Most relevant config points from my video here.
1.) Create a new End User
The most important part is setting the "Digest Credentials", that is the password that the phone will use to authenticate.........
Make sure this makes sense for you but I've started to block a lot of commercial Cloud services and easily accessible providers as they are a very high source of abusive traffic. The cost savings for a lot of organizations are huge, as you now have less bandwidth usage and less resource usage from garbage/bot/malicious traffic. This mainly works for when you can be reasonably sure that your audience has no business visiting your service(s) from freely accessible commercial IP ........
This example is using RTL8821AU chipset from a TP-Link T2U Plus USB adapter and other similar ones should work the same.
Here's how to get this chipset RTL8821AU working in Linux.
Here's how to get RTL8812 and RTL8822 working in Linux.........
[Wed Nov 01 18:47:08 2023] [error] Unable to configure verify locations for client authentication
[Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line
[Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 185090057 error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib
It actually gives us a good clue that at last one component of our cert is invalid/improperl........
If you have du, you may want to check your bill, as you can read about a longstanding issue with fraudulent charges showing up and many users claiming they did not subscribe or solicit those offers.
These don't normally show up on new accounts, but they seem to target established users and maybe even users they suspect are not watching their phone or bills, while they are on vacation.
These charges can frighteningly happen with 0 interaction from the user despite what........
When Is It Time to Leave Your VPS, VDS, and Dedicated Server Provider?
Choosing the right hosting solution—be it Virtu........
In today’s digital landscape, finding a reliable and secure Virtual Private Server (VPS) or Virtual Dedicated Server (VDS) goes beyond just comparing specs and prices. With increasing concerns over data privacy, security breaches, and government surveillance, the wisdom of choosing your VPS/VDS provider based on juri........
Step 1.) Upgrade to Debian 11 first
The process to go to Debian 12 is not as smooth as 11, when trying to upgrade from Debian 10. In fact, it doesn't work directly, so you'll first need to follow this guide to update to Debian 11, reboot and come back here if successful.
Step 2.) Update sources.list
Update your /etc/apt/sources.list like this:
deb http://........
If you get this error, it is often because you have configured Apache with modules that weren't actually installed. Eg. you try to load the PHPmodule but didn't actually install the apache2 php module, so the server can't start. In general, this error can often be caused by issues with problematic modules and/or Apache being configured for modules that have not actually be installed (eg. libapache2-mod-php) is missing.
The above results in this less than obv........
The issue is that Docker images are stripped down, so many tools and even python3 is missing, so you'll have to build or update the actual image yourself.
I assume you have started an image with something like this and that you have the Nvidia Toolkit installed (assuming you are using GPUs). If you're not using nvidia just remove --runtime=nvidia --gpus all.
docker run -it --runtime=nvidia --gpus all ubuntu bash
These works for most images li........
haproxy is one of the best known and widely used Open Source load balancers out there and a strong competitor to nginx.
haproxy is used by many large sites per Wikipedia:
HAProxy is used by a number of high-profile websites including GoDaddy, GitHub,........
If you are getting this error from systemctl "Loaded: masked (Reason: Unit hostapd.service is masked.)" we need to unmask the service.
Solution
systemctl unmask hostapd
Removed /etc/systemd/system/hostapd.service.
It's fixed
root@routerOS:/var/log# systemctl start hostapd
root@routerOS:/var/log# systemctl status hostapd
● hostapd.service - Access point and authentication server for Wi-Fi and Ethern........
If you get this error when trying to SSHto a device or machine and you never even got a password prompt:
Too many authentication failures
This means that either the remote side is configured for key auth only, OR your client side may be attempting to auth using mulitple keys, and that exceeds the amount of attempted authorizations on the remote ssh server.
If the issue is trying to auth too many times which ssh defaults to sending the keys to, you ca........
Have you been given a Zoom password that the meeting owner says is correct but it doesn't work anymore or never works?
If the meeting name says "Zoom Meeting" and it's not really named that (which most meetings are not), then the issue is usually that there is an initial password to be able to join, aside from the passcode. It basically means that Zoom has deauthenticated you randomly or maybe after X amount of uses, without clicking on the Join Meeting URL which contains a........
Just click on the Start Menu and go to "Startup Applications"
Then click on the "Add"Button
Now enter the command we need to open the folder/directory automatically using the filemanager
For remote SSH host (you need pub key auth for it to open without a pa........
Why choose OpenVPN instead of a firewall appliance?
OpenVPN can be a reliable and easy replacement for traditional hardware or just be an additional tool that your company uses so that the firewall can focus on its job rather than acting as a VPNappliance at the same time.
When comparing OpenVPN with traditional firewal........
The key is that you need to know the passphrase to do it, if you don't know the password for the key then you can't remove the key since it cannot be decrypted.
ssh-keygen is the easiest method and openssl can be used to manually remove the key and output it to a new file, which you can then copy back over top of the encrypted file.
After that your public key authentication will work without any password prompt because it is no longer encrypted. Make sure you understand........
1. Let's work from an environment where we can install Ansible on.
If you are using an older version of Linux based on Mint 18 or Ubuntu 16, you may want to get the PPA and get the latest version of Ansible that way:
sudo apt install gpg
sudo add-apt-repository ppa:ansible/ansible
sudo apt update........
Are you getting this error in Proxmox while trying to apt update or install Ceph?
apt update
Hit:1 http://security.debian.org bullseye-security InRelease
Err:2 https://enterprise.proxmox.com/debian/pve bullseye InRelease
401 Unauthorized [IP: 144.217.225.162 443]
Hit:3 http://ftp.hk.debian.org/debian bullseye InRelease ........
Kubernetes Easy Beginners Tutorial/Architecture Guide
Kubernetes is known as container orchestration and we should start at explaining the container part of it.
A Container is what runs the actual application and based on an Image, and are more comparable to something like an LXC Container, Virtuozzo/OpenVZ using the Linux Kernel Namespaces feature. Containers run these images as independent, isolated operating environments under the O........
This assumes that you've already installed the relevant HWIC cards eg. Cisco Asynchronous Serial NIM
These are essentially cards that you install into your router, once installed you connect an Async cable to one of the ports on the card which normally gives you 8 console cables and are normally labelled 1 through 8.
You connect all of the cables to the devices you need (even non-Cisco devices) whether switches, routers or firewalls, they will usually work.
The real m........
It is common that you may get access to undocumented equipment and need to reset the password. This applies to many Cisco routers whether 2600, 2900, 3900 etc...
Cisco's Guide says to hit Ctrl +Pause/Break but if it doesn't work on some devices causing people to say "cisco password reset pause break does not work", you can see Cisco's alternative key combinations here:........
Just a quick note and warning is that if you are testing to see if EFIPXE booting works on a VM, MAKE SURE it actually works. For example Iinitially tested using my Distro's QEMU 2.5+dfsg-5ubuntu10.46 and ovmf BIOS firmware (OVMF supports EFI). However, I found on old versions of QEMU (like 2.5), EFIbooting with GRUB NEVER works so it may appear that you have made a mistake when everything is fine when you boot a physi........
Enable "cli" mode equivalent in JunOS
cli
Configure Mode
configure
So rather than going to the console on a Cisco switch and typing "enable" and then "conf t", the equivalent in JunOS is "cli" and "configure".
How Do You Apply Changes You've Made?
You can make all kinds of changes to the switch, but remember they are not........
apt install software-properties-common
add-apt-repository ppa:deadsnakes/ppa
apt update
apt install python3-pip
apt install python3.7 curl gnupg python3.7-dev git
ln -s /usr/bin/python3.7 /usr/bin/python3
pip3 install numpy keras_preprocessing
curl https://bazel.build/bazel-release.pub.gpg | sudo apt-key add -
echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel........
When authentication times out that is one thing, but when it just fails like below Asterisk by default will not re-register until you the admin reload the sip or asterisk server:
voipserver*CLI> sip show registry
Host dnsmgr Username Refresh State&........
The scenario here is that you have some sort of remote headless Linux server but would like to run some programs on them and get graphical access to them. The problem is that the remote server may be an image or VMwithout any virtual GPU and even if so, it is likely without KDE or Gnome, so there's no real way to do this, unless you follow our guide.
Install xvfb
apt install xvfb
Reading package lists... D........
If you are getting this error it is usually caused by having more than 5 keys in your ".ssh" directory. It is a bit of a bug and this is how it manifests itself.
You will find at this point that you are not given any chance to enter a password, or if you are using key based auth that the same thing happens. You'll also find that this is happening with ALLservers you try connecting to.
The solution is to move away key pairs from .ssh so that there ar........
MySQL on Debian versions is configured differently than the native local MySQL plugin so you will be disappointed when your password on the mysql client fails by default.
Here is how you reset the MySQL root password the proper and "working way"
#first we gracefully stop mysql
sudo systemctl stop mysql;
#then we forcefully kill any mysqld process just in case
sudo killall -9 mysqld mysqld_safe;........
mysql reset root password.
Oops I can't remember my MySQL root password!
[root@centos7test etc]# mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
First we need to stop mariadb:
systemctl stop mariadb
Now we need to restart it with skip-grant-tables whic........
yum -y install mariadb-server
systemctl start mariadb
mysql_secure_installation
Now we need to secure our install and set the MariaDB root password:
The lines you need to act on are marked in bold shown with the answer you need.
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SER........
Downloading and compiling from source to get the latest version of Asterisk is really simple with this guide.
apt install gcc make g++ libedit-dev uuid-dev libjansson-dev apt install libxml2-dev sqlite3 libsqlite3-dev
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-16-current.tar.gz
tar -zxvf asterisk-16-current.tar.gz
cd asterisk-16.6.2/
./configure
If you get this error change y........
You'll have to edit the policy.xml file to fix this:
convert -density 300 output.pdf agreement.jpg
convert.im6: not authorized `output.pdf' @ error/constitute.c/ReadImage/454.
convert.im6: no images defined `agreement.jpg' @ error/convert.c/ConvertImageCommand/3044.
sudo vi /etc/ImageMagick*/policy.xml
Change
policy domain="coder" rights="no........
This is a security hole in my opinion and should be plugged by editing the lock screen ui layout:
vi /usr/share/mate-screensaver/lock-dialog-default.ui
#find these objects and set the visible property to false
object class="GtkLabel" id="note-tab-label"
object class="GtkLabel" id="auth-username-label>
object class="GtkLabel" id="auth-realname-label"........
SSH helps keep us secure in many ways, one of those is the host-key fingerprint which is unique. If you have been connecting to an SSH server that you've made no changes to and suddenly ssh warns that the key doesn't match then you have a problem.
But how about connecting to an existing server for the first time on a new machine or client?
A lot of new clients calculate it using an SHA256 hash but it is not as easy on your host machine to produce the sam........
ssh-keygen -p -f /path/to/your/id_rsa
Enter new passphrase (empty for no passphrase):
After that your rsa private key will be encrypted which is a layer of protection and security in the event that somehow someone acquires your key and tries to access servers that the key is authorized on.........
The strange thing is that usually the first install or two will work on any new machine but then it suddenly won't. I had this experience on QEMU 2.13 on a different machine. There is something finicky or buggy about the CUCM installer even when choosing the same virtual hardware specs.
qemu-kvm command:
/usr/libexec/qemu-kvm -version
QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2-2.506.el6_10.1), Copyright (c) 2003-2008 Fabrice Bellard
........
./certbot-auto --apache certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): yourdomain.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for yourdomain.com
Cleaning........
I tried to stop a qemu-img copy or clone and it broke everything. It was fine to "stop" it from the GUI but a process still persisted so I killed the relevant qemu-img and the kernel went crazy. It also may not have helped that I tried to lvremove a different volume (an unused disk). But either way it breaks LVM (you cannot even run lvdisplay) so a reboot is necessary.
Jan 17 06:45:21 testserver kernel: [ 5680.439337] systemd-udevd D 0&nbs........
In Debian a lot of times SSH disables the root user to login by password by default. This means you will get an authentication failure as if you typed in the wrong password.
The logs also indicate the password is wrong but what is often the case is in the config file
Check /etc/ssh/sshd_config
cat /etc/ssh/sshd_config|grep -i permitrootlogin
Make sure it says:
PermitRootLogin yes
If not change it and restart SSH........
iw dev wlan0 station dump
This is very useful because it is helpful if you are running something like hostapd and need to see the signal strength and negotiated connection speed.
Station ff:ff:ff:ff:ff:ff (on wlan0)
inactive time: 16309 ms
rx bytes: 25451
rx packets: 325
tx bytes: 44381
tx packets: 159
tx retries: 0
tx failed: 0
signal: -72 [-72] dBm
signal avg: -72 [-72] dBm........
Cisco's CUCM (Cisco Unified Communication Manager) is a system that combines voice, video, data and mobile products into a single unified management suite. At its core, the CUCMis like a "Super PBX" that controls the flow of all communications through an organization even single or multiple site deployments.
Cisco's CUCMmakes communication more effective and simple through centralized management and unification of communications resources.........
systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system.
The key commands or arguments you will use with systemctl are the following:
Unit Commands:
list-units [PATTERN...] List loaded units
&nbs........
An error occurred during a connection to some-ip-or-domain. SSL peer reports incorrect Message Authentication Code. Error code: SSL_ERROR_BAD_MAC_ALERT
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
**Solution**
Go to about:config........
[root@localhost:~]
BootModuleConfig.sh echo host-ind nfcd........
#mount the VCSA DVD
mount /dev/sr0 /mnt/cd
#alternatively you could mount the iso directly
mount -o loop vcsa.iso /your/mount/path
#for this purpose we are using the CLI installer on Linux
cd /mnt/cd/vcsa-cli-installer/lin64
#no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file
./vcsa-deploy
Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........
Starting with newer versions of OpenVPN Ibelieve 2.2+ you need to have "script-security 3" set or you can't execute a third party script.
Prior to that you could also use the auth-user-pass-verify like this:
auth-user-pass-verify ./validate.pl "$username $password $ip" via-env
Options error: the --auth-user-pass-verify directive should have at most 2 parameters. To pass a list of arguments as one of the paramete........
Jul 3 22:12:17mailserver postfix/smtpd[6195]: fatal: no SASL authentication mechanisms
Jul 3 22:12:18mailserver postfix/master[4881]: warning: process /usr/libexec/postfix/smtpd pid 6195 exit status 1
Jul 3 22:12:18mailserver postfix/master[4881]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
This only ever happens in my experience when the authentication method is actually Dovecot. Usually the problem........
One simple way to keep your server public but almost impossible to hack via SSHis to disable password authentication over SSH. This means the only way in is via your own private key that only you should have.
Edit your /etc/ssh/sshd.conf file
Set this option
PasswordAuthentication no
Restart your SSH server.
service sshd restart
........
error: Could not locate RPC credentials. No authentication cookie could be found, and no rpcpassword is set in the configuration file
This is usually because the .cookie file cannot be read by the user you are running Litecoin or Bitcoin client/daemon as.
You can adjust the permissions of the file so that the user or group they are apart of has read permissions.
........
This just simply outputs what you need a username and password that can be used to authenticate from .htaccess
htpasswd -nb user password
user:Gnb6uE9Lp4gt2
If you want to write it straight to a file
htpasswd -cb /tmp/somefile.pw user password
How To Use This In .htaccess
AuthUserFile /tmp/somefile.pw
AuthName GetLost!!
AuthType B........
First of all I got this error after accidentally messing up my usergroup by using usermod -G user group
When I would login using SSHkeys it would fail:
sshd[2020]: Authentication refused: bad ownership or modes for directory /home/one
No worries, the fix is simple!
chmod g-w /home/use........
Sep 12 18:16:25 vps pluto[7299]: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.5.6.2 port 20640, complainant 192.5.6.2: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Some say changing the "leftprotoport=17/%any" will fix this but I have not found this to be the case.
Essentially it means at least one end is blocking the ipsec packets. Sometimes the %any allows an alt........
Just a note before you do this you should have a sure, guaranteed way into the system such as local, KVMor preferably publickey making bruteforce SSH absolutely impossible since there is no password to bruteforce and even if someone knew the password they wouldn't be able to login except from the local console (presumably you should make sure no one unauthorized has physical access).
1. Edit /etc/ssh/sshd_config
Find the section like this:........
Essentially a program I was running for mining did not terminate properly with Ctrl+C it is listed as defunct and cannot be killed, kernel is tainted and normal tricks to disable the port are impossible the dev and sys entries for the device cannot be browsed or interacted with in any form without a lockup of the request. The only solution is to reboot due to the kernel taint as far as I can find so far.
[1130246.811056] INFO: task minerd:21861 blocked for more th........
**** Warning: can't process font stream, loading font by the name.
Can't find CMap Identity-UTF16-H building a CIDDecoding resource.
Warning: falling back to Identity ordering
**** Error reading a content stream. The page may be incomplete.
**** File did not complete the page properly and may be damaged.
**** This file had errors that were repaired or ignored.
****........
ecryptfs-mount-private
Enter your login passphrase:
Inserted auth tok with sig [ee16d84] "into the user session keyring
mount: No such file or directory"
[ 156.118113] ecryptfs_mount: kern_path() failed
[ 156.118431] Reading sb failed; rc = [-2]
[ 164.233055] traps: mate-notificati[3472] trap int3 ip:7f43d7002c13 sp:7fff162c6600 error:0
[ 166.017061] ecryptfs_mount: kern_path() failed........
The "passwords do not match" implies or makes it appear that your auth code is wrong but actually you have to click "View additional settings" and then see there are 2 password fields to manage the domain once it is transferred (the password is typed twice for confirmation). Simply fill out a password twice or remove the first password fields contents and all will be well.........
This can be a case of bad permissions or modes as the error says. Normally one would assume permissions but often a script may change ownership of /root to something else.
This was the case half the time I've encountered this.
So in short make sure ownership is correct
chown -R root.root /root........
Disclaimer, before starting this I do not like ioncube, it is great to protect your source code, but a big pain to setup this extension since it has to be done manually. Further, fi you do a PHPupdate ioncube may no longer work, causing important sites or services to not work (I wish authors would take another approach).
1.) Download from here:https://www.ioncube.com/loaders.php
2.) Extract the contents and co........
I do not understand why heartbeat would try to communicate with another system not considered part of the node:
heartbeat: [8280]: WARN: string2msg_ll: node [otherbox.com] failed authentication
........
openvpn 2.3.10-1.el6 issues
in the .conf
auth-user-pass-verify "passwordcheck $username $password $untrusted_ip" via-env
auth-env does not work correctly in OpenVPN 2.3:
Sat Apr 23 02:30:22 2016 - $username - $untrusted_ip - login failure
But OpenVPN 2.2 does work as expected.
It could be that the specified script automatically receive........
If Linux Mint 17 or other has no window buttons/controls you can do the following from terminal:
marco --replace&
Sometimes it can be fixed if you go to your themes/appearance and choose a new one but in the case like mine where Compiz is installed but not running/working then that fix will not work and will require the marco command above.
What if you can't type in a terminal Window?
If you close........
The Scenario
You have dual NICs and you disable NIC1 which uses 192.168.1.1 as its gateway. With NIC2 you enable it/connect it to another network which also has the gateway 192.168.1.1
Everything will work fine at this point.
When switching back to NIC1 even with NIC2 disabled and even unplugged, the OS basically can't pick up the new/updated ARP entry of the old device for 192.168.1.1 and perhaps thinks it is a security risk or spoof of some sorts and blocks i........
If you are getting this error from Pluto/IPSEC it is almost always due to a routing or NAT issue.........
Your firefox is out of date if you get errors like below:
Secure Connection Failed
........
An error occurred during a connection to site.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
When the above happens in our experience it is a misconfiguration of........
You need to set your application type as "Desktop" even though this would sound counterintuitive.........
yum -y install dvdauthor ffmpeg mjpegtools sox bc
rpm -ivh dvd-slideshow-0.8.4-2.noarch.rpm
Preparing... ########################################### [100%]
1:dvd-slideshow ########################################### [100%]
/usr/bin/dir2slideshow: line 553: bc: command not f........
Aug 25 16:43:24 evohostingtor postfix/master[19471]: fatal: /etc/postfix/master.cf: line 24: field "unprivileged": bad value: "???"
Solution: I had the wrong thick dashes when c&ping (just retype them with your keyboard)
Aug 25 16:47:10 mailbox postfix/master[24498]: fatal: /etc/postfix/master.cf: line 25: bad transport type: syslog_name=postfix/auth-cleanup
auth-cleanup unix n - - - 0 cleanup
#-o syslog_name=postfix/........
The most common solution is to use the /etc/postfix/header_checks but this is a big problem.
Why is header_checks a problem? Because it does it to all mail whether incoming or outgoing and whether authenticated or not. We of course want as much header information for incoming as we can get for many reasons but many organizations want to secure and make their mail clients as secure as possible.
I adapted this solution to the client's custom config, they are configur........
yum -y install fail2ban
vi /etc/fail2ban/jail.conf
[asterisk-tcp]
enabled = true
filter = asterisk
action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
logpath = /var/log/asterisk/messages
maxret........
DELETE FROM `wp_comments` WHERE NOT comment_author_email IN ('user@hotmail.com','another@hotmail.com')
The above is an example of specific records you type out, but you could also base it on a subquery.........
*Note this will delete all comments indiscriminately.
DELETE FROM `wp_comments`
To delete all but save specific comments based on "author e-mail use the following". Add more e-mails below in the same format if you have more.
DELETE FROM `wp_comments` WHERE NOT comment_author_email IN ('user@hotmail.com','another@hotmail.com')........
LSi Megaraid
At first it was configured as a RAID 0, then I deleted the Virtual Disk Group.
I thought both drives would be shown and detected in Linux as sda and sdb but it actually shows nothing.
To make them work you have to hit Ctrl+R before the system boots (when prompted) and create a Virtual Disk Group. In my case I created each one as RAID 0 (with a single drive only) as I just wanted JBOD but there is no such option or default in these Dell Pe........
pxe-32 tftp open timeout
The solution was to enable tftp in xinetd with "chkconfig tftp on".
See the troubleshooting below:
chkconfig --list
NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off
acpid 0:off&n........
Client Log
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.253 [192.168.1.253] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_d........
This is a handy link and list of all the relevant Directadmin log files and related servers.
http://help.directadmin.com/item.php?id=11
DirectAdmin:
/var/log/directadmin/error.log
/var/log/directadmin/errortaskq.log
/var/log/directadmin/system.log
/var/log/directadmin/security.log
Apache:........
Step #1 - Create Wrapper Script
vi /usr/local/bin/phpsendmail
#!/usr/bin/php
........
This is something I often setup for clients because it's very helpful for people in datacenters, this allows custom OS installs on demand, you can customize it more by using kickstart etc.. but here's a base I use before customizing more:
This little script below will install everything you need to get booting by PXE Linux.
It also assumes you set a local IP (be sure not to overwrite your existing IP) on eth0:0 (note the :0) as 192.168.1.10 and it........
Here is a quick script that works on most Centos versions to disable the virus/SELinux from blocking basic functionality.
The first echo 0 statement disables SELinux instantly but it will still be enabled on reboot.
The second line disables it permanently.
#!/bin/bash
#disable SELinux Immediately
echo 0 > /selinux/enforce
#disable SELinux Permanently
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config........
A lot of people become nervous (and understandably so) when checking their auth or security logs, in Centos /var/log/secure and see dozens, hundreds of even thousands of attempted logins to various services, especially SSH.
Of course you could manually block these people/IPs but no one has time to read the logs like that, what if some program or script could do it for you?
This is what denyhosts does for you, it checks the logs and based on a certain number of failed SSH attem........
ERROR 1045 (28000): Access denied for user 'contentmanager'@'localhost' (using password: YES)
For fun I thought I'd reset the password:
GRANT ALL ON thecontent.* TO contentmanager IDENTIFIED by 'dfdfsdfdsfsdfsd';
ERROR 1470 (HY000): String 'contentmanager' is too long for user name (should be no longer than 16)
This is ridiculous that this new version has some bizarre 16 character username limit and not only that but i........
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9etch3
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
A parameter was malformed
Validation error
Solution, disable auth from the ssh client (this is a client side error)........
I experienced this with CPanel's Exim after an auto-update (a Google of this error produces lots of complaints with few clear solutions). In this case I'll put the solution at the top.
Run /scripts/buildeximconf to rebuild the Exim config and it should be fine after that.
mail -vs "from test" user@dest.com < .bash_history
LOG: MAIN
cwd=/root 4 args: send-mail -i -v user@dest.com
LOG: MAIN
&........
The normal solution would be as follows:
export DISPLAY=:0.0
/usr/lib/vino/vino-server &
But what happens if that doesn't work? I haven't been able to find much documentation about how to find the list of displays and how their numbering works in Xorg.
Sometimes you'll get this error when trying to restart vino:
Cannot open display:
For some reason my display is not on 0.0........
http://www.datsi.fi.upm.es/~frosal/
SHC is a program written by the author above that does just that, it's a great little tool to have.
Some have said it isn't exactly encrypting the code but just making it hard to read by obfuscating the code.
There was also a good discussion about that here:........
Centos 5 Postfix and SPAMASSASSIN Tutorial
yum install spamassassin
chkconfig spamassassin on
vi /etc/mail/spamassassin/local.cf
##############
#required_hits 5
#report_safe 0
#rewrite_header Subject [SPAM]
#5 is the least restrictive (means only the most obvious SPAM is caught. 0 is obviously the most restrictive/sensitive and would have lots of false positives
require........
Convert MBOX Mail files into Maildir using Linux
*You need perl an the TimeDate module
Get the free Perl script mb2md from the project/author's site:
wget http://batleth.sapienti-sat.org/projects/mb2md/mb2md-3.20.pl.gz
gunzip mb2md-3.20.pl.gz
#remember you need timedate or you'll get this error:
./mb2md-3.20.pl
Can't locate........
sshd[9217]: Authentication refused: bad ownership or modes for file /root/.ssh/authorized_keys
I made sure the entire .ssh subdir is owned by the user root (this is root's account);
chown -R root.root .ssh
chmod 600 .ssh/authorized_keys
but it still doesn't work and gives me the same message
sshd[7339]: Authentication refused: bad ownership or modes for directory /root
chmod 700 /root........
Create Cert & Key:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
mkdir /etc/mailssl
chmod 700 /etc/mailssl
cp server.* /etc/mailssl
Postfix SSL config
Edit /etc/postfix/main.cf:
#SSL stuff
smtpd_tls_cert_file = /etc/mailssl/server.crt
smtpd_tls_key_file = /etc/mailssl/server.key
To make smtps w........
genuine.com/IN: loading master file genuine.com.zone: file not found
_default/genuine.com/IN: file not found
I always found it silly that no one really talks about this and apparently many like me and even control panels like Plesk were still using hard paths. I always thought "why can't I just specify the name of the zone file and have bind find it". Surely the default search path must be /var/named or somewhere else but there is no such thing.........
Webmin Setup Centos 5:
wget http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html&ts=1294339690&use_mirror=surfnet
[1] 24229
[2] 24230
[root@host ~]# --2011-01-06 21:48:20-- http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html
Resolving downloads.sourceforge.net... 216.34.181.........
yum exits in the middle
The problem is this VPS seems to be an OpenVZ template from HyperVM. The only way to make it work was to disable i386 packages since this was an x64 kernel. That shouldn't be necessary but it was the only way to make yum stop quitting after the first package or two. I couldn't find any issue by checking the logs either.
echo y|yum install vim-minimal telnet expect jwhois net-tools slocate iptables elinks gawk
L........
I finally decided to look into some utils that did this, and the first one I found is "mp3burn". It is unbelievable simple and perfect. *2017-11 update and mp3burn is still available in standard repos such as Ubuntu 14/16 so this is a current and working project.
Just install the package and it gets all required libraries to convert and then burn's on the fly. And you won't believe how simple it is.
I just want to a directory that had the MP3's I wanted t........
This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc..
Name
curlftpfs - mount a ftp host as a local directory
Synopsis........
This is a very simple solution, but most guides out there make you login twice (once to scp the key) and once to put the key in authorized_keys. There's no need for that.
If you don't already have a ~/.ssh/id_rsa.pub just type "ssh-keygen -t rsa" and keep hitting enter until it's done :)
Just use this code to easily enable passwordless login with SSHD
key=`cat ~/.ssh/id_rsa.pub`;ssh user@192.168.5.25 "echo $key >> ~/.ssh/auth........
The folder I was trying to archive is about 72GB, but much like rsync at about 17GB it chokes because of the filesize. What's with so many common and essential Linux tools having such limitations? I guess it is likely that the authors never wrote their code with the idea that files would be so large but it's still very annoying. It's important to stay on top of these limitations on production servers because I didn't realize what happened until I checked the file with "........
Here are the results, it is Sempron 3000+ AMD Mobile, 500Gig HDD, 512MB RAM with shared ATI Radeon graphics.
# # # # # # # ##### ###### # # #### # #
# # ## # # # #&nb........
PHP cannot access /usr/bin/opensslI have verified the username that runs the process is able to access /usr/bin/openssl and it does exist but the PHP script is saying it doesn't exist:
[code:1:1fd0f3abbe]
if (!file_exists($OPENSSL)) {
//echo "ERROR: OPENSSL $OPENSSL not foundn";
}[/code:1:1fd0f3abbe]
I don't get itI can clearly see the contents of /usr/bin by using the PHP system fu........
SSH automatic login without passwordlocal> ssh-keygen -t rsa -f .ssh/id_rsa
-t is the encryption type
-f tells where to store the public/private key pairs. In this case, the .ssh directory on home is being used
A password will be asked; leave this part blank, just pressing
Now, go the .ssh directory, and you will find two new files: id_dsa and id_dsa.pub. The last one is the public part. Now, copy the public key to the serv........
Need identd for port 113 ? Install authdyum install authd
Happy identing :)Actually it's not that simple.
It installs as an "xinetd" service and is disabled and turned off by deafult.
To enable it run:
[code:1:8c94df8319]
chkconfig --level 3 auth on
service xinetd restart
[/code:1:8c94df8319]
This will set identd aka authd to start by default.
service xinetd resta........
SSH Public Key Authentication (Login Without Passwords)I've gone over this before but just a quick note!
the "authorized_keys" file in ~/.ssh
must be chmodded to "600" or public key authentication won't work.
I guess it's kind of a security/failsafe feature that I've
seen on all Linux and Unix OS's........
MySQL Server 3.23 won't start after switching from 4.1I was using a 4.1 alpha version of mysql-server and some how version 3.23 of the client and 4.1 of the client were also both installed!
So I forced uninstalled everything because after trying and trying even though MySQL server was using the short 16byte password authentication I got some other errors.
After trying with the ports and having it fail because I had existing database data I force installe........
PHPBB Drop All TablesSQL Syntax:
[quote:75acd496c1]drop table phpbb_auth_access, phpbb_banlist, phpbb_categories, phpbb_config, phpbb_confirm, phpbb_disallow, phpbb_forum_prune, phpbb_forums, phpbb_groups, phpbb_posts, phpbb_posts_text, phpbb_privmsgs, phpbb_privmsgs_text, phpbb_ranks, phpbb_search_results, phpbb_search_wordlist, phpbb_search_wordmatch, phpbb_sessions, phpbb_smilies, phpbb_themes, phpbb_themes_name, phpbb_topics, phpbb_topics_watch, phpbb_user_group, p........
auth/auth_util.c:make_server_info_sam(840)
User nobody in passdb, but getpwnam() fails!
I never found the solution to this in the web, as usual so Ithought I'd post the fix. In plain English smbd is telling us that the user "nobody" does not exist in /etc/passwd.
You can simply add this to your /etc/passwd file like so:
nobody:x:65534:65534:nobody:/nonexistent:/sbin/nologin
Now SAMBA/smbd should........
This happened with a select statement which writes the result to an external file. I didn't remember the privilege "FILE" must be granted on *.* for this to work successfully, it wasn't actually an authentication issue as it implies since I was already in the SQL prompt and doing the query.
SELECT some_id
FROM sometable
INTO OUTFILE '/tmp/result.txt'........
In those 4 simple commands you can setup mutual key exchange between two sshservers by using a single login shell session and single window.
*Just change the IP address examples of (10.10.0.2) to the target of your mutual key exchange. It doesn't matter if the server is on a LANor WAN(well unless the server is behind a firewall and you cannot SSHinto it).........
Backing MySQL Databases
Backing Up/Dumping All Mysql Databases To A Single File
mysqldump --all-databases -u admin -p > allmysqldatabases.sql
The "-all-databases" clause is pretty obvious isn't it? It means that it will backup all databases.
The "-u admin" means login using the user "admin", if you h........
Apple crippled the iPhone by not allowing multi-tasking of the non-primary apps. I use SSH a lot and I don't want to close my session just to check my e-mail, etc, now an app found in Cydia called "Backgrounder" allows just that.
Although it's not perfect, we installed the correct one for "3.x" iPhones and hit "Reload SpringBoard" and the hour/circle glass has just been going for minutes.
It seems like it installed fine even with the crash t........
Truly, the only way to unleash the capabilities and customization abilities of iPhone are to jailbreak, it's not just for hackers anymore.
A few days ago someone by the named of "geohot" released a single click application called "purplera1n", which does the entire operation smoothly and seamlessly.
In our case, the first time it went as far as "done, wait for reboot" on our Windows machine and for minutes we waited and saw the pic on the iPhone w........
The dmg format is silly and annoying to work with, why couldn't Apple stick with the .iso standard? Anyway, there's an excellent Linux and Windows based tool to convert it back to a normal .iso Image called dmg2iso
I'll only cover theLinux version although the Windows pre-built binary works the same way.
Download dmg2iso here for free (from the author's website)
It's just silly and doesn't make sense that Ubuntu doe........
Icouldn't understand why on one system it took a few minutes to get the SSHlogin prompt when connecting to other systems. The other systems all had the UseDNS parameter set to no, which almost always resolves the login prompt delay.
The reason is Ubuntu and perhaps Debian and other distributions /etc/nsswitch.conf file
Edit yours to have the "hosts" line like so (notice that files and dns are the primary resolution choice........
Server not using user level security and no password supplied.
tree connect failed: NT_STATUS_WRONG_PASSWORD
That happens when trying to use smbclient to connect to a share. The weird thing is that I can authnenticate just fine from Windows XP.
It is partially my mistake, I forgot this share does have a password. I've tried authenticating with the correct user and also with "Guest" because this works in Windows. In Linux I ........
This will give you the basic info needed to browse and connect to Samba shares from the command line. From the GUI of Gnome or KDE etc, it is pretty standard and straight forward. However, I've found very little guides on how to do it from the command line and if you're like me, a nerd who prefers command line for its simplicity and for remote use, this is the way to go.
First get a list of all the Samba/SMB shares on the target.
smbclient -L hostname........