If you have ever seen a system where terminal in the GUI closes instantly and/or you cannot SSH to the server/machine.
mount -t devtmpfs none /dev
mount -t devpts none /dev/pts........
Edit your /etc/hostapd/hostapd.conf file like below and restart hostapd.
#WPS stuff
# Enable control interface for PBC/PIN entry
wpa_psk_file=/etc/hostapd/hostapd.psk
ctrl_interface=/var/run/hostapd
eap_server=1
wps_state=2
ap_setup_locked=1
wps_pin_requests=/var/run/hostapd.pin-req
config_methods=label display push_button keypad
#WPS model info stuff change to suit your needs
d........
This is certainly a poor design, as you can read many seasoned admins who have updated their iDRAC only to have it killed. One possible cause is not by doing all the incremental updates, doing updates from an old iDRAC to one many revisions newer is a sure way to kill things, but even then there is no guarantee based on the amount of failures.
List of threads of people's dead iDRAC's:........
This is mainly for if you've done something silly like trying to clone a Live, running VM image. In this example, the VM initially finds grub and tries to boot but is kicked straight into initramfs rescue mode/busybox right after this.
If you've done this "silly" thing, you could have dataloss but a lot of times just using fsck will fix it as you are guaranteed at best to have some corruption and inconsistencies in the filesystem. My theory is that some files wer........
This guide assumes you have a working Postfix server and want it to sign with DKIM.
There are a few things we have to understand to make all of this work though, which require you to be familiar with DNS as well.
1.) Install OpenDKIM
apt install opendkim
systemctl enable opendkim
2.) Edit /etc/opendkim.conf
Syslog yes
SyslogSuccess yes
Mode&nbs........
apt install tftpd-hpa
#change TFTP_ADDRESS to by setting address to 192.168.1.1:69 or the IP you need, otherwise it will listen on all IPs and interfaces which could be a security risk.
# edit /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="192.168.1.1:69"
TFTP_OPTIONS="--secure"........
This can break things easily in remove environments where it was normally easy to convert a normal eth0 to a bridge under br0, and that bridge would normally have the same MAC address by default, which is desirable for most situations.
In Debian 11 this is different for some reason now.
https://unix.stackexchange.com/questions/681013/bridge-gets-random-mac-........
sysctl vm.overcommit_memory=1
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo 511 > /proc/sys/net/core/somaxconn
1:M 26 Nov 2023 21:34:33.840 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
1:M 26 Nov 2023 21:34:33.840 # Server initialized
1:M 26 Nov 2023 21:34:33.840 # WARNING overcommit_memory is set to 0! Background sa........
You can do a static lease that is tied to the MAC address but what a lot of users prefer is that they come into the office or lab the next day and that their device gets assigned the same IP address (if possible).
As we can see in the dhcpd logs that there is threshold that is defaulted as we'll show later. Whatever the threshold is set at, if the lease is younger than the threshold, it will keep the same lease. In other words, if the device goes to sleep or is powered off........
Sometimes users take their removal drives and unplug and replug them to test what happens during the failure of a disk. However, this breaks things quite badly due to the /dev/mapper in LUKS not coming back online due to it not being closed.
In other words, generally with non-encrypted drives the process is smooth but when encrypted you may want to follow a strategy like this:
We can see below that both disks are unavailable as they were physically remov........
Even today we see a lot of servers that have different services and ports open for rpc and this creates not only potential inward vulnerabilities but perhaps more common, the abuse of your network resources in reflective rpc queries.
To stop this problem, you should disable and remove all services relating to rpc or at least block all relevant ports for the service.
Surprisingly, there are still some providers and OS installs in Linux that install these services and leave them........
convert-im6.q16: DistributedPixelCache '127.0.0.1' @ error/distribute-cache.c/ConnectPixelCacheServer/244.
convert-im6.q16: cache resources exhausted `/tmp/magick-27777Al6FGY7dhyKt10' @ error/cache.c/OpenPixelCache/3984.
convert-im6.q16: DistributedPixelCache '127.0.0.1' @ error/distribute-cache.c/ConnectPixelCacheServer/244.
convert-im6.q16: cache resources exhausted `/tmp/magick-277772Y_-pJnMdT2r1' @ error/cache.c/OpenPixelCache/3984.
convert-im6.q16: Distr........
Are you getting this error when trying to connect to a site/domain/service and then you checked your router/nameserver's logs to see what's wrong?
You may see something like this:
named[3025898]: REFUSED unexpected RCODE resolving
This is not usually an error with named or bind, at least not on your end but NORMALLY this is an issue with the remote nameserver.
A lot of times this is a misconfigured remote nameserver. A classi........
Some people find it less than intuitive to do on DNSMasq and by default DNSMasq is available on 0.0.0.0 which could even be your LAN or Public IP.
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp ........
When Is It Time to Leave Your VPS, VDS, and Dedicated Server Provider?
Choosing the right hosting solution—be it Virtu........
In today’s digital landscape, finding a reliable and secure Virtual Private Server (VPS) or Virtual Dedicated Server (VDS) goes beyond just comparing specs and prices. With increasing concerns over data privacy, security breaches, and government surveillance, the wisdom of choosing your VPS/VDS provider based on juri........
This will be the goto to help solve e-mail delivery issues and talk about many practical issues that happen between developers, admins and scripts that send e-mail and do things that may not be acceptable or cause deliverability problems.
Sendmail Stuff
Edit /etc/mail/sendmail.mc
The problem is that if you send directly out from the server using the mail function, the Return-path of the e-mails will be username@thehostnameoftheserver.com. Let........
First we need a few extra packages:
apt update
apt install -y adduser libfontconfig1 musl sudo
wget https://dl.grafana.com/enterprise/release/grafana-enterprise_10.3.1_amd64.deb
Install / Enable Grafana
dpkg -i grafana-enterprise_10.3.1_amd64.deb
dpkg -i grafana-enterprise_10.3.1_amd64.deb
(Reading database ... 44309 files and directories currently installed.)
Preparin........
If you are using a hypervisor to test Proxmox (eg. Vbox) then changing the video card/display adapter can fix it.
For example VboxSVGA causes the issue but switching to VMSVGA fixes it.
For example VboxSVGA causes the issue but switching to VMSVGA fixes it.
........
Step 1.) Upgrade to Debian 11 first
The process to go to Debian 12 is not as smooth as 11, when trying to upgrade from Debian 10. In fact, it doesn't work directly, so you'll first need to follow this guide to update to Debian 11, reboot and come back here if successful.
Step 2.) Update sources.list
Update your /etc/apt/sources.list like this:
deb http://........
If you are running a local DNS server like named/bind and don't want to use the ISPsupplied DNS servers that are announced via a DHCP request (using dhclient) then the solution is simple.
The reason should be obvious, but normally running your own DNS server will provide a more reliable, and fast DNS response and you won't have to worry about filtering as much (unless your upstream filters or proxies outgoing DNS requests).
Edit /etc/dhcp/dhclient.conf........
If you have swarm services and dockerd is creating a high load even with the containers just being idle, the easiest solution is to upgrade to a newer docker version.
For example an identical config of 3 nodes, with Redis 5 with 30 replicas produces a load of about 1.45 in Debian 10 with Docker18.09.1
If I create the same setup on Debian 11, with Docker 20.10.5+dfsg1 then the CPU usage is low.
One other difference I wondered is the kernel. In my test setup........
If you get this error, it is often because you have configured Apache with modules that weren't actually installed. Eg. you try to load the PHPmodule but didn't actually install the apache2 php module, so the server can't start. In general, this error can often be caused by issues with problematic modules and/or Apache being configured for modules that have not actually be installed (eg. libapache2-mod-php) is missing.
The above results in this less than obv........
This should work for most console ports of other manufacturers too. It is a quick and simple method for emegencies or deploying a few appliances/devices in a non-standard environment or small environment.
However, if this is a route thing, or the equipment is not physically close to you, it would be best to use some sort of "Terminal" server which is an IP connected switch with several serial ports built-in for this purpose. Normally they accessible by web/........
The issue is that Docker images are stripped down, so many tools and even python3 is missing, so you'll have to build or update the actual image yourself.
I assume you have started an image with something like this and that you have the Nvidia Toolkit installed (assuming you are using GPUs). If you're not using nvidia just remove --runtime=nvidia --gpus all.
docker run -it --runtime=nvidia --gpus all ubuntu bash
These works for most images li........
You'll notice that /etc/resolv.conf contains dire warners on most Linux Desktops.
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use........
How to check what kernel version you have/currently running?
uname -rm
5.4.0-91-generic x86_64
The above shows us that we are running 5.4.0-91-generic on the x86_64 architecture.
The safest way is to stick with the same flavor eg if you're on generic, and say on kernel 5.4.0 then it makes sense to follow what is below. However, if you are migrating or dual booting between newer hardware (eg. you got a........
By default if you create a private key for SSH, it will create something like .ssh/id_rsa
Linux will always search for and offer this key when connecting to servers.
If you put extra keys in your .ssh directory like id_rsa_realtechtalk.com, they will be ignored by default and NOT used or offered (you can verify this with ssh -v) and see it is not being offered.
Here is how you add the extra SSH keys so they are all offered:
#this gives........
A lot of developers want to go to 3.11 because of the speed improvements, but most distros never have the latest Python version.
Using the deadsnakes third party repo is the easiest way aside from compiling it yourself (which is safer and recommended):
Step 1 - Add the repo
apt-add-repository ppa:deadsnakes/ppa
If you get an error about requests then install it:........
haproxy is one of the best known and widely used Open Source load balancers out there and a strong competitor to nginx.
haproxy is used by many large sites per Wikipedia:
HAProxy is used by a number of high-profile websites including GoDaddy, GitHub,........
Be very careful about what filename you specify in dhcpd.conf if you get an error like this:
NBP filesize is 0 Bytes PXE-E23:Client received TFTP error from server.
If you specify "BOOTx64.efi" then the file had better not be called "BOOTx64.EFI" as it is case sensitive. It's really a case of th........
This seems to have changed for RHEL 8 where a normal dracut to update your initramfs creates a system that only boots for the running kernel. For example if you have Kernel 5 and then chroot into a RHEL 8 variant which uses kernel 4.18, and run dracut, it seems that by default the system will be unbootable.
It is also the case that if you move your RAID array or drives to another server that it will be unbootable, because dracut seems to only include modules needed for the curre........
Virtualbox is a very powerful tool, but for some use cases it is less than optimal.
Say you are in a work, lab or other environment where you are not alone on the physical network and there could be overlap of IPs, but you need all of your VMs to be contactable from your host, VMs need to communicate with each other, and VMs need internet.
NAT Network will give you VM to VM communication and internet, however, it is buggy and unstable. It also doesn't allow host to VM co........
Have you checked your router/firewall logs and disconcertingly see connections to an unknown IP207.246.119.209:3478 from your Grandstream VOIPphones?
You're not alone and the Grandstream forums have discussed this issue.
However, even their own staff d........
So say you happen to have 2 NICs of the exact same chipset, they will generally show up as the same name, with possibly a different revision in lspci. Normally this is not an issue if you have a server with 4 NICs, generally the eth0 to eth3 appears from left to the right (or right to left on some vendors) so it doesn't take much figuring out.
Generally if you have different chipsets for different NICs, it should be easy to know which one is eth0 or the first NIC in the OS.........
Are you new to the company, datacenter or a third party who is responsible for deploying a fleet of servers from scratch.
The first step is to normally login to the KVM so you can perhaps manually reinstall, PXE boot the Cloud Image or reimage/reinstall an OS but you need access to the KVM/IP or what Dell calls iDRAC.
It's common that you may have forgotten this information or that another employee or colleague has changed the info and did not tell you, that they have left the........
Do you have access to some old Tesla GPUs and want to try them at home in your Desktop or old Server? Some people have wanted to try these units for gaming but keep in mind they have no video out port, they were only meant for AI applications such as Deep Learning.
The easiest way by far is to choose an AIservice that has everything ready to go, perhaps with a bunch of Docker or Kubernetes containers. This can be done with Cloud services like Google, Amazon and many........
If you are in enable mode and make a typo, the router will treat it as a domain name and try to resolve it, and if it can't resolve it, you'll have to wait until it times out.
Here's how to solve the Translating domain server error in Cisco
Enter this in config mode:
no ip domain-lookup
Be sure to sav........
How To Fix This Cisco Switch/Router Error %Error opening tftp
%Error opening tftp://10.0.2.2/network-confg (Permission denied)
%Error opening tftp://10.0.2.2/cisconet.cfg (Permission denied)
%Error opening tftp://10.0.2.2/router-confg (Permission denied)
%Error opening tftp://10.0.2.2/ciscortr.cfg (Permission denied)
%Error opening tftp://10.0.2.2/network-confg (Perm........
This article about migrating to a CentOS 7 /8 RAID mdadm array has a lot of info but I wanted to focus specifically on what newer versions of CentOS 7 require to boot mdadm and what changes are necessary on CentOS 7.8+
CentOS 7 / 8 mdadm RAID booting requirements
This assumes you are chrooting into an existing install or using it to get a new deployment ready. However, these steps can........
If you are getting this error from systemctl "Loaded: masked (Reason: Unit hostapd.service is masked.)" we need to unmask the service.
Solution
systemctl unmask hostapd
Removed /etc/systemd/system/hostapd.service.
It's fixed
root@routerOS:/var/log# systemctl start hostapd
root@routerOS:/var/log# systemctl status hostapd
● hostapd.service - Access point and authentication server for Wi-Fi and Ethern........
Here is how Ifixed it on a Mint/Ubuntu install
1.) First download the latest AMDGPU-Pro driver from here:
https://www.amd.com/en/support
Navigate to your relevant video card:
2.) Download the installer
One issue is that by default they give you a version for the latest version of........
Just use apt-cache policy to find the repo of a package:
apt-cache policy lxd
lxd:
Installed: 3.0.3-0ubuntu1~18.04.2
Candidate: 3.0.3-0ubuntu1~18.04.2
Version table:
*** 3.0.3-0ubuntu1~18.04.2 500
500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
&nb........
Debian based OS's have a similar issue as the behavior in RHEL/CentOS dhclient, which is that if you have an interface that relies on DHCP, if the first attempt fails, it will quit and stop. This is a problem especially if you are using your Linux as a router or something else mission critical, but where the internet for some reason may have been down or the DHCP server it gets a lease from broken.
The expected behavior you would hope is that when things are back online that the........
If you get this error when trying to SSHto a device or machine and you never even got a password prompt:
Too many authentication failures
This means that either the remote side is configured for key auth only, OR your client side may be attempting to auth using mulitple keys, and that exceeds the amount of attempted authorizations on the remote ssh server.
If the issue is trying to auth too many times which ssh defaults to sending the keys to, you ca........
Bonding is an excellent way to get both increased redundancy and throughput. It is similar to the "Network Teaming" feature in Windows.
There are a few different modes but we will use mode 6, I think it's the best of both worlds, as it is not just a failover, but it provides round robin, so you will get redundancy and load balancing. So if you have a 1G single port, you will have a combined throughput of 4G at this point. Just bear in mind that the true thr........
This can be used on almost anything, since Gluster is a userspace tool, based on FUSE. This means that all Gluster appears as to any application is just a directory.
Applications don't need specific support for Gluster, so long as you can tell the application to use a certain directory for storage.
One application can be for redundant and scaled storage, including for within Docker and Kubernetes, LXC, Proxmox, OpenStack, etc or just your image/web/video files or even da........
freshclam
ClamAV update process started at Sun Mar 20 00:30:50 2022
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.3 Recommended version: 0.103.5
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
WARNING: getpatch: Can't download daily-26337.cdiff from db.local.clamav.net
WARNING:........
There is a random bug that sometimes occurs with Vbox NAT mode DNS, although it has never happened in the past and Vbox was working fine until recently.
The symptom is that you can see it does get an IP+ DNS from the Vbox NAT DHCP.
Below we use resolvectl dns and verify the DNS server is set to 10.0.2.3 which is the DNS from Vbox NAT. We can ping it but it does not respond to any DNS requests when we use dig @10.0.2.3 realtechtalk.com........
The Best Docker Tutorial for Beginners
We quickly explain the basic Docker concepts and show you how to do the most common tasks from starting your first container, to making custom images, a Docker Swarm Cluster Tutorial, docker compose and Docker buildfiles.........
This was done on Mint 20 but works the same on nearly any new Linux, but is only recommended for people comfortable or familiar with Linux. This method will work on almost all versions of Windows from NT, 2000, 2003 Server, 2008 Server, 2012 Server, 2016 Server, 2019 Server, 2022 Server, XP, Vista, 7, 8, 10 and 11.
However, if you want the easiest solution to........
Why choose OpenVPN instead of a firewall appliance?
OpenVPN can be a reliable and easy replacement for traditional hardware or just be an additional tool that your company uses so that the firewall can focus on its job rather than acting as a VPNappliance at the same time.
When comparing OpenVPN with traditional firewal........
In our 2024 VPS Server/Cloud Buyer's Guide, we place the location of your VPS/hosting/server as one of the priorities that is often overlooked.
2024 Update - Datacent........
How To Install Wazuh Server / Quickest Installation
Wazuh (forked from the well known OSSEC project) is a full SIEM (Security Information Event Management) that works extremely well with the platforms it natively supports as an "Agent", which allows you to do scans of everything such as all processes running, CVE vulnerability check, incident reporting etc...
Prerequisites:
A lot of issues with Wazuh seem to be caused by i........
1. Let's work from an environment where we can install Ansible on.
If you are using an older version of Linux based on Mint 18 or Ubuntu 16, you may want to get the PPA and get the latest version of Ansible that way:
sudo apt install gpg
sudo add-apt-repository ppa:ansible/ansible
sudo apt update........
Here is the scenario, you are using QEMU/KVM and are using something like the AC97 sound driver to pass the host audio to the guest via pulseaudio. This is useful because you can transparently pass your mic input from the host which means you can mute your microphone from the host, which prevents the guest from receiving any mic input even if unmuted.
Mute / Unmute Fix
This issue also seems to happen even if you press the mute button on the microphone and then unmute,........
Volume control will often stop working, if your sound server (normally pulseaudio) dies or restarts whether by itself or by you. The reason pulseaudio may need to be restarted is due to some sort of crash or other issue that prevents sound from working (normally restarting or doing a killall pulseaudio fixes things).
However, you will normally find at least in OS's like Ubuntu/Mint 16/18+ that you cannot control the volume whether adjusting the level, changing input/outputs and........
Kubernetes Easy Beginners Tutorial/Architecture Guide
Kubernetes is known as container orchestration and we should start at explaining the container part of it.
A Container is what runs the actual application and based on an Image, and are more comparable to something like an LXC Container, Virtuozzo/OpenVZ using the Linux Kernel Namespaces feature. Containers run these images as independent, isolated operating environments under the O........
This assumes that you've already installed the relevant HWIC cards eg. Cisco Asynchronous Serial NIM
These are essentially cards that you install into your router, once installed you connect an Async cable to one of the ports on the card which normally gives you 8 console cables and are normally labelled 1 through 8.
You connect all of the cables to the devices you need (even non-Cisco devices) whether switches, routers or firewalls, they will usually work.
The real m........
A lot of older devices either support telnet or very old SSH keyx algorithms which are insecure and disabled by all newer/modern SSH clients for security reasons. However, sometimes you may be on a LAN via VPNor some other secured network or for whatever reason, absolutely, need to connect to this device and sometimes old/embedded devices may not be possible to update to a newer SSH server.
If you run into this you may be using a modern/newer SSH client and get thi........
So you're trying to browse to a properly configured Samba share but you get this error:
Unable to mount location
Failed to retrieve share list from server: Connection timed out
If your config is right, it can be due to a protocol miss-match where your client has not enabled SMB3 but by default the other side (server) has enabled it.
You can test this out to see with the smbclient tool........
Just a quick note and warning is that if you are testing to see if EFIPXE booting works on a VM, MAKE SURE it actually works. For example Iinitially tested using my Distro's QEMU 2.5+dfsg-5ubuntu10.46 and ovmf BIOS firmware (OVMF supports EFI). However, I found on old versions of QEMU (like 2.5), EFIbooting with GRUB NEVER works so it may appear that you have made a mistake when everything is fine when you boot a physi........
If you want to start fresh a lot of people falsely assume that an apt remove and then reinstall or apt --reinstall install package will start you off fresh. To be sure and remove all associated config files do the below with the example of ssh server (don't remove it though if you actually use it!)
The key below is using the --purge flag or apt-get purge proftpd (eg sudo apt --purge remove packagename)
apt purge proftpd; apt install proftpd........
Many people may not be aware that you can turn commodity hardware into a Mikrotik OS and there are various options which is "CHR" (Cloud Hosted Router) which is a VMimage meant for Virtualization only (seriously, I've tried to dd the image to a physical server and it just crashed as it does not contain any drivers for physical).
One note as well if you are trying to do a baremetal install you may get an error "Error Loading Operating System" or........
A very common use case is that you don't want to waste time using a video editor that requires you to open it up and manually import the video clip and audio clip, then manually delete the old audio track and import the video and new audio. That's too much work and time since we don't want to go through the hassle.
ffmpeg is our solution, all we have to do is specify 3 variables and we're done!
-i Windows2019-Server-Noaudio.mp4 is our in........
If you've come here, don't be embarraassed, working in IT, this is the MOST common computer problem that almost everyone will encounter. The reason why I'm doing this post is because I've seen an increase from colleagues and admins having this problem and many times it's not even your fault. A common scenario is that someone acquires a new or used computer which they weren't given the password for. Fortunately Ihave a detailed list of all the options whether free or pa........
Is a mdadm check on your trusty software RAID array happening at the worst time and slowing down your server or NAS?
cat /proc/mdstat
Personalities : [raid1] [raid10]
md127 : active raid10 sdb4[0] sda4[1]
897500672 blocks super 1.2 2 near-copies [2/2] [UU]
[==========>..........] check = 50.4% (452485504/897500672) finish=15500.3min speed=478K/sec
........
apt install software-properties-common
add-apt-repository ppa:deadsnakes/ppa
apt update
apt install python3-pip
apt install python3.7 curl gnupg python3.7-dev git
ln -s /usr/bin/python3.7 /usr/bin/python3
pip3 install numpy keras_preprocessing
curl https://bazel.build/bazel-release.pub.gpg | sudo apt-key add -
echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel........
Most newer distros inexplicably cause your NIC to have what Icall "random" non-standard name conventions because of systemd.
This is a big problem for many people and especially those running servers. Imagine that you have a static IPconfigured for ens33 but then the hard disk is moved to a newer system, the NIC could be anything from ens33 to enp0s1, meaning that manual intervention is required to go and update the NIC config file (eg. /etc/network/interfa........
When authentication times out that is one thing, but when it just fails like below Asterisk by default will not re-register until you the admin reload the sip or asterisk server:
voipserver*CLI> sip show registry
Host dnsmgr Username Refresh State&........
yum -y install wget unzip
wget https://download.nextcloud.com/server/releases/nextcloud-18.0.2.zip
unzip nextcloud-18.0.2.zip
yum -y install php php-mysqlnd php-json php-zip php-dom php-xml php-libxml php-mbstring php-gd mysql mysql-server
Last metadata expiration check: 0:58:02 ago on Fri 13 Mar 2020 02:12:49 PM EDT.
Dependencies resolved.
===================================================================........
This happens when upgrading to Apache 2.4 from 2.2 or just because you don't have the right permissions set which we'll get into.
You need this in the ........
There are a few caveats that may not be obvious to everyone so I am going to cover them here but keep this in mind before starting.
Before starting install epel or you will be missing tesseract:
yum -y install epel-release
#1) When you specify your SSL certificate with a full path, it really needs to exist where you tell it to (including the default location of /etc/ssl/certs and /etc/ssl/c........
This is sure simple if you follow the guide but it took a lot of hacking around to make this work on Debian/Ubuntu!
Now before you ask why bother running wine and python, the reason is because Python executables are NOT cross-platform. If you run pyinstaller in Linux, that binary will only run on Linux and the same if you do it in Windows. So it is preferable if you have a single environment that you can create Linux and Windows binaries from rather than running 2 separate........
The scenario here is that you have some sort of remote headless Linux server but would like to run some programs on them and get graphical access to them. The problem is that the remote server may be an image or VMwithout any virtual GPU and even if so, it is likely without KDE or Gnome, so there's no real way to do this, unless you follow our guide.
Install xvfb
apt install xvfb
Reading package lists... D........
If you are getting this error it is usually caused by having more than 5 keys in your ".ssh" directory. It is a bit of a bug and this is how it manifests itself.
You will find at this point that you are not given any chance to enter a password, or if you are using key based auth that the same thing happens. You'll also find that this is happening with ALLservers you try connecting to.
The solution is to move away key pairs from .ssh so that there ar........
httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load modules/libphp5.so into server: /lib64/libresolv.so.2: symbol __h_errno, version GLIBC_PRIVATE not defined in file libc.so.6 with link time reference
This is usually caused by a mismatch in OpenSSLversion. Interestingly enough a lot of times if it has happened during an update of your system, or after, usually just restarting httpd........
A big problem over ssh and especially sshfs is that your connection will often timeout and disconnect after inactivity.
To fix this you can modify the server but it may not be practical or you may not have access. Why not send keep alives fom your end (client side)?
Just edit /etc/ssh/ssh_config (not to be confused with sshd_config as that is the server side):
Find the line that says "Host *" and change it like this:........
This is only really necessary in the case you don't want DHCP. If you are dealing with an encrypted LUKS server on the internet, you will often want to have a static IP so you know which IP to connect to (or if you have a semi-static IP assigned by DHCP).
SET IP Address by /etc/initramfs-tools/initramfs.conf
IP Address=192.168.1.27
Gateway=192.168.1.1
Subnet Mask: 255.255.255.0
Hostname=myhome.com
IP=192.1........
The reason for doing this is that the installer doesn't seem to work properly for LUKS and the server installer doesn't even support LUKS anymore. When you use the GUI install on Desktop for LUKS it won't boot and will just hang after you enter your password. So the only reliable way is to do it ourselves.
1.) Make a default minimal install of Ubuntu
2.) Have a secondary disk on the server or VM.
3.)........
Create your netplan file
vi /etc/netplan/01-netcfg.yaml
network:
version: 2
renderer: networkd
ethernets:
ens3:
dhcp4: no
........
Yes you have that right, the network service in RHEL8 / CentOS 8 / Rocky Linux / Alma Linux no longer exists. So there is no more systemctl restart network
You can restart NetworkManager but it doesn't have the same effect or ifup/ifdown on all interfaces.
Generally if NetworkManager is installed you will want to restart it or it won't apply the settings from ifcfg.
systemctl restart NetworkManager
To repl........
This is not about using ssh as a proxy, but rather, using a proxy when you are SSHing to another host and using ProxyCommand (where we normally use nc as our proxy tool).
In newer versions of nc the syntax has changed to the following:
ssh -o ProxyCommand="nc -x 127.0.0.1:1234" %h %p user@host
The format must be like above in newer nc versions.
Just be sure to change the 1234 to the port of your SOC........
mysql reset root password.
Oops I can't remember my MySQL root password!
[root@centos7test etc]# mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
First we need to stop mariadb:
systemctl stop mariadb
Now we need to restart it with skip-grant-tables whic........
yum -y install mariadb-server
systemctl start mariadb
mysql_secure_installation
Now we need to secure our install and set the MariaDB root password:
The lines you need to act on are marked in bold shown with the answer you need.
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SER........
You need to disable vsync like this when running glxgears:
vblank_mode=0 glxgears
For Nvidia drivers do this:
__GL_SYNC_TO_VBLANK=0 glxgears
Notice the higher than 59-60 fps results with vblank_mode=0:
ATTENTION: default value of option vblank_mode overridden by environment.
7919 frames in 5.0 seconds = 1583.704 FPS
8187 frames in 5.0 seconds = 1637.266 FPS........
Use fdisk on your USB drive to create a bootable NTFS partition (in my case /dev/sdb):
sudo fdisk /dev/sdb
Welcome to fdisk (util-linux 2.27.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)........
A lot of times busy servers will have this issue and you cannot even force kill -9 the apachectl or httpd process:
[root@apachebox stats]# ps aux|grep httpd
root 1547 0.0 0.2 495452 32396 ? Ds Sep08 3:23 /usr/sbin/httpd
root 3543 0.0 0.0 6448 724 pts/1 S+ 13:11&nbs........
Oct 18 11:06:46 server systemd[529]: rc-local.service: Failed at step EXEC spawning /etc/rc.local: Exec format error
Oct 18 11:06:46 server systemd[1]: rc-local.service: Control process exited, code=exited status=203
Oct 18 11:06:46 server systemd[1]: Failed to start /etc/rc.local Compatibility.
Oct 18 11:06:46 server systemd[1]: rc-local.service: Unit entered failed state.
Oct 18 11:06:46 server systemd[1]: rc-local.service: Failed with result 'exit-code'.........
Just edit your tftp file for xinetd like this:
*Change the IPto be the IPof the interface you want to listen on.
To test if your tftp is available on a certain IP range use nc -u yourip 69 to see if you can still connect (/var/log/messages or /var/log/syslog) should show the connection if it is open.
Oct 13 23:20:34 01 xinetd[26631]: Started working: 1 available servic........
service sshd status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: start-limit-hit) since Wed 2019-10-02 11:07:54 EDT; 36s ago
Process: 476 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=255)
Oct 02 11:07:54 box systemd[1]: Failed to start OpenBSD Secure Shell server.
Oct 02 11:07:54 box sys........
By default your DHCP will often not work because it is not listening on any interfaces.
All you have to do is edit this file:
vi /etc/default/isc-dhcp-server
then find the "INTERFACES" line and add each interface that should listen:
INTERFACES="br0 enp0s10"
........
cat .htaccess
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
I keep reading there is a "# BEGIN WordPress" and a "# END WordPress" in the wordpress htaccess above but there is clearly not.
Even more strange is that my permissions are just 444 (read only).
so i changed it........
It is really simple using .htaccess with mod_rewrite.
Here is all you need:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://site.com/$1 [R=301,L]
Another more graceful way is to use the %{SERVER_NAME}variable to make it dynamic. Just be careful that the server name will always match what you expect. (eg. if you are doing load balancing or clustering what if the server name may be somethi........
python3 testserver.com-car-scraping.py html.txt
Traceback (most recent call last):
File "testserver.com-car-scraping.py", line 5, in
import mysql.connector
ImportError: No module named 'mysql'
For some reason it won't install properly even though I have the mysql client on this machine installed too.
Solution:
You need the mys........
CPU:Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
MOBO: Manufacturer: ASUSTeK COMPUTER INC.
Product Name: P8H61-M LX3 PLUS R2.0
qemu-kvm-0.12.1.2-2.506.el6_10.1.x86_64
This is weird but the only OS I've found this machine doesn't work with is Windows 2019 Server. Ihave no idea, when 2008, 2012 work f........
By default bind will not respond to outside queries for security reasons.
In most distributions you will find the default in /etc/named.conf looks like this at the top under options:
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";........
SSH helps keep us secure in many ways, one of those is the host-key fingerprint which is unique. If you have been connecting to an SSH server that you've made no changes to and suddenly ssh warns that the key doesn't match then you have a problem.
But how about connecting to an existing server for the first time on a new machine or client?
A lot of new clients calculate it using an SHA256 hash but it is not as easy on your host machine to produce the sam........
ssh-keygen -p -f /path/to/your/id_rsa
Enter new passphrase (empty for no passphrase):
After that your rsa private key will be encrypted which is a layer of protection and security in the event that somehow someone acquires your key and tries to access servers that the key is authorized on.........
Install Errors on Version 12:
This error happened on QEMU emulator version 2.11.1 pve-qemu-kvm_2.11.1-5
on Proxmox/Debian but installing on QEMU.12 on Centos 6 did not produce the error.
*Update it is not related to the OS or QEMU version. This happened in Centos 6 too after a second install.
What really causes this even though you successfully install........
If you get error messages like this it is usually because /var/run/sshd does not exist.
root@userbox:/# service sshd status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab
Active: failed (Result: start-limit-hit) since Wed 2019-04-10 02:24:44 EDT; 1
Process: 511 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=255)........
I have seen this in a few rare cases after a reboot, where all folders and files will have the Read Only Attribute. If you uncheck it, it will just come back. It is more of a filesystem issue in Windows than a configuration issue and it looks like when Windows detects a badly corrupted filesystem that it will make things read-only, sort of like Linux would.
If you are Administrator or the owner of the folder and this is happening it is probably due to the reasoning mention........
The strange thing is that usually the first install or two will work on any new machine but then it suddenly won't. I had this experience on QEMU 2.13 on a different machine. There is something finicky or buggy about the CUCM installer even when choosing the same virtual hardware specs.
qemu-kvm command:
/usr/libexec/qemu-kvm -version
QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2-2.506.el6_10.1), Copyright (c) 2003-2008 Fabrice Bellard
........
Oops did you get this error trying to install an oldschool driver and think it is hopeless in a new version of Windows?
First of all it is almost never a program compatibility issue:
........
It is much more useful to have meaningful and detailed logging from tftp to see what is or isn't happening especially for VOIPand other embedded device appications:
Edit the file:
vi /etc/xinetd.d/tftp
Change the server line like this:
server_args = -s /var/lib/tftpboot........
You may have noticed if you are running QEMU/KVMmanually that in Windows the the position of the physical mouse does not match where the mouse is positioned within Windows.
There is an easy command to pass to qemu-kvm or qemu-system (whatever you call your binary):
-usbdevice tablet
The above flag will fix your mouse pointing problems whether you are running Windows 95, 98, NT, XP 2000, 2003, Vista, 7, 8 10 or Server 2000, 2003, 2008, 2012, 2016 or 2........
Are you tired of coming back to your computer only to find your SSH connections have been broken? Even worse are the ones that hang where it appears to be connected but it is really not.
The one option you have is an SSHclient side modification to send KeepAlive packets, sometimes this can also keep up your WiFi connection and stop it from disconnecting you as well.
To make the keep alive changes for your just yourself (not system wide)........
This may sound silly but often on the same machine multiple versions of SQL may be installed due to other applications.
How do we know which one we are running and connected to?
Use the query:
select @@version
........
Install Issues:
How to Make CUCM iso /modify to work on non-VMWare machines like QEMU/Xen/OpenStack
If you get kernel panic errors in VBOX usually disabling Nested Paging will fix the issue (thanks to Mark).
ks_pre.sh error is caused by having the wrong VDX pattern (change it do sd per guide link above) and/or the wrong VMSpecs (Cisco req........
So say you are behind a typical NAT/LAN setup whether at home, work or while travelling. What if you have a computer or server that you need to connect to from the outside?
Yes you could use a VPN but a quick and dirty, temporary and secure way is to use SSH's Reverse Tunneling Proxy feature.
Requirements
On the remote ssh server host you need the GatewayPorts option enabled in sshd_config (be........
For some reason, perhaps you don't want to run a daemon or let Letsencrypt have access to your production server.
There is a way to use it like a normal CSR/CA setup in manual mode.
./letsencrypt-auto certonly --manual -d realtechtalk.com - www.realtechtalk.com
Eventually you will get prompted to create a certain path and file with certain data:
Create a file containing just this data:
Casdfasfadsfsad........
In most of the Cisco router IOS I find the ports like ge0/0 ge0/1 and ge0/2 or whatever your ports are down. They will not even give you a link light. So one of the first tasks should be getting the port you are working with up.
In my case the first goal is often connectivity with the LAN and WAN.
LAN = your local area network (eg. in the office/home )
WAN= your ISP/public internet (eg. fiber/cable/dsl/ethernet).........
The key thing is that you must use a "machine"id of "pc-1.3" or it will say your hardware is not supported.
Additionally you MUST use a virtio disk or you will get a ks_pre.sh error as soon as the install starts (a look at logs will show it can't find a disk). This is funny because even though the OS finds the disk and an fdisk -l shows it, it looks like the script looks for a /dev/vda device (virtio) and nothing else, so if you didn't use Virtio as you........
By default telnet is not enabled or installed on the latest Windows servers so you'll get an error saying:
telnet is not recognized as an internal or external command
dism /online /Enable-Feature /FeatureName:TelnetClient
........
Idid a systemctl restart networking and it broke Proxmox VM connectivity!
#proxmox is the problem after restarting the network the tap devices go to disabled state
[2230884.919905] vmbr0: port 7(tap118i0) entered disabled state
[2230884.948864] vmbr0: port 8(tap122i0) entered disabled state
[2230884.972748] vmbr0: port 6(tap119i0) entered disabled state
[2230885.004745] vmbr0: port 5(tap117i0) entered disabled state
[2230885.03673........
It was broken because of this package for xorg I installed:
xserver-xorg-core-hwe-18.04
Just remove it even if you have to chroot from a live USB/CD:
sudo apt-get remove xserver-xorg-core-hwe-18.04........
A lot of people think arp wil do it but the arp table will only show devices you have communicated with.
Using nmap is a quick and simple way to scan a range to find a machine you may not know the IP for:
eg:
nmap -sP 10.1.5.0/24
Just change the above to your subnet........
Do you hate how Centos 7 defaults to allocating most of your valuable space to /home even though it is a production server?
Here is a quick guide on how to take back that space live, while online (of course make sure you have backups just in case something goes wrong!):
First we will reduce our home dir by 100G:
lvreduce -L -100G /dev/mapper/centos-home
WARNING: Reducing active and open logical volume to ........
Jan 30 17:16:10 localhost sshd[25385]: error: Failed to allocate internet-domain X11 display socket.
The solution for me on the server side was the following in sshd_config:
AddressFamily inet
*Remember to restart sshd and also reconnect from the client side.
Ihad all the normal X11 settings on the server but it just stopped........
The defaults in Windows 2016 server leave clients crippled so they can't even download basic files or software. But Group Policy Management Editor comes to our rescue!
Use cmd or Powershell and run:
gpme.msc
Choose your domain/computer and then navigate like below and create a new menu entry for IE11 or whatever your version is. Don't be worried if the highest version is IE10 it means that it applies to IE10 AND above.........
Navigate to Tools -> Account Settings -> Server Settings
Uncheck the following:
"Check for new messages on startup"
"Check for new messages every NN minutes"
"Automatically download new messages".
Source: http://forums.mozillazine.org/viewtopic.php?t=635510........
The main use I have for this is virtual servers being able to use an LVM volume but not occupying all of the space. It saves time in deploying machines and copying them so you are only copying the space they are using (eg. 5GB / 60GB vs the full 60GB). There are some disadvantages which is mainly the fact that thin pools by their nature allow you to "overallocate" disk space which is that you could use more space than is available on the disk itself and corrupt your data........
I tried to stop a qemu-img copy or clone and it broke everything. It was fine to "stop" it from the GUI but a process still persisted so I killed the relevant qemu-img and the kernel went crazy. It also may not have helped that I tried to lvremove a different volume (an unused disk). But either way it breaks LVM (you cannot even run lvdisplay) so a reboot is necessary.
Jan 17 06:45:21 testserver kernel: [ 5680.439337] systemd-udevd D 0&nbs........
If Proxmox won't start a VM with an error like this:
trying to acquire lock...
TASK ERROR: can't lock file '/var/lock/qemu-server/lock-102.conf' - got timeout
rm /var/lock/qemu-server/lock-102.conf
Then try to restart the VM and it should be good.
What we did above was find the lock file that is named lock-VMID (in our case 102) and deleted it to release the lock.........
Do you hate it when your ISPhas old cached records because of a high TTLon the DNS record of the relevant domain? In plain English this means you often can't connect to a site or service because your ISP's DNS servers haven't gotten word of the new IP address (probably because they haven't checked). There are also some that are notorious for ignoring TTL and not updating records for days!
But if you are lucky and smart enough to have your own Linux based DNS se........
First we need to create dhclient.conf if it doesn't exist or edit it:
vi /etc/dhclient/dhclient.conf
#add this line at the top add the IPs as commas they will be the highest priority nameservers and whatever your ISP gives you will be used after these one (good for DNS backup)
prepend domain-name-servers 127.0.0.1,10.10.25.8;
After you restart your network or run dhclient again you should see the contents of........
#to show all
VBoxManage list vms
#show ONLY running vms
VBoxManage list runningvms
VBoxManage storageattach test --storagectl "SATA" --port 0 --device 0 --type hdd --medium iscsi --server 192.168.1.91 --target "iqn.2018-12.local.abcrandom.target:sdb" --initiator "iqn.1982-01.ca.bla.tld:abc123" --t........
initiator = client
target = server
These are the first concepts you should understand which is that in iscsi essentially the "initiator" is the client and the "target" is the server.
iSCSI is derived from the old fashioned SCSI that us oldtimers grew to love. The "i" stands for Internet and the SCSI stands for "Small Computers Systems Interface" (SCSI).
iSCSI Target (Server)Setup
targetcli is the pac........
Cisco's CUCM (Cisco Unified Communication Manager) is a system that combines voice, video, data and mobile products into a single unified management suite. At its core, the CUCMis like a "Super PBX" that controls the flow of all communications through an organization even single or multiple site deployments.
Cisco's CUCMmakes communication more effective and simple through centralized management and unification of communications resources.........
What Is Active Directory?
Active Directory is essentially an enhanced, centralized database with a set of objects that make user management, authorization, and data management simpler. Active Directory is synonymous with "Domain Controllers" where a single "domain" often consists of multiple sites and members of the domain. Multiple domains can also be joined to belong to a tree ( a collection of domains). And the highest layer is the forest whi........
grep -E servers1[2-6] somefile.txt
The 1 before the [ bracket means that the number must start with one and can be between 1 and [2-6] or in plain English between 12-16.
........
systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system.
The key commands or arguments you will use with systemctl are the following:
Unit Commands:
list-units [PATTERN...] List loaded units
&nbs........
wget https://downloads.linux.hpe.com/repo/spp/rhel/6/x86_64/current/CP017004.scexe
--2018-08-16 05:11:16-- https://downloads.linux.hpe.com/repo/spp/rhel/6/x86_64/current/CP017004.scexe
Resolving downloads.linux.hpe.com (downloads.linux.hpe.com)... 15.249.152.85
Connecting to downloads.linux.hpe.com (downloads.linux.hpe.com)|15.249.152.85|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1525561 (1.5........
[root@localhost:~] vmkping -I vmk1 10.0.2.69
PING 10.0.2.69 (10.0.2.69): 56 data bytes
sendto() failed (Host is down)
vsphere distributed switch vmotion not working
[root@localhost:~] esxcfg-route -l
VMkernel Routes:
Network Netmask Gateway Interface&........
503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x00005556ba09c070] _serverNamespace = / action = Allow _pipeName =/var/run/vmware/vpxd-webserver-pipe)
503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http16LocalServiceSpecE:0x00007fd26000b240] _serverNamespace = /ui action = Allow _port = 5090)
Errors like the above are usually because there is an issue with your vSphere or more commonly it i........
Starting httpd: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load /etc/httpd/modules/libphp5.so into server: /etc/httpd/modules/libphp5.so: cannot open shared object file: No such file or directory
This is basically caused by the PHPmodule specified in php.conf being non existent. The error tells us it couldn't fnd /etc/httpd/modules/libphp5.so........
Aug 13 13:46:33 s2sout2d45040 info Failed in all attempts to connect to proxy.eu.jabber.org
Aug 13 13:46:33 s2sout2d45040 info Sending error replies for 1 queued stanzas because of failed outgoing connection to proxy.eu.jabber.org
No clue why it tries to use a proxy not explicitly specified. This could be because the proxy specified for the domain fails when someone is trying to se........
[root@localhost:~]
BootModuleConfig.sh echo host-ind nfcd........
yes it does create its own json
============================================
cat /tmp/vcsaUiInstaller/ovftool-20180809-175238948-20180809-175603497.log |grep -i json
2018-08-09T17:56:04.238-07:00 verbose OVFTool[30966] [Originator@6876 sub=Default] Manifest file entry: SHA1(VMware-vCenter-Server-Appliance-6.7.0.12000-8832884_OVF10-file1.json) = 1deb658c724767697587d5909c4051c01813e6a1
--> ........
The solution is just to install libmicrohttpd-dev
./xmr-stak
./xmr-stak: error while loading shared libraries: libmicrohttpd.so.10: cannot open shared object file: No such file or directory
libmicrohttpd
libmicrohttpd10 - library embedding HTTP server functionality
libmicrohttpd-dbg - library embedding HTTP server functionality (debug)
libmicrohttpd-dev - library embedding HTTP server functionality (development)
$ sudo apt-get i........
Aug 10 01:11:54 mailserver postfix/smtp[6180]: 020AE17C2BD1: to=, relay=none, delay=0.29, delays=0.28/0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=gmail.con type=A: Host not found)
A user complained that their e-mails weren't being delivered but they actually made a small typo and used gmail.con so it wasn't working as expected of course........
[root@thetor2017 conf]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: WARNING: MaxClients of 3000 exceeds ServerLimit value of 300 servers,
lowering MaxClients to 300. To increase........
Ithought I'd post this becuase there is some bad information out there. Some guides tell you to edit /etc/postfix/master.cf (-o smtp_bind_address=) but this doesn't work. The same guide also says if you don't change it there you end up changing the listening IP/bind interface which is also not true.
Here is a simple and effective way to change Postfix's sending/binding/outgoing IP address (very important for reverse DNS and so mail servers don't block you)........
InternalServerError (com.vmware.vapi.std.errors.internal_server_error) => {
messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
id = vapi.bindings.method.impl.unexpected,
defaultMessage = Provider method implementation threw unexpected exception: com.vmware.vapi.std.errors.InternalServerError,
args = [com.vmware.vapi.std.errors.InternalServerError]
}],
data =
}
I was getting the........
Intel VT-X is enabled in Virtualbox but it doesn't seem to pass through the needed vmx extension despite the following variables on the host confirming it is enabled:
cat /sys/module/kvm_intel/parameters/nested
Y
cat /sys/module/kvm_intel/parameters/ept
Y
OVF Tool: Disk progress: 99%
OVF Tool: Transfer Completed
OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance-
OVF Tool: Task p........
sudo apt-get install nfs-kernel-server #oops there are no exports so it won't startsudo /etc/init.d/nfs-kernel-server start* Not starting NFS kernel daemon: no exports.
#we will use the /tmp/nfstestshare directory for our NFS share
mkdir /tmp/nfstestshare
#add it to /etc/exports (basically what NFS checks to determine what to make an NFS share)
/tmp/nfstestshare 192.168.1.5(rw,sync,........
I had this error in an unsupported CPUon VMWare 6.7 and apparently this sometimes works especially on older VMWare versions like 6.5 5.5 etc (but in my case it did not).
To make sure it proceed when you see "Loading VMWare"
Hit "Shift+O"
Then add "ignoreHeadless=TRUE"
See an example below:........
#mount the VCSA DVD
mount /dev/sr0 /mnt/cd
#alternatively you could mount the iso directly
mount -o loop vcsa.iso /your/mount/path
#for this purpose we are using the CLI installer on Linux
cd /mnt/cd/vcsa-cli-installer/lin64
#no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file
./vcsa-deploy
Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........
10/07/2018 03:05:14 PM [IPv4] Got connection from client10.10.25.1
10/07/2018 03:05:14 PM other clients:
10/07/2018 03:05:14 PM Client Protocol Version 3.7
10/07/2018 03:05:14 PM Advertising security type 18
10/07/2018 03:05:14 PM Client returned security type 18
10/07/2018 03:05:14 PM TLS Handshake failed: Could not negotiate a supported cipher suite.
10/07/2018 03:05:14 PM Client10.10.25.1 gone
10/07/2018 03:05:14 PM Statistics:........
The main issue is it looks like Java is not configured to accept the invalid ssl cert that is coming from the download location.
Exception in thread "main" java.lang.RuntimeException: javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error
export ANDROID_HOME=/home/user/Downloads/tools/
Conversations-master$ ./gradlew
Downloading https://services.gradle.org/distributions/grad........
Jul 3 22:12:17mailserver postfix/smtpd[6195]: fatal: no SASL authentication mechanisms
Jul 3 22:12:18mailserver postfix/master[4881]: warning: process /usr/libexec/postfix/smtpd pid 6195 exit status 1
Jul 3 22:12:18mailserver postfix/master[4881]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
This only ever happens in my experience when the authentication method is actually Dovecot. Usually the problem........
Centos when copying old files and restarting it seems load everything fine and then says [FAILED] with no log or other message.
service restart named
named [FAILED]
Check more thoroughly you may have missed the error if you have lots of zones!
service named restart|grep error
zone 1.168.192.in-addr.arpa/IN: not loaded due to errors.
zone 2.168.192.in-addr.arpa/IN: no........
Sometimes if you have a very basic configuration OpenVPN on the client side for some reason sends all traffic to the OpenVPN server IP through the tun0 which is of course impossible and creates a block or routing loop.
This is because you need to use your normal ISP/LANgateway to hit the OpenVPN server if it is remote/offsite as is usually the case. So if you are connected to the OpenVPN through say a tun0 device and your routing is set to connect to the OpenVPN&nbs........
This happens because Dovecot limits the maximum IMAPconnections per IPto just 10. This may be fine for a single client side IPbut if an entire office or multiple users are behind one IPor a single heavy user is active then you will get bizarre errors in your e-mail clients such as "Password Incorrect" or similar in Thunderbird. It won't be obvious on the client side as to what the problem is and they will probably just think the server is misconfi........
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.2.15 (CentOS) Server at testdomain.com Port 80........
This is not the normal "black screen"issue and I was shocked to eventually find out why. The normal advice of reconfiguring Xorg didn't work. Even booting into "Recovery Mode" did not help.
Here is the short end of the stick that fixed it:
sudo apt-get install mdm mate-desktop-environment
Yes you got it right, mdm and the mate-desktop-environment / gnome were somehow uninstalled. This must be whe........
ValueError: new value non-existent xfs filesystem is not valid as a default fs type
Pane is dead
From what Iread this is misleading and has to do with the fact that the initrd and kernel are mismatched.
This is a hard situation because for some older hardware Iam using the Centos Plus kernel which has modules that Irequire for an older server/NIC. This seems to have cropped up in the past few months and there is no simple fix........
It looks like this has something to do with APIC but I am not sure. I have similar CPUs with a different MB and BIOS that work fine on the same type of kernel. A lot of time the issue is because of the C-step setting in the BIOS.
The same thing happened on the 2.6 kernel with Centos 6 but this is a homebrew 4.4 kernel soI am not sure why it is happening when even Centos 7 (3.2) kernel works OK.
Solution - It comes down to the BIOS set........
So you restarted your router/dhcpd server or for some other reason you wonder why DHCP is not working on any of your clients?You go and check that named is in fact running fine.
But then you check /var/log/messages and see this error for everything hostname:
named[1525]: error (broken trust chain) resolving 'min-api.cryptocompare.com/A/IN': 173.245.58.78#53
I've only ever seen this when the time on the server was off. It........
One simple way to keep your server public but almost impossible to hack via SSHis to disable password authentication over SSH. This means the only way in is via your own private key that only you should have.
Edit your /etc/ssh/sshd.conf file
Set this option
PasswordAuthentication no
Restart your SSH server.
service sshd restart
........
This is one thing that has me wondering about SMF. It is apparently a known issue but in the latest version and new install nothing looked right because it was using http://127.0.0.1 to find everything! How on earth would it ever do this or think it is normal?
Excerpt of crazy html code it produces that causes the issue:
........
It's fairly simple to start or stop a check but I do wish mdadm's command had this built in. Sometimes it will do a check at the worst time causing the server to crawl to a halt.
Stop check on md126:
echo idle > /sys/block/md126/md/sync_action
Start check on md126:
echo check > /sys/block/md126/md/sync_action
........
So I have a domain "testdomain.com".
Inside test domain.com's root is the following .htaccess:
Options +FollowSymLinks -Indexes
ErrorDocument 403 /launch/index.html
Order Deny,Allow
Deny From All
Allow From 192.168.1.2
When you visit anything other than root things work fine. Eg. if you visit http://testdomain.com/somedirfile.html
It will show the right error in /launch/........
This is useful for security purposes especially on a server which may have a public IP assigned to it but has a second NIC for the LAN.
Here is how you edit smb.conf:
[global]
interfaces = 192.168.1.50
bind interfaces only = yes
As you can see above it will only listen on 192.168.1.50 and remind to keep the "bind interfaces only"option.........
It has been a big pain for a long-time to install Windows from a Linux environment. I used to run a windows install server and it never worked right for some reason (the install would fail on most servers).
Before getting start be sure to setup your samba share so once you boot into WinPE you can mount the install for whatever Windows you want
/etc/samba/smb.conf
[smbwinstall]
path = /tftpboot/images/winstall
guest ok = yes........
Some of the cheaper or newer SSL suppliers will require this to work properly (otherwise you may be prompted that the cert is invalid when it's not the case but it will certainly scare off your users!).
In the Apache vhost conf for the domain here is what you add:
SSLCACertificateFile /path/to/your/cafile.pem
Here is a full example of an SSL Vhost config in Apache using a CA Certificate file
........
The easiest way is to use SSHand DD or a combination of netcat. SSHwill be a little slower due to encryption but is the most secure way (on two older systems the average clone speed is about 40-50MB/s). This is also OS independent as it doesn't matter what the source OS is because you are literallly cloning the drive so you retain the partition table and settings.
Clone HDD using SSH and DD........
Stopping httpd: [ OK ]
Starting httpd: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load /etc/httpd/modules/libphp5.so into server: /etc/h........
The Linux Kernel interpretated a very high volume of real traffic as a DDOS attack so it basically ends up blocking your web server.
possible SYN flooding on ctid 42131, port 80. Sending cookies.
Simple fix edit sysctl values for max_syn_backlog
sysctl -w net.ipv4.tcp_max_syn_backlog=5000
To make them permanent edit /etc/sysctl.conf
echo "net.ipv4.tcp_........
yum -y install samba
vi /etc/samba/smb.conf
https://www.kernel.org/pub/linux/utils/boot/syslinux/syslinux-6.03.zip
mkdir syslinux;cd syslinux;unzip syslinux-6.03.zip
mkdir -p /tftpboot/libs/
cp bios/com32/modules/linux.c32 /tftpboot/libs/
cp bios/com32/libutil/libutil.c32 /tftpboot/libs/
cp bios/com32/lib/libcom32.c32 /tftpboot/libs/
#add lib path
echo "PATH libs" >> /tftpboot/pxeli........
By default Samba SMB/NMB listen on ANY and ALLIPs on your system by binding to 0.0.0.0. Obviously this is a huge security risk if you have a public facing server with both internal and external access. Usually when a system administrator sets up a samba server their intention is just to share with a LAN.
To do this you need to the following options under the [global] section in smb.conf
bind interfaces only = yes
interfaces = 192........
It's really simple and just a matter of the following line within the subnet declaration.
deny unknown-clients;
See example below:
subnet 10.25.20.0 netmask 255.255.255.0 {
range 10.25.20.11 10.25.20.254;
deny unknown-clients;
option routers 10.25.20.10;
option domain-name-servers 208.67.222.222;
 ........
[Wed Sep 20 15:34:44 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Sep 20 15:34:44 2017] [error] Init: Unable to read server certificate from file /www/ssl-certs/server.crt
[Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error........
mysqldump or mysql query of a larger file/table
ERROR 2006 (HY000) at line 567: MySQL server has gone away
Add this to /etc/my.cnf
max_allowed_packet=64M
service mysqld restart........
Just a note before you do this you should have a sure, guaranteed way into the system such as local, KVMor preferably publickey making bruteforce SSH absolutely impossible since there is no password to bruteforce and even if someone knew the password they wouldn't be able to login except from the local console (presumably you should make sure no one unauthorized has physical access).
1. Edit /etc/ssh/sshd_config
Find the section like this:........
When using the .sh script the rendering doesn't work after an upgrade of related packages to kdenlive.
kdenlive (kdenlive:amd64 (4:17.04.1+git201705191233~ubuntu16.04.1)) with affine or composite transitions was fine but is now broken during the time of transition it is just a white screen.
The previous version was fine:
kdenlive:amd64 (4:17.04.1+git201705191233~ubuntu16.04.1
But now I can't find it or install it:........
#if you have nvidia make sure you install the nvidia-cuda-toolkit so hardware acceleration can be used
wget http://ffmpeg.org/releases/ffmpeg-3.3.2.tar.bz2
tar -jxvf ffmpeg-3.3.2.tar.bz2
cd ffmpeg-3.3.2/
./configure --disable-yasm
install prefix /usr/local
source path ........
Still looking for the solution
Working Solution 2017/07
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D46F45428842CE5E
Solution
gpg --keyserver hkp://subkeys.pgp.net --recv-keys D46F45428842CE5E
gpg: requesting key 8842CE5E from hkp server subkeys.pgp.net
gpg: keyserver timed out
gpg: keyserver........
sudo mkdir -p /etc/X11/xorg.conf.d/
sudo vi /etc/X11/xorg.conf.d/20-intel.conf
On newer Ubuntu / Mint / Debian systems the file would go in: /usr/share/X11/xorg.conf.d/20-intel.conf
Type "i" and enter the following:
Section "Device"
Identifier "Intel Graphics"
Driver&n........
I was sure this was a Centos bug with OpenSSL, Apache, MySQL or even PHP. I tried everything but nothing helped. One clue is that if you check the Apache logs you will see nothing in the access logs until minutes later (this means Firefox has not even passed your request to the remote Apache/htttpd server).
When even accepting the invalid certificate message that would show up minutes later when trying to "View the Certificate" Firefox would freeze. This bu........
*Update so this doesn't work it must be something to do with the path of nfs or something else but the installer fails with "Installer crashed" at the end whereas with the CD/USB it works.
This assumes you've already installed and configured a separate PXE/DHCP server somewhere else and your /tftpboot directory is setup.
This is for Linux Mint 18.1 but generally applies to most versions although you may have tro change things like "casper"........
Does this mean? [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Basically it means you created your SSL Certificate as a CA the wrong way, usually with this command:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
How can you fix it and do it properly?
Step 1.) Make a new Private KeyCreate server pass key:........
apachectl -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
It is "prefork.c" so in httpd.conf these settings are what you would use (if you use worker.c it won't have any impact):
StartServers 2
MinSpareServers 5
MaxSpareServers&nb........
Ihave a tar and when extracting it changes /root to a uid and gid of the source server which is bad especially for /root!
You can get around this by extracting as follows:
Add the -o switch which means "--no-same-owner"
tar -o -zxvf sometar.tar.gz........
whois in Linux is incredibly out of date and does not seem to recognize most new TLDs domains, but there is a quick and easy tip/hack/tweak for this.
An example of new TLD's site as .review .site .club
whois somesite.club
No whois server is known for this kind of object.
bash to the rescue
Now I did try to apply this in .bashrc but DONOT! Ithink the * wil........
This is especially helpful if you run your own servers. If you are presented with an error message or warning that the signature has changed or does not match the IP/domain you are connecting to you always want to verify manually.
So your e-mail/web client will show you an SHA-1 fingerprint like this:
"Could not verify this certificate because the issuer is unkown" or other reasons such as a mismatch in IP/domain.
It will also show you........
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os error was
12: Timeout on http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds')
Error: Cannot find a valid baseurl for repo: base
You would think this should be fine and simple like using a proxy with most other software?
However........
Ifigured out what caused this but don't have the solution just yet. Iwould deploy a certain script from a .tar.gz to some servers and found that /root was always owned by user and group "1000.1000". This corresonded to the user who made the .tar.gz.
For some reason when extract normally with "tar -zxvf file.tar.gz" it impacts the parent directories ownership. There must be some recursion going on or possibly the .tar.gz but I haven't f........
Cannot even "Browse Network" when clicking on "Windows Network"
Unable to mount location
Failed to retrieve share list from server: No such file or directory
logs:
[2017/02/14 00:16:44.271314, 0] ../source3/nmbd/nmbd.c:58(terminate)
Got SIGTERM: going down...
[2017/02/13 17:35:41.797944, 0] ../lib/util/become_daemon.c:124(daemon_ready)
&........
[Thu Jan 26 14:13:31 2017] [notice] caught SIGTERM, shutting down
[Thu Jan 26 14:14:00 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jan 26 14:14:00 2017] [error] Server certificate is expired: 'Server-Cert'
[Thu Jan 26 14:14:00 2017] [notice] SSL FIPS mode disabled
[Thu Jan 26 14:14:07 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jan 26 14:14:07 2017] [error] Server certificate is expired: 'Server-Ce........
This actually only happened after an e-mail server ran out of space due to run away log files. Normal Desktop clients were not affected. It appeared to be a bug in K9 mail but even reinstalling/wiping all settings did not fix it (read e-mails would still not reappear).
This is moreso a bug in Dovecot where it probably messes up the index files.
How do you fix this in Dovecot/your e-mail server?
You need to delete the do........
The solution is simple but strange, if you copy your /var/lib/mysql directory to another server and think it will work, be sure to check if you have /var/log/mysql and binary log files. If you do, the server will not work and will give you errors like below and crash without the proper log files.
UPDATE user SET password=password("newpass") WHERE user='root';
flush privileges;
ERROR 2013 (HY000): Lost connection to MySQL server durin........
170110 5:35:23 [Note] /usr/libexec/mysqld: Normal shutdown
170110 5:35:23 [Note] Event Scheduler: Purging the queue. 0 events
170110 5:35:23 InnoDB: Starting shutdown...
170110 5:35:24 InnoDB: Shutdown completed; log sequence number 0 12765401
170110 5:35:24 [Note] /usr/libexec/mysqld: Shutdown complete
170110 05:35:24 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended........
2017-01-12 14:25:36 529 (ERROR): The installer was unable to verify that your kernel supports IPv6.
2017-01-12 14:25:36 530 (ERROR): The message received when trying to create an IPv6 socket was Address already in use
2017-01-12 14:25:36 531 (ERROR): Please ensure that the ipv6 module is enabled and loaded in your kernel.
2017-01-12 14:25:36 532 (FATAL): Exiting...
Solution
This happened........
service named status
rndc: connect failed: 127.0.0.1#953: connection refused
named (pid 10557) is running...
This issue is normally caused by a permissions issue where named doesn't have the permissions to read the rndc.key.
Check /var/log/messages:
Jan 4 17:06:22 storagebox named[10753]: none:0: open: /etc/rndc.key: permission denied
Jan 4 17:06:22 storagebox named[10........
# yum -y install qemu-kvm
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.lzu.edu.cn
* elrepo: ftp.utexas.edu
* epel: ftp.jaist.ac.jp
* extras: mirrors.aliyun.com
* openvz-kernel-rhel6: mirror.fdcservers.net
* openvz-utils: mirror.fdcservers.net
* updates: mirrors.nwsuaf.edu.cn
Resolving Dependencies........
If you want to make sure only a certain IP can access your server for any service or protocol here is a way to do it (just be sure you have access to the IP(s) mentioned or you will be locked out).
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -s IP.IP.IP.IP -j ACCEPT
iptables -A INPUT -j DROP
serv........
Tired of checking iotop and seeing that your drbd partition is using 99.99% of io all the time and finding your drbd device performs slow in general?
This is especially an issue in versions of DRBD in the 8.3 tree in particular one documented case is on "8.3.13" but it likely applies to other devices.
The symptoms are that resyncing is fine and normal but any reasonable amount of activity is very slow and lagged and creates a high server load and con........
We've all done this at some point, you work on the wrong shell window and this was my first time making this mistake but I deleted a partition table in fdisk, recreated it and saved it with "wq" and even ran partprobe! If you haven't rebooted yet then you can still recover your partition table, otherwise you're in big trouble.
Fortunately since it was a live system and in use the kernel still had to use the old table like below:........
migrating from an old OpenVZ (Centos 5) to new OpenVZ (Centos 6)
Also if migrating from 32-bit HN to 64-bit your RAM will probably be much bigger than it should be!
16x bigger
eg. 32bit HN:
total used free shared buffers cached
Mem:&nb........
Errors like this are shown on high usage servers and ports so it is common to see it on http and even imap ports:
possible SYN flooding on port 80. Sending cookies.
The Linux kernel will even detect flooding on OpenVZ containers:
possible SYN flooding on ctid 6000, port 993. Sending cookies.
In many cases this is not an issue and is more so simply a result of regular, but high usage traffic.........
In Firefox I cannot connect to any website, proxy is disabled and outside network access is confirmed, no system or manual proxy was set on this Linux Mint/Ubuntu system. Normally this can be caused by proxy or DNS problems and the weird thing is that traceroute and ping to other IPs worked fine but even connecting to sites by IP was not working.
The connection was reset
The connection to the server was reset while the page was loading.........
I wanted to use Astrachat because it seems to be the only app that has video, pic and file sharing for Jabber butI cannot even connect despite any other client working fine including Xabber and others.
astrachat "Oops.. We can't connect to the account that you provide above. Please recheck your account detail".
Unfortunately to make it worse there doesn't seem to be any error log or more details about the issue.
The jab........
This can happen because port 80 is not open, or your license has expired and/or your IP is out of date and also if the license server itself from cPanel is having issues.
In most cases as long as you have a valid license the following command will solve it:
/usr/local/cpanel/cpkeyclt
Updating cPanel license...Done. Update succeeded.
Building global cache for cpanel...Done
Cannot........
Stopping httpd: [FAILED]
Starting httpd: httpd: Syntax error on line 73 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_file_cache.so into server: /etc/httpd/modules/mod_file_cache.so: cannot open shared obje........
This is a simple fix but not a simple problem and it still doesn't make sense to me.
But in a nutshell if your target proxy server works fast when accessing directly over SSL then this may be your issue.
It seems SSL does not play nicely when the target proxy destination/host has a riduculously long key (such as 8192 bits long). Now this is normally not a problem, in fact the target server could be accessed with hardly any delay directly despite such a long key.........
Download from here http://www.avagotech.com/products/server-storage/host-bus-adapters/sas-9200-8e#downloads
sudo Installer_P20_for_Linux/sas2flash_linux_i686_x86-64_rel/sas2flash -listall
LSI Corporation SAS2 Flash Utility
Version 20.00.00.00 (2014.09.18)
Copyright (c) 2008-2014 LSI Corporation. All rights reserved
&nbs........
There are a few ways of doing this and all basically involve using the reverse proxy or "ProxyPass" feature of Apache to accomplish it.
1.) Create a normal vhost and simply symlink the root directory of the site you want to mirror.
Eg. originalsite.com and newsite.com
/vhosts/originalsite.com/httpdocs
You would symlink like this:
ln -s /vhosts/originalsite.com/httpdocs vhosts/originalsite.com/........
I modified the default to the following for faster local dialing for North American area codes:
(*xx|[3469]11|0|00 [2-9]xxxxxxS0|[2-9]xxxxxxxxxS0|1xxx[2-9]xxxxxxS0|xxxxxxxxxxxx.)
This is what I added to the above: "[2-9]xxxxxxxxxS0" so any 9 digit number is dialed instantly xxx-xxx-xxxx (the S0 at the end makes it dial right away). This makes dialing much quicker and is recommended.
*No........
According to this and my own experience it is the case that you have started something running in the foreground or a server that does not terminate with a normal rc.d script. The server will reboot once you kill whatever command or process that is.........
The best way is as below in .htaccess using modrewrite, any request that is not SSL will be redirected to https://domain.com and the exact same URL
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]........
apt-get install pptp-linux
echo "yourvpnusername * yourpasspass *" >> /etc/ppp/chap-secrets
vi /etc/ppp/peers/provpnaccounts.com
enter (ignore the lines):
============
pty "pptp server.provpnaccounts.com --nolaunchpppd"
name testuser
#remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
==========........
The following assumes the computer is local/physical to you and/or it always has a LANIP so it can be accessed on site without having a default gateway.
The key to this is not to set a default gateway for your computer or you can set a script on boot or other time to delete the gateway (where eth0 is the NIC you are using):
route del default eth0
50.80.20.2 is the VPN server you connect to
192.168.1.1 is your........
This was a horrible shock after upgrading fromUbuntu 9 to Linux Mint 17 and I found that the last distro to support tsclient was Debian Squeeze.
For some reason it has disappeared for a long time and the new options such as rdesktop and gnome-rdp do not have any start menu entry and just aren't done as well as tsclient.
Fortunately there is a solution:
tsclient surprisingly can be downloaded as a direct .deb package and it fails with some variou........
Your server does not support SNI, so all of your SSL websites must use the same SSL certificate. An update to the certificate on an existing SSL website will affect all of your SSL websites, and new SSL websites must use the currently installed certificate.........
I am getting this error:
kernel:[14277.697049] EDAC MC0: UE row 4, channel-a= 0 channel-b= 1 labels "-": (Branch=0 DRAM-Bank=0 RDWR=Read RAS=7048 CAS=0 FATAL Err=0x4 (>Tmid Thermal event with intelligent throttling disabled))
But many people believe this is a bug/false message and the server is running stably.........
for disk in `fdisk -l|grep "Disk /dev"|awk '{print $2}'|sed s/://g`; do
echo "$disk" && smartctl -d ata -a "$disk" -T permissive|grep -iE 'Device Model:|Serial Number:'
echo "---------------"
done
*Make sure you have smartctl from smartmon tools installed
Sample output:
/dev/sdc
Device Model: ........
#solution
Edit /etc/yum.repos.d/openvz.repo
For the first two entries comment out #mirrorlist and uncomment #baseurl and then it worked
openvz yum problem Centos 6.5 cannot find file on mirror:
yum update
Loaded plugins: fastestmirror
Determining fastest mirrors
* openvz-kernel-rhel6: mirrors.ustc.edu.cn
* openvz-utils: mirrors.ustc.edu.cn
base ........
sudo apt-get install zoneminder
[sudo] password for one:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libuser-perl python-evince kdebase-apps kwrite unixodbc
libgnomeprint2.2-data python-soappy vgabios python-metacity hddtemp
python-mediaprof........
I never did get it working, it is too bad as obfsproxy should really be an option and integrated into the OpenVPN client and server or something similar:
yum -y install python-pip python-devel
No package python-pip available.
#install the EPEL repo
python-pip install obfsproxy
python-pip install obfsproxy
-bash: python-pip: command not found
pip install obfsproxy
&........
Message from syslogd@server at Sep 14 11:35:59 ...
kernel:[Hardware Error]: MC4 Error (node 1): DRAM ECC error detected on the NB.
Message from syslogd@server at Sep 14 11:35:59 ...
kernel:[Hardware Error]: Error Status: Corrected error, no action required.
Message from syslogd@server at Sep 14 11:35:59 ...
kernel:[Hardware Error]: CPU:6 (10:8:0) MC4_STATUS[Over|CE|MiscV|-|AddrV|CECC]: 0xdc00400021080813........
iptables -t nat -A PREROUTING -p tcp -m multiport --dports 80,443,2068,8192 -j DNAT --to-destination 192.168.1.175
Just adjust the "--dports" to the ports you need and the --to-destination to the destination IP (note it must be on the same network as the server running iptables........
-------------------------------------
ProCurve J4903A Switch 2824
Software revision I.10.77
Copyright (C) 1991-2009 Hewlett-Packard Co. All Rights Reserved.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the Government is subject to restrictions........
Fortunately the format is EATX so an EATX case will work and the screw layout is standard.
You will need to remove the HEX/TORX screws that are connecting the stock HP standoffs (meant to slide into an HP case).
XW9400 Motherboard Issues
Size: 12" x 13"
Proprietary Power Connector
Proprietary CPU Power Connector
Proprietary Memory Power Connector
Fan connectors are 4 pin so you will need some kind of adapter.........
Motherboard: Gigabyte GA-3CESL: http://b2b.gigabyte.com/products/product-page.aspx?pid=2658#dl
Dell Part Numbers for the motherboard: R1232 R1232L R2232S SERVER MOTHERBOARD GENUINE 408P9 CN-0408P9
GA-3CESL Manual Download here
RAMSlots: 16 (8 controlled by each CPU)
RAMType: DDR2 ECC 5300P........
[Tue Jun 23 02:05:52 2015] [error] Unable to configure RSA server private key
[Tue Jun 23 02:05:52 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
The above is an accurate description of what is wrong.
In our case the client made a simple mistake of thinking the localhost.crt and localhost.key (default key locations for Apache SSL in Centos) were in the same directory but they we........
An error occurred during a connection to site.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
When the above happens in our experience it is a misconfiguration of........
#from epel repo
yum -y install opendkim
chkconfig opendkim on
cd /etc/opendkim/keys
opendkim-genkey -vd mail.server.com
opendkim-genkey: generating private key
opendkim-genkey: private key written to default.private
opendkim-genkey: extracting public key
opendkim-genkey: DNS TXT record written to default.txt
........
This happened while trying to delete several thousand users from phpBB and basically corrupted the innoDB tables.
InnoDB: Page lsn 3 881164362, low 4 bytes of lsn at page end 881164362
InnoDB: Page number (if stored to page already) 86920,
InnoDB: space id (if created with >= MySQL-4.1.1 and stored already) 0
InnoDB: Page may be an index page where index id is 700
InnoDB: (index "tid_post_time" of table "phpBBdb2005"."phpbb3_p........
ResourceManager[31705]: CRIT: Resource STOP failure. Reboot required!
This happened on a cluster Iam running with heartbeat for no particular reason that I can figure out.
The box ended up rebooting itself for some reason. It was not a big deal in the sense that the other servers in the cluster kept running but it would be nice to find the cause of this.........
windows cannot find the microsoft license terms windows 2012 server install
This is actually because you are using less than 576MB of RAM. In my case I was installing on a KVM VPS with 512MB of RAM. This issue would apply to any physical or virtual server with less than 576MB of RAM. This includes Virtualized VPS Servers with XENHVM, KVM, VBOX, VMWare etc.. or Dedicated Servers with such little RAM.
It's very misleading of course since it has not........
Dell CS24SC Info
0000:00:00.0 Host bridge: Intel Corporation 5100 Chipset Memory Controller Hub (rev 90)
0000:00:02.0 PCI bridge: Intel Corporation 5100 Chipset PCI Express x8 Port 2-3 (rev 90)
0000:00:03.0 PCI bridge: Intel Corporation 5100 Chipset PCI Express x4 Port 3 (rev 90)
0000:00:04.0 PCI bridge: Intel Corporation 5100 Chipset PCI Express x16 Port 4-7 (rev 90)
0000:00:05.0 PCI bridge: Intel Corporation 5100 Chipset PCI Express x4 Port 5 (rev 90)........
0000:00:00.0 Host bridge: Intel Corporation 5000P Chipset Memory Controller Hub (rev b1)
0000:00:02.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x8 Port 2-3 (rev b1)
0000:00:03.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x4 Port 3 (rev b1)
0000:00:04.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x8 Port 4-5 (rev b1)
0000:00:05.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x4........
[ 17.208336] tg3 0000:08:00.0: eth0: Link is up at 1000 Mbps, full duplex
[ 17.210194] tg3 0000:08:00.0: eth0: Flow control is on for TX and on for RX
[ 76.000065] phy0 -> rt2x00lib_request_firmware: Error - Failed to request Firmware.
[ 76.002332] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 86.736004] eth0: no IPv6 routers present
[ 148.960038] phy0 -> rt2x00lib_request_fi........
What matters most about VPNproviders in 2024?
We are highly suspicious of VERYLARGE VPN providers that have LOW PRICES and HUGE DISCOUNTS. The suspicion is that for those who know what costs are involved to purchase thousands of IPs and servers are not small. At the prices that many of the big mainstream providers offer, it is likely unprofitable or barely profitable. Then, how are those companies making money or is that even the goal?
There use........
I kept thinking it was esniper but somehow my bash settings have a preset proxy that was creating the issue.
https://signin.ebay.com/ws/eBayISAPI.dll?SignIn: Couldn't connect to server: couldn't connect to host
curl manually to any URL is the same:
curl: (7) couldn't connect to host
Run curl with -vvvvvv mode to see the issue:
curl -vvvvvvvvvv http://realtechtalk.com
* About to c........
CPanel says you can access 98% of the functions through CLI which experienced Unix/Linux admins prefer for simplicity and for scripting. I've never found CPanel easy to use from the admin panel, it seems everything is hard to find and a simple task becomes a series of hunts.
So for people like me here's the list: http://cpanel.net/system-administrators/command-line-scrip........
To activate your Windows server trial which gives you 180 days:
Start ->Right Click (My Computer).
Click "Activate Windows now"
To renew your license for 180 days (can be done 6 times):
Start -> Type this command:
slmgr.vbs -rearm
Wait a few minutes until it says it is successful (unless you get that message it has not worked or been done)........
Start -> Administrative Tools ->Server Manager
Under "Computer Information" click "Configure Remote Desktop".
Under "System Properties" choose the type of "Allow connections" you want.
That's all there is to enabling RDP Access in 2008 server.........
This problem seemed to happen recently but was likely causing issues before where the phone(s) do not ring.
Now there are a few reasons why this can happen especially if your adapter has DND mode enabled (disable it).
However that wasn't my issue and Ionly figured it out the other day when by fluke if you're on the phone (making a call) then calls will come in.
That's when Ifigured out the solution:
This likely app........
http://deepxw.blogspot.ca/search/label/Universal%20Termsrv.dll%20Patch
The above site has the patch that does this essentialy turning a Desktop Windows into a full fledged RDP server.........
nf_conntrack: table full, dropping packet
The above in some cases I've seen is a sign of a DOS attack or can occur if users are using services like torrenting, proxy, VPNetc... Do not take it lightly as the above can knock a server offline if the table becomes full and I've also seen full crashes and kernel panics shortly after.
........
kernel:[735188.961824] Kernel panic - not syncing: Fatal exception in interrupt
Write failed: Broken pipe
I'm not sure what is causing this and have never seen it on any server before.........
root@hkhosting [/]# service httpd start
Starting httpd: Syntax error on line 2 of /etc/httpd/conf/httpd.conf:
Invalid command 'Alias', perhaps misspelled or defined by a module not included in the server configuration
........
I was worried the server was hacked, I was logged in already as root but couldn't login to CPanel or a new SSHsession. I even reset the password from the shell and it did not work still.
The reason is CPanel Hulk, it detected a brute-force attack so it locked down the root account entirely even from the correct password. According to cPanel the best way around this is to whitelist your IP.........
ssh -L 5905:localhost:5900 root@yourserver.com
The "-L" means to create a port forward to a port on your server.
The 5905 means the port on your computer that will be used to access the port 5900 on the remote server.
localhost is the IP that you use to access the port forward (you can change it to 0.0.0.0 which will be all IPs on your system/computer but localhost is good for security and privacy unless a whole network of people need access).........
Just in case anyone is wondering that is the case, it can make troubleshooting impossible if you're making changes to php.ini but don't realize the webserver must be restarted for those changes to apply (contrary to running php-cgi which always looks up the current .ini settings).........
This server has been running for weeks without issue, it's currently only using 1 of 2 CPUs as it is running in the office as a test bed (mainly due to the handle 12 bay storage/great for testing HDDs). The errors below seem to mainly be from AMD CPUs, it's only happened a single time and in the days since Igot that error it hasn't occurrred.
Interestingly enough /proc/cpuinfo still shows all 4 cores of the CPU (Opteron 2373 Quadcore HE) and the functionality doesn't seem........
Go to:
"Server Configuration" -> Basic cPanel & WHM Setup
Scroll to: "Nameservers" (at the bottom)
From there you can set the names of the nameserver and their IPs.
It's very weird and confusing that nothing under IP Functions/DNS has or links to this.........
Idon't know why but some installations don't have this in the database by default.
To fix it to an:
sudo apt-get update;sudo apt-get install openssh-server
and then it will work........
yum -y install fail2ban
vi /etc/fail2ban/jail.conf
[asterisk-tcp]
enabled = true
filter = asterisk
action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
logpath = /var/log/asterisk/messages
maxret........
This is different than Centos 5, you have two services btu they are called "smb" and "nmb".
You need to enable and start "nmb" in order for your samba server to be listed.
chkconfig nmb on; chkconfig smb on
service nmb start;service smb start........
Dell CS24-NV7
Unusually the Virtualization was enabled when I got this server but all the NICs were diabled in the BIOS including PXE boot!
Advanced -> Advanced Chipset Control
PCI Slot 1 Option ROM: Enabled
Onboard LAN1 Control: Enabled
LAN1 Option ROM Scan: Enabled (you need it for PXE boot)
Onboard LAN2 Control: Enabled
LAN2 Option ROM Scan: Enabled
*you will need to reboot and........
cat Xorginfo.txt|grep -nr "xserver-xorg"
Result:
9: sudo apt-get remove --purge xserver-xorg
13: sudo apt-get install xserver-xorg
17: sudo dpkg-reconfigure xserver-xorg........
service mysqld start
MySQL Daemon failed to start.
Starting mysqld: [FAILED]
mysqld_safe
cat /var/lib/mysql/server.err
130917 17:57:09 InnoDB: Started; log sequence number 0 0
13091........
This example involves an Aterisk message log of about 26GB, but with any server it usually does not get deleted until the server is stopped/restarted:
asterisk 13729 root 6w REG 0,41 27277943090 59097971 (deleted) /var/log/asterisk/messages
So if you've deleted a bunch of large logs, make sure you restart the server for them to regain your space.
........
/scripts/phpextensionmgr install PHPSuHosin
Updating md5sum list
Fetching http://httpupdate.cpanel.net/cpanelsync/easy/targz.yaml (connected:0).......(request attempt 1/12)...Resolving httpupdate.cpanel.net...(resolve attempt 1/65)...
Fetching http://httpupdate.cpanel.net/mirror_addr_list (connected:0).......(request attempt 1/3)......connecting to 74.50.120.123...@74.50.120.123......connected......receiving...100%......request success......Done........
The first is a dual CPU AMD Opteron 2373EE (4 cores x 2) and I think it did bad because it has some old 250GB SATAs which can only do about 65MB/s max sequential reads. I think it should have blown away the second (AMD X4 640 Quad Core).
[root@fs12home unixbench-4.1.0-wht-2]# ./Run
make all
make[1]: Entering directory `/root/unixbench-4.1.0-wht-2'
Checking distribution of files
./pgms exists
./src exists........
relay=alt4.gmail-smtp-in.l.google.com. [74.125.136.26], dsn=4.0.0, stat=Deferred: 421-4.7.0 [ 10] Our system has detected an unusual rate of
This is strange because the mail server IP is not blacklisted anywhere and the IP itself has not been used for years and this server is clean and has only sent a few e-mails to gmail.com in its entire time.
I wonder if this is a legacy block on a whole range of IPs as punishment for others in the block........
I just realized I have some blank users which I deleted butI can still login to this dummy account without a password for some reason.
mysql -u -p
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 5
Server version: 5.1.69 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation an........
I've got one of these for testing projects from work at home and got more than I bargained for with the time I've spent on it due to the storage handing/Perc 6/i cards.
My particular model came with the following:
2U Rack Mount Server with Rails
2xOpteron 2373 EE (Quad Core, there is a 6-core version that can be found at times)
16GB RAM
2 x 250GB Seagate SATA
2 x Dell Perc 6/i (horrible and a nightmare to work........
LSi Megaraid
At first it was configured as a RAID 0, then I deleted the Virtual Disk Group.
I thought both drives would be shown and detected in Linux as sda and sdb but it actually shows nothing.
To make them work you have to hit Ctrl+R before the system boots (when prompted) and create a Virtual Disk Group. In my case I created each one as RAID 0 (with a single drive only) as I just wanted JBOD but there is no such option or default in these Dell Pe........
pxe-32 tftp open timeout
The solution was to enable tftp in xinetd with "chkconfig tftp on".
See the troubleshooting below:
chkconfig --list
NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off
acpid 0:off&n........
CPanel ->Basic cPanel &WHMSetup
At the bottom you'll see them, set the nameservers you want to use and the corresponding A record if needed.
Then all new domains will use those settings/nameservers.
It's strange that there's no section for this specifically.........
http://support.godaddy.com/help/article/668/registering-your-own-nameservershosts?pc_split_value=1
Log in to your GoDaddy Account.
Click on "My Account" at the top left.
Click on "Domains".
Click on the "Launch" button for the domain you want to create the nameservers for.
Find........
This happens when su'ing to a user and running screen
screen Cannot open your terminal '/dev/pts/0' - please check.
Solution (not secure for a shared server)
chmod 777 -R /dev/pts
........
for ip in `cat fixlist.txt`; do
sudo -u apache ssh root@$ip "`cat iptablesrules.sh`"
done
In the above example we are going to execute the commands within the local file "iptablesrules.sh" on all the machines in "fixlist.txt". This is a great way of performing server maintenance in a clustered or cloud environment.........
open /dev/kvm: No such file or directory
failed to initialize KVM: Operation not permitted
[ 96.084502] kvm: disabled by bios
Any of the above means that "Virtualization" is not enabled in your BIOS. Most servers and Desktops (non-mainstream) can do this no problem but leave it off by default. Note that some systems even though the CPU supports it, don't allow enabling of Virtualization for some reason (especially some lap........
Jul 11 15:20:58 tor sendmail[9617]: r6AKjOD07: to=
mailserver.com was the hostname of the server, sendmail sends this by default and many mailservers will reject mail to a hostname that does not resolve or exist.
The easiest way is just to change the hostname and make sure it does resolve to something.
I read there is a way in sendmail.mc to manually set a hostname but I never got it working:
vi /etc/mail/sendmail.mc
define(`confDOMAIN........
The program itself catches it, just make sure it's actually focused on rdesktop and it sends Ctrl+Alt+Delete to the remote machine and not the local.........
This is important if you need public access to internal IPs such as at your office and don't want to use a VPN just to SSHinto different servers:
Below forwards the port "10001" to the IP192.200.5.53 on port 22 (of course adjust it to your needs).
iptables -t nat -A PREROUTING -p tcp --dport 10001 -j DNAT --to-destination 192.200.5.53:22
Remember to enable MASQUERADE on your NAT IPs or they won't be able to talk to the outside world (........
I installed Ubuntu 11.04 for testing purposes but I couldn't even download SSH server:
sudo sed -i -e 's/us.archive.ubuntu.com/old-releases.ubuntu.com/g' /etc/apt/sources.list
After running the above make sure you do a "apt-get update"
Note with the above that Ihave the search string of "us.archive.ubuntu.com" change it to whatever is in your sources.list
The above does not fix all repositories either, I haven't had a chance t........
This happened to a customer Asterisk server and it somehow found the ID of the registration account to the upstream SIP server and was railing connection attempts (it filled up the console and there were literally thousands per second). Basically this caused all incoming and outgoing calls to fail.
It was a temporary fix but the solution was to block that specific IP, it's hard to stop it 100% because the customer needs the default SIP port.........
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
bind-address=127.0.0.1
The key is "bind-address", set that to 127.0.0.1 and no one from outside the server can connect.........
mysqldump: Couldn't execute 'show create table `general_log`': SHOW command denied to user 'user'@'localhost' for table 'general_log' (1142)
One of my clients almost found out the hard way, here is an unlikely situation that happened.
1.) Years ago the client had another VPS to which they backed up a BLOG nightly to an .sql file, what they forgot is that the file also contained all databases (they used the --all-databases option but forgot). So imagi........
flush privileges;
ERROR 1146 (42S02): Table ‘mysql.servers’ doesn’t exist
This happened to me on a system running Centos with the REMI repo and a new version of Mysql 5 (which the official Centos/RHEL does not support on version 5).
The solution is just to run this program "mysql_upgrade", after that flush privileges will work.
mysql_upgrade........
If you move your hard drive(s) around to other computers/servers, you'll find that your eth0 keeps getting higher, the first time it will become eth1 and then eth2 etc and even higher if your server has dual or quad NICs. The reason is that udevd basically assigns eth0 tot he first NIC it finds and remembers it, if it encounters a NIC with a differentMAC, it assigns it one higher (eg. eth1).
See the example below, I have eth2 now so how doI fix it?........
Client Log
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.253 [192.168.1.253] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_d........
This is a handy link and list of all the relevant Directadmin log files and related servers.
http://help.directadmin.com/item.php?id=11
DirectAdmin:
/var/log/directadmin/error.log
/var/log/directadmin/errortaskq.log
/var/log/directadmin/system.log
/var/log/directadmin/security.log
Apache:........
-bash-3.1# shutdown -rn now
Connection to localhost closed by remote host.
Connection to localhost closed.
Sometimes I work with embedded systems/custom kernels without any of the fancy init scripts and other common Linux basics that most would expect. This means that often the "reboot" command (which uses an init script) will never work, not only that but it will hang the server and a manual power cycle or reboo........
I chose this because I heard a lot of stories about scams and that many providers I contacted said they can't unlock the Canadian I717s (one said "my Bell server" is down).
This method worked perfectly on my Bell I717M and should work for all I717 in Canada, I was able to insert a foreign SIMcard. This will work abroad too but remember entering CWM mode is different for I717's in other countries (at least theUS).
Step 1 - Root + CWM........
Failed to open a session for the virtual machine XP.
Failed to launch Remote Desktop Extension server (Unknown Status 0x80004005).
Disabled remote display:
Failed to load VMMR0.r0 (VERR_SUPLIB_OWNER_NOT_ROOT).
solution
chown root.root /usr/lib/........
Step #1 - Create Wrapper Script
vi /usr/local/bin/phpsendmail
#!/usr/bin/php
........
sensors|head
i5k_amb-isa-0000
Adapter: ISA adapter
Ch. 0 DIMM 0:+115.0C (low = +127.5C, high = +127.5C)
Ch. 0 DIMM 1: +63.5C (low = +127.5C, high = +127.5C)
Ch. 0 DIMM 2: +61.0C (low = +127.5C, high = +127.5C)
Ch. 1 DIMM 0: +65.0C (low = +127.5C, high = +127.5C)
Ch. 1 DIMM 1: +75.0C&........
Cannot load certificate file keys/server.crt: error:0906D06C:PEM
The .crt is blank empty because when generating it I kept hitting enter for the defaults and this caused the crt not to be signed.
Certificate is to be certified until Dec 18 00:35:49 2022 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
So if you get messages like these, a........
I've run into two issues with Lantronix based KVMs on various servers and here's how I solved them (with that said I like these units as they are Java based and OS independent and work very well, unike some other models like Startech).
1.) If you are connected by USB only and you're sure USB support from the BIOS is enabled, you just need to click the following in Lantronix
Interfaces -> Keyboard/Mouse
Check "Force USB Full Speed Mode", this fixed the issu........
This is something I often setup for clients because it's very helpful for people in datacenters, this allows custom OS installs on demand, you can customize it more by using kickstart etc.. but here's a base I use before customizing more:
This little script below will install everything you need to get booting by PXE Linux.
It also assumes you set a local IP (be sure not to overwrite your existing IP) on eth0:0 (note the :0) as 192.168.1.10 and it........
Here is a quick script that works on most Centos versions to disable the virus/SELinux from blocking basic functionality.
The first echo 0 statement disables SELinux instantly but it will still be enabled on reboot.
The second line disables it permanently.
#!/bin/bash
#disable SELinux Immediately
echo 0 > /selinux/enforce
#disable SELinux Permanently
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config........
qemu-img create -b centos.5-8.x86.20120308.qcow2 -f qcow2 ../kvmguests/25000-centos5.8x86.qcow2
Formatting '../kvmguests/25000-centos5.8x86.qcow2', fmt=qcow2, backing_file=centos.5-8.x86.20120308.qcow2, size=10485760 kB
-b the source/base image
-f format is qcow2 and the location of the destination image
What is so special about this? It's even quicker than creating a template with OpenVZ but this is an actual OS.
It saves time a........
The size of the message you are trying to send exceeds a temporary size limit of the server. The message was not sent; try to reduce the message size or wait some time and try again. The server responded: 4.5.3 Error: too many recipients.
We set this in main.cf:
smtpd_client_recipient_rate_limit=0
We didn't specify it before and the default is said to be 0/unlimited and it still didn't change anything.........
ip_conntrack: table full, dropping packet.
A lot of clients I've seen have this issue, it really seems the default level is way too small. Once this connection tracking table becomes full then packets get dropped which is obviously a bad thing.
One thing to be mindful of though is that 350 bytes of memory are used per entry so there is some justification for not keeping it too high. However, if you have multiple servers running or high traffic daemons........
This may sound silly but there will be conflicts/issues with the default Centos repository so you have to use a third party like remi (I prefer not to do this but it's the only option unless you migrate your sites/data to another server or can stand some downtime-not an option IMHOon a production server).
You may need to upgrade to PHP5.3 to run Joomla or many other reasons.
Your host needs to use PHP 5.2.4 or higher to run this version of Jo........
ntpd[7047]: can't open /var/lib/ntp/drift.TEMP: Permission denied
chown ntp.ntp /var/lib/ntp/
The solution is shown above and changes the ownership to ntp.ntp which is what the ntpd daemon/server is running as. This is based on Centos but the same idea will apply on any other OS. You can do a "ps aux|grep ntpd" to see what it is running as in the case it's running as a different user.
After that this annoying message wil........
JFolder::create: Could not create directory
Plugin Install: Failed to create directory:
This can occur when trying to upload content or when installing themes/templates.
It's usually not a permissions issue per say but doing a 777 (which is very insecure) will fix it. But the real problem solution is that the owner of the files is different than the owner of the Apache process/server.
Eg. if your Apache is running as user "apache........
ERROR 1045 (28000): Access denied for user 'contentmanager'@'localhost' (using password: YES)
For fun I thought I'd reset the password:
GRANT ALL ON thecontent.* TO contentmanager IDENTIFIED by 'dfdfsdfdsfsdfsd';
ERROR 1470 (HY000): String 'contentmanager' is too long for user name (should be no longer than 16)
This is ridiculous that this new version has some bizarre 16 character username limit and not only that but i........
I searched for days after getting my Galaxy Note and couldn't find a way to do this (at least not without buying programs for either Android/Windows). All I read was ways to sync and import the contacts to GMail but I don't want to use GMail for privacy reasons. GMail/Google steal all of your personal information and use it for whatever purposes they want to and may sell or release it to who knows where (I don't care what their policy says but this stuff happens), just like the default........
I dread updating the kernel and rebooting to find the Ubuntu graphics aren't working and you have to manually intervene. This is usually because Ubuntu for whatever reason didn't update the drivers you need (eg. the manually compiled Nvidia Kernel driver that MUST be recompiled for each and every kernel update unfortunately).
The most common reason may be that "linux-source" hasn't been installed automatically on my system. I tried to manually reinstall the........
I really am a Linux fan but my comments here may not show it. Although I'm quite familiar with Linux CLI to administer servers, I find Linux GUI OS's like Ubuntu at times very clunky.
This is partially because there's no such thing as a "self-made" Linux from scratch where the UIwas designed by a single team. Linux is made up of several different projects that are generally completely separate and this lack of integratiion is a key issue that makes things f........
This is a very basic method and won't work in all cases but will reduce the chance of torrenting/abuse by your server users.
iptables -A INPUT -p tcp --destination-port 6881:6999 -j REJECT
iptables -A OUTPUT -p tcp --source-port 6881:6999 -j REJECT........
I used the suggested script to bridge from OpenVPN and it took my client's server off-line! Don't ever use their "sample" scripts if you don't have another way of accessing the server than SSH.
I actually found it easier to use iptables to tell it to route IPs based on a certain subnet to route through eth0:
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth0 -j MASQUERADE
Replace "192.168.200.0/24" with your subnet of cour........
The normal solution would be as follows:
export DISPLAY=:0.0
/usr/lib/vino/vino-server &
But what happens if that doesn't work? I haven't been able to find much documentation about how to find the list of displays and how their numbering works in Xorg.
Sometimes you'll get this error when trying to restart vino:
Cannot open display:
For some reason my display is not on 0.0........
Have you ever found a website/page that has several or perhaps dozens, hundreds or thousands of files that you need downloaded but don't have the time to manually do it?
wget's recursive function called with -r does that, but also with some quirks to be warned about.
If you're doing it from a standard web based directory structure, you will notice there is still a link to .. and wget will follow that.
Eg. let's say you have files in http://serverip/documen........
I'll start by showing some problems in the logs:
[2011/08/07 16:22:06, 0] param/loadparm.c:8569(process_usershare_file)
process_usershare_file: stat of /var/lib/samba/usershares/movie failed. Permission denied
[2011/08/07 16:22:06, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
That means you don't have permission to access the fi........
A few days ago this happened on multiple Centos 5 servers and apparently anyone using rpmforge was affected by this error and there was no solution other than disabling that repo to fix it.
To some this highlighted a few points, that there is a reason RHELexists with full paid support, and also that this could be a vulnerability and huge flaw with yum. A yum search or install should not segfault just because the rpmforge repo goes down.
Fortunately it came back up........
This may not apply to everyone but here is what happened to me.
One day my IP connectivity for one container went dead, I could ping the hostnode from it and the hostnode could ping it but there was no external routing. I restarted the network service but it didn't help.
I checked the routing table inside the VPS and the host and everything looked normal. Iadded another different IPon the same subnet to the container and it worked. Right away I st........
CPT ERR: cc4c0800,28000 :Unknown image version: 304. Can't restore.
This happens when you live migrate between OpenVZ servers with different kernels running, at least significantly different by date.
There is no solution except to make sure you're running the same kernels on all machines, or at least not kernels that are much older or different (this is just a guess though, you should ensure all kernels are the same).........
It's weird because I have a nearly identical box and setup and I can update the ovzkernel-PAE* just fine but on this box it doesn't work.
I only get this error with the openvz.repo and not others such as Centos-Base.repo
With my other server it works normally:
================
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package ovzkernel-PAE.i686 0:2.6.18-238.12.1.el5.0........
One thing to note about DNS servers and providers is that they aren't always trustworthy, not even if they're Google or your favorite ISP. Any DNS server can compromise your privacy, and they are likely tracking your browsing habits and keeping logs of it. Sometimes it's for Marketing/Research purposes such as Google's GMail service which they admit is scraped/datamined. I would expect nothing less from their DNS service.
The other danger with such widely used and pu........
May 6 08:16:57 devbox spamc[16225]: connect to spamd on 127.0.0.1 failed, retrying (#2 of 3): Connection timed out
May 6 08:17:02 devbox spamc[20214]: connect to spamd on 127.0.0.1 failed, retrying (#1 of 3): Connection timed out
spamc[16225]: connect to spamd on 127.0.0.1 failed, retrying (#3 of 3): Connection timed out
First make sure that the spamd service is actually running, this is your spamd (spamassassin server) cannot be reached. In my c........
If you have a webserver and find you have high IO/lagginess MySQL is one of the first things to check. It turns out MySQL was my problem and it was creating a high load on my server, especially for IO.
How to Enable MySQL Slow Query Logging To Find Slow Performance/Queries
vi /etc/my.cnf
Add this anywhere under [mysqld]
#slow queries
log-slow-queries = /var/log/mysql/mysqlslowqueries.log
long_query_time = 1........
mod_status is a great way to track down the source of high CPU usage and to find what vhost/script is the cause of it.
It gives you a live view of bandwith usage, CPU usage, and memory usage broken down by domain/vhost and script/URI.
Enable mod_status
vi /etc/httpd/conf/httpd.conf
ExtendedStatus On
SetHandler server-status
Order Deny,Allow
Deny from all
All........
The fix for this was setting the correct permissions in /var/lib/php, it needs to be "root.root"
And /var/lib/php/session needs to be "root.apache" to work properly.
After that I was able to login to phpMyAdmin as normal. This whole thing happened because I accidentally changed all of /var/lib to root.root.........
You need to enable the httpd daemon with monit to actually view the status and control, it's not only for the web interface since the httpd is theONLY way of controlling monit and viewing the status.
monit monitor all will also reinstate disabled services if they've timed out too much. Just restarting the service will do nothing to re-monitor a service that monit has stopped monitoring due to too many failures.
*Also note that /etc/monit.conf i........
convert -density 400 somepdf.pdf -scale 2000x1000 output.jpg
The key is the "-density 400" switch and also -scale 2000x1000
To give credit I found the solution here: http://www.imagemagick.org/discourse-server/viewtopic.php?f=1&t=10928
That was the perfect solution when I was frustrated with how small the resulting JPG's resulted. I'm sure this will help a lot of people when it comes time to converting a PDF to JPG which I'm amazed Imag........
I don't expect this to be solved soon but some of Yahoo's DNS servers are out of whack. I changed the IPs of some nameservers of some domains and now most Yahoo users can't e-mail to those domains!
As you can see below by the "No MX or A records for mychangedomain.com", now Yahoo's DNS/mailserver DNS cache is wrong. You would think they would at least have cached the old incorrect records, but instead for some reason their DNS cache has no entry and doesn't seem........
Santrex Review/Scam/Complaint
Santrex never provided any working server, I believe it was just a dummy management Solus server because the server said it was booted but never connected to the console. I complained to them and eventually the support admitted the server was not working and to wait for 24 hours. I waited for 4-days, after which they sent an e-mail saying my service was being disabled for SPAM ...(when SolusVM shows 0kb of traffic). Th........
/tmp/J_5JHKXU.bin.part could not be saved, because the source file could not be read.
Try again later, or contact the server administrator.
This is actually not a download problem related to the server/site you're using but actually some weird bug with Firefox. I know because no matter what site I tried to download from this error kept happening.
Simpy restarting Firefox was enough to get things working again.........
find what MPM Apache is using, it will either be using "worker" or "prefork"
apachectl -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
In my case it is "prefork"
vi /etc/httpd/conf/httpd.conf
Find the section that looks like this (by default one will normally exist for prefork and for worker, but in my case I only care a........
*Remember to restart spamassassin after all of this.
DCC
wget http://www.dcc-servers.net/dcc/source/dcc.tar.Z
tar -zxvf dcc.tar.Z
cd dcc-1.3.138/
./configure;make;make install
#enable DCC, uncomment the line that disables it near the top
vi /etc/mail/spamassassin/v310.pre
pyzor
wget http://sourceforge.net/projects/pyzor/files/pyzor/0.5.0/pyzor-0.5.0.tar.gz/down........
These are the only two I've encountered but here is the low-end and note my story is not at all unique.
In my case I was scammed out of money and did not receive any service at all from either company.
Santrex Review/Scam/Complaint
Santrex never provided any working server, I believe it was just a dummy management Solus server because the server said it was booted but never connected to the console. I complained to them and eventually the support adm........
I keep getting messages like this shortly after using the proxy (it works for a few seconds/page loads and then stops):
channel 12: open failed: administratively prohibited: open failed
I'm not sure what the issue is unless there's some kind of hardware firewall on the other end. I've used this exact configuration on multiple servers with no issue and even disabled iptables etc..........
cp msgFilterRules.dat /other/mail/folder
edit msgFilterRules.dat change all instances of your old mailbox: actionValue="mailbox://joes@mail.server.com/name"
to:
actionValue="imap://joes%40server.com@mail.server.com/INBOX"
sed s/'actionValue="mailbox:joes@mail.server.com'/imap://joes%40server.com@mail.server.com/g msgFilterRules.dat-........
Convert MBOX Mail files into Maildir using Linux
*You need perl an the TimeDate module
Get the free Perl script mb2md from the project/author's site:
wget http://batleth.sapienti-sat.org/projects/mb2md/mb2md-3.20.pl.gz
gunzip mb2md-3.20.pl.gz
#remember you need timedate or you'll get this error:
./mb2md-3.20.pl
Can't locate........
The first thing you need to remember is not to check from the same host/server itself. This is a silly mistake I made, the reason is that many mailservers and especially postfix are configured to allow relaying from the localhost/same host. If you do that you'll get a false positive.
*Make sure you test from another host/system than the mail server itself!
telnet yourmailserverhost.com 25
220 Courier (FreeBS........
Affected rows: 0
Warning: #1264 Out of range value adjusted for column 'deleteon' at row 1
SQL query:
UPDATE `custtable`.`custinfo` SET `deleteon` = '2011-02-29 00:00:00' WHERE `custinfo`.`custid` =105 LIMIT 1 ;
This happened after a migration to a new SQL database due to user error. The old database server MySQL 3.23 or 4 allowed an impossible date to be entered by a user. As we know February 29th DOESNOT exist but the database al........
Basically you should always be 100% sure that whatever IPyour mail server sends out with has reverse DNS/PTR records. Remember that unless you own your IPs then you won't be able to set your own reverse DNS. Even if you were to create a reverse PTR record on your DNS servers it will be ignored. Reverse DNS is queried to pre-assigned DNS servers of your ISP, so therefore you'll need to contact your ISP/Colo/Hosting provider to do a reverse DNS entry.
If you don't have........
Many people aren't aware but recently Dual-Master Replication setups have become increasingly popular. That's because you get similar features and benefits of having a full-blown cluster (difficult to setup and maintain and requires I believe 3 servers just as controllers).
With a dual-master you just have a different off-set for the keys and you should be good, but of course there is the chance that at some point replication will halt because of an unexpected or unforseen error........
Dovecot enable SSL (by default it uses an old expired cert if you choose pop3s and imaps as protocols)
===================
Create Cert & Key:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
mkdir /etc/mailssl
chmod 700 /etc/mailssl
cp server.* /etc/mailssl
Edit /etc/dovecot.conf
ssl_cert_file = /etc/mailssl/server.crt
s........
Create Cert & Key:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
mkdir /etc/mailssl
chmod 700 /etc/mailssl
cp server.* /etc/mailssl
Postfix SSL config
Edit /etc/postfix/main.cf:
#SSL stuff
smtpd_tls_cert_file = /etc/mailssl/server.crt
smtpd_tls_key_file = /etc/mailssl/server.key
To make smtps w........
I think this will be useful to others because I have a server that kept crashing mysteriously during intense disk usage/RAID checks. It would only crash during the weekly RAID integrity check.
ThenI noticed during a reboot that not all CPUs were being brought up, as a result this actually creates much higher temperatures with the output I got from sensors, just booting the system produced higher than normal temperatures.
You can imagine that a full blown RAID check........
understanding /etc/aliases
*remember to apply changes you need to run "newaliases" after editing /etc/aliases
one thing I don't get is that it doesn't allow you to specify the whole e-mail address on the left-hand side
eg:
yourfullemail@domain.com: someotheremail@domain.com
postalias: warning: /etc/aliases, line 109: name must be local (if you try the above)
It works more like this:
your........
Forbidden
You don't have permission to access / on this server.
[Sun Jan 23 15:28:12 2011] [crit] [client 96.44.31.12] (13)Permission denied: /www/vhosts/domain.com/httpdocs/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
Solution
I've done a chmod 755 .htaccess and index.php and restarted Apache
That wasn't the only issue, the issue was the httpdocs direc........
genuine.com/IN: loading master file genuine.com.zone: file not found
_default/genuine.com/IN: file not found
I always found it silly that no one really talks about this and apparently many like me and even control panels like Plesk were still using hard paths. I always thought "why can't I just specify the name of the zone file and have bind find it". Surely the default search path must be /var/named or somewhere else but there is no such thing.........
CPU/Kernel/MB/RAID problem?
Jan 5 12:45:05 testbox kernel: [653298.890004] BUG: soft lockup - CPU#0 stuck for 61s! [hal-acl-tool:4168]
Jan 5 12:45:05 testbox kernel: [653298.890005] Modules linked in: vmnet vmci vmmon binfmt_misc drbd video output input_polldev ocfs2_stackglue ocfs2_dlmfs ocfs2_dlm ocfs2_nodemanager configfs k8temp hwmon_vid lp snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi........
Webmin/Virtualmin when enabling bind:
Failed to save enabled features : Virtualmin is configured to setup DNS zones, but this system is not setup to use itself as a DNS server. Either add 127.0.0.1 to the list of DNS servers, or turn off the BIND feature on the module config page.
It means what it says, add "127.0.0.1" to /etc/resolv.conf........
I found the cause of this issue was from all the diskspace being used but clearing it was not enough. Iguess the tables became inconsistent when space ran out and myisamchk is what fixed the rest.
service mysqld restart
ERROR! MySQL manager or server PID file could not be found!
....................................................................................... ERROR! Manager of pid-file quit without updating file.
se........
VMWare bridged adapter not working:
Message from system: The network bridge on device vmnet0 is not running. The virtual machine will not be able to communicate with the host or with other machines on your network. Failed to connect virtual device Ethernet1.
I'm not sure how to fix this but one of the issues is that my eth0 became eth1 after moving my hard drives to a new motherboard. I have run the vmware-config.pl but this did not resolve the issue.........
Webmin Setup Centos 5:
wget http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html&ts=1294339690&use_mirror=surfnet
[1] 24229
[2] 24230
[root@host ~]# --2011-01-06 21:48:20-- http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html
Resolving downloads.sourceforge.net... 216.34.181.........
Virtualmin Postfix Error:
The status of your system is being checked to ensure that all enabled features are available, that the mail server is properly configured, and that quotas are active ..
A problem was found with your Postfix virtual maps : No map sources were found in the Postfix configuration
.. your system is not ready for use by Virtualmin.
........
This made me nervous but it's clearly a cronjob based on the messages log that happens every Sunday at about 4:22.
I actually can't find any evidence of it in cron.d cron.daily but it is there somewhere obviously.
What I don't get is why doesn't this cronjob do a datacheck like Ubuntu's cronscript does? When you unnecessarily rebuild the array you lose your redundancy during that point which makes your data extremely vulnerable.
*Update I did a grep of &q........
The normal solution doesn't help or apply here:
ssh -v user@192.168.5.41
OpenSSH_4.3p2 Debian-9etch3, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.5.41 [192.168.5.41] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: i........
You're not supposed to call ntpdate like that, it's part of the server and needs a bunch of different arguments.
The chances are if your time is out of sync and you installed ntpd, you need to start the ntpd service.........
That is pinging to the gateway IP on the same switch, the same IP is pingable externally without any problems which makes me think the switch is fine.
64 bytes from 55.55.55.55: icmp_seq=4 ttl=255 time=1.07 ms
64 bytes from 55.55.55.55: icmp_seq=1 ttl=255 time=3536 ms
64 bytes from 55.55.55.55: icmp_seq=2 ttl=255 time=2536 ms
64 bytes from 55.55.55.55: icmp_seq=3 ttl=255 time=1536 ms
64 bytes from 55.55.55.55: icmp_seq=8 ttl=255 time=1.20 ms
64 by........
Go into the directory for your Virtual Machine and delete all ".lck" directories.
rm -rf *.lck
After that your server should boot.........
I've only used it on Centos, soI thought I'd make a quick Debian guide:
Install the DRBD Package
apt-get install drbd8-utils
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libswfdec-0.8-0
Use 'apt-get autoremove' to remove them.
The following........
VMWare log: /var/log/vmware/hostd.log
SSL Handshake on client connection failed: SSL Exception
sudo /etc/init.d/vmware-mgmt restart
Stopping VMware management services:
VMware Virtual Infrastructure Web Access
VMware Server Host Agent&nb........
I'm mentioning this because I keep forgetting what port the management is on for the web interface (since newer releases of VMWare server took away the superior stand alone client).
So remember it is port 8333 and sometimes you need to restart vmware-mgmt service and also enable sslv2 in your Firefox or it won't connect.........
yum exits in the middle
The problem is this VPS seems to be an OpenVZ template from HyperVM. The only way to make it work was to disable i386 packages since this was an x64 kernel. That shouldn't be necessary but it was the only way to make yum stop quitting after the first package or two. I couldn't find any issue by checking the logs either.
echo y|yum install vim-minimal telnet expect jwhois net-tools slocate iptables elinks gawk
L........
hdparm -B 255 /dev/sdb
/dev/sdb:
setting Advanced Power Management level to disabled
HDIO_DRIVE_CMD failed: Input/output error
The one thing you can do though is to set hdparm spindown time lower (it doesn't seem to work that well).
-S set standby (spindown) timeout
hdparm -S 251 /dev/sda
/dev/sda:
setti........
After an upgrade wine wouldn't open anything, not even the pre-installed notepad.
There are no wine logs and nothing is mentioned in any standard log file about why.
I finally decided to run wine from the shell and see what's going on:
wine client error:0: version mismatch 398/402.
Your wineserver binary was not upgraded correctly,
or you have an older one somewhere in your PATH.
Or maybe the wrong wineserver is still running?........
I spent so much time debugging this, most sites don't tell you a very important option to use with CURL and you will only find out this is the problem by running the PHP script from the command line you get the following output that shows the issue (I don't see any way to get this output from Apache itself).
* About to connect() to ip.ip.ip.ip port 25000
* Trying ip.ip.ip.ip... * connected
* Connected to ip.ip.ip.ip (ip.ip.ip.ip) port 25000
* succes........
This really gives me a bad impression of SolusVM.
I tried the "Central Backup" option and it does not warn that your server gets shutdown instantly in order to do the backup!
Further, there is no way to pause or cancel the backup. Thankfully this is a test/small disk usage VPS but what if someone was running something production with a large filesize?
Ihaven't used QuickBackup but hope that isn't the same thing.
Everyone should be vary car........
Internal Server Error
Could not fetch uid or gid for : root
https://192.168.1.42:2083
The reason for this is because the administration port is actually on port 2087, change the port and you'll be good to go.........
Virtualbox Error
I tried to copy a .vdi of one container to use in another one, basically to clone instead of having to install the OS again.
Failed to start the virtual machine Centos 5.5 Mirror.
Medium '/home/testuser/.VirtualBox/HardDisks/Centos 5.5 Mirror.vdi' is not accessible. UUID {a1a9fad7-0402-4867-b8f3-39fb49454bc5} of the medium '/home/testuser/.VirtualBox/HardDisks/Centos 5.5 Mirror.vdi' does not match the value {4945a0e8-0ed5-4736-9088-bcaf........
I am a huge fan of Linux and the idea of OpenSource but I've said it many times, there are still hurdles in today in 2010 for Linux as a Desktop. Linux is still intended for servers at its very core. This can be changed succesfully though, as Apple has shown us with Mac OS X based on FreeBSD.
Half of the issue is lack of driver support and the other half is the Linux Kernel and Window Manages, KDE and GNome still both don't cut it (but they're getting closer).
I'll........
This server was experiencing loads of up to 80 and maxing out the RAM and kmemsize on a CPanel VPS. There were literally dozens if not hundreds of exim processes. I have no idea why exim has such a design that would allow it to consume this much CPU and RAM. Any normal MTA should not be spawning so many processes, it should be processing them in sequence and if it is going to spawn hundreds of processes in response to a large volume of mail, it's better to have a delayed del........
After installation Directadmin does not work on OpenVZ VPS when browsing http://ip.ip.ip.ip:2222
service directadmin status
directadmin dead but pid file exists
tail /var/log/directadmin/error.log
Check the value of your ethernet_dev=eth0 setting in your /usr/local/directadmin/conf/directadmin.conf file and the output of /sbin/ifconfig
2010:07:10-12:44:01: ioctl can't find........
This is obviously a bug in the r8169 kernel module and it seems to affect a lot of people. I upgraded to the latest kernel and hope this won't happen anymore, as it is a very serious error. This is especially serious for those who are running servers with this chipset, who can afford for the NIC to randomly go off-line for no apparent reason?
[655548.189113] type=1505 audit(1277067560.902:5): operation="profile_load" name="/usr/bin/freshclam&q........
This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc..
Name
curlftpfs - mount a ftp host as a local directory
Synopsis........
I'm using Ubuntu 8.04 but anyone using older kernels will find this may apply to them. My Intel graphics are very slow with the default Xorg settings but by using "EXA" acceleration, scrolling down windows of text becomes pretty snappy.
Just edit /etc/X11/xorg.conf
Section "Device"
Identifier "Configured Video Device"
&nb........
Edit /etc/wwwacct.conf
Then add/edit the HOST line to add your hostname. eg:
HOST yourcpanelserver.com........
Basically the two main types of distros are Debian and RHEL/Centos based. I'm just going to give a quick overview of how the configuration of IP interfaces works in Debian/Centos based distros.
*Just one thing to remember, when setting IPs statically you have to manually specify a DNS server in /etc/resolv.conf (since DHCP is what normally does it automatically)
Debian/Ubuntu/Kubuntu/MEPIS
The IP (DHCP &........
I have an md0 arary that my Centos install refers to. I feel this is half the reason why it won't boot anymore.
I saw the initrd for Centos was assembling it as md127 even though it was known as md0.
The reason for this is because I used mdadm --assemble --scan to detect the array on a LiveCD. I had no idea this name would stick (but now I realize the name is permanently stored in the metadata once you mount md127 or whatever random name assemble gives it). W........
cat /proc/user_beancounters produces the following:
kmemsize 1861537 5139870 12752512 12752512 26965041
Notice the failcnt "26965041", that is for kmemsize and at first it confused me. The system had enough guaranteed and enough burst RAM available. kmemsize is a variable indepedent of that, but who cars about the explanation right, let's just make thing........
This is a very simple solution, but most guides out there make you login twice (once to scp the key) and once to put the key in authorized_keys. There's no need for that.
If you don't already have a ~/.ssh/id_rsa.pub just type "ssh-keygen -t rsa" and keep hitting enter until it's done :)
Just use this code to easily enable passwordless login with SSHD
key=`cat ~/.ssh/id_rsa.pub`;ssh user@192.168.5.25 "echo $key >> ~/.ssh/auth........
Apr 30 17:07:07 localhost kernel: [12265558.582378] r8169: eth0: link up
Apr 30 17:07:07 localhost NetworkManager: (eth0): carrier now ON (device state 1)
Apr 30 17:07:08 localhost kernel: [12265559.237961] r8169: eth0: link down
Apr 30 17:07:08 localhost NetworkManager: (eth0): carrier now OFF (device state 1)
Apr 30 17:07:11 localhost NetworkManager: (eth0): carrier now ON (device state 1)
Apr........
This is what the /var/log/cups/error.log says after my Samsung CLP-310N decided to stop printing. This is a new printer that replaced my CLP-300 and it has been working for a day so far.
What happened is that I lifted the top part (not realizing there were rollers on it) and it stopped printing. The network activity light was flashing ,hitting the stop button didn't do anything. Even powering the printer on and off did not help.
I have restarted CUPS and SMB on the........
I thought there would be an error message or warning from MySQL in the case that the text you submit is greater than the allowed limit based on the field.
So essentially I submitted text that was about 120,000 characters long, whereas the limit of TEXT is just 65,535 characters! I almost lost half of my data/what I typed without knowing it!
I just altered the field type in my database from TEXT to LONGTEXT. I can't see how LONGTEXT wouldn't be long enough for MOST........
You can find it for free at http://nginx.org/ I find nginx is simpler to setup than pound (it's not hard but I found it unintuitive and annoying), it seemed to make some basic setups overly complicated with the config file syntax.
nginx on the other hand is perfectly suited in everyway, it is even simpler to setup and seems to be the most stable and most efficient any load balancer. I would go as far as to say that a good nginx setup is more relia........
The folder I was trying to archive is about 72GB, but much like rsync at about 17GB it chokes because of the filesize. What's with so many common and essential Linux tools having such limitations? I guess it is likely that the authors never wrote their code with the idea that files would be so large but it's still very annoying. It's important to stay on top of these limitations on production servers because I didn't realize what happened until I checked the file with "........
In Debian based distros:
apt-get install jabber
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
fakeroot dkms
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
jabber-common
The following NEW packag........
I decided on using yum to help me decide even though I normaly use proftpd I decided to see what else I could find.
yum search ftp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: ftp-stud.fht-esslingen.de
* base: mirrors.netdna.com
* updates: updates.interworx.info
* addons: yum.singlehop.com
* extras: mirrors.netdna.com
rpmforge........
PHP cannot access /usr/bin/opensslI have verified the username that runs the process is able to access /usr/bin/openssl and it does exist but the PHP script is saying it doesn't exist:
[code:1:1fd0f3abbe]
if (!file_exists($OPENSSL)) {
//echo "ERROR: OPENSSL $OPENSSL not foundn";
}[/code:1:1fd0f3abbe]
I don't get itI can clearly see the contents of /usr/bin by using the PHP system fu........
rsync bash script
[code:1:722d8a25c1]#!/bin/bash
# config ---------------------------------
# two methods
# from = receive data from another server
# to = send data to another server
rsync_method=from
rsync_ip='192.168.5.18'
local_dir='/home/backupguy/backups'
remote_dir='/home/backup'
free_space_bin='/home/backups/freediskspace.sh'
# config end ------------------------------
if [ '$rsync_me........
SSH automatic login without passwordlocal> ssh-keygen -t rsa -f .ssh/id_rsa
-t is the encryption type
-f tells where to store the public/private key pairs. In this case, the .ssh directory on home is being used
A password will be asked; leave this part blank, just pressing
Now, go the .ssh directory, and you will find two new files: id_dsa and id_dsa.pub. The last one is the public part. Now, copy the public key to the serv........
Nice General Linux RAID 1 GuideFull examples/tutorials that should work for any Linux system using GRUB or LILO as the boot loader.
This is the only tutorial I've seen that clearly shows how you can convert an existing non-RAID system to software RAID1 remotely, without ever having to be at the computer. This is important for people who co-locate or rent dedicated servers that they may not have physical access to in a timely manner.
https://alioth.debia........
Live E-mail VerficationTwo very cool tutorials that actually connect to the supposed mail server of whatever address the user specifies to see if the e-mail address actually exists.
http://www.devshed.com/c/a/PHP/Email-Address-Verification-with-PHP/
http://www.zend.com/zend/spotlight/ev12apr.php?article=ev12apr&kind=sl&id=1782&open=1&anc=0&view=1#notes........
Centos 4.3 x64 & VMWare Server Beta[code:1:6d0b2c8c2f]
The correct version of one or more libraries needed to run VMware Server may be
missing. This is the output of ldd /usr/bin/vmware:
linux-gate.so.1 => (0xffffe000)
libm.so.6 => /lib/tls/libm.so.6 (0xf7fbd000)
libdl.so.2 => /lib/libdl.so.2 (0xf7fb9000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0xf7fa7000)
libX11.so.6 => not f........
Setup Static IP Address ONBOOTAssuming you are using eth0
Note this will work for any version of CentOS and basically any version of Redhat Linux or Redhat based distribution.
You would need to create a new file
[code:1:02f8d34c30] /etc/sysconfig/network-scripts/ifcfg-eth0:0[/code:1:02f8d34c30]
DEVICE=eth0:0
the ":0" at the end specifies alias 0 we could actually change this to ":99" or "........
Updated to Version 3.8 and can't loginSSHD accepts my password but then hangs at "Last login: Wed Sep 13 21:30:02 2006 from"
This occurred during a yum update after upgrading my release, installing the new kernel and rebooting.
I got kicked out of sshd after seeing the following during yum update:
telnet 100 % done 85/476
tux 100 % done 86/476
ntsysv 100 % done 87/476
rpmdb-redhat 94 % done 88/476........
Need identd for port 113 ? Install authdyum install authd
Happy identing :)Actually it's not that simple.
It installs as an "xinetd" service and is disabled and turned off by deafult.
To enable it run:
[code:1:8c94df8319]
chkconfig --level 3 auth on
service xinetd restart
[/code:1:8c94df8319]
This will set identd aka authd to start by default.
service xinetd resta........
Linux Unix Xorg X Server Intel Extreme i810 Graphics Problem(EE) I810(0): No Video BIOS modes for chosen depth.
(EE) Screen(s) found, but none have a usable configuration.
I have a new Dell PC with one of the latest Intel Extreme Graphics on-board crap. From what I can see any Linux/Unix/FreeBSD versions running XFree86 or Xorg from years ago or the latest version today will have this problem.
It's easily corrected FOR MOST people. Go into your........
Intruder detection device uses behavioural analysisIntruder detection device uses behavioural analysis
by Antony Savvas
Monday 13 June 2005
Symantec is introducing a new intrusion detection product that uses behavioural analysis to block potential attacks on enterprise networks.
The new Critical System Protection 4.5 system uses technology that Symantec acquired through last years purchase of Platform Logic. It is designed to protect deskt........
MySQL Server wouldn't startStart MySQL Server with the following script that would have installed with the port.
/usr/local/etc/rc.d/mysql-server.sh start........
MySQL Server 3.23 won't start after switching from 4.1I was using a 4.1 alpha version of mysql-server and some how version 3.23 of the client and 4.1 of the client were also both installed!
So I forced uninstalled everything because after trying and trying even though MySQL server was using the short 16byte password authentication I got some other errors.
After trying with the ports and having it fail because I had existing database data I force installe........
Server Uptime ScriptA cool and free tool for uptime!
http://checkwebsite.org/........
Basic Port ListingHopefully someone finds this useful or at least interesting.
http://www.sans.org/top20/#u9
Name Port Protocol Description
Small services ........
Clustering LinksI thought this might be interesting for people with spare time.
[b:6423c19973]Great clustering article from Linux Mag[/b:6423c19973]
http://www.linux-mag.com/2003-11/clusters_01.html
[b:6423c19973]General Linux cluster information[/b:6423c19973]
http://www.gdargaud.net/Hack/ClusterNotes.html#HighA
http://www.faqs.org/docs/Linux-HOWTO/Cluster-HOWTO.html#s3
http://www.yolinux.com/TUTORIALS/LinuxClustersAndFileSys........
NewEgg is one of the few companies that stocks this great right angle 1U SATA power cable. I've purchased some no-name ones and they face the wrong way (towards the bottom of the chassis) which makes it worse/impossible than standard SATA connectors.
The price is high but if you're building a 1U server and want SATA disks and don't have much space (eg. the 1U Supermicro cases) then these are simply a must and........
I have played around with Pound a little bit. It is a reverse proxy and load balancer in one, and it can be used as only a reverse proxy if you like. It is very simple to configure as either, and Pound even senses if one of the systems is down and stops sending requests to the dead server.
It supports SSL (but passes the request to the destination server unencrypted) and even the Apache log format. Pound is very simple, fast a........
auth/auth_util.c:make_server_info_sam(840)
User nobody in passdb, but getpwnam() fails!
I never found the solution to this in the web, as usual so Ithought I'd post the fix. In plain English smbd is telling us that the user "nobody" does not exist in /etc/passwd.
You can simply add this to your /etc/passwd file like so:
nobody:x:65534:65534:nobody:/nonexistent:/sbin/nologin
Now SAMBA/smbd should........
Shortcut/Easiest Way To Create A Self-Signed Key:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
Using the above, you instantly create a self-signed certificate valid for 1530 days and you can simply skip to step #5.) below.
If You Need a Real SSLCertificate (eg. Equifax/Openssl) then you need to create a CSR request (you'll need to follow Steps 1.) and 2.) in order to create the CSR. You then upload the CSR Certi........
I've gotten this error enough to bother posting about it, because I've come across so many servers where this happens, so what could "Error 28" possibly mean? Is your database corrupt, or is this a sign of a RAID failure/corruption or even worse, bad blocks on a clients system who has no RAID and never took backups?
No, check your free blocks, it simply means you have no space. This was the result of a script that was overzealous and backed up the entire database........
top - 09:34:12 up 2 days, 20:57, 2 users, load average: 1.83, 1.99, 2.03
Tasks: 59 total, 2 running, 57 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.3%us, 0.0%sy, 0.0%ni, 0.0%id, 99.7%wa, 0.0%hi, 0.0%si, 0.0%st
That 99.7% wa is iowait, it means the server is waiting for a process to complete an IOoperation or in plain English, there is a delay in........
100215 07:02:24 mysqld started
/usr/libexec/mysqld: Can't read dir of '/tmp/' (Errcode: 13)
/usr/libexec/mysqld: Can't create/write to file '/tmp/ibyP1qUC' (Errcode: 13)
100215 7:02:24 InnoDB: Error: unable to create temporary file; errno: 13
100215 7:02:24 [ERROR] Can't init databases
100215 7:02:24 [ERROR] Aborting
100215 7:02:24 [Note] /usr/libexec/mysqld: Shutdown complete
100215 07:02:........
I bought a Dynatron A46G for my AMD X4 620 AM3 Quad Core CPU. Just judging by touch, the stock OEM fan/heatsink combo kept things so cool, I could leave the 1U server on the floor and it barely felt warm to the touch, including the heatsink itself.
I thought the Dynatron A46G would be enough with passive cooling (it has no fan), but the same setup became burning hot on the underside of the server and also by touching the heatsink itself within minutes.
I thought that th........
Inever saved any of the logs, but basically no matter what OS (Linux)I used, I could not get my 1000GB hard drive to work (Seagate SATA). The BIOS recognizes the drive and fdisk -l shows the hard drive as it should.
The tricky thing is that different OS's will give you different results, but don't be fooled. You can't use these larger drives for long. Iwas getting all kinds of seek/IOerrors and also messages that the port could not be read.........
Itried everything Icould think of, and of course even with the NIC enabled in the BIOS nothing was working. The light would flash when you plugin the cable for a second, but that's all.
Due to another issue I'm about to post about (server is not compatible with 1TB/1000Gig Hard Drives), I updated the BIOS. I didn't even know the 100mbit NICs were not working untilI decided I should test each NIC one by one.
Inoticed that only 1 server out of........
This is very disappointing since GlusterFS markets itself as a solution to deploy VPS servers on. On the HNitself I get a Unixbench of about 360.
I'm also using an SSH tunnel to secure the communications, but even before that, things seemed very slow.
# # # # # # # #####&n........
In those 4 simple commands you can setup mutual key exchange between two sshservers by using a single login shell session and single window.
*Just change the IP address examples of (10.10.0.2) to the target of your mutual key exchange. It doesn't matter if the server is on a LANor WAN(well unless the server is behind a firewall and you cannot SSHinto it).........
Have you ever seen this dreaded message in your Apache/HTTPD /var/log/httpd/error_log?
[error] server reached MaxClients setting, consider raising the MaxClients setting
The error itself is slightly misleading. Ibelieve this happened to one of my servers, I found Apache was running still, and that you could telnet to port 80 but no respnose would be given.
For some reason my error log initially did not have the above error, but after a restart I saw........
A VPS Server I had just wasn't working right, code that I migrated there just wasn't working. For example, it kept telling me the connection to the database was unsuccessful, halfway through iterating through results it already had.
Then I realized it wasn't my code. Ichecked my /proc/user_beancounters and found this:
cat /proc/user_beancounters
Version: 2.5
uid resource held maxheld barrier limit failcnt........
Backing MySQL Databases
Backing Up/Dumping All Mysql Databases To A Single File
mysqldump --all-databases -u admin -p > allmysqldatabases.sql
The "-all-databases" clause is pretty obvious isn't it? It means that it will backup all databases.
The "-u admin" means login using the user "admin", if you h........
Truly, the only way to unleash the capabilities and customization abilities of iPhone are to jailbreak, it's not just for hackers anymore.
A few days ago someone by the named of "geohot" released a single click application called "purplera1n", which does the entire operation smoothly and seamlessly.
In our case, the first time it went as far as "done, wait for reboot" on our Windows machine and for minutes we waited and saw the pic on the iPhone w........
Yes, Iadmit I finally got bitten by the hype as much as I can usually see through it all. Keep in mind this review is of the "stock" phone, no jailbreaking yet which is what really unleashes the customizability and whyI bought iPhone.
I had better things to say about this phone before buying it, and it is a great phone, perhaps the best on the market by far, if not because of the Mac OS port onto the iPhone and all the apps, etc, etc.
With that said........
This is really something the SSHServer developers should consider. The cause of this annoyance is because of failed DNS lookups on your IPaddress, which is especially common for many dedicated/col-located servers and also computers on internal NAT/private networks.
The chances are this is the cause of your SSHSlow/Delayed Login problems.
The easy solution to SSH Login Problems
Edit /etc/ssh/sshd_config
Add this line to disable r........
When trying to even cd or ls the mounted OCFS2 partition it crashes. Ithink this is a combination of VMWare Server's problem and the way I mounted and symlinked to it.
More than anything this shows the problem and lack of forsight with VMWare, but also that OCFS2 is easily crashed if you do strange things.
Output of /var/log/messages for OCFS2
Apr 10 15:57:45 localhost kernel: [84331.691258] Modules linked in: vmnet vmci vmmon ocfs2_stac........
Server not using user level security and no password supplied.
tree connect failed: NT_STATUS_WRONG_PASSWORD
That happens when trying to use smbclient to connect to a share. The weird thing is that I can authnenticate just fine from Windows XP.
It is partially my mistake, I forgot this share does have a password. I've tried authenticating with the correct user and also with "Guest" because this works in Windows. In Linux I ........
This will give you the basic info needed to browse and connect to Samba shares from the command line. From the GUI of Gnome or KDE etc, it is pretty standard and straight forward. However, I've found very little guides on how to do it from the command line and if you're like me, a nerd who prefers command line for its simplicity and for remote use, this is the way to go.
First get a list of all the Samba/SMB shares on the target.
smbclient -L hostname........
I've read a lot of people complaining that their 1U servers are too loud for the office, home or whatever strange places people might want to put them.
Whenever Isee the question asked, "what can be done about the noise", you'll see a myriad of silly answers like "you shouldn't have it at home or in your office at all", "1U servers are meant to be loud".
These all might be valid points but they're not the solution. A good example is a........
Ithink there has been a lot of negative press towards Rackable Systems. We will give their new solution credit that it is marketed very well, and comes prepackaged and ready to go.
But let's cut through the hype of both sides, the people who love this concept and the people who hate it.
What Rackable Systems have done is a first, to minimize space, power and costs into small servers. This is great, and many companies have already built their own servers based........
Feb 5 01:39:33 server named[19768]: zone myzone.com/IN: serial number (12331465) received from master 127.0.0.2#53 < ours (200901281)
The above is taken from /var/log/messages
This can be annoying, it can happen for a variety of reasons. What seems to be happening here is that the slave realizes the time on the slave is ahead of the master, so it therefore assumes it has the most up to date copy and won't actually transfer the zone.
The solutio........
At this time we can't resolve Enom's website and all DNS requests to their 4 primary name servers are failing, although the hostnames themselves still resolve:
Name Server: DNS1.NAME-SERVICES.COM
Name Server: DNS2.NAME-SERVICES.COM
Name Server: DNS3.NAME-SERVICES.COM
Name Server: DNS4.NAME-SERVICES.COM
Name Server: DNS5.NAME-SERVICES.COM
You would really think Enom, bein........
We have years of knowledge with technology, especially in the IT (Information Technology)industry.
realtechtalk.com will always have fresh and useful information on a variety of subjects from Graphic Design, Server Administration, Web Hosting Industry and much more.........