• ssh how to verify your host key / avoid MIM attacks


    SSH helps keep us secure in many ways, one of those is the host-key fingerprint which is unique. If you have been connecting to an SSH server that you've made no changes to and suddenly ssh warns that the key doesn't match then you have a problem. But how about connecting to an existing server for the first time on a new machine or client? A lot of new clients calculate it using an SHA256 hash but it is not as easy on your host machine to produce the sam........
  • Cisco Unified Communications Manager / CUCM IP 8.6,10,12 Install Error Solution


    Install Errors on Version 12: This error happened on QEMU emulator version 2.11.1 pve-qemu-kvm_2.11.1-5 on Proxmox/Debian but installing on QEMU.12 on Centos 6 did not produce the error. *Update it is not related to the OS or QEMU version. This happened in Centos 6 too after a second install. What really causes this even though you successfully install........
  • Cisco Unified Communications Manager 12 Install Errors on Proxmox/KVM


    The strange thing is that usually the first install or two will work on any new machine but then it suddenly won't. I had this experience on QEMU 2.13 on a different machine. There is something finicky or buggy about the CUCM installer even when choosing the same virtual hardware specs. qemu-kvm command: /usr/libexec/qemu-kvm -version QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2-2.506.el6_10.1), Copyright (c) 2003-2008 Fabrice Bellard ........
  • How to install and setup LXC Containers (OpenVZ alternative) on Centos 6 / 7


    If you don't aleady have it, you'll need EPEL Install LXC yum -y install lxc lxc-templates Loaded plugins: fastestmirror Setting up Install Process Loading mirror speeds from cached hostfile * base: mirror.it.ubc.ca * epel: mirrors.kernel.org * extras: mirror.it.ubc.ca * updates:........
  • bind named error solutions named[2169]: error (no valid DS) resolving / error (broken trust chain) resolving / : error (no valid RRSIG) resolving 'com/DS/IN':


    Below are the common errors you'll get with named AKA bind if your time is incorrect. The simplest solution is to install and run ntpd to correct your system's time (install ntpd if it is not installed) systemctl start ntpd systemctl enable ntpd Dec 20 13:36:16 hostingbox named[2169]: error (no valid DS) resolving 'develop.waxrain.com/A/IN': 14.215.150.17#53........
  • iSCSI on Centos 7 Configuration and Setup Guide for Initiator and Target


    initiator = client target = server These are the first concepts you should understand which is that in iscsi essentially the "initiator" is the client and the "target" is the server. iSCSI is derived from the old fashioned SCSI that us oldtimers grew to love. The "i" stands for Internet and the SCSI stands for "Small Computers Systems Interface" (SCSI). iSCSI Target (Server)Setup targetcli is the pac........
  • Centos 7 - How To Install NFS and Mount Remotely


    Server Side Config 1.) First install nfs-utils yum -y install nfs-utils 2.) Configure nfs share Create a directory for your NFS share mkdir /datastore Create your NFS share in /etc/exports echo "/datastore 10.220.101.0/24(rw,sync,no_root_squash)" >> /etc/exports systemctl restart nfs........
  • OVF Tool: Error: Task failed on server: This host does not support Intel VT-x. VMWare VCenter install On ESXi ERror


    Intel VT-X is enabled in Virtualbox but it doesn't seem to pass through the needed vmx extension despite the following variables on the host confirming it is enabled: cat /sys/module/kvm_intel/parameters/nested Y cat /sys/module/kvm_intel/parameters/ept Y OVF Tool: Disk progress: 99% OVF Tool: Transfer Completed OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance- OVF Tool: Task p........
  • VMWare 6.7 VCSA VSphere ESXi Management SSO Install Guide on Linux using the CLI


    #mount the VCSA DVD mount /dev/sr0 /mnt/cd #alternatively you could mount the iso directly mount -o loop vcsa.iso /your/mount/path #for this purpose we are using the CLI installer on Linux cd /mnt/cd/vcsa-cli-installer/lin64 #no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file ./vcsa-deploy Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........
  • OpenVPN auth-user-pass-verify ENV script error


    Starting with newer versions of OpenVPN Ibelieve 2.2+ you need to have "script-security 3" set or you can't execute a third party script. Prior to that you could also use the auth-user-pass-verify like this: auth-user-pass-verify ./validate.pl "$username $password $ip" via-env Options error: the --auth-user-pass-verify directive should have at most 2 parameters. To pass a list of arguments as one of the paramete........
  • Installing SSL Certificate with Chain Intermediary CA File


    Some of the cheaper or newer SSL suppliers will require this to work properly (otherwise you may be prompted that the cert is invalid when it's not the case but it will certainly scare off your users!). In the Apache vhost conf for the domain here is what you add: SSLCACertificateFile /path/to/your/cafile.pem Here is a full example of an SSL Vhost config in Apache using a CA Certificate file ........
  • How to verify SSL SHA-1 Certificate Fingerprnit Signature of your mail/web server to avoid hijacking/man-in-the-middle attacks


    This is especially helpful if you run your own servers. If you are presented with an error message or warning that the signature has changed or does not match the IP/domain you are connecting to you always want to verify manually. So your e-mail/web client will show you an SHA-1 fingerprint like this: "Could not verify this certificate because the issuer is unkown" or other reasons such as a mismatch in IP/domain. It will also show you........
  • cPanel Install Error kernel ipv6 module support solution


    2017-01-12 14:25:36 529 (ERROR): The installer was unable to verify that your kernel supports IPv6. 2017-01-12 14:25:36 530 (ERROR): The message received when trying to create an IPv6 socket was Address already in use 2017-01-12 14:25:36 531 (ERROR): Please ensure that the ipv6 module is enabled and loaded in your kernel. 2017-01-12 14:25:36 532 (FATAL): Exiting... Solution This happened........
  • grubby fatal error: unable to find a suitable template solution Centos


    vzkernel-2.6.32-042stab116.2.x86_64.rpm&n........
  • Cannot Read License File cPanel Solution


    This can happen because port 80 is not open, or your license has expired and/or your IP is out of date and also if the license server itself from cPanel is having issues. In most cases as long as you have a valid license the following command will solve it: /usr/local/cpanel/cpkeyclt Updating cPanel license...Done. Update succeeded. Building global cache for cpanel...Done Cannot........
  • There was a problem importing one of the Python modules required to run yum. The error leading to this problem was:


    There was a problem importing one of the Python modules required to run yum. The error leading to this problem was: No module named yum Please install a package which provides this module, or verify that the module is installed correctly. It's possible that the above module doesn't match the current version of Python, which is: 2.7.9 (default, Apr 21 2016, 16:51:58) [GCC 4.4.7 20120313........
  • openvpn 2.3.10-1.el6 issues auth-env does not work correctly for auth-user-pass-verify


    openvpn 2.3.10-1.el6 issues in the .conf auth-user-pass-verify "passwordcheck $username $password $untrusted_ip" via-env auth-env does not work correctly in OpenVPN 2.3: Sat Apr 23 02:30:22 2016 - $username - $untrusted_ip - login failure But OpenVPN 2.2 does work as expected. It could be that the specified script automatically receive........
  • Centos installing grub problems suspect gpt problem


    grub> root (hd0,0) root (hd0,0) Filesystem type is ext2fs, partition type 0xfd grub> setup (hd0) setup (hd0) But if you do: root (hd1,0) setup (hd1) it does work, I think hd0/sda had a GPT partition that was not removed properly (what I did was just dd bs=512 count=1 the partition table from another drive since the partition table should be identical). Checking if "/boot/grub/........
  • Unable to configure RSA server private key SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch


    [Tue Jun 23 02:05:52 2015] [error] Unable to configure RSA server private key [Tue Jun 23 02:05:52 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The above is an accurate description of what is wrong. In our case the client made a simple mistake of thinking the localhost.crt and localhost.key (default key locations for Apache SSL in Centos) were in the same directory but they we........
  • Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again


    Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again You have to upgrade the ca-certs for epel but need to disable it before that can happen. yum upgrade ca-certificates --disablerepo=epel........
  • Linux Ubuntu Debian Howto Manually Update/Install Thunderbird


    wget http://download-location sudo tar xjvf thunderbird-24.2.0.tar.bz2 -C /opt ln -s /opt/thunderbird/thunderbird /usr/bin/thunderbird [sudo] password for one: ln: creating symbolic link `/usr/bin/thunderbird': File exists sudo rm /usr/bin/thunderbird ln -s /opt/thunderbird/thunderbird /usr/bin/thunderbird The above is how Idid it, if you don't do it properly you'll find that you are still using the old version (........
  • Linux Ubuntu Debian Howto Manually Update/Install Firefox


    wget http://download-location mv /usr/bin/firefox /usr/bin/firefox-old sudo tar xjvf firefox-26.0.tar.bz2 -C /opt ln -s /opt/firefox/firefox /usr/bin/firefox The above is how Idid it, if you don't do it properly you'll find that you are still using the old version (so verify in About that it is the new version). I've verified the above method works perfectly, it's great if you're using an older version of Linux and need to update the most........
  • Dell Perc 6/i cannot downgrade


    I flashed an LSI Logic firmware to it and it broke the BIOS (cannot do Ctrl+R) for booting purposes but allows other functionality to work normally. I tried downgrading to a Dell firmware for Perc 6i but it won't work, not even with MegaCli wget http://downloads.dell.com/FOLDER00416606M/1/SAS-RAID_Firmware_W83M2_LN32_6.3.1-0003_A14.BIN --2013-08-26 12:53:39-- http://downloads.dell.com/FOLDER00416606M/1/SAS-RAID_Firmware_W83M2_LN32_6.3.1-0003_A14.BIN Resolvi........
  • charat in PHP convert non-English characters into code


    This is basically URL decoding to the decimal code but nothing in PHPworks how you'd expect it. Here are online tools to verify and check your work, it's important when querying databases with non-English characters: http://yehg.net/encoding/index.php# http://meyerweb.com/eric/tools/dencoder/ http://www.codetable.net/decimal/65398 Japanese: http://symbolcodes.tlt.psu.edu/bylanguage/japanesechartkatakana.html Charat code for PHP:........
  • Antec ECO450C Crashing


    Crashing with a RAID 1 array and when burning a CD. Screen goes blank (no video signal) and system stops responding during heavier loads. Is this a defective power supply or is it possible I have too many devices connected to the same rail? How can I verify/troubleshoot this?........
  • Asterisk DOS attack - failed for '173.242.117.192' - Peer is not supposed to register [May 23 15:46:07] ERROR[32748]: chan_sip.c:13158 register_verify: Peer '153' is trying to register, but not configured as host=dynamic


    This happened to a customer Asterisk server and it somehow found the ID of the registration account to the upstream SIP server and was railing connection attempts (it filled up the console and there were literally thousands per second). Basically this caused all incoming and outgoing calls to fail. It was a temporary fix but the solution was to block that specific IP, it's hard to stop it 100% because the customer needs the default SIP port.........
  • SSH Can't Login/Hang


    Client Log OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.1.253 [192.168.1.253] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_d........
  • badblocks in Linux to check/verify if a hard drive/HDD is good or bad


    I like badblocks and don't know a better more reliable way of checking the drive. If there are no errors from badblocks and dmesg doesn't produce any SATA related errors, the drive should be good (for now at least). I also prefer to do read and write mode, yes it takes ages but it is really the best way of doing it. This gives me the most confidence in knowing that a drive, especially a new one is at least OK at the moment. To test in read only mode........
  • Linux Out of Memory OOM Object Killer Solution "Out of memory: kill process 1955 (sshd) score 81 or a child"


    I had a system running a 128MB live CD image with 2.8 gigs of available RAM and the OOM kernel killer went crazy when using dd for more than 8 minutes and kept killing everything. I've read that this is due to a low-memory issue and paging in the kernel and 32-bit systems with lots of RAM. I even enabled swapspace on my LiveCD and the issue happened 25 minutes into dd rather than 8 minutes, so what gives? Also no swap space was ever used! cat /proc/s........
  • Ubuntu 9.04 Crash


    CPU/Kernel/MB/RAID problem? Jan 5 12:45:05 testbox kernel: [653298.890004] BUG: soft lockup - CPU#0 stuck for 61s! [hal-acl-tool:4168] Jan 5 12:45:05 testbox kernel: [653298.890005] Modules linked in: vmnet vmci vmmon binfmt_misc drbd video output input_polldev ocfs2_stackglue ocfs2_dlmfs ocfs2_dlm ocfs2_nodemanager configfs k8temp hwmon_vid lp snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi........
  • http://apt.sw.be/redhat/el5/en/i386/test/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror.


    http://apt.sw.be/redhat/el5/en/i386/test/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for repository: rpmforge-testing. Please verify its path and try again Notice it is complaining about "rpmforge-testing", just disable it for now: Solution is to edit the repo: vi /etc/yum.repos.d/rpmforge-testing.repo........
  • PHP CURL SSL won't work or connect


    I spent so much time debugging this, most sites don't tell you a very important option to use with CURL and you will only find out this is the problem by running the PHP script from the command line you get the following output that shows the issue (I don't see any way to get this output from Apache itself). * About to connect() to ip.ip.ip.ip port 25000 * Trying ip.ip.ip.ip... * connected * Connected to ip.ip.ip.ip (ip.ip.ip.ip) port 25000 * succes........
  • FUSE/Curlftpfs mount ftp account as drive partition in Linux


    This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc.. Name curlftpfs - mount a ftp host as a local directory Synopsis........
  • LUKS/cryptsetup Tutorial for Linux Hard Drive Partition Encryption


    This is based on Debian Linux but should apply equally to any *nix distro. Install LUKS/crypt-setup apt-get install cryptsetup Setup your LUKS Partition Of course change /dev/md2 with whatever partition you intend to use LUKS on. cryptsetup --verbose --verify-passphrase luksFormat /dev/md2 You'll be asked to verify your decryption password twice *DO NOT FORGET THIS PASSWORD AS IT IS NOT RECOVERABLE!........
  • PHP cannot access /usr/bin/openssl


    PHP cannot access /usr/bin/opensslI have verified the username that runs the process is able to access /usr/bin/openssl and it does exist but the PHP script is saying it doesn't exist: [code:1:1fd0f3abbe] if (!file_exists($OPENSSL)) { //echo "ERROR: OPENSSL $OPENSSL not foundn"; }[/code:1:1fd0f3abbe] I don't get itI can clearly see the contents of /usr/bin by using the PHP system fu........
  • Roxio/Sonic complaints - No verification of burnt ISO Image


    Roxio/Sonic complaints - No verification of burnt ISO ImageThe only thing Nero does better is that it has the option to verify the data written from an ISO/CD Image! Why can't all burning utilities have this feature?........
  • Create/Enable SSL Certificates for Apache on Linux/Unix Systems eg. Redhat,Centos,Debian


    Shortcut/Easiest Way To Create A Self-Signed Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key Using the above, you instantly create a self-signed certificate valid for 1530 days and you can simply skip to step #5.) below. If You Need a Real SSLCertificate (eg. Equifax/Openssl) then you need to create a CSR request (you'll need to follow Steps 1.) and 2.) in order to create the CSR. You then upload the CSR Certi........
  • Fake PR Pagerank Identification - How do you know/check/verify the real PR(Pagerank)?


    Here is an example that I recently found, most PR checkers will say this domain is PR8 or will say "cannot analyze PR". The example is domain "bonserotica.com" view Google's cache of the homepage and you'll see as in the picture below, it lists a different URL, which means they used a redirect to a high PR site to fool you and the PR checkers.........
  • OCFS2 crash


    When trying to even cd or ls the mounted OCFS2 partition it crashes. Ithink this is a combination of VMWare Server's problem and the way I mounted and symlinked to it. More than anything this shows the problem and lack of forsight with VMWare, but also that OCFS2 is easily crashed if you do strange things. Output of /var/log/messages for OCFS2 Apr 10 15:57:45 localhost kernel: [84331.691258] Modules linked in: vmnet vmci vmmon ocfs2_stac........
  • Writing/Burning a data CD-R/DVD-R or DVD+RW in Unix/Linux


    There's a lot of outdated information and confusion for system administrator's out there. One annoying task for many an Administrator has been backing up data in Linux. You don't need any GUI tools such as K3B or GnomeBaker. Both are excellent tools but for veteran command line users working remotely, using the keyboard is a great and possibly automated way to save yourself pain and hassle. At a later date we'll cover how scripting can automatically backup certain........
  • Latest Articles

  • python 3 pip cannot install mysql module
  • QEMU-KVM won't boot Windows 2016 or 2019 server on an Intel Core i3
  • Virtualbox vbox not starting "No suitable module for running kernel found"
  • Bind / named not responding to queries solution
  • Linux Mint How To Set Desktop Background Image From Bash Prompt CLI
  • ImageMagick Convert PDF Not Authorized
  • ImageMagick Converted PDF to JPEG some files have a black background solution
  • Linux Mint Mate Customize the Lock screen messages and hide username and real name
  • Ubuntu/Gnome/Mint/Centos How To Take a partial screenshot
  • ssh how to verify your host key / avoid MIM attacks
  • Cisco IP Phone CP-8845 8800/8900 Series How To Reset To Factory Settings Instructions
  • ls how to list ONLY directories
  • How to encrypt your SSH private key file id_rsa
  • Linux Mint 18 Disable User Name List from showing on Login Screen
  • Firefox Cannot Hit Enter Key In Address Bar and Location History Not Working
  • Cisco Unified Communications Manager / CUCM IP 8.6,10,12 Install Error Solution
  • Ubuntu Debian Mint Linux SSHD OpenSSH Server Not Starting After Reboot Solution
  • nmap how to scan for all ports and not just the 1000 most common ports
  • Windows 7,8,10 and Server 2008, 2012, 2016, 2019 Read Only Attribute Won't Go Away
  • bind / named how to make a wildcard record and retain defined A records