Your frontend CDN (eg. Cloudflare or even your own load balancer/proxy) must be sending the X-Forwarded-For and you must be running Apache on the backend.
This solves the problem where your logs and services will only see the proxy/CDN IP and not the real client IP.
mod_rpaf will fix all of this
This solution transparently sets the real IP of the client for Apache and any services that rely on........
This guide assumes you have a working Postfix server and want it to sign with DKIM.
There are a few things we have to understand to make all of this work though, which require you to be familiar with DNS as well.
1.) Install OpenDKIM
apt install opendkim
systemctl enable opendkim
2.) Edit /etc/opendkim.conf
Syslog yes
SyslogSuccess yes
Mode&nbs........
apt install tftpd-hpa
#change TFTP_ADDRESS to by setting address to 192.168.1.1:69 or the IP you need, otherwise it will listen on all IPs and interfaces which could be a security risk.
# edit /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="192.168.1.1:69"
TFTP_OPTIONS="--secure"........
This seems to happen in many different drivers but it happened more often in newer versions such as 530 vs 525.
Then nvidia-modeset goes to 100%
There are many reports of this appearing since driver 4.70 and I can confirm I've seen this in various machines.
https://forums.de........
This is a weird issue as sometimes when upgrading or even migrating, this could happen and the reason is simple but maybe not 100% obvious at first.
You will find that your GUIdoesn't load and most services fail to start, even logind
Here are some errors you may see:
Mar 13 22:22:23 rttbox systemd-logind[2892]: Failed to connect to system bus: No such file or directory
Mar 13 22:22:23 rttbox systemd-logind........
This will be the goto to help solve e-mail delivery issues and talk about many practical issues that happen between developers, admins and scripts that send e-mail and do things that may not be acceptable or cause deliverability problems.
Sendmail Stuff
Edit /etc/mail/sendmail.mc
The problem is that if you send directly out from the server using the mail function, the Return-path of the e-mails will be username@thehostnameoftheserver.com. Let........
This is for the situation that you're doing other things that may conflict or have your own custom rules and ufw keeps overriding iptables.
A lot of guides don't work, and even ufw reset does not work, because it still leaves the old ufw chains.
Here is what works to disable ufw completely
systemctl stop ufw
systemctl disable ufw
ufw disable
rm -f /et........
You'll notice that /etc/resolv.conf contains dire warners on most Linux Desktops.
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use........
Virtualbox is a very powerful tool, but for some use cases it is less than optimal.
Say you are in a work, lab or other environment where you are not alone on the physical network and there could be overlap of IPs, but you need all of your VMs to be contactable from your host, VMs need to communicate with each other, and VMs need internet.
NAT Network will give you VM to VM communication and internet, however, it is buggy and unstable. It also doesn't allow host to VM co........
It sounds intuitive that you may just move the /var/lib/docker dir to another location and symlink it back but it won't work and you'll get an error.
How to move Docker Storage the Correct Way
This assumes that you want to use /mnt/raid as the new location.
1.) Stop Docker
systemctl stop docker
2.) Move /var/lib/docker
mv /var/lib/docker /mnt/raid/
3.) Edit the Docker daemon file
Specify the path you wan........
If you are getting this error from systemctl "Loaded: masked (Reason: Unit hostapd.service is masked.)" we need to unmask the service.
Solution
systemctl unmask hostapd
Removed /etc/systemd/system/hostapd.service.
It's fixed
root@routerOS:/var/log# systemctl start hostapd
root@routerOS:/var/log# systemctl status hostapd
● hostapd.service - Access point and authentication server for Wi-Fi and Ethern........
NetworkManager is normally good for GUI users who may not be good with manually confguring devices, but if you are using things like bridging and bonding, it will often break things.
How To Disable NetworkManager
systemctl disable NetworkManager
Now that it's disabled you will need to stop NetworkManager. NetworkManager will still be running until you reboot next or manually stop it.
How To Stop NetworkManager
systemctl stop........
Is your /var/log/journal overweight and bloated? For example a decent install of Debian 11 with most applications and services ends up being about 4.9G with the journal taking a few gigs.
du -hs /var/log/journal/
1.3G /var/log/journal/
By default in a lot of distributions there is no maximum size so it will keep growing. This is especially problematic for embedded distributions and devices, but is also a huge waste of sp........
Bonding is an excellent way to get both increased redundancy and throughput. It is similar to the "Network Teaming" feature in Windows.
There are a few different modes but we will use mode 6, I think it's the best of both worlds, as it is not just a failover, but it provides round robin, so you will get redundancy and load balancing. So if you have a 1G single port, you will have a combined throughput of 4G at this point. Just bear in mind that the true thr........
This can be used on almost anything, since Gluster is a userspace tool, based on FUSE. This means that all Gluster appears as to any application is just a directory.
Applications don't need specific support for Gluster, so long as you can tell the application to use a certain directory for storage.
One application can be for redundant and scaled storage, including for within Docker and Kubernetes, LXC, Proxmox, OpenStack, etc or just your image/web/video files or even da........
Why choose OpenVPN instead of a firewall appliance?
OpenVPN can be a reliable and easy replacement for traditional hardware or just be an additional tool that your company uses so that the firewall can focus on its job rather than acting as a VPNappliance at the same time.
When comparing OpenVPN with traditional firewal........
How To Install Wazuh Server / Quickest Installation
Wazuh (forked from the well known OSSEC project) is a full SIEM (Security Information Event Management) that works extremely well with the platforms it natively supports as an "Agent", which allows you to do scans of everything such as all processes running, CVE vulnerability check, incident reporting etc...
Prerequisites:
A lot of issues with Wazuh seem to be caused by i........
A lot of newer installs will automatically prohibit the root user from logging in directly, for security reasons or they will only allow key based access.
If you know what you are doing/don't care about security or have an incredibly secure password for testing, then you can enable it.
Edit this file: /etc/ssh/sshd_config
Find the following line: PermitRootLogin
Set it like this:
PermitRootLogin yes
Now rest........
yum -y install wget unzip
wget https://download.nextcloud.com/server/releases/nextcloud-18.0.2.zip
unzip nextcloud-18.0.2.zip
yum -y install php php-mysqlnd php-json php-zip php-dom php-xml php-libxml php-mbstring php-gd mysql mysql-server
Last metadata expiration check: 0:58:02 ago on Fri 13 Mar 2020 02:12:49 PM EDT.
Dependencies resolved.
===================================================================........
MySQL on Debian versions is configured differently than the native local MySQL plugin so you will be disappointed when your password on the mysql client fails by default.
Here is how you reset the MySQL root password the proper and "working way"
#first we gracefully stop mysql
sudo systemctl stop mysql;
#then we forcefully kill any mysqld process just in case
sudo killall -9 mysqld mysqld_safe;........
Yes you have that right, the network service in RHEL8 / CentOS 8 / Rocky Linux / Alma Linux no longer exists. So there is no more systemctl restart network
You can restart NetworkManager but it doesn't have the same effect or ifup/ifdown on all interfaces.
Generally if NetworkManager is installed you will want to restart it or it won't apply the settings from ifcfg.
systemctl restart NetworkManager
To repl........
sudo vi /etc/lightdm/lightdm.conf.d/70-linuxmint.conf
Change this:
[SeatDefaults]
user-session=mate
allow-guest=false
To this:
[SeatDefaults]
user-session=mate
allow-guest=false
greeter-hide-users=true
greeter-show-manual-login=true
To see and apply your changes just restart light........
This is a gotcha but be aware sometimes iptables may be active and loaded by default.
Also make sure you don't just disable firewalld but also stop it otherwise it will still block stuff:
systemctl stop firewalld
If the above is not the issue then it is possible iptables is running and blocking stuff too, so you'll need to stop iptables.
So in addition to opening firewalld or disabling it, you would need to disable iptables........
mysql reset root password.
Oops I can't remember my MySQL root password!
[root@centos7test etc]# mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
First we need to stop mariadb:
systemctl stop mariadb
Now we need to restart it with skip-grant-tables whic........
yum -y install mariadb-server
systemctl start mariadb
mysql_secure_installation
Now we need to secure our install and set the MariaDB root password:
The lines you need to act on are marked in bold shown with the answer you need.
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SER........
This problem has been around forever, Linux seems to think it is fine to use the r8169 driver for an r8168 NIC but this often causes problems including the link not working at all.
In my case ethttool shows the link up and detected but it simply does not work especially on a laptop that has been resumed from suspension. Sometimes it takes several minutes for it to work or to unplug and replug the ethernet.
Here is the solution:
Install th........
Oct 18 11:06:46 server systemd[529]: rc-local.service: Failed at step EXEC spawning /etc/rc.local: Exec format error
Oct 18 11:06:46 server systemd[1]: rc-local.service: Control process exited, code=exited status=203
Oct 18 11:06:46 server systemd[1]: Failed to start /etc/rc.local Compatibility.
Oct 18 11:06:46 server systemd[1]: rc-local.service: Unit entered failed state.
Oct 18 11:06:46 server systemd[1]: rc-local.service: Failed with result 'exit-code'.........
yum install iptables-services
systemctl enable iptables
service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]........
If you've just installed VBox and it is not starting or working, the most common problem is usually that you don't have your kernel source installed, which means there is no kernel driver for vbox so it can't work.
You may get an error that says "Kernel driver not installed" in your Virtualbox.
So the first thing you should do is install your kernel source by running this:
sudo apt-get install linux-headers-`uname -r`........
If you get error messages like this it is usually because /var/run/sshd does not exist.
root@userbox:/# service sshd status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab
Active: failed (Result: start-limit-hit) since Wed 2019-04-10 02:24:44 EDT; 1
Process: 511 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=255)........
Idid a systemctl restart networking and it broke Proxmox VM connectivity!
#proxmox is the problem after restarting the network the tap devices go to disabled state
[2230884.919905] vmbr0: port 7(tap118i0) entered disabled state
[2230884.948864] vmbr0: port 8(tap122i0) entered disabled state
[2230884.972748] vmbr0: port 6(tap119i0) entered disabled state
[2230885.004745] vmbr0: port 5(tap117i0) entered disabled state
[2230885.03673........
This is not about systemd/systemctl and not about "onboot" so there's no rc.local trick here but it's the GUI/Gnome etc when a user logs in that a command is launched.
Put this in your home dir
The .config/autostart directory is where Linux Mint/Ubuntu checks for autostart application config files
mkdir -p ~/.config/autostart
Create a new entry/file that starts an application........
Below are the common errors you'll get with named AKA bind if your time is incorrect.
The simplest solution is to install and run ntpd to correct your system's time (install ntpd if it is not installed)
systemctl start ntpd
systemctl enable ntpd
Dec 20 13:36:16 hostingbox named[2169]: error (no valid DS) resolving 'develop.waxrain.com/A/IN': 14.215.150.17#53........
systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system.
The key commands or arguments you will use with systemctl are the following:
Unit Commands:
list-units [PATTERN...] List loaded units
&nbs........
Did you just install the minimal version by accident or want to install the GUI? No need to reinstall just tell yum to do the work for you!
You could actually have both installed and choose one as your preference on demand (although many people prefer GNOME's simplicity).
Step 1.)
Install Gnome and/or KDE.
To install the GNOME Desktop on Centos 7:
yum -y groups install "GNOME Desktop"
To........
Server Side Config
1.) First install nfs-utils
yum -y install nfs-utils
2.) Configure nfs share
Create a directory for your NFS share
mkdir /datastore
Create your NFS share in /etc/exports
echo "/datastore 10.220.101.0/24(rw,sync,no_root_squash)" >> /etc/exports
systemctl restart nfs........