find /usr/share/zoneinfo/|sed s#"/usr/share/zoneinfo/"##g|grep "/"|grep -v posix|grep -v ^"Etc/"|grep -v ^right|grep -v ^"SystemV"
Africa/Addis_Ababa
Africa/Abidjan
Africa/Blantyre
Africa/Lusaka
Africa/Casablanca
Africa/Libreville
Africa/Asmara
Africa/Bujumbura
Africa/Dakar
Africa/Lagos
Africa/Malabo
Africa/Harare
Africa/Kigali........
This should work for most console ports of other manufacturers too. It is a quick and simple method for emegencies or deploying a few appliances/devices in a non-standard environment or small environment.
However, if this is a route thing, or the equipment is not physically close to you, it would be best to use some sort of "Terminal" server which is an IP connected switch with several serial ports built-in for this purpose. Normally they accessible by web/........
Have you checked your router/firewall logs and disconcertingly see connections to an unknown IP207.246.119.209:3478 from your Grandstream VOIPphones?
You're not alone and the Grandstream forums have discussed this issue.
However, even their own staff d........
Why choose OpenVPN instead of a firewall appliance?
OpenVPN can be a reliable and easy replacement for traditional hardware or just be an additional tool that your company uses so that the firewall can focus on its job rather than acting as a VPNappliance at the same time.
When comparing OpenVPN with traditional firewal........
There are many reasons why Proxmox services may not start, but one common one, is if you have changed your /etc/hostname or /etc/hosts and don't have a valid FQDN (eg. proxmox01 instead proxmox01.com).
Failed to start The Proxmox VE cluster filesystem.
Failed to start Proxmox VE firewall.
Failed to start PVE Status Daemon.
Failed to start Proxmox VE scheduler.
Failed to start PVE Cluster HA Resource Manager Daemon.
Failed to star........
Kubernetes Easy Beginners Tutorial/Architecture Guide
Kubernetes is known as container orchestration and we should start at explaining the container part of it.
A Container is what runs the actual application and based on an Image, and are more comparable to something like an LXC Container, Virtuozzo/OpenVZ using the Linux Kernel Namespaces feature. Containers run these images as independent, isolated operating environments under the O........
This assumes that you've already installed the relevant HWIC cards eg. Cisco Asynchronous Serial NIM
These are essentially cards that you install into your router, once installed you connect an Async cable to one of the ports on the card which normally gives you 8 console cables and are normally labelled 1 through 8.
You connect all of the cables to the devices you need (even non-Cisco devices) whether switches, routers or firewalls, they will usually work.
The real m........
Just a quick note and warning is that if you are testing to see if EFIPXE booting works on a VM, MAKE SURE it actually works. For example Iinitially tested using my Distro's QEMU 2.5+dfsg-5ubuntu10.46 and ovmf BIOS firmware (OVMF supports EFI). However, I found on old versions of QEMU (like 2.5), EFIbooting with GRUB NEVER works so it may appear that you have made a mistake when everything is fine when you boot a physi........
Enable "cli" mode equivalent in JunOS
cli
Configure Mode
configure
So rather than going to the console on a Cisco switch and typing "enable" and then "conf t", the equivalent in JunOS is "cli" and "configure".
How Do You Apply Changes You've Made?
You can make all kinds of changes to the switch, but remember they are not........
yum -y install wget unzip
wget https://download.nextcloud.com/server/releases/nextcloud-18.0.2.zip
unzip nextcloud-18.0.2.zip
yum -y install php php-mysqlnd php-json php-zip php-dom php-xml php-libxml php-mbstring php-gd mysql mysql-server
Last metadata expiration check: 0:58:02 ago on Fri 13 Mar 2020 02:12:49 PM EDT.
Dependencies resolved.
===================================================================........
This is a gotcha but be aware sometimes iptables may be active and loaded by default.
Also make sure you don't just disable firewalld but also stop it otherwise it will still block stuff:
systemctl stop firewalld
If the above is not the issue then it is possible iptables is running and blocking stuff too, so you'll need to stop iptables.
So in addition to opening firewalld or disabling it, you would need to disable iptables........
yum install iptables-services
systemctl enable iptables
service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]........
Having a network bridge allows you to bridge traffic under multiple devices so they can talk natively without using any special routing, iptables/firewall or other trickery.
To create your bridge you need the bridge-utils package for brctl and if you want to do things like bridge VMs that run on a tap device you will need the uml-utilities which provides "tunctl".
1.) Install the utilities to make our bridge
sudo apt-get i........
So say you are behind a typical NAT/LAN setup whether at home, work or while travelling. What if you have a computer or server that you need to connect to from the outside?
Yes you could use a VPN but a quick and dirty, temporary and secure way is to use SSH's Reverse Tunneling Proxy feature.
Requirements
On the remote ssh server host you need the GatewayPorts option enabled in sshd_config (be........
Whether you are at work, at the coffee shop or on the public internet here are some basic but effective rules for iptables that lock things down (eg. no one can SMB or SSH to you or really anything):
# Generated by iptables-save v1.4.21 on Fri Dec 14 14:00:08 2018
*nat
:PREROUTING ACCEPT [160:19844]
:INPUT ACCEPT [4:357]
:OUTPUT ACCEPT [2955:182236]
:POSTROUTING ACCEPT [2955:182236]
COMMIT
# Completed on Fri Dec 14........
systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system.
The key commands or arguments you will use with systemctl are the following:
Unit Commands:
list-units [PATTERN...] List loaded units
&nbs........
sudo apt-get install libcurl4-openssl-dev git build-essential autotools-dev autoconf libcurl3
sudo apt-get install libcurl4-gnutls-dev
git clone https://github.com/wolf9466/cpuminer-multi
sudo apt-get install cmake libpthread-* libmicrohttpd-dev libssl-dev libhwloc-dev
git clone https://github.com/fireice-uk/xmr-stak-cpu.git
make install
cd bin
chmod +x xmr-stak-cpu
./xmr-stak -O xmr........
This is not the normal "black screen"issue and I was shocked to eventually find out why. The normal advice of reconfiguring Xorg didn't work. Even booting into "Recovery Mode" did not help.
Here is the short end of the stick that fixed it:
sudo apt-get install mdm mate-desktop-environment
Yes you got it right, mdm and the mate-desktop-environment / gnome were somehow uninstalled. This must be whe........
Here is the only solution Ifound that works in Firefox:
*Note you could basically just copy all of the commands in bold (the rest just shows the output)
Install sqlite3
sqlite3 places.sqlite
sqlite> .clone places.sqlite-fixed
moz_places... done
moz_historyvisits... done
moz_inputhistory..........
By default Samba SMB/NMB listen on ANY and ALLIPs on your system by binding to 0.0.0.0. Obviously this is a huge security risk if you have a public facing server with both internal and external access. Usually when a system administrator sets up a samba server their intention is just to share with a LAN.
To do this you need to the following options under the [global] section in smb.conf
bind interfaces only = yes
interfaces = 192........
Check for crap in /var/lib/mysql like this
ls -al /var/lib/mysql/
total 20888
drwxr-xr-x 24 mysql mysql 4096 Oct 3 18:30 .
drwxr-xr-x 20 root root 4096 Oct 3 04:23 ..
-rw-rw-rw- 1 mysql mysql 11776 Oct 3 17:10 c:exp.exe
-rw-rw-rw- 1 mysql mysql 48128 Oct 3 17:10 c:exp1.exe........
*Update so this doesn't work it must be something to do with the path of nfs or something else but the installer fails with "Installer crashed" at the end whereas with the CD/USB it works.
This assumes you've already installed and configured a separate PXE/DHCP server somewhere else and your /tftpboot directory is setup.
This is for Linux Mint 18.1 but generally applies to most versions although you may have tro change things like "casper"........
Centos 7 is no cakewalk, there are many fundamental features and basic utilities that are missing or even completely renamed or different!
Another shocking thing is to check your NIC it is set by default to not turn on when booting!
And by the way there is no more standard eth0 the NIC convention is now "enp0s3"
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3........
Change Host="192.168.5.99" with the remote IP allowed(this is of course more secure but also cumbersome if your IP changes). You could also have a single layer of protection that specifies the IP via firewall or both (of course both are far mor secure).
UPDATE user SET Host="192.168.5.99" where Host="localhost"
or for any/wildcard
UPDATE user SET Host="%" where Host="localhost&qu........
In Firefox I cannot connect to any website, proxy is disabled and outside network access is confirmed, no system or manual proxy was set on this Linux Mint/Ubuntu system. Normally this can be caused by proxy or DNS problems and the weird thing is that traceroute and ping to other IPs worked fine but even connecting to sites by IP was not working.
The connection was reset
The connection to the server was reset while the page was loading.........
service iptables start
iptables: Applying firewall rules: iptables-restore: line 40 failed
[FAILED]........
Install rsync4randroid and in the shell/ssh do this:
ln -s /data/data/eu.kowalczuk.rsync4android/files/rsync /system/xbin/rsync........
Say if you need to make a firewall script to block certain ports this works great.
for ports in 21 25 443; do
iptables rules here
done........
Bash weird variable whitespace missing
var=`cat tlds.csv|grep .ca,`
# echo "var=:$var:"
:ar=:.ca,Canada
Why is the v missing in the last line?
It should be
:var=:.ca,Canada
instead of
:ar=:.ca,Canada
I noticed a problem with the file with doing a "cat -v" on it.
Here's the issue, the file contains carat M ^M:
.vg,British Virgin Island........
Another new drive bad from the start:
Jun 2 15:14:18 one-desktop kernel: [15895.386779] ata2.00: exception Emask 0x50 SAct 0x1 SErr 0x280900 action 0x6 frozen
Jun 2 15:14:18 one-desktop kernel: [15895.386782] ata2.00: irq_stat 0x08000000, interface fatal error
Jun 2 15:14:18 one-desktop kernel: [15895.386784] ata2: SError: { UnrecovData HostInt 10B8B BadCRC }
Jun 2 15:14:18 one-desktop kernel: [15895.386788] ata2.00: cmd 60/0........
This is useful for developing a lot of applications, I'm putting it here to keep it handy for myself and hopefully others:
Choose CountryCanadaJapanUnited StatesUnited KingdomAfghanistan........
Here's a proven example of what a bad hard drive can do, it was technically functioning OKin a RAID array but the system became extremely low and the load become high and IOWAIT was even higher and I always thought it was a bad application. The truth is that this failing 1TBHitachi has slowly gotten worse and caused huge slowdowns, (eg. 100% load on Thunderbird waiting for e-mails to load etc..). After swapping it out, tabs change instantly, emails are not lagged, and........
Here's what SMART tells me the serial number is:
=== START OF INFORMATION SECTION ===
Device Model: Hitachi HDS721010CLA332
Serial Number: JP2940HQ3ZY7KH
Firmware Version: JP4OA3EA
User Capacity: 1,000,204,886,016 bytes
Device is: Not in smartctl database [for details use: -P showall]
ATA Version is: 8
ATA Standard is:&nb........
I dread updating the kernel and rebooting to find the Ubuntu graphics aren't working and you have to manually intervene. This is usually because Ubuntu for whatever reason didn't update the drivers you need (eg. the manually compiled Nvidia Kernel driver that MUST be recompiled for each and every kernel update unfortunately).
The most common reason may be that "linux-source" hasn't been installed automatically on my system. I tried to manually reinstall the........
I like dd, although it only reads it, usually a read test of the entire disk will uncover if your hard drive is bad in some parts. This is a good thing to do at least once a month, a lot of times bizarre program behavior, laginess and crashing/unnmounting problems etc.. are due to a failing disc and SMART won't know it or indicate a problem:
We must also remember there's never a guarantee, I've found that ever since we moved to larger and more platters per drive with 1TB drives........
I had a dying drive that smart thought until it totally disappeared was a good drive, and actually all parameters did look fine but this system was causing my system to lockup and other bad behavior:
=== START OF INFORMATION SECTION ===
Device Model: WDC WD20EARS-00MVWB0
Serial Number: WD-WMAZ20139
Firmware Version: 50.0AB50
User Capacity: 2,000,398,934,016 bytes
Device........
I had one of these shipped and it was not recognized when plugged in, here's what a dead drive looks like (I assume it's teh circuit board which is dead):
ata1: link is slow to respond, please be patient (ready=0)
ata1: softreset failed (device not ready)
ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
ata1: link online but device misclassified, retrying
ata1: link is slow to respond, please be patient (ready=0)
ata1: softreset f........
I keep getting messages like this shortly after using the proxy (it works for a few seconds/page loads and then stops):
channel 12: open failed: administratively prohibited: open failed
I'm not sure what the issue is unless there's some kind of hardware firewall on the other end. I've used this exact configuration on multiple servers with no issue and even disabled iptables etc..........
understanding /etc/aliases
*remember to apply changes you need to run "newaliases" after editing /etc/aliases
one thing I don't get is that it doesn't allow you to specify the whole e-mail address on the left-hand side
eg:
yourfullemail@domain.com: someotheremail@domain.com
postalias: warning: /etc/aliases, line 109: name must be local (if you try the above)
It works more like this:
your........
genuine.com/IN: loading master file genuine.com.zone: file not found
_default/genuine.com/IN: file not found
I always found it silly that no one really talks about this and apparently many like me and even control panels like Plesk were still using hard paths. I always thought "why can't I just specify the name of the zone file and have bind find it". Surely the default search path must be /var/named or somewhere else but there is no such thing.........
CPU/Kernel/MB/RAID problem?
Jan 5 12:45:05 testbox kernel: [653298.890004] BUG: soft lockup - CPU#0 stuck for 61s! [hal-acl-tool:4168]
Jan 5 12:45:05 testbox kernel: [653298.890005] Modules linked in: vmnet vmci vmmon binfmt_misc drbd video output input_polldev ocfs2_stackglue ocfs2_dlmfs ocfs2_dlm ocfs2_nodemanager configfs k8temp hwmon_vid lp snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi........
I can't tell if it's Flash or Javascript that they were using, but it basically caused my sysetm to lockup until I closed that one page. Is this proof enough that Wal-mart is evil?:)
I've never seen that before, it's weird how certain things mask themselves as high CPU usage with Xorg, unless it is some kind of weird Xorg problem but I believe it's more of a Flash/Javascript issue from Firefox in Wal-mart's evil scripting.........
I've only used it on Centos, soI thought I'd make a quick Debian guide:
Install the DRBD Package
apt-get install drbd8-utils
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libswfdec-0.8-0
Use 'apt-get autoremove' to remove them.
The following........
Let the numbers speak for themselves, from what I read the Load_Cycle_Count which is very high (more than 500,000/half a million times) is the number of head parks. What a stupid"Green" design and design flaw which will probably mean an early life for the drive.
This is almost as silly as Seagate's new reputation for BSY/poor quality disks since the 7200.11 series.
To make it worse this is also when Western Digital introduced "Advanced Format" o........
nautilus-gksu - privilege granting extension for nautilus using gksu
nautilus-sendto - integrates Evolution and Pidgin into the Nautilus file manager
nautilus-share - Nautilus extension to share folder using Samba
nautilus-actions - nautilus extension to configure programs to launch
nautilus-bzr - Bazaar (bzr) integration for nautilus
nautilus-cd-burner - CD Burning front-end for Nautilus
nautilus-clamscan - Antivirus scanning for Nautilus
n........
This has stumped me a few times because I keep forgetting that Centos 5.5 comes with a default iptables configuration that ends up blocking DRBD traffic,I tried all the normal things and couldn't understand why I couldn't make my normal DRBD config work. So if you have WFConnection problems and have tried the normal "mailing list" fixes, check your firewall status first!
Both Nodes Say the Following:
version: 8.3.8 (api:88/prot........
One note is to secure MySQL, I don't know for sure but I believe you could login to MySQL remotely with no password during this operation (I'm not sure, maybe it doesn't accept blank passwords but I firewall MySQL port anyway and recommend you do the same).
First edit /etc/my.cf
Under the [mysqld] field add the following line somewhere:
skip-grant-tables
Now restart mysql: service mysql restart or on Debian sty........
Seagate Inventory/Firmware Check
I heard about this issue a long time ago but never looked into it. I figured I wasn't affected since my 500GB drives were running for so long. I've been using Seagate's since 2002 and to this day all of the drives I have are alive from Seagate.
*Update the bad news is that I realize one of my 500GB's is about to die, it's not even a year old, but is also not affected by the recall according to Seagate!
Seagate Inventory/Firm........
PHP cannot access /usr/bin/opensslI have verified the username that runs the process is able to access /usr/bin/openssl and it does exist but the PHP script is saying it doesn't exist:
[code:1:1fd0f3abbe]
if (!file_exists($OPENSSL)) {
//echo "ERROR: OPENSSL $OPENSSL not foundn";
}[/code:1:1fd0f3abbe]
I don't get itI can clearly see the contents of /usr/bin by using the PHP system fu........
DVD Burners and Media at an all time lowThis is crazy you can buy a nice Pioneer DVD burner for like $64 CAD now and good media like 50PC Maxell is just $25.97 at Walmart.
I'm liking this. Time to make double archives of important data :)........
Trouble connecting between Windows XP and Windows 98 SharesOk a few things to check for:
* Disable all firewalls
* Make sure NetBEUI is enabled on both computers
* Make sure the Windows XP computer has the name of the computer logged in user of Windows 98 added as an XP user
* Add the XP user to anything you want to share
That fixed my problem........
Helpful IPFW ExamplesSomeone's real life examples:
http://lists.freebsd.org/pipermail/freebsd-security/2004-July/002181.html
Or you can try the FreeBSD Handbook guide:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html........
Proftp Passive PortsIf you use a locked down firewall you can edit proftpd.conf and tell it something like this:
[quote:8419cab1f8]PassivePorts 6170 6270[/quote:8419cab1f8]
That would force all passive ftp traffic to ports 6170 6270 which you could then open on your firewall rather than leaving open ports 1024-65000 open........
Basic Port ListingHopefully someone finds this useful or at least interesting.
http://www.sans.org/top20/#u9
Name Port Protocol Description
Small services ........
In those 4 simple commands you can setup mutual key exchange between two sshservers by using a single login shell session and single window.
*Just change the IP address examples of (10.10.0.2) to the target of your mutual key exchange. It doesn't matter if the server is on a LANor WAN(well unless the server is behind a firewall and you cannot SSHinto it).........
This is something that annoys a lot of people, fortunately the Redhat style OS's are the most simple in this respect. I disagree that Debian's way makes sense, it is more of a hackish approach in how they implement iptables.
Anyway, for those who are using Redhat/Centos style OS's it is very simple.
Set your rules from the shell/command prompt and to save the iptables firewall rules so they are remember/loaded on boot just run this command:
service iptables........