here's what I've done and learned so far:
You can purchase an "M-Zone" China Mobile pre-paid SIMCard from almost anywhere but I tried to purchase mine from Suning (a large electronics dealer) hoping they would be able to help me or answer my questions but my plan didn't work out at all. At Suning once I found someone who spoke some English they gave me the 55 RMB M-Zone China Mobile P........
I've tried to find a good sensible solution to cluster with and each technology has it's pros and cons and there is no perfect solution and I've found a lot of "exaggerations" in the applications, benefits and performance of these different filesystems.
I first started off with DRBD and Ihave to say it does live up to the hype, is quite reliable (although it can be annoying to match up the kernel module and user applications since they must match and whe........
Apple crippled the iPhone by not allowing multi-tasking of the non-primary apps. I use SSH a lot and I don't want to close my session just to check my e-mail, etc, now an app found in Cydia called "Backgrounder" allows just that.
Although it's not perfect, we installed the correct one for "3.x" iPhones and hit "Reload SpringBoard" and the hour/circle glass has just been going for minutes.
It seems like it installed fine even with the crash t........
Truly, the only way to unleash the capabilities and customization abilities of iPhone are to jailbreak, it's not just for hackers anymore.
A few days ago someone by the named of "geohot" released a single click application called "purplera1n", which does the entire operation smoothly and seamlessly.
In our case, the first time it went as far as "done, wait for reboot" on our Windows machine and for minutes we waited and saw the pic on the iPhone w........
Server not using user level security and no password supplied.
tree connect failed: NT_STATUS_WRONG_PASSWORD
That happens when trying to use smbclient to connect to a share. The weird thing is that I can authnenticate just fine from Windows XP.
It is partially my mistake, I forgot this share does have a password. I've tried authenticating with the correct user and also with "Guest" because this works in Windows. In Linux I ........
Ithink there has been a lot of negative press towards Rackable Systems. We will give their new solution credit that it is marketed very well, and comes prepackaged and ready to go.
But let's cut through the hype of both sides, the people who love this concept and the people who hate it.
What Rackable Systems have done is a first, to minimize space, power and costs into small servers. This is great, and many companies have already built their own servers based........