Even today we see a lot of servers that have different services and ports open for rpc and this creates not only potential inward vulnerabilities but perhaps more common, the abuse of your network resources in reflective rpc queries.
To stop this problem, you should disable and remove all services relating to rpc or at least block all relevant ports for the service.
Surprisingly, there are still some providers and OS installs in Linux that install these services and leave them........
This error implies that there may be an issue with Xorg or maybe your NVIDIA GPU cannot start or initialize:
35 laptop kernel: [ 2031.857704] nvidia: loading out-of-tree module taints kernel.
35 laptop kernel: [ 2031.857724] nvidia: module license 'NVIDIA' taints kernel.
35 laptop kernel: [ 2031.857725] Disabling lock debugging due to kernel taint
35 laptop kernel: [ 2031.873280] nvidia: module verification failed: signature a........
I was using a small box as a router and one of the ports started going off and coming back at 100M. I truly believe it is simply that it was a case of overheating. Although CPUtemps were only about 67 degrees, the physical box itself was almost burning hot. Isolved the cooling issue and never had the issue again.
Jul 28 15:09:27 swithbox kernel: e1000e: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Jul 28 15:09:28 swithbox kernel:........
This is a gotcha but be aware sometimes iptables may be active and loaded by default.
Also make sure you don't just disable firewalld but also stop it otherwise it will still block stuff:
systemctl stop firewalld
If the above is not the issue then it is possible iptables is running and blocking stuff too, so you'll need to stop iptables.
So in addition to opening firewalld or disabling it, you would need to disable iptables........
The strange thing is that usually the first install or two will work on any new machine but then it suddenly won't. I had this experience on QEMU 2.13 on a different machine. There is something finicky or buggy about the CUCM installer even when choosing the same virtual hardware specs.
qemu-kvm command:
/usr/libexec/qemu-kvm -version
QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2-2.506.el6_10.1), Copyright (c) 2003-2008 Fabrice Bellard
........
This is the closest way to disabling it without using the "libata.force=noncq" kernel boot option is to set the queue to a depth of 1 which doesn't actually disable it.
Change the sdc below to match the device you want to disable NCQ for.
[root@officebox ~]# echo "1" > /sys/block/sdc/device/queue_depth
Errors that indicate you are having a performance issue are these in messages or dmesg relating to N........
systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system.
The key commands or arguments you will use with systemctl are the following:
Unit Commands:
list-units [PATTERN...] List loaded units
&nbs........
One simple way to keep your server public but almost impossible to hack via SSHis to disable password authentication over SSH. This means the only way in is via your own private key that only you should have.
Edit your /etc/ssh/sshd.conf file
Set this option
PasswordAuthentication no
Restart your SSH server.
service sshd restart
........
This is important as unfortunately Centos may designate a package obsolete and the replacement breaks everything (eg. you have a config file and the new replacement is not at all compatible with it and it breaks your application).
This is where disabling obsoletes comes into play, it can be done from yum but it doesn't work at the time I find.
yum --setopt=obsoletes=0 install someapp However Ifind it still installs the new app and not the one you ask for........
This container won't start after exhausting its memory. There are no relevant or helpful messages in dmesg or vzctl.log as well. Standard troubleshooting such as disabling PPP etc has not helped.
2017-07-06T23:33:29-0400 vzctl : CT 888171 : Locked by: pid 166029, cmdline vzctl start 888171
2017-07-06T23:33:29-0400 vzctl : CT 888171 : Container already locked
2017-07-06T23:33:29-0400 vzctl : CT 888171 : Container was stopped
2017-07........
In short the two drives in the array were /dev/sdd and /dev/sde. The kernel sees they were unplugged and have gone down as you can see below.
mdadm caught the first one being unplugged /dev/sde and disabled the missing drive. However when the final drive that was part of the array is unplugged it didn't notice at all. Instead it complains about an IO error later for drives that the kernel knows do not exist anymore.
[45817.162728] ata4: exception........
This is a simple fix but not a simple problem and it still doesn't make sense to me.
But in a nutshell if your target proxy server works fast when accessing directly over SSL then this may be your issue.
It seems SSL does not play nicely when the target proxy destination/host has a riduculously long key (such as 8192 bits long). Now this is normally not a problem, in fact the target server could be accessed with hardly any delay directly despite such a long key.........
At first my BIOS said the card may not work right because there is no more option ROM space.
I disabled the Option ROM for both LSI 1068 and 2008 chipsets, Network Boot ROM and most other PCI slots, Serial Port, etc... and the message went away but the card still does not work properly.
But it still cannot initialize the card properly(does not work):
[ 33.943272] NVRM: This PCI I/O region assigned to your NVIDIA device is invalid:........
The Scenario
You have dual NICs and you disable NIC1 which uses 192.168.1.1 as its gateway. With NIC2 you enable it/connect it to another network which also has the gateway 192.168.1.1
Everything will work fine at this point.
When switching back to NIC1 even with NIC2 disabled and even unplugged, the OS basically can't pick up the new/updated ARP entry of the old device for 192.168.1.1 and perhaps thinks it is a security risk or spoof of some sorts and blocks i........
The solution was to reinstall the vbox dkms package and do a manual modprobe of the modules it makes.
I never sorted out the unable to start due to the USB issue, I did have the guest additions installed but the only way to boot was to change the pointing device from USB to PS2 and then to disable the USB controller (if your pointing device is set as USB, disabling USB will not work because it will re-enable by default when it sees your pointing device is USB, this is w........
[ 2868.041375] ata1: EH in SWNCQ mode,QC:qc_active 0x40 sactive 0x40
[ 2868.041554] ata1: SWNCQ:qc_active 0x40 defer_bits 0x0 last_issue_tag 0x6
[ 2868.041556] dhfis 0x40 dmafis 0x40 sdbfis 0x20
[ 2868.041874] ata1: ATA_REG 0x41 ERR_REG 0x84
[ 2868.042013] ata1: tag : dhfis dmafis sdbfis sactive
[ 2868.042163] ata1: tag 0x6: 1 1 0 1
[ 2868.042301] ata1.00: exception Emask 0x1 SAct 0x40 SErr 0x400000 action 0x6 frozen
[........
mytop-1.4-2.el5.rf.noarch from rpmforge has depsolving problems
--> Missing Dependency: perl(DBI) is needed by package mytop-1.4-2.el5.rf.noarch (rpmforge)
solution:
#disabling excludes is required on CPanel type boxes which exclude most updates including perl-DBI
yum --disableexcludes=main install perl-DBI
mytop-1.4-2.el5.rf.noarch from rpmforge has depsolving problems
--> Missing Dependency:........
[3805108.257042] sd 0:0:0:0: [sda] 1953525168 512-byte hardware sectors: (1.00 TB/931 GiB)
[3805108.257052] sd 0:0:0:0: [sda] Write Protect is off
[3805108.257054] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00
[3805108.257066] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[3805108.257083] sd 0:0:0:0: [sda] 1953525168 512-byte hardware sectors: (1.00 TB/931 GiB)
[3805108.257090] sd 0:0:0:0: [sda] Write Protect is off........
Fatal error: Out of memory (allocated 6291456) (tried to allocate 7680 bytes)
This is usually caused by Wordpress, Drupal or other ridiculously inefficient CMS' out there, as a temporary fix you can increase PHP's memory limit but it's best to find the actual culprit, by disabling add-ons and other scripts etc...........
When manually running it for some reason it decided to ask for/use the CD as a source whichInever set.
Disabling the CD as a source stops this from happening, otherwise apt-get will keep respawning and use 100% CPU.........
Have you ever unplugged the wrong drive and then had to rebuild the entire array? It may not be a big deal in some ways but it does make your system vulnerable until the rebuild is done.
Many distros often enable the "bitmap" feature and this basically keeps track of what parts need to be resynced in the case of a temporary removal of a drive from the array, this way it only needs to sync what has changed.
To enable bitmap to speed up rebuilds and sync........
After some fsck issues I can't boot my Centos 6.4, this just keeps repeating over and over.
init: tty (/dev/tty2) main process (1031) terminated with status 1
init: tty (/dev/tty2) main process ended, respawning
Disabling SELinux through Single User mode fixed this.........
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
bind-address=127.0.0.1
The key is "bind-address", set that to 127.0.0.1 and no one from outside the server can connect.........
Here is a quick script that works on most Centos versions to disable the virus/SELinux from blocking basic functionality.
The first echo 0 statement disables SELinux instantly but it will still be enabled on reboot.
The second line disables it permanently.
#!/bin/bash
#disable SELinux Immediately
echo 0 > /selinux/enforce
#disable SELinux Permanently
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config........
qemu-kvm-1.2.0]# ./configure
Disabling PIE due to missing toolchain support
glib-2.12 required to compile QEMU
Solution install glib2
*Don't confuse glib2 with glibc, they are different and it may catch some off guard.
yum -y install glib2*
After that KVM should compile and install just fine.........
This is what I call a ridiculous bug in compiz that causes it.
The solution/To fix it just install "compizconfig-settings-manager"
Open it up and Navigate to General Options -> Display Settings
Set the "Refresh Rate" to the current refresh rate of your monitor.
For ATI cards with slow window dragging/response supposedly disabling "Sync to VBlank" fixes that but otherwise leave it as is.........
Even in new versions of Ubuntu this happens but for me I found out it was because of one feature under "Power Management".
I had "Spindown hard disks when possible" ticked, after disabling that, my computer wakes up from suspension every time now. So if your computer won't unsuspend with any version of Ubuntu/*Nix try disabling the spin down hard disk option as it's obviously the culprit for many situations.........
A few days ago this happened on multiple Centos 5 servers and apparently anyone using rpmforge was affected by this error and there was no solution other than disabling that repo to fix it.
To some this highlighted a few points, that there is a reason RHELexists with full paid support, and also that this could be a vulnerability and huge flaw with yum. A yum search or install should not segfault just because the rpmforge repo goes down.
Fortunately it came back up........
I like dd, although it only reads it, usually a read test of the entire disk will uncover if your hard drive is bad in some parts. This is a good thing to do at least once a month, a lot of times bizarre program behavior, laginess and crashing/unnmounting problems etc.. are due to a failing disc and SMART won't know it or indicate a problem:
We must also remember there's never a guarantee, I've found that ever since we moved to larger and more platters per drive with 1TB drives........
The normal solution doesn't help or apply here:
ssh -v user@192.168.5.41
OpenSSH_4.3p2 Debian-9etch3, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.5.41 [192.168.5.41] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: i........
I couldn't figure out why this wouldn't work, a test script in the root of my htdocs folder worked fine.
Within some subdirectories the same code would produce different base64 results but I didn't know hwy.
Archive: /tmp/archive.zip
Zip file size: 6888 bytes, number of entries: 92
error [/tmp/archive.zip]: missing 242827681 bytes in zipfile
(attempting to process anyway)
error [/tmp/archive.zip]: attempt........
Telus + 2Wire 2700 Router HorribleWell first of all let me say this is the only router/switch that sometimes seems to crash/disconnect computers on the local network.
This device also thought it would be smart to block VOIP packets coming from my Sipura ATA VOIP adapters so I disabled the [quote:cb89ba7bff]"Invalid TCP Flag Attacks (NULL/XMAS/Other)"[/quote:cb89ba7bff] option
Then all of a sudden I couldn't get onto any web pages, the wireless........
Everyone says there is a "manual" way of doing it and then they tell you to use iTunes, but if you're like me, you're travelling on business in a foreign country and your laptop does not have iTunes and you don't have a way of getting it and/or don't want it.
For this example I'm using the provider "du" in Dubai, UAE (United Arab Emirates) but this method works for virtually all providers.
The requirements in this case to truly "manually update........