This guide assumes you have a working Postfix server and want it to sign with DKIM.
There are a few things we have to understand to make all of this work though, which require you to be familiar with DNS as well.
1.) Install OpenDKIM
apt install opendkim
systemctl enable opendkim
2.) Edit /etc/opendkim.conf
Syslog yes
SyslogSuccess yes
Mode&nbs........
apt install tftpd-hpa
#change TFTP_ADDRESS to by setting address to 192.168.1.1:69 or the IP you need, otherwise it will listen on all IPs and interfaces which could be a security risk.
# edit /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="192.168.1.1:69"
TFTP_OPTIONS="--secure"........
sysctl vm.overcommit_memory=1
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo 511 > /proc/sys/net/core/somaxconn
1:M 26 Nov 2023 21:34:33.840 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
1:M 26 Nov 2023 21:34:33.840 # Server initialized
1:M 26 Nov 2023 21:34:33.840 # WARNING overcommit_memory is set to 0! Background sa........
convert-im6.q16: DistributedPixelCache '127.0.0.1' @ error/distribute-cache.c/ConnectPixelCacheServer/244.
convert-im6.q16: cache resources exhausted `/tmp/magick-27777Al6FGY7dhyKt10' @ error/cache.c/OpenPixelCache/3984.
convert-im6.q16: DistributedPixelCache '127.0.0.1' @ error/distribute-cache.c/ConnectPixelCacheServer/244.
convert-im6.q16: cache resources exhausted `/tmp/magick-277772Y_-pJnMdT2r1' @ error/cache.c/OpenPixelCache/3984.
convert-im6.q16: Distr........
Are you getting this error when trying to connect to a site/domain/service and then you checked your router/nameserver's logs to see what's wrong?
You may see something like this:
named[3025898]: REFUSED unexpected RCODE resolving
This is not usually an error with named or bind, at least not on your end but NORMALLY this is an issue with the remote nameserver.
A lot of times this is a misconfigured remote nameserver. A classi........
If you have du, you may want to check your bill, as you can read about a longstanding issue with fraudulent charges showing up and many users claiming they did not subscribe or solicit those offers.
These don't normally show up on new accounts, but they seem to target established users and maybe even users they suspect are not watching their phone or bills, while they are on vacation.
These charges can frighteningly happen with 0 interaction from the user despite what........
A lot of companies are unsure which solution to choose and many may not be aware of Docker Swarm as an alternative to Kubernetes. One thing that many Sysadmins find is that Docker Swarm is simply easier, quicker to setup and maintain by far than Kubernetes.........
This will be the goto to help solve e-mail delivery issues and talk about many practical issues that happen between developers, admins and scripts that send e-mail and do things that may not be acceptable or cause deliverability problems.
Sendmail Stuff
Edit /etc/mail/sendmail.mc
The problem is that if you send directly out from the server using the mail function, the Return-path of the e-mails will be username@thehostnameoftheserver.com. Let........
find /usr/share/zoneinfo/|sed s#"/usr/share/zoneinfo/"##g|grep "/"|grep -v posix|grep -v ^"Etc/"|grep -v ^right|grep -v ^"SystemV"
Africa/Addis_Ababa
Africa/Abidjan
Africa/Blantyre
Africa/Lusaka
Africa/Casablanca
Africa/Libreville
Africa/Asmara
Africa/Bujumbura
Africa/Dakar
Africa/Lagos
Africa/Malabo
Africa/Harare
Africa/Kigali........
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --output=aclocal.m4t
Can't exec "aclocal": No such file or directory at /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
autoreconf: failed to run aclocal: No such file or directory
make: *** [/software/pixman/configure] Error 1
Just install automake:
yum install automake........
Step 1.) Upgrade to Debian 11 first
The process to go to Debian 12 is not as smooth as 11, when trying to upgrade from Debian 10. In fact, it doesn't work directly, so you'll first need to follow this guide to update to Debian 11, reboot and come back here if successful.
Step 2.) Update sources.list
Update your /etc/apt/sources.list like this:
deb http://........
If you are running a local DNS server like named/bind and don't want to use the ISPsupplied DNS servers that are announced via a DHCP request (using dhclient) then the solution is simple.
The reason should be obvious, but normally running your own DNS server will provide a more reliable, and fast DNS response and you won't have to worry about filtering as much (unless your upstream filters or proxies outgoing DNS requests).
Edit /etc/dhcp/dhclient.conf........
The issue is that Docker images are stripped down, so many tools and even python3 is missing, so you'll have to build or update the actual image yourself.
I assume you have started an image with something like this and that you have the Nvidia Toolkit installed (assuming you are using GPUs). If you're not using nvidia just remove --runtime=nvidia --gpus all.
docker run -it --runtime=nvidia --gpus all ubuntu bash
These works for most images li........
You'll notice that /etc/resolv.conf contains dire warners on most Linux Desktops.
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use........
Just in case, it is reocmmended to backup the original contents of the directory (especially your home dir) before proceeding.
Setup ecryptfs
Run this command: ecryptfs-setup-private
It will ask you for your login password, this is so that when you login, everything is automatically decrypted by using a passphrase that is wrapped with your login.
You can hit enter and leave things blank for an autogenerated passphrase (for mounting) or you can en........
See below in the screenshot that copy is disabled by visual mode which enables automatically:
Fix it by setting this .vimrc option:
echo "set mouse-=a" >> ~/.vimrc........
haproxy is one of the best known and widely used Open Source load balancers out there and a strong competitor to nginx.
haproxy is used by many large sites per Wikipedia:
HAProxy is used by a number of high-profile websites including GoDaddy, GitHub,........
1 - Install Vagrant
apt install vagrant
Make sure you have a supported Virtualization tool like Virtualbox or VMWare, Hyper-V etc.. It automatically detects and uses what you have. Virtualbox has a lot of support here with tons of images.
2 - Init Vagrant
We'll init to have a Debian 10 box by default to show how quick and easy it is.
vagrant init generic/debian10........
You can read lots of posts about this issue but there is not much information about why this is the case or how grub determines the root= device name. Some even suggest modifying grub.cfg manually which is a disaster as the next kernel update will cause grub to revert back to the device name.
For most people this won't be an issue but those using template system, automated deployments and working in embedded may run into this issue with custom embedded and created minimal kernel........
This can be a real pain when automating things and you do an apt install and some packages ask a lot of questions.
Make sure you set this variable when running:
DEBIAN_FRONTEND=noninteractive
Remember as well that if chrooting you will want to run like this:
DEBIAN_FRONTEND=noninteractive apt install -y yourpackagename
........
Router#show license
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
Lic........
If you are in enable mode and make a typo, the router will treat it as a domain name and try to resolve it, and if it can't resolve it, you'll have to wait until it times out.
Here's how to solve the Translating domain server error in Cisco
Enter this in config mode:
no ip domain-lookup
Be sure to sav........
Sometimes manual intervention on various Linux system's, including Debian, is required to fix things after waking up from sleep.
One persistent issue is the sound system / pulseaudio needing to be reset and not working until you do that after waking up. It's not clear if it's an OS issue itself or the sound driver, but this will fix things.
Where do we put scripts or commands that need to be used upon wakeup automatically?
/lib/systemd/syst........
(firefox:9562): LIBDBUSMENU-GLIB-WARNING **: Unable to get session bus: Failed to execute child process "dbus-launch" (No such file or directory)
ExceptionHandler::GenerateDump cloned child 9743
ExceptionHandler::WaitForContinueSignal waiting for continue signal...
ExceptionHandler::SendContinueSignalToChild sent continue signal to child
[Parent 9562, Gecko_IOThread] WARNING: pipe error (40): Connection reset by peer: file /build/firefox-EymEXX/fire........
The Best Docker Tutorial for Beginners
We quickly explain the basic Docker concepts and show you how to do the most common tasks from starting your first container, to making custom images, a Docker Swarm Cluster Tutorial, docker compose and Docker buildfiles.........
Just click on the Start Menu and go to "Startup Applications"
Then click on the "Add"Button
Now enter the command we need to open the folder/directory automatically using the filemanager
For remote SSH host (you need pub key auth for it to open without a pa........
The key is that you need to know the passphrase to do it, if you don't know the password for the key then you can't remove the key since it cannot be decrypted.
ssh-keygen is the easiest method and openssl can be used to manually remove the key and output it to a new file, which you can then copy back over top of the encrypted file.
After that your public key authentication will work without any password prompt because it is no longer encrypted. Make sure you understand........
How To Install Wazuh Server / Quickest Installation
Wazuh (forked from the well known OSSEC project) is a full SIEM (Security Information Event Management) that works extremely well with the platforms it natively supports as an "Agent", which allows you to do scans of everything such as all processes running, CVE vulnerability check, incident reporting etc...
Prerequisites:
A lot of issues with Wazuh seem to be caused by i........
A lot of newer installs will automatically prohibit the root user from logging in directly, for security reasons or they will only allow key based access.
If you know what you are doing/don't care about security or have an incredibly secure password for testing, then you can enable it.
Edit this file: /etc/ssh/sshd_config
Find the following line: PermitRootLogin
Set it like this:
PermitRootLogin yes
Now rest........
1. Let's work from an environment where we can install Ansible on.
If you are using an older version of Linux based on Mint 18 or Ubuntu 16, you may want to get the PPA and get the latest version of Ansible that way:
sudo apt install gpg
sudo add-apt-repository ppa:ansible/ansible
sudo apt update........
Just a quick note and warning is that if you are testing to see if EFIPXE booting works on a VM, MAKE SURE it actually works. For example Iinitially tested using my Distro's QEMU 2.5+dfsg-5ubuntu10.46 and ovmf BIOS firmware (OVMF supports EFI). However, I found on old versions of QEMU (like 2.5), EFIbooting with GRUB NEVER works so it may appear that you have made a mistake when everything is fine when you boot a physi........
Enable "cli" mode equivalent in JunOS
cli
Configure Mode
configure
So rather than going to the console on a Cisco switch and typing "enable" and then "conf t", the equivalent in JunOS is "cli" and "configure".
How Do You Apply Changes You've Made?
You can make all kinds of changes to the switch, but remember they are not........
Traditionally kernels were numbered starting from 0 but by default the "new style" of grub boot loading considers each subkernel item to be different so if you have 3 entries for 4.40-148 rather than counting for 1.
To get the expected behavior let's show this example and how we can boot it
We do a grep on menuentry in /boot/grub/grub.cfg to see all of the bootable kernels rather than scrolling through loads of extra entries we don't care about (thou........
kdenlive is VERY finicky especially if using an older or newer version it can cause crashes, menus not to work, features not to work, things not to work properly.
A good example is that Icould NOT get automask to work, there would be no box to control it until I did this full reset.
One caution is that your backup project files will be erased when doing this:
How to Reset kdenlive entirely
rm ~/.config/kdenlive-layoutsrc
rm........
If you've come here, don't be embarraassed, working in IT, this is the MOST common computer problem that almost everyone will encounter. The reason why I'm doing this post is because I've seen an increase from colleagues and admins having this problem and many times it's not even your fault. A common scenario is that someone acquires a new or used computer which they weren't given the password for. Fortunately Ihave a detailed list of all the options whether free or pa........
apt install software-properties-common
add-apt-repository ppa:deadsnakes/ppa
apt update
apt install python3-pip
apt install python3.7 curl gnupg python3.7-dev git
ln -s /usr/bin/python3.7 /usr/bin/python3
pip3 install numpy keras_preprocessing
curl https://bazel.build/bazel-release.pub.gpg | sudo apt-key add -
echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel........
There are a few caveats that may not be obvious to everyone so I am going to cover them here but keep this in mind before starting.
Before starting install epel or you will be missing tesseract:
yum -y install epel-release
#1) When you specify your SSL certificate with a full path, it really needs to exist where you tell it to (including the default location of /etc/ssl/certs and /etc/ssl/c........
This is sure simple if you follow the guide but it took a lot of hacking around to make this work on Debian/Ubuntu!
Now before you ask why bother running wine and python, the reason is because Python executables are NOT cross-platform. If you run pyinstaller in Linux, that binary will only run on Linux and the same if you do it in Windows. So it is preferable if you have a single environment that you can create Linux and Windows binaries from rather than running 2 separate........
The cool thing here is that we only need 1 drive to make a RAID 10 or RAID 1 array, we just tell the Linux mdadm utility that the other drive is "missing" and we can then add our original drive to the array after booting into our new RAID array.
Step#1 Install tools we need
yum -y install mdadm rsync
Step #2 Create your partitions on the drive that will be our RAID array
Here I assume it is /dev........
The easiest way to know if your videos are playing with GPU acceleration are to watch the process of xplayer, mpv or whatever you are playing. The CPU usage should be no more than 10% for that process/program if it is using acceleration.
Let's manually play with vdpau to make sure it works before we make it permanent:
First make sure you have libvdpau installed:
sudo apt install vdpau-driver-all
If yo........
This is all controlled by /etc/issue
You can basically enter anything in there that you like, but there are preset variables that are mentioned at the end of the page that discuss this.
Some examples of /etc/issue:
Centos 7:
S
Kernel r on an m
Ubuntu 16.04:
Ubuntu 16.04.6 LTS n l
You can also insert any of t........
Most of us know the heredoc method but what if you need a basic query done repeatedly and manually while working from bash? It is a pain to manually type mysql and login each time.
With this command below you can semi-automate those queries:
echo "use somedb; select * from auctions" | mysql -u root --password="yourpassword"
Just modify the above to suit your needs and you can add more queries by adding a sem........
cat .htaccess
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
I keep reading there is a "# BEGIN WordPress" and a "# END WordPress" in the wordpress htaccess above but there is clearly not.
Even more strange is that my permissions are just 444 (read only).
so i changed it........
It is really simple using .htaccess with mod_rewrite.
Here is all you need:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://site.com/$1 [R=301,L]
Another more graceful way is to use the %{SERVER_NAME}variable to make it dynamic. Just be careful that the server name will always match what you expect. (eg. if you are doing load balancing or clustering what if the server name may be somethi........
You'll have to edit the policy.xml file to fix this:
convert -density 300 output.pdf agreement.jpg
convert.im6: not authorized `output.pdf' @ error/constitute.c/ReadImage/454.
convert.im6: no images defined `agreement.jpg' @ error/convert.c/ConvertImageCommand/3044.
sudo vi /etc/ImageMagick*/policy.xml
Change
policy domain="coder" rights="no........
The strange thing is that usually the first install or two will work on any new machine but then it suddenly won't. I had this experience on QEMU 2.13 on a different machine. There is something finicky or buggy about the CUCM installer even when choosing the same virtual hardware specs.
qemu-kvm command:
/usr/libexec/qemu-kvm -version
QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2-2.506.el6_10.1), Copyright (c) 2003-2008 Fabrice Bellard
........
This will find all tap devices and try deleting all of them. Of course don't run this if there is a chance an unused tap device is necessary and would not be created by the script ro application using it.
for tap in `ifconfig -a|grep tap[0-255]|awk '{print $1}'`; do
tunctl -d $tap
done........
This is usually because the Group Policy forbids that user or group from logging in.
run "gpmc" (not "gpedit.msc" as that is for local computer settings when you are not using Active Directory) or go to Administrative Tools and Group Policy Management.
Edit the default domain policy like below........
WARNING: Image format was not specified for '/mnt/space/cucm12.img' and probing guessed raw.
Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
Specify the 'raw' format explicitly to remove the restrictions.
#you should manually specify the format
q........
If you have an SSHproxy that you need to run automatically from cron you will need it in the background to work.
ssh -N -D 22000 user@domain.com
Basically the -N let's it continue running in the background.........
In most of the Cisco router IOS I find the ports like ge0/0 ge0/1 and ge0/2 or whatever your ports are down. They will not even give you a link light. So one of the first tasks should be getting the port you are working with up.
In my case the first goal is often connectivity with the LAN and WAN.
LAN = your local area network (eg. in the office/home )
WAN= your ISP/public internet (eg. fiber/cable/dsl/ethernet).........
Idid a systemctl restart networking and it broke Proxmox VM connectivity!
#proxmox is the problem after restarting the network the tap devices go to disabled state
[2230884.919905] vmbr0: port 7(tap118i0) entered disabled state
[2230884.948864] vmbr0: port 8(tap122i0) entered disabled state
[2230884.972748] vmbr0: port 6(tap119i0) entered disabled state
[2230885.004745] vmbr0: port 5(tap117i0) entered disabled state
[2230885.03673........
./certbot-auto --apache certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): yourdomain.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for yourdomain.com
Cleaning........
Jan 30 17:16:10 localhost sshd[25385]: error: Failed to allocate internet-domain X11 display socket.
The solution for me on the server side was the following in sshd_config:
AddressFamily inet
*Remember to restart sshd and also reconnect from the client side.
Ihad all the normal X11 settings on the server but it just stopped........
The defaults in Windows 2016 server leave clients crippled so they can't even download basic files or software. But Group Policy Management Editor comes to our rescue!
Use cmd or Powershell and run:
gpme.msc
Choose your domain/computer and then navigate like below and create a new menu entry for IE11 or whatever your version is. Don't be worried if the highest version is IE10 it means that it applies to IE10 AND above.........
Navigate to Tools -> Account Settings -> Server Settings
Uncheck the following:
"Check for new messages on startup"
"Check for new messages every NN minutes"
"Automatically download new messages".
Source: http://forums.mozillazine.org/viewtopic.php?t=635510........
Do you hate it when your ISPhas old cached records because of a high TTLon the DNS record of the relevant domain? In plain English this means you often can't connect to a site or service because your ISP's DNS servers haven't gotten word of the new IP address (probably because they haven't checked). There are also some that are notorious for ignoring TTL and not updating records for days!
But if you are lucky and smart enough to have your own Linux based DNS se........
First we need to create dhclient.conf if it doesn't exist or edit it:
vi /etc/dhclient/dhclient.conf
#add this line at the top add the IPs as commas they will be the highest priority nameservers and whatever your ISP gives you will be used after these one (good for DNS backup)
prepend domain-name-servers 127.0.0.1,10.10.25.8;
After you restart your network or run dhclient again you should see the contents of........
First you need the "iptables-persistent" package. This gives you an init script that loads your settings from /etc/iptables/rules.v4 and rules.v6
When you install it, it wll save your default setings in /etc/iptables.
sudo apt-get install iptables-persistent
Remember that the rules are stored here:
For IPV4: /etc/iptables/rules.v4
For IPV6: /etc/iptables/r........
What Is Active Directory?
Active Directory is essentially an enhanced, centralized database with a set of objects that make user management, authorization, and data management simpler. Active Directory is synonymous with "Domain Controllers" where a single "domain" often consists of multiple sites and members of the domain. Multiple domains can also be joined to belong to a tree ( a collection of domains). And the highest layer is the forest whi........
systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system.
The key commands or arguments you will use with systemctl are the following:
Unit Commands:
list-units [PATTERN...] List loaded units
&nbs........
An error occurred during a connection to some-ip-or-domain. SSL peer reports incorrect Message Authentication Code. Error code: SSL_ERROR_BAD_MAC_ALERT
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
**Solution**
Go to about:config........
After starting the install it stalls here:
admin/index.php?cache=0&agreelicense=1&confirmrelease=1&lang=en
If you manually refresh you get a Plugins check screen:
Installation
System
Moodle second step fails just blank screen:
https://domain.la/user/editadvanced.php?id=2
Solution: give up and choose something else it shouldn't be thi........
Aug 13 13:46:33 s2sout2d45040 info Failed in all attempts to connect to proxy.eu.jabber.org
Aug 13 13:46:33 s2sout2d45040 info Sending error replies for 1 queued stanzas because of failed outgoing connection to proxy.eu.jabber.org
No clue why it tries to use a proxy not explicitly specified. This could be because the proxy specified for the domain fails when someone is trying to se........
[root@localhost:~]
BootModuleConfig.sh echo host-ind nfcd........
Aug 10 01:11:54 mailserver postfix/smtp[6180]: 020AE17C2BD1: to=, relay=none, delay=0.29, delays=0.28/0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=gmail.con type=A: Host not found)
A user complained that their e-mails weren't being delivered but they actually made a small typo and used gmail.con so it wasn't working as expected of course........
sudo apt-get install libcurl4-openssl-dev git build-essential autotools-dev autoconf libcurl3
sudo apt-get install libcurl4-gnutls-dev
git clone https://github.com/wolf9466/cpuminer-multi
sudo apt-get install cmake libpthread-* libmicrohttpd-dev libssl-dev libhwloc-dev
git clone https://github.com/fireice-uk/xmr-stak-cpu.git
make install
cd bin
chmod +x xmr-stak-cpu
./xmr-stak -O xmr........
[root@thetor2017 conf]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: WARNING: MaxClients of 3000 exceeds ServerLimit value of 300 servers,
lowering MaxClients to 300. To increase........
Ialready have the caja-image-converter option installed but it shows nothing.
Weirdly enough if you install nemo and nautilus converter it does show and work inside caja:
The solution is to install *-image-converter
sudo apt-get install *-image-converter
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'n........
#mount the VCSA DVD
mount /dev/sr0 /mnt/cd
#alternatively you could mount the iso directly
mount -o loop vcsa.iso /your/mount/path
#for this purpose we are using the CLI installer on Linux
cd /mnt/cd/vcsa-cli-installer/lin64
#no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file
./vcsa-deploy
Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........
A simple way that may work for a lot of people who just need basic output for their scripts or daemons to announce an action is this:
echo "body or message" | mail -s "realtechtalk.com" user@domain.com
If you want to send a text file as the body just do this instead:
mail -s "realtechtalk.com" user@domain.com < /tmp/sometxtfile.txt
These are some ve........
Centos when copying old files and restarting it seems load everything fine and then says [FAILED] with no log or other message.
service restart named
named [FAILED]
Check more thoroughly you may have missed the error if you have lots of zones!
service named restart|grep error
zone 1.168.192.in-addr.arpa/IN: not loaded due to errors.
zone 2.168.192.in-addr.arpa/IN: no........
This happens because Dovecot limits the maximum IMAPconnections per IPto just 10. This may be fine for a single client side IPbut if an entire office or multiple users are behind one IPor a single heavy user is active then you will get bizarre errors in your e-mail clients such as "Password Incorrect" or similar in Thunderbird. It won't be obvious on the client side as to what the problem is and they will probably just think the server is misconfi........
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.2.15 (CentOS) Server at testdomain.com Port 80........
This is not the normal "black screen"issue and I was shocked to eventually find out why. The normal advice of reconfiguring Xorg didn't work. Even booting into "Recovery Mode" did not help.
Here is the short end of the stick that fixed it:
sudo apt-get install mdm mate-desktop-environment
Yes you got it right, mdm and the mate-desktop-environment / gnome were somehow uninstalled. This must be whe........
It is well known hackers, the NSA, CIA and other groups have created malware to secretly turn on your webcam and microphone on your phone, tv etc.. But fortunately on our computers and laptops we have some options.
Most webcams use the "uvcvideo" kernel module / driver. You can disable this in two ways on boot. I recommend both just as a failsafe.
Disable it on rc.local once your system boots automatically
Add the followi........
This is one thing that has me wondering about SMF. It is apparently a known issue but in the latest version and new install nothing looked right because it was using http://127.0.0.1 to find everything! How on earth would it ever do this or think it is normal?
Excerpt of crazy html code it produces that causes the issue:
........
So I have a domain "testdomain.com".
Inside test domain.com's root is the following .htaccess:
Options +FollowSymLinks -Indexes
ErrorDocument 403 /launch/index.html
Order Deny,Allow
Deny From All
Allow From 192.168.1.2
When you visit anything other than root things work fine. Eg. if you visit http://testdomain.com/somedirfile.html
It will show the right error in /launch/........
It has been a big pain for a long-time to install Windows from a Linux environment. I used to run a windows install server and it never worked right for some reason (the install would fail on most servers).
Before getting start be sure to setup your samba share so once you boot into WinPE you can mount the install for whatever Windows you want
/etc/samba/smb.conf
[smbwinstall]
path = /tftpboot/images/winstall
guest ok = yes........
Some of the cheaper or newer SSL suppliers will require this to work properly (otherwise you may be prompted that the cert is invalid when it's not the case but it will certainly scare off your users!).
In the Apache vhost conf for the domain here is what you add:
SSLCACertificateFile /path/to/your/cafile.pem
Here is a full example of an SSL Vhost config in Apache using a CA Certificate file
........
First find the line number:
awk '/what you are searching for/{ print NR; exit }' input-file
86
Now use sed to replace it:
sed -i 86s/.*/"your replacement text"/ $file
Here is a full sample script to automate it:
file=some/f........
It's really simple and just a matter of the following line within the subnet declaration.
deny unknown-clients;
See example below:
subnet 10.25.20.0 netmask 255.255.255.0 {
range 10.25.20.11 10.25.20.254;
deny unknown-clients;
option routers 10.25.20.10;
option domain-name-servers 208.67.222.222;
 ........
A great way if you have a bunch of drives and mdadm connected and are looking for backups/archives and don't know what is where!
for md in `cat /proc/mdstat|grep md[0-99]|awk '{print $1}'`; do mkdir /mnt/$md; mount /dev/$md /mnt/$md; done........
This through me for a loop when I would do a cp -rf or mv -f nothing would get overwritten even if piping y or yes to the command.
Type alias and you'll see why:
alias cp='cp -i'
alias l.='ls -d .* --color=auto'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias mv='mv -i'
alias rm='rm -i'
The -i is a safeguard against messing things up but however does mess things up worse when you know what........
I have never had this error on Linux and this is running FreeBSD as root:
Wed Aug 9 04:29:34 2017 us=329050 Cannot allocate TUN/TAP dev dynamically
Wed Aug 9 04:29:34 2017 us=329832 Exiting due to fatal error
The Solution you need a kernel module that is for some reason not automatically loaded like Linux:
kldload if_tap........
I have never had this error on Linux and this is running FreeBSD as root:
Wed Aug 9 04:29:34 2017 us=329050 Cannot allocate TUN/TAP dev dynamically
Wed Aug 9 04:29:34 2017 us=329832 Exiting due to fatal error
The Solution
You need a kernel module that is for some reason not automatically loaded like Linux:
kldload if_tap........
Solution:
Aptitude is very smart and fixed the issues it was because of nvidia cuda and opencl and nothing else suggested or hinted this using apt
sudo aptitude install wine
The following NEW packages will be installed:
ocl-icd-libopencl1{ab} ocl-icd-libopencl1:i386{ab} wine wine1.6
wine1.6-amd64{a} wine1.6-i386:i386{a}
The following packages will be REMOVED:........
#if you have nvidia make sure you install the nvidia-cuda-toolkit so hardware acceleration can be used
wget http://ffmpeg.org/releases/ffmpeg-3.3.2.tar.bz2
tar -jxvf ffmpeg-3.3.2.tar.bz2
cd ffmpeg-3.3.2/
./configure --disable-yasm
install prefix /usr/local
source path ........
I am using a GTX 1060 but replace the download for the driver with the correct/current version for your particular card by visiting: http://www.nvidia.com/Download/index.aspx?lang=en-us
yum install automake curl openssl-devel libcurl-devel gcc gcc-c++
yum -y install kernel-devel-`uname -r`
yum -y install unzip
#the........
This error is commonly due to Java security or TLS settings but there is a second issue with forwarded ports that also causes it.
1. Java Security/TLS Settings issue:
This article has the solution to change them all in Linux automatically
2. Port Forwarding Issue if your Avocent DSR is behind NAT/private IP........
whois in Linux is incredibly out of date and does not seem to recognize most new TLDs domains, but there is a quick and easy tip/hack/tweak for this.
An example of new TLD's site as .review .site .club
whois somesite.club
No whois server is known for this kind of object.
bash to the rescue
Now I did try to apply this in .bashrc but DONOT! Ithink the * wil........
This is especially helpful if you run your own servers. If you are presented with an error message or warning that the signature has changed or does not match the IP/domain you are connecting to you always want to verify manually.
So your e-mail/web client will show you an SHA-1 fingerprint like this:
"Could not verify this certificate because the issuer is unkown" or other reasons such as a mismatch in IP/domain.
It will also show you........
The solution is simply "tidy"/Tidy-HTML. It will take your poorly formatted HTML code (and I mean files that span just a few lines that are unreadable) and fix it up.
Note the command below does everything in place. *Make sure you take a backup of all .html files*
It also seems to break html5 code/templates so beware.
tidy -im yourfile.html
An automated way in bash:........
Just manage your domain in Enom and choose "Host Records"
Choose "URL Redirect" as the record type.
As shown below choose the URL and add "?redir_mode=301" to the end of it.
To test the 301 and make sure it is a 301 (unlike Godaddy which really did a 302 when I chose 301!).
........
The "passwords do not match" implies or makes it appear that your auth code is wrong but actually you have to click "View additional settings" and then see there are 2 password fields to manage the domain once it is transferred (the password is typed twice for confirmation). Simply fill out a password twice or remove the first password fields contents and all will be well.........
What code is being returned or where is a URL/domain redirecting you to? Curl makes this easy and simple:
curl -Iyourdomain.com........
convert -trim yourimage.png
That's all there is to it, very simple, clean and quick!........
This actually only happened after an e-mail server ran out of space due to run away log files. Normal Desktop clients were not affected. It appeared to be a bug in K9 mail but even reinstalling/wiping all settings did not fix it (read e-mails would still not reappear).
This is moreso a bug in Dovecot where it probably messes up the index files.
How do you fix this in Dovecot/your e-mail server?
You need to delete the do........
md127 issue, it should be /dev/md3 per mdadm.conf
Any time something is mounted as md127 it almost always means there is no entry for this mdadm array in the mdadm.conf in initramfs (which is separate from your actual /etc/mdadm.conf).
cat /etc/mdadm.conf
ARRAY /dev/md3 metadata=1.2 UUID=b6722845:381cc94e:7a2c5b5f:8e3b7c4f
The reason for this is something strange, most Linux OS's bizarrely always keep their own copy of /etc/mdadm.con........
I still cannot understand how this would not be enabled by default and I struggled to find the reason why with manually installing samba etc.. wondering why the option for sharing was not in the menu.
On Linux Mint "MATE" the package is called "caja-share" and on Cinnamon it is called "nemo-share" so edit the below command as necessary:
*Also note that the "samba" package is necessary as it is not inst........
Stopping httpd: [ OK ]
Starting httpd: [Wed Jun 29 19:29:44 2016] [warn] _default_ VirtualHost overlap on port 80, the first has precedence
[Wed Jun 29 19:29:44 2016] [warn] _default_ VirtualHost overlap on........
openvpn 2.3.10-1.el6 issues
in the .conf
auth-user-pass-verify "passwordcheck $username $password $untrusted_ip" via-env
auth-env does not work correctly in OpenVPN 2.3:
Sat Apr 23 02:30:22 2016 - $username - $untrusted_ip - login failure
But OpenVPN 2.2 does work as expected.
It could be that the specified script automatically receive........
There are a few ways of doing this and all basically involve using the reverse proxy or "ProxyPass" feature of Apache to accomplish it.
1.) Create a normal vhost and simply symlink the root directory of the site you want to mirror.
Eg. originalsite.com and newsite.com
/vhosts/originalsite.com/httpdocs
You would symlink like this:
ln -s /vhosts/originalsite.com/httpdocs vhosts/originalsite.com/........
1.) Flash directly to this file:
http://tomato.groov.pl/download/K26RT-N/build5x-132-EN/Linksys%20E-series/tomato-E2500-NVRAM60K-1.28.RT-N5x-MIPSR2-132-Max.zip
*I was never able to get the larger "Mega" file to work, at least not initially so I recommend the file above.
To enable 5ghz I had to do the "Clear NVRAM" Option before it was shown.
2.) Or if you don't need 5ghz (most devices do not support it and cannot........
The below forces all request to your domain to go to the main non-www root domain.
Updated code:
RewriteCond %{HTTP_HOST} !=domain.com
RewriteRule ^(.*)$ https://newurl.com/subdir/$1 [R=301,L]
If you don't want it to go to a subdirectory:
RewriteCond %{HTTP_HOST} !=domain.com
RewriteRule ^(.*)$ https://newurl.com/$1 [R=301,L]
Bad code:
This code is bad beca........
The best way is as below in .htaccess using modrewrite, any request that is not SSL will be redirected to https://domain.com and the exact same URL
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]........
It is very handy to remember this and nice that the logs for all domains are in a central location:
/usr/local/apache/domlogs........
Here is the scenario you or a client have a remote machine that was installed as a standard/default minimal Centos 6.x machine on a single disk with LVM for whatever reason. Often many people do not know how to install it to a RAID array so it is common to have this problem and why reinstall if you don't need to? In some cases on a remote system you can't easily reinstall without physical or KVM access.
So in this case you add a second physical or disk or already ha........
#solution
Edit /etc/yum.repos.d/openvz.repo
For the first two entries comment out #mirrorlist and uncomment #baseurl and then it worked
openvz yum problem Centos 6.5 cannot find file on mirror:
yum update
Loaded plugins: fastestmirror
Determining fastest mirrors
* openvz-kernel-rhel6: mirrors.ustc.edu.cn
* openvz-utils: mirrors.ustc.edu.cn
base ........
sudo apt-get install zoneminder
[sudo] password for one:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libuser-perl python-evince kdebase-apps kwrite unixodbc
libgnomeprint2.2-data python-soappy vgabios python-metacity hddtemp
python-mediaprof........
vi /etc/yum/pluginconf.d/fastestmirror.conf
exclude=.hk,.cn
You could also use specific domains but as you can see above we are blacklisting all Hong Kong and Chinese mirrors in this example.........
-------------------------------------
ProCurve J4903A Switch 2824
Software revision I.10.77
Copyright (C) 1991-2009 Hewlett-Packard Co. All Rights Reserved.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the Government is subject to restrictions........
Account Functions -> Change Site's IP Address
Choose the domain and then click "Change"
Choose the new IP
1.) Setup SSL Certificate in cPanel
Click on "SSL/TLS Manager" under the "Security" section.
2.) Under " Private Keys (KEY)"
Click "Generate, view, upload, or delete your private keys."
Choose "Key Size: 4096........
The most common solution is to use the /etc/postfix/header_checks but this is a big problem.
Why is header_checks a problem? Because it does it to all mail whether incoming or outgoing and whether authenticated or not. We of course want as much header information for incoming as we can get for many reasons but many organizations want to secure and make their mail clients as secure as possible.
I adapted this solution to the client's custom config, they are configur........
Unable to mount iPad 4
Unhandled Lockdown error (-4)
This is because you need the libimobiledevice-utils package installed and a newer version of it.
My older Ubuntu 10.10 uses a version that does not have "idevicepair" which seems to work perfectly and automatically with newer versions of the library.
Basically if you install the above library it should be plug and play and if your imobiledevice-utils doesn't have 'idevice........
There is a weird quirk with how this works, but there is a variable called "src" that defaults to 0 or disabled if not specified as 1.
The default 0 means not to recur billing on a subscription. It's too bad it's not more obvious anywhere nor is there an explanation or warning during payment or after to both the seller and buyer.
Here's a proper subscription code example that does recur and does not cancel........
I struggled with this for awhile because sometimes you have rewritten URLs that you want to pass a query string but most of the info and examples do not support this.
Take a typical example like this:
RewriteRule ^(.*)-(.*)-(.*) /?module=$3&id=$2
You need to add the QSA flag to make it work like below:
RewriteRule ^(.*)-(.*)-(.*) /?module=$3&id=$2 [QSA]
The QSA preserves the original query string but also appends it wit........
CPanel says you can access 98% of the functions through CLI which experienced Unix/Linux admins prefer for simplicity and for scripting. I've never found CPanel easy to use from the admin panel, it seems everything is hard to find and a simple task becomes a series of hunts.
So for people like me here's the list: http://cpanel.net/system-administrators/command-line-scrip........
error: Failed to create domain from /home/kvm/kvm101/kvm101.xml
error: cannot open file '/dev//dev/kvmcontainer/kvm101_img': No such file or directory
This is caused by what we consider a quark in SolusVMthat Ihelped a client with.
SolusVMhas as config for the "LVMvolume name" and does not enforce any convention.
Naturally most technical people would use the actual path eg "/dev/kvmcontainer".
However th........
It's always bothered me how Wordpress basically forces the user to provide their hosting credentials to install themes and plugins. How do know for sure the data is not being saved, intercepted and being provided backdoor access to the NSA or other agencies or even just being misused by others with access?
Here's how to close the security hole above and if you're already given Wordpress your credentials make sure you change everything associated it with it. Eg. change your........
./configure
./configure: line 91: cd: /lib/modules/2.6.32-042stab084.25/build: No such file or directory
Error: kernel version not found.
Please make sure your kernel is configured.
dr-xr-xr-x. 4 root root 4096 Feb 21 06:13 ..
lrwxrwxrwx 1 root root 45 Feb 21 06:13 build -> ../../../usr/src/kernels/2.6.32-042stab084.25
drwxr-xr-x 2 root root 4096 Feb 12 20........
All Errors (CPanel does not report by domain, but puts everything in a single log which Ithink is a bit silly and annoying):
/usr/local/apache/logs/error_log
Access_Logs
They are found within the home directory of the site user eg.:
/home/admin/access-logs/yoursite.com
MySQL Logs
/var/lib/mysql/yourhostname.err........
Iread this article and still don't understand the issue.
If I understand correctly the client negotiates after the first SSLconnection and then gets the correct hostname and thus correct certificate.
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
To their credit I know I'm not using SNIbecuase Iget this message in the Apache log :)
[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
B........
Browse to this directory: ~/.config/libreoffice/3/user/backup/........
LSi Megaraid
At first it was configured as a RAID 0, then I deleted the Virtual Disk Group.
I thought both drives would be shown and detected in Linux as sda and sdb but it actually shows nothing.
To make them work you have to hit Ctrl+R before the system boots (when prompted) and create a Virtual Disk Group. In my case I created each one as RAID 0 (with a single drive only) as I just wanted JBOD but there is no such option or default in these Dell Pe........
CPanel ->Basic cPanel &WHMSetup
At the bottom you'll see them, set the nameservers you want to use and the corresponding A record if needed.
Then all new domains will use those settings/nameservers.
It's strange that there's no section for this specifically.........
http://support.godaddy.com/help/article/668/registering-your-own-nameservershosts?pc_split_value=1
Log in to your GoDaddy Account.
Click on "My Account" at the top left.
Click on "Domains".
Click on the "Launch" button for the domain you want to create the nameservers for.
Find........
Add a DNS Zone
Results of adding zone
Sorry, you must enter a domain. Please try again.
Fill this out at the top (Imissed it)
Domain Selection
Ip Domain
The issue was I didn't realize the form above had to be used,I thought it should work where you click on the user, domain and then click on the submit button and you'd go to the next step. But it doesn't, you need to........
The Cause
Basically it's usually because your Cpanel has new IPs and the old IPs it knows are no longer available/working/valid.
The solution is to change the site's IP but you may run into issues for various reasons. Here is what I encountered below.
It redirects there even though public_html is empty and doesn't have any index or htaccess redirect.
---
This issue happened after a CPanel migration, the site is bein........
The key here is to use the "uuencode" command but note that we specify the file name twice (this must be done at least on Centos or it won\'t work).
The first file.zip is the actual file we want to send.
The second file.zip i........
Jul 11 15:20:58 tor sendmail[9617]: r6AKjOD07: to=
mailserver.com was the hostname of the server, sendmail sends this by default and many mailservers will reject mail to a hostname that does not resolve or exist.
The easiest way is just to change the hostname and make sure it does resolve to something.
I read there is a way in sendmail.mc to manually set a hostname but I never got it working:
vi /etc/mail/sendmail.mc
define(`confDOMAIN........
foreach ($_POST as $key => $value) {
if ( $key != submit )
{
$values.="$key=$value<........
This is useful for developing a lot of applications, I'm putting it here to keep it handy for myself and hopefully others:
Choose CountryCanadaJapanUnited StatesUnited KingdomAfghanistan........
If you move your hard drive(s) around to other computers/servers, you'll find that your eth0 keeps getting higher, the first time it will become eth1 and then eth2 etc and even higher if your server has dual or quad NICs. The reason is that udevd basically assigns eth0 tot he first NIC it finds and remembers it, if it encounters a NIC with a differentMAC, it assigns it one higher (eg. eth1).
See the example below, I have eth2 now so how doI fix it?........
This is a handy link and list of all the relevant Directadmin log files and related servers.
http://help.directadmin.com/item.php?id=11
DirectAdmin:
/var/log/directadmin/error.log
/var/log/directadmin/errortaskq.log
/var/log/directadmin/system.log
/var/log/directadmin/security.log
Apache:........
arp -a
syst (192.168.1.122) at 21:96:43:3a:62:a2 [ether] on eth0
arp -d 192.168.1.122
If you get an error do:
arp -d 192.168.1.122 -i eth0
Sometimes the arp cache just won't clear either, some say it should automatically but there are cases where the above doesn't work. I believe it may be that some network applications are keeping the entry alive but this is just a guess.........
This is very handy if you're too busy and don't have time to download whatever files you need.
The -D specifies the domains allowed, this is because I specified -H which means foreign hosts are allowed, if you don't restrict them you'll end up going to the whole internet via ads and other links just like a search Engine would follow.
-l 0 specifies to go deep, to as many levels as possible/as exist.
-e robots=off is important because robots.txt often says you can't vie........
This is something I often setup for clients because it's very helpful for people in datacenters, this allows custom OS installs on demand, you can customize it more by using kickstart etc.. but here's a base I use before customizing more:
This little script below will install everything you need to get booting by PXE Linux.
It also assumes you set a local IP (be sure not to overwrite your existing IP) on eth0:0 (note the :0) as 192.168.1.10 and it........
The best way is to use rsync, I've set it up so it doesn't copy unnecessary files, or at least ones I'm sure aren't needed.
Here is the rsync command Iused (adapt to your specific Thunderbird profile location):
rsync -hazv user@remotehost.com:/home/user/.thunderbird/sbrer.default/* /home/user/.thunderbird/4nyb0.default/ --exclude=global* --exclude=Cache --exclude=ImapMail --exclude=Mail
This is a great way to get your e-mail accounts going on a new c........
qemu-img create -b centos.5-8.x86.20120308.qcow2 -f qcow2 ../kvmguests/25000-centos5.8x86.qcow2
Formatting '../kvmguests/25000-centos5.8x86.qcow2', fmt=qcow2, backing_file=centos.5-8.x86.20120308.qcow2, size=10485760 kB
-b the source/base image
-f format is qcow2 and the location of the destination image
What is so special about this? It's even quicker than creating a template with OpenVZ but this is an actual OS.
It saves time a........
A lot of people become nervous (and understandably so) when checking their auth or security logs, in Centos /var/log/secure and see dozens, hundreds of even thousands of attempted logins to various services, especially SSH.
Of course you could manually block these people/IPs but no one has time to read the logs like that, what if some program or script could do it for you?
This is what denyhosts does for you, it checks the logs and based on a certain number of failed SSH attem........
So you've just purchased your SSL cert, renewed it and installed it or maybe you've had it installed and working fine all the time with all other browsers but you've upgraded to a recent version of Firefox and suddenly get the warning "Error code: sec_error_unknown_issuer" error.
This is terrible since if you bought an SSL cert, you are most likely using it for trust purposes for your business and obviously that message will scare away most potential customers.........
wget -N http://httpupdate.cpanel.net/latest;sh latest
That one command above will do it all (and it takes a long time to install/compile). After that you can access CPanel with your root login information by visiting https://yourdomain-or-ip.com:2087
I personally don't like CPanel (bloated, full of bugs, no shared SSL, difficult to use etc..)but I admit it's easier to install than........
I experienced this with CPanel's Exim after an auto-update (a Google of this error produces lots of complaints with few clear solutions). In this case I'll put the solution at the top.
Run /scripts/buildeximconf to rebuild the Exim config and it should be fine after that.
mail -vs "from test" user@dest.com < .bash_history
LOG: MAIN
cwd=/root 4 args: send-mail -i -v user@dest.com
LOG: MAIN
&........
This was very annoying but has a simple fix, I had an echo and the voice quality was absolutely horrible (it sounded like tin cans under water) if that helps describe it. It was extremely distorted.
The simple Skype sound quality solution
Go to "Options" -> "Sound Devices"
Disable the "Allow Skype to automatically set my mixer levels"
After doing this the sound qua........
I dread updating the kernel and rebooting to find the Ubuntu graphics aren't working and you have to manually intervene. This is usually because Ubuntu for whatever reason didn't update the drivers you need (eg. the manually compiled Nvidia Kernel driver that MUST be recompiled for each and every kernel update unfortunately).
The most common reason may be that "linux-source" hasn't been installed automatically on my system. I tried to manually reinstall the........
This is the mail system at host mail.postmail.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
&........
Have you ever found a website/page that has several or perhaps dozens, hundreds or thousands of files that you need downloaded but don't have the time to manually do it?
wget's recursive function called with -r does that, but also with some quirks to be warned about.
If you're doing it from a standard web based directory structure, you will notice there is still a link to .. and wget will follow that.
Eg. let's say you have files in http://serverip/documen........
netstat is weak and can't show udp connections and most other protocols, use "ss" which is what netstat should have been:
The "-u" switch stands for udp, here's a list of other options:
Usage: ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]
-h, --help this message
-V, --version output ver........
mod_status is a great way to track down the source of high CPU usage and to find what vhost/script is the cause of it.
It gives you a live view of bandwith usage, CPU usage, and memory usage broken down by domain/vhost and script/URI.
Enable mod_status
vi /etc/httpd/conf/httpd.conf
ExtendedStatus On
SetHandler server-status
Order Deny,Allow
Deny from all
All........
I don't expect this to be solved soon but some of Yahoo's DNS servers are out of whack. I changed the IPs of some nameservers of some domains and now most Yahoo users can't e-mail to those domains!
As you can see below by the "No MX or A records for mychangedomain.com", now Yahoo's DNS/mailserver DNS cache is wrong. You would think they would at least have cached the old incorrect records, but instead for some reason their DNS cache has no entry and doesn't seem........
kernel 2.6.27.54
Fusion MPT base driver 3.04.07
Copyright (c) 1999-2008 LSI Corporation
Fusion MPT SPI Host driver 3.04.07
mptbase: ioc0: Initiating bringup
mptbase: ioc0: WARNING - Unexpected doorbell active!
mptbase: ioc0: ERROR - Doorbell ACK timeout (count=4999), IntStatus=80000001!
mptbase: ioc0: ERROR - Diagnostic reset FAILED! (102h)
mptbase: ioc0: WARNING - NOT READY!
mptbase: ioc0: ERROR - didn't initialize proper........
Centos 5 Postfix and SPAMASSASSIN Tutorial
yum install spamassassin
chkconfig spamassassin on
vi /etc/mail/spamassassin/local.cf
##############
#required_hits 5
#report_safe 0
#rewrite_header Subject [SPAM]
#5 is the least restrictive (means only the most obvious SPAM is caught. 0 is obviously the most restrictive/sensitive and would have lots of false positives
require........
I'm posting this because it wasn't easy or obvious how this would be accomplished and the man page leaves it to guesswork.
Multi-line body_checks
Example 1
/........
I bought the 1TB Deskstar C revision recently at just $49 each and put them in RAID 1for my Desktop.
Look at how close the old Deskstar 1TB comes to matching the performance of the mor expensive Samsung and WD's?
This is phenomal, I can't believe the performance I've gotten out of these cheap drives.
http://www.tomshardware.com/reviews/hitachi-western-digital-terabyte,2017-6.html........
When migrating away from Plesk I couldn't figure out an easy way to get a straight list of all e-mails, but here is where I found the solution:
http://nakuls77.wordpress.com/2008/08/30/details-of-email-ftp-database-users-from-psa-database/
mysql> SELECT mail.mail_name, accounts.password, domains.name FROM mail, accounts, domains WHERE domains.id=mail.dom_id AND mail.account_id=accounts.id;
mysql> SELECT CONCAT(mail.mail_name,’@’,domains.name) AS Em........
Amarok won't play songs, keeps skipping to the next
Some say install install phonon-backend-xine
but it was already installed automatically, obviously that's not the problem or solution.
Settings -> Configure Amarok
Playback: Configure Phonon
Audio Output: Music
It should show your different audio interfaces, choose Pulse Audio and move it to the top of the list, do the Apply, OK and manually quit Amarok (remember to close it from the tra........
understanding /etc/aliases
*remember to apply changes you need to run "newaliases" after editing /etc/aliases
one thing I don't get is that it doesn't allow you to specify the whole e-mail address on the left-hand side
eg:
yourfullemail@domain.com: someotheremail@domain.com
postalias: warning: /etc/aliases, line 109: name must be local (if you try the above)
It works more like this:
your........
Forbidden
You don't have permission to access / on this server.
[Sun Jan 23 15:28:12 2011] [crit] [client 96.44.31.12] (13)Permission denied: /www/vhosts/domain.com/httpdocs/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
Solution
I've done a chmod 755 .htaccess and index.php and restarted Apache
That wasn't the only issue, the issue was the httpdocs direc........
genuine.com/IN: loading master file genuine.com.zone: file not found
_default/genuine.com/IN: file not found
I always found it silly that no one really talks about this and apparently many like me and even control panels like Plesk were still using hard paths. I always thought "why can't I just specify the name of the zone file and have bind find it". Surely the default search path must be /var/named or somewhere else but there is no such thing.........
tar include hidden files such as .htaccess
just add . to the path eg.
tar -czvf tarfile.tar.gz /home/directory/.........
mysqldump does not include CREATE DATABASE statement
you need the --databases option
"--databases" is misleading, it implies in the documentation that this is a list of databases to be dumped, it should be clear that uses this command in conjuction with dumping a single database also adds CREATE DATABASE and is the only way to get the database to automatically create itself.........
Apache/httpd
Failed to save enabled features : The Suexec command on your system is configured to only run scripts under /var/www, but the Virtualmin base directory is /home. CGI and PHP scripts run as domain owners will not be executed.
This is because I never edited the Apache Config and Virtualmin config to reflect my new/current updated structure.........
Plesk 8.6 CLI backup:
/usr/local/psa/bin/pleskbackup domains domain.com
This is a much better way of doing it and of course it can be scripted, it's a real pain to point, click and wait for Plesk to backup domains (and yes Iknow you could do all of them in a single client file but this is not desirable for my situation).........
Importing Plesk 8.6 Backup to Virtualmin:
Validating migration file ..
.. validation failed : XML::Simple Perl module is not installed
Solution is to install the correct module:
perl -MCPAN -e 'install XML::Simple'
Migrating a single domain works just fine, but it doesn't work with a full client backup containing multiple domains.........
Webmin Setup Centos 5:
wget http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html&ts=1294339690&use_mirror=surfnet
[1] 24229
[2] 24230
[root@host ~]# --2011-01-06 21:48:20-- http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html
Resolving downloads.sourceforge.net... 216.34.181.........
Virtualmin Postfix Error:
The status of your system is being checked to ensure that all enabled features are available, that the mail server is properly configured, and that quotas are active ..
A problem was found with your Postfix virtual maps : No map sources were found in the Postfix configuration
.. your system is not ready for use by Virtualmin.
........
One of the purposes of rsync is to backup whole filesystems and archive them but how can you do that properly and restore things to normal if all permissions and ownerships are not preserved from your root filesystem?
It's not desirable to have everything running as root, especially not just for an rsync.
The Easy rsync preserve permission solution for non-root users
sudo is the answer and all you have to do is edit /etc/sudoers
At the end o........
I've only used it on Centos, soI thought I'd make a quick Debian guide:
Install the DRBD Package
apt-get install drbd8-utils
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libswfdec-0.8-0
Use 'apt-get autoremove' to remove them.
The following........
Refusing to automatically import keys when running unattended.
Use "-y" to override.
When using echo y|yum install gcc
Fix with rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*........
After an upgrade wine wouldn't open anything, not even the pre-installed notepad.
There are no wine logs and nothing is mentioned in any standard log file about why.
I finally decided to run wine from the shell and see what's going on:
wine client error:0: version mismatch 398/402.
Your wineserver binary was not upgraded correctly,
or you have an older one somewhere in your PATH.
Or maybe the wrong wineserver is still running?........
I spent so much time debugging this, most sites don't tell you a very important option to use with CURL and you will only find out this is the problem by running the PHP script from the command line you get the following output that shows the issue (I don't see any way to get this output from Apache itself).
* About to connect() to ip.ip.ip.ip port 25000
* Trying ip.ip.ip.ip... * connected
* Connected to ip.ip.ip.ip (ip.ip.ip.ip) port 25000
* succes........
/usr/local/cpanel/bin/swapip domain(s)
It simply doesn't work, the Apache VHOSTS remain 100% unchanged, why does this script exist? I'm sure it would work from the control panel but I am locked out because my IP was changed and it doesn't match the CPanel license. I wish CPanel would make it easier to update the license IP.
I even took it a step farther, I manually edited the vhosts and restarted Apache and it........
Always make a backup of the original file before trying this, I find this kind of thing when updating IPs etc.. to use a script.
Where the old IP is "192.168.5.8" and the new IP is "10.10.5.8"
sed -i s/192.168.5.8/10.10.5.8/g testdomain.org.db
The -i with sed means "inline" meaning we edit the file directly, but without the -i we could just use >and output the results to another file or do whatever else we wanted.........
This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc..
Name
curlftpfs - mount a ftp host as a local directory
Synopsis........
Why would you want to downgrade the superblock? Old mdadm verisons like mdadm 2.5.6 only use the 0.90 superblock/metadata and new versions use 1,1.0,1.1 and 1.2 superblocks by default.
There are some annoying caveats with this, first of all the new superblocks (later than 0.90) CANNOT be read by GRUB, so you won't even be able to install GRUB. Even worse, old versions of mdadm CANNOT automatically detect arrays even if they were created with a new version of mdadm with th........
Basically the two main types of distros are Debian and RHEL/Centos based. I'm just going to give a quick overview of how the configuration of IP interfaces works in Debian/Centos based distros.
*Just one thing to remember, when setting IPs statically you have to manually specify a DNS server in /etc/resolv.conf (since DHCP is what normally does it automatically)
Debian/Ubuntu/Kubuntu/MEPIS
The IP (DHCP &........
This was unbelievable how much the Xen kernel slows things down, keep in mind both tests were done on the hostnode, one was with the Openvz-Xen hybrid kernel and the other was just OpenVZ. You can see the performance difference is nearly 300% better when not using the Xen kernel.
OpenVZ-Xen Kernel Test Results (I was wondering what was wrong/so slow with my Core i5!)
# # # # # #&n........
This can be very annoying and CPanel doesn't seem to document it, or it's not found or made as obvious as it should be. It's always funny when I find it more difficult to work with a control panel than to do everytihng manually without CPanel or even Plesk.
So once again, the default serve path for contents is: /usr/local/apache/htdocs and this is especially applicable when accessing Apache by just an IP which is unbound to any domain at this point.........
This is a very simple solution, but most guides out there make you login twice (once to scp the key) and once to put the key in authorized_keys. There's no need for that.
If you don't already have a ~/.ssh/id_rsa.pub just type "ssh-keygen -t rsa" and keep hitting enter until it's done :)
Just use this code to easily enable passwordless login with SSHD
key=`cat ~/.ssh/id_rsa.pub`;ssh user@192.168.5.25 "echo $key >> ~/.ssh/auth........
Before we start I take no responsibility for this, you should have a backup and if you make a mistake during this process you could wipe out all of your data. So backup somewhere else before starting this as a precaution, or make sure it's data you could afford to lose.
The RAID 1 Setup (Hardware Wise)
I've already setup my 2 x 1TB (Seagate) drives with identical partitions, make sure your new hard drive (the empty one) is setup like your curr........
It's basically free bash shell script available from: http://wpkg.org/email2fax/index.php/Main_Page
Make sure you have the required tools:
libtiff
ghostscript
mpack/munpack
Where you can e-mail your Asterisk box and it will fax it to the phone number in the subject line. The good news ends there, it is fairly undocumented and buggy.
Take for example how the documentation mentions you can invoke from the com........
In Debian based distros:
apt-get install jabber
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
fakeroot dkms
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
jabber-common
The following NEW packag........
I decided on using yum to help me decide even though I normaly use proftpd I decided to see what else I could find.
yum search ftp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: ftp-stud.fht-esslingen.de
* base: mirrors.netdna.com
* updates: updates.interworx.info
* addons: yum.singlehop.com
* extras: mirrors.netdna.com
rpmforge........
Here are the results, it is Sempron 3000+ AMD Mobile, 500Gig HDD, 512MB RAM with shared ATI Radeon graphics.
# # # # # # # ##### ###### # # #### # #
# # ## # # # #&nb........
Problems surfing web/servingI noticed sometimes websites wouldn't load at random through a FreeBSD box and other systems on the same link didn't have the issue. I believe it is because of the low default limit of 128 TCP connections that caused the problem. It would also slow down any traffic that requires many connections such as Bittorrent.
The fix is to increase the amount of connections to at least 1024
Edit [b:520b050d3e]/etc/sysctl.conf[/b:520b05........
Quick Tutorial On Starting A Web Site[b:3cef3c01b6]Step 1.[/b:3cef3c01b6] Purchase a Domain Name (eg. yoursite.com)
[b:3cef3c01b6]Step 2.[/b:3cef3c01b6] Design your site using a program such as Microsoft Frontpage or Macromedia Dreamweaver. If you are unable or unfamiliar with doing this you may want to hire a company to create your site (many of them will handle each aspect of setting up your site).
[b:3cef3c01b6]Step 3.[/b:3cef3c01b6] Host your site........
E-Mail TipI just thought I'd give you guys a good tip about e-mail. It seems a lot of people like to use a Hotmail or ISP (eg. Telus) account for their e-mail but the problem is what happens if you switch ISPs, then your e-mail address no longer works and old friends might not be able to contact you. The same thing has happened for excite.com e-mail addresses where they just shut down.
Whether you are a business owner or personal user can you afford to lose an e-mail........
Bash Script Infohttp://www.faqs.org/docs/Linux-HOWTO/Bash-Prog-Intro-HOWTO.html#ss10.5
http://www.scit.wlv.ac.uk/~jphb/spos/notes/shell/shell5.html
http://quong.best.vwh.net/shellin20/#LtohTOCentry-41
http://www.cactus.org/~dak/shellscript.html
http://db.ilug-bom.org.in/Documentation/abs-guide/
http://pegasus.rutgers.edu/~elflord/unix/bash-tute.html
http://heather.cs.ucdavis.edu/~matloff/UnixAndC/Unix/CShellII.html
Since bash i........
This really is a difficult and confusing process for non-Mandarin speakers, but here's what I've done and learned so far:
You can purchase an "M-Zone" China Mobile pre-paid SIMCard from almost anywhere but I tried to purchase mine from Suning (a large electronics dealer) hoping they would be able to help me or answer my questions but my plan didn't work out at all. At Suning once I found someone who spoke some English they gave me the 55 RMB M-Zone China Mobile P........
This is something that happens a lot and it is very dirty, as you probably know each site is hosted on a certain IP address. Sometimes a domain is hosted by a single IP address and the IP address defaults to this very same domain.
This means that if someone buys domain abcd.com and enters your IP address (the one of your website) as the A record, your content will show up on their domain as if it was their own.
There is an easy way to prevent this by using .htacces........
For some reason Ikeep getting this error when trying to run a sudo command eg:
sudo -u someuser somecommand
sudo: Error dropping capabilities, aborting
My version of sudo is:sudo-1.6.9p17-3.el5_3.1 and I've heard that version 1.7 fixes everything. The only thing is yum does not think sudo has any update. Iguess the new version has not been committed to the RPM repository yet.
This is really a huge and ann........
This is something that annoys a lot of people, fortunately the Redhat style OS's are the most simple in this respect. I disagree that Debian's way makes sense, it is more of a hackish approach in how they implement iptables.
Anyway, for those who are using Redhat/Centos style OS's it is very simple.
Set your rules from the shell/command prompt and to save the iptables firewall rules so they are remember/loaded on boot just run this command:
service iptables........
Here is an example that I recently found, most PR checkers will say this domain is PR8 or will say "cannot analyze PR".
The example is domain "bonserotica.com" view Google's cache of the homepage and you'll see as in the picture below, it lists a different URL, which means they used a redirect to a high PR site to fool you and the PR checkers.........
This happened during a sync of my iPhone while installing some apps. This usually happens to non-jailbroken iPhones who are trying to install non-Apple approved software OR jailbroken phones who haven't done the "Sync update".
How to fix this error and get the Sync Update
Open Cydia - Manage - Sources - Edit
Add this source: http://cydia.hackulo.us
Then under the section "Hackulo.us" install "Ap........
Server not using user level security and no password supplied.
tree connect failed: NT_STATUS_WRONG_PASSWORD
That happens when trying to use smbclient to connect to a share. The weird thing is that I can authnenticate just fine from Windows XP.
It is partially my mistake, I forgot this share does have a password. I've tried authenticating with the correct user and also with "Guest" because this works in Windows. In Linux I ........
This will give you the basic info needed to browse and connect to Samba shares from the command line. From the GUI of Gnome or KDE etc, it is pretty standard and straight forward. However, I've found very little guides on how to do it from the command line and if you're like me, a nerd who prefers command line for its simplicity and for remote use, this is the way to go.
First get a list of all the Samba/SMB shares on the target.
smbclient -L hostname........
Feb 5 01:39:33 server named[19768]: zone myzone.com/IN: serial number (12331465) received from master 127.0.0.2#53 < ours (200901281)
The above is taken from /var/log/messages
This can be annoying, it can happen for a variety of reasons. What seems to be happening here is that the slave realizes the time on the slave is ahead of the master, so it therefore assumes it has the most up to date copy and won't actually transfer the zone.
The solutio........
There's a lot of outdated information and confusion for system administrator's out there.
One annoying task for many an Administrator has been backing up data in Linux. You don't need any GUI tools such as K3B or GnomeBaker. Both are excellent tools but for veteran command line users working remotely, using the keyboard is a great and possibly automated way to save yourself pain and hassle.
At a later date we'll cover how scripting can automatically backup certain........