Uses:
Install OS on physical drive
Linux installation VMware
Install Windows on physical drive
Boot OS from physical drive
VMware Workstation tutorial
Linux virtual machine to physical disk
Windows to Linux migration
Dual boot OS installation
Boot from external SSD
Linux, Windows, BSD installation guide
Physical drive boot OS........
[Wed Nov 01 18:47:08 2023] [error] Unable to configure verify locations for client authentication
[Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line
[Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 185090057 error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib
It actually gives us a good clue that at last one component of our cert is invalid/improperl........
By default if you create a private key for SSH, it will create something like .ssh/id_rsa
Linux will always search for and offer this key when connecting to servers.
If you put extra keys in your .ssh directory like id_rsa_realtechtalk.com, they will be ignored by default and NOT used or offered (you can verify this with ssh -v) and see it is not being offered.
Here is how you add the extra SSH keys so they are all offered:
#this gives........
Be very careful about what filename you specify in dhcpd.conf if you get an error like this:
NBP filesize is 0 Bytes PXE-E23:Client received TFTP error from server.
If you specify "BOOTx64.efi" then the file had better not be called "BOOTx64.EFI" as it is case sensitive. It's really a case of th........
There is a random bug that sometimes occurs with Vbox NAT mode DNS, although it has never happened in the past and Vbox was working fine until recently.
The symptom is that you can see it does get an IP+ DNS from the Vbox NAT DHCP.
Below we use resolvectl dns and verify the DNS server is set to 10.0.2.3 which is the DNS from Vbox NAT. We can ping it but it does not respond to any DNS requests when we use dig @10.0.2.3 realtechtalk.com........
Why choose OpenVPN instead of a firewall appliance?
OpenVPN can be a reliable and easy replacement for traditional hardware or just be an additional tool that your company uses so that the firewall can focus on its job rather than acting as a VPNappliance at the same time.
When comparing OpenVPN with traditional firewal........
In newer of versions of Virtualbox, especially above 6.0 (eg. 6.1 like the example below), a lot of times the "Enable Nested VT-x/AMD-V".
If you are having this issue, you will see the option is grayed out. It doesn't mean that your computer does not support virtualization, although it is possible it is disabled in the BIOS. You can verify........
Just run this apt install command
sudo apt install pepperflashplugin-nonfree browser-plugin-freshplayer-pepperflash
After this restart your browser and check Adobe's site to verify if your Pepper flash is working and showing at least version 32.
https://helpx.adobe.com/flash-player.html
As you'll see below it will download the latest version which is currently 32 and this was not possible with the old/crappy deprecated adobe-flash plu........
yum -y install wget unzip
wget https://download.nextcloud.com/server/releases/nextcloud-18.0.2.zip
unzip nextcloud-18.0.2.zip
yum -y install php php-mysqlnd php-json php-zip php-dom php-xml php-libxml php-mbstring php-gd mysql mysql-server
Last metadata expiration check: 0:58:02 ago on Fri 13 Mar 2020 02:12:49 PM EDT.
Dependencies resolved.
===================================================================........
The reason for doing this is that the installer doesn't seem to work properly for LUKS and the server installer doesn't even support LUKS anymore. When you use the GUI install on Desktop for LUKS it won't boot and will just hang after you enter your password. So the only reliable way is to do it ourselves.
1.) Make a default minimal install of Ubuntu
2.) Have a secondary disk on the server or VM.
3.)........
SSH helps keep us secure in many ways, one of those is the host-key fingerprint which is unique. If you have been connecting to an SSH server that you've made no changes to and suddenly ssh warns that the key doesn't match then you have a problem.
But how about connecting to an existing server for the first time on a new machine or client?
A lot of new clients calculate it using an SHA256 hash but it is not as easy on your host machine to produce the sam........
Install Errors on Version 12:
This error happened on QEMU emulator version 2.11.1 pve-qemu-kvm_2.11.1-5
on Proxmox/Debian but installing on QEMU.12 on Centos 6 did not produce the error.
*Update it is not related to the OS or QEMU version. This happened in Centos 6 too after a second install.
What really causes this even though you successfully install........
The strange thing is that usually the first install or two will work on any new machine but then it suddenly won't. I had this experience on QEMU 2.13 on a different machine. There is something finicky or buggy about the CUCM installer even when choosing the same virtual hardware specs.
qemu-kvm command:
/usr/libexec/qemu-kvm -version
QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2-2.506.el6_10.1), Copyright (c) 2003-2008 Fabrice Bellard
........
If you don't aleady have it, you'll need EPEL
Install LXC
yum -y install lxc lxc-templates
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.it.ubc.ca
* epel: mirrors.kernel.org
* extras: mirror.it.ubc.ca
* updates:........
Below are the common errors you'll get with named AKA bind if your time is incorrect.
The simplest solution is to install and run ntpd to correct your system's time (install ntpd if it is not installed)
systemctl start ntpd
systemctl enable ntpd
Dec 20 13:36:16 hostingbox named[2169]: error (no valid DS) resolving 'develop.waxrain.com/A/IN': 14.215.150.17#53........
initiator = client
target = server
These are the first concepts you should understand which is that in iscsi essentially the "initiator" is the client and the "target" is the server.
iSCSI is derived from the old fashioned SCSI that us oldtimers grew to love. The "i" stands for Internet and the SCSI stands for "Small Computers Systems Interface" (SCSI).
iSCSI Target (Server)Setup
targetcli is the pac........
Server Side Config
1.) First install nfs-utils
yum -y install nfs-utils
2.) Configure nfs share
Create a directory for your NFS share
mkdir /datastore
Create your NFS share in /etc/exports
echo "/datastore 10.220.101.0/24(rw,sync,no_root_squash)" >> /etc/exports
systemctl restart nfs........
Intel VT-X is enabled in Virtualbox but it doesn't seem to pass through the needed vmx extension despite the following variables on the host confirming it is enabled:
cat /sys/module/kvm_intel/parameters/nested
Y
cat /sys/module/kvm_intel/parameters/ept
Y
OVF Tool: Disk progress: 99%
OVF Tool: Transfer Completed
OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance-
OVF Tool: Task p........
#mount the VCSA DVD
mount /dev/sr0 /mnt/cd
#alternatively you could mount the iso directly
mount -o loop vcsa.iso /your/mount/path
#for this purpose we are using the CLI installer on Linux
cd /mnt/cd/vcsa-cli-installer/lin64
#no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file
./vcsa-deploy
Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........
Starting with newer versions of OpenVPN Ibelieve 2.2+ you need to have "script-security 3" set or you can't execute a third party script.
Prior to that you could also use the auth-user-pass-verify like this:
auth-user-pass-verify ./validate.pl "$username $password $ip" via-env
Options error: the --auth-user-pass-verify directive should have at most 2 parameters. To pass a list of arguments as one of the paramete........
Some of the cheaper or newer SSL suppliers will require this to work properly (otherwise you may be prompted that the cert is invalid when it's not the case but it will certainly scare off your users!).
In the Apache vhost conf for the domain here is what you add:
SSLCACertificateFile /path/to/your/cafile.pem
Here is a full example of an SSL Vhost config in Apache using a CA Certificate file
........
This is especially helpful if you run your own servers. If you are presented with an error message or warning that the signature has changed or does not match the IP/domain you are connecting to you always want to verify manually.
So your e-mail/web client will show you an SHA-1 fingerprint like this:
"Could not verify this certificate because the issuer is unkown" or other reasons such as a mismatch in IP/domain.
It will also show you........
2017-01-12 14:25:36 529 (ERROR): The installer was unable to verify that your kernel supports IPv6.
2017-01-12 14:25:36 530 (ERROR): The message received when trying to create an IPv6 socket was Address already in use
2017-01-12 14:25:36 531 (ERROR): Please ensure that the ipv6 module is enabled and loaded in your kernel.
2017-01-12 14:25:36 532 (FATAL): Exiting...
Solution
This happened........
vzkernel-2.6.32-042stab116.2.x86_64.rpm&n........
This can happen because port 80 is not open, or your license has expired and/or your IP is out of date and also if the license server itself from cPanel is having issues.
In most cases as long as you have a valid license the following command will solve it:
/usr/local/cpanel/cpkeyclt
Updating cPanel license...Done. Update succeeded.
Building global cache for cpanel...Done
Cannot........
There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:
No module named yum
Please install a package which provides this module, or
verify that the module is installed correctly.
It's possible that the above module doesn't match the
current version of Python, which is:
2.7.9 (default, Apr 21 2016, 16:51:58)
[GCC 4.4.7 20120313........
openvpn 2.3.10-1.el6 issues
in the .conf
auth-user-pass-verify "passwordcheck $username $password $untrusted_ip" via-env
auth-env does not work correctly in OpenVPN 2.3:
Sat Apr 23 02:30:22 2016 - $username - $untrusted_ip - login failure
But OpenVPN 2.2 does work as expected.
It could be that the specified script automatically receive........
grub> root (hd0,0)
root (hd0,0)
Filesystem type is ext2fs, partition type 0xfd
grub> setup (hd0)
setup (hd0)
But if you do:
root (hd1,0)
setup (hd1)
it does work, I think hd0/sda had a GPT partition that was not removed properly (what I did was just dd bs=512 count=1 the partition table from another drive since the partition table should be identical).
Checking if "/boot/grub/........
[Tue Jun 23 02:05:52 2015] [error] Unable to configure RSA server private key
[Tue Jun 23 02:05:52 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
The above is an accurate description of what is wrong.
In our case the client made a simple mistake of thinking the localhost.crt and localhost.key (default key locations for Apache SSL in Centos) were in the same directory but they we........
Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again
You have to upgrade the ca-certs for epel but need to disable it before that can happen.
yum upgrade ca-certificates --disablerepo=epel........
wget http://download-location
sudo tar xjvf thunderbird-24.2.0.tar.bz2 -C /opt
ln -s /opt/thunderbird/thunderbird /usr/bin/thunderbird
[sudo] password for one:
ln: creating symbolic link `/usr/bin/thunderbird': File exists
sudo rm /usr/bin/thunderbird
ln -s /opt/thunderbird/thunderbird /usr/bin/thunderbird
The above is how Idid it, if you don't do it properly you'll find that you are still using the old version (........
wget http://download-location
mv /usr/bin/firefox /usr/bin/firefox-old
sudo tar xjvf firefox-26.0.tar.bz2 -C /opt
ln -s /opt/firefox/firefox /usr/bin/firefox
The above is how Idid it, if you don't do it properly you'll find that you are still using the old version (so verify in About that it is the new version). I've verified the above method works perfectly, it's great if you're using an older version of Linux and need to update the most........
I flashed an LSI Logic firmware to it and it broke the BIOS (cannot do Ctrl+R) for booting purposes but allows other functionality to work normally.
I tried downgrading to a Dell firmware for Perc 6i but it won't work, not even with MegaCli
wget http://downloads.dell.com/FOLDER00416606M/1/SAS-RAID_Firmware_W83M2_LN32_6.3.1-0003_A14.BIN
--2013-08-26 12:53:39-- http://downloads.dell.com/FOLDER00416606M/1/SAS-RAID_Firmware_W83M2_LN32_6.3.1-0003_A14.BIN
Resolvi........
This is basically URL decoding to the decimal code but nothing in PHPworks how you'd expect it.
Here are online tools to verify and check your work, it's important when querying databases with non-English characters:
http://yehg.net/encoding/index.php#
http://meyerweb.com/eric/tools/dencoder/
http://www.codetable.net/decimal/65398
Japanese:
http://symbolcodes.tlt.psu.edu/bylanguage/japanesechartkatakana.html
Charat code for PHP:........
Crashing with a RAID 1 array and when burning a CD.
Screen goes blank (no video signal) and system stops responding during heavier loads.
Is this a defective power supply or is it possible I have too many devices connected to the same rail?
How can I verify/troubleshoot this?........
This happened to a customer Asterisk server and it somehow found the ID of the registration account to the upstream SIP server and was railing connection attempts (it filled up the console and there were literally thousands per second). Basically this caused all incoming and outgoing calls to fail.
It was a temporary fix but the solution was to block that specific IP, it's hard to stop it 100% because the customer needs the default SIP port.........
Client Log
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.253 [192.168.1.253] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_d........
I like badblocks and don't know a better more reliable way of checking the drive. If there are no errors from badblocks and dmesg doesn't produce any SATA related errors, the drive should be good (for now at least).
I also prefer to do read and write mode, yes it takes ages but it is really the best way of doing it. This gives me the most confidence in knowing that a drive, especially a new one is at least OK at the moment.
To test in read only mode........
I had a system running a 128MB live CD image with 2.8 gigs of available RAM and the OOM kernel killer went crazy when using dd for more than 8 minutes and kept killing everything. I've read that this is due to a low-memory issue and paging in the kernel and 32-bit systems with lots of RAM.
I even enabled swapspace on my LiveCD and the issue happened 25 minutes into dd rather than 8 minutes, so what gives?
Also no swap space was ever used!
cat /proc/s........
CPU/Kernel/MB/RAID problem?
Jan 5 12:45:05 testbox kernel: [653298.890004] BUG: soft lockup - CPU#0 stuck for 61s! [hal-acl-tool:4168]
Jan 5 12:45:05 testbox kernel: [653298.890005] Modules linked in: vmnet vmci vmmon binfmt_misc drbd video output input_polldev ocfs2_stackglue ocfs2_dlmfs ocfs2_dlm ocfs2_nodemanager configfs k8temp hwmon_vid lp snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi........
http://apt.sw.be/redhat/el5/en/i386/test/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rpmforge-testing. Please verify its path and try again
Notice it is complaining about "rpmforge-testing", just disable it for now:
Solution is to edit the repo:
vi /etc/yum.repos.d/rpmforge-testing.repo........
I spent so much time debugging this, most sites don't tell you a very important option to use with CURL and you will only find out this is the problem by running the PHP script from the command line you get the following output that shows the issue (I don't see any way to get this output from Apache itself).
* About to connect() to ip.ip.ip.ip port 25000
* Trying ip.ip.ip.ip... * connected
* Connected to ip.ip.ip.ip (ip.ip.ip.ip) port 25000
* succes........
This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc..
Name
curlftpfs - mount a ftp host as a local directory
Synopsis........
This is based on Debian Linux but should apply equally to any *nix distro.
Install LUKS/crypt-setup
apt-get install cryptsetup
Setup your LUKS Partition
Of course change /dev/md2 with whatever partition you intend to use LUKS on.
cryptsetup --verbose --verify-passphrase luksFormat /dev/md2
You'll be asked to verify your decryption password twice
*DO NOT FORGET THIS PASSWORD AS IT IS NOT RECOVERABLE!........
PHP cannot access /usr/bin/opensslI have verified the username that runs the process is able to access /usr/bin/openssl and it does exist but the PHP script is saying it doesn't exist:
[code:1:1fd0f3abbe]
if (!file_exists($OPENSSL)) {
//echo "ERROR: OPENSSL $OPENSSL not foundn";
}[/code:1:1fd0f3abbe]
I don't get itI can clearly see the contents of /usr/bin by using the PHP system fu........
Roxio/Sonic complaints - No verification of burnt ISO ImageThe only thing Nero does better is that it has the option to verify the data written from an ISO/CD Image!
Why can't all burning utilities have this feature?........
Shortcut/Easiest Way To Create A Self-Signed Key:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
Using the above, you instantly create a self-signed certificate valid for 1530 days and you can simply skip to step #5.) below.
If You Need a Real SSLCertificate (eg. Equifax/Openssl) then you need to create a CSR request (you'll need to follow Steps 1.) and 2.) in order to create the CSR. You then upload the CSR Certi........
Here is an example that I recently found, most PR checkers will say this domain is PR8 or will say "cannot analyze PR".
The example is domain "bonserotica.com" view Google's cache of the homepage and you'll see as in the picture below, it lists a different URL, which means they used a redirect to a high PR site to fool you and the PR checkers.........
When trying to even cd or ls the mounted OCFS2 partition it crashes. Ithink this is a combination of VMWare Server's problem and the way I mounted and symlinked to it.
More than anything this shows the problem and lack of forsight with VMWare, but also that OCFS2 is easily crashed if you do strange things.
Output of /var/log/messages for OCFS2
Apr 10 15:57:45 localhost kernel: [84331.691258] Modules linked in: vmnet vmci vmmon ocfs2_stac........
There's a lot of outdated information and confusion for system administrator's out there.
One annoying task for many an Administrator has been backing up data in Linux. You don't need any GUI tools such as K3B or GnomeBaker. Both are excellent tools but for veteran command line users working remotely, using the keyboard is a great and possibly automated way to save yourself pain and hassle.
At a later date we'll cover how scripting can automatically backup certain........