How to configure OpenDKIM on Linux with Postfix and setup bind zonefile
This guide assumes you have a working Postfix server and want it to sign with DKIM.
There are a few things we have to understand to make all of this work though, which require you to be familiar with DNS as well.
1.) Install OpenDKIM
apt install opendkim
systemctl enable opendkim
2.) Edit /etc/opendkim.conf
Syslog yes
SyslogSuccess yes
Mode&nbs........
efibootmgr: option requires an argument -- 'd' efibootmgr version 15 grub-install.real: error: efibootmgr failed to register the boot entry: Operation not permitted.
This sometimes happens when trying to install the EFIversion of grub to a device when you are booted into Legacy/MBR mode. It doesn't seem to occur on all machines, but some and seems somewhat BIOS dependent.
grub-install --target=x86_64-efi /dev/sda
Installing for x86_64-efi platform.
grub-install.real: warning: Couldn't find physical volume `(null)'. Some modules may be missing from core image..
grub-install.real: warning: Couldn't find physica........
How to kill a docker swarm
Assign way more replicas than you have of memory on all nodes and watch the Swarm crash which can easily reproduce in a small VMfor testing.
root@Deb11Docker01:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAM........
isc-dhcp-server dhcpd how to get longer lease
You can do a static lease that is tied to the MAC address but what a lot of users prefer is that they come into the office or lab the next day and that their device gets assigned the same IP address (if possible).
As we can see in the dhcpd logs that there is threshold that is defaulted as we'll show later. Whatever the threshold is set at, if the lease is younger than the threshold, it will keep the same lease. In other words, if the device goes to sleep or is powered off........
TSC_DEADLINE disabled due to Errata; please update microcode to version: 0x3a (or later) - Linux how to upgrade CPU microcode
[ 0.206301] [Firmware Bug]: TSC_DEADLINE disabled due to Errata; please update microcode to version: 0x3a (or later)
[ 0.430409] MDS: Vulnerable: Clear CPU buffers attempted, no microcode
[ 0.430411] MMIO Stale Data: Vulnerable: Clear CPU buffers attempted, no microcode
[ 2.980359] microcode: sig=0x306f2, pf=0x1, revision=0x36
[ 2.981621] microcode: Microcode Update Driv........
Docker Swarm vs Kubernetes Comparison Guide
A lot of companies are unsure which solution to choose and many may not be aware of Docker Swarm as an alternative to Kubernetes. One thing that many Sysadmins find is that Docker Swarm is simply easier, quicker to setup and maintain by far than Kubernetes.........
When is it time to leave your VPS/VDS Cloud Hosting Provider?
When Is It Time to Leave Your VPS, VDS, and Dedicated Server Provider?
Choosing the right hosting solution—be it Virtu........
2024 Buyer's Guide: How to Choose and Buy the Best VPS/VDS for Your Needs - Tips and Strategies
In today’s digital landscape, finding a reliable and secure Virtual Private Server (VPS) or Virtual Dedicated Server (VDS) goes beyond just comparing specs and prices. With increasing concerns over data privacy, security breaches, and government surveillance, the wisdom of choosing your VPS/VDS provider based on juri........
How To Upgrade Debian 8,9,10 to Debian 12 Bookworm
Step 1.) Upgrade to Debian 11 first
The process to go to Debian 12 is not as smooth as 11, when trying to upgrade from Debian 10. In fact, it doesn't work directly, so you'll first need to follow this guide to update to Debian 11, reboot and come back here if successful.
Step 2.) Update sources.list
Update your /etc/apt/sources.list like this:
deb http://........
Linux How To Upgrade To The Latest Kernel Debian Mint Ubuntu
How to check what kernel version you have/currently running?
uname -rm
5.4.0-91-generic x86_64
The above shows us that we are running 5.4.0-91-generic on the x86_64 architecture.
The safest way is to stick with the same flavor eg if you're on generic, and say on kernel 5.4.0 then it makes sense to follow what is below. However, if you are migrating or dual booting between newer hardware (eg. you got a........
Virtualbox Best Networking Mode In Lab/Work Environment without using NAT Network or Bridged
Virtualbox is a very powerful tool, but for some use cases it is less than optimal.
Say you are in a work, lab or other environment where you are not alone on the physical network and there could be overlap of IPs, but you need all of your VMs to be contactable from your host, VMs need to communicate with each other, and VMs need internet.
NAT Network will give you VM to VM communication and internet, however, it is buggy and unstable. It also doesn't allow host to VM co........
Linux grub not using UUID for the root device instead it uses /dev/sda1 or other device name solution
You can read lots of posts about this issue but there is not much information about why this is the case or how grub determines the root= device name. Some even suggest modifying grub.cfg manually which is a disaster as the next kernel update will cause grub to revert back to the device name.
For most people this won't be an issue but those using template system, automated deployments and working in embedded may run into this issue with custom embedded and created minimal kernel........
Generic IP Camera LAN Default IP Settings DVR
If you are converting a generic wifi IP camera to ethernet, it may not be that simple as many are default hard coded to a static IP of 192.168.1.168 and login info admin/admin.
From there you can login to the camera and assign it to DHCP by going to http://192.168.1.168
For security these cameras +DVR should be on a separate untagged VLAN or if possible a physically isolated non-internet connected switch/network.
The reference below is applicable to many of the r........
How To Do Linux Network Bonding Teaming in Mint Debian Ubuntu
Bonding is an excellent way to get both increased redundancy and throughput. It is similar to the "Network Teaming" feature in Windows.
There are a few different modes but we will use mode 6, I think it's the best of both worlds, as it is not just a failover, but it provides round robin, so you will get redundancy and load balancing. So if you have a 1G single port, you will have a combined throughput of 4G at this point. Just bear in mind that the true thr........
WARNING: Can't download daily.cvd from db.local.clamav.net freshclam clamav error solution
freshclam
ClamAV update process started at Sun Mar 20 00:30:50 2022
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.3 Recommended version: 0.103.5
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
WARNING: getpatch: Can't download daily-26337.cdiff from db.local.clamav.net
WARNING:........
(firefox:9562): LIBDBUSMENU-GLIB-WARNING **: Unable to get session bus: Failed to execute child process "dbus-launch" (No such file or directory) Solution
(firefox:9562): LIBDBUSMENU-GLIB-WARNING **: Unable to get session bus: Failed to execute child process "dbus-launch" (No such file or directory)
ExceptionHandler::GenerateDump cloned child 9743
ExceptionHandler::WaitForContinueSignal waiting for continue signal...
ExceptionHandler::SendContinueSignalToChild sent continue signal to child
[Parent 9562, Gecko_IOThread] WARNING: pipe error (40): Connection reset by peer: file /build/firefox-EymEXX/fire........
Docker Tutorial HowTo Install Docker, Use and Create Docker Container Images Clustering Swarm Mode Monitoring Service Hosting Provider
The Best Docker Tutorial for Beginners
We quickly explain the basic Docker concepts and show you how to do the most common tasks from starting your first container, to making custom images, a Docker Swarm Cluster Tutorial, docker compose and Docker buildfiles.........
Wazuh / OSSEC Install and Configuration Howto Tutorial Guide for Monitoring Agents SIEM
How To Install Wazuh Server / Quickest Installation
Wazuh (forked from the well known OSSEC project) is a full SIEM (Security Information Event Management) that works extremely well with the platforms it natively supports as an "Agent", which allows you to do scans of everything such as all processes running, CVE vulnerability check, incident reporting etc...
Prerequisites:
A lot of issues with Wazuh seem to be caused by i........
Linux Debian How To Enable Sudo/Sudoers for User "User not in sudoers file" Solution
If you get an error that you aren't in the sudoers file, this typically means that your user is not designated as an admin with sudo privileges.
In plain English, when it comes to some OS's like Debian including 10,11 etc.., by default the user is created without special privileges which is contrary to how Ubuntu/Mint handle the secondary user.
Let's check the sudoers file to see the problem.........
VirtualBox VBox Nat Network Handing Out Wrong IP Address Subnet Solution
This seems to be an ongoing issue that is still reproducable in the latest Ubuntu Vbox 6.x.
The default NAT Network range is usually 10.0.2.0/24. If you change this range it does not seem to work properly.
Say we change the range to 10.50.1.0/24
If you get a new lease you will find that you get an IP from the old range but the default gateway is from the new range.
........
Juniper JunOS Command Overview and Howtos Switch, Router, Firewall Tutorial Guide
Enable "cli" mode equivalent in JunOS
cli
Configure Mode
configure
So rather than going to the console on a Cisco switch and typing "enable" and then "conf t", the equivalent in JunOS is "cli" and "configure".
How Do You Apply Changes You've Made?
You can make all kinds of changes to the switch, but remember they are not........
Virtualbox Error Cannot register the hard disk because a hard disk with UUID already exists solution
Cannot register the hard disk '/some/path/windows-marking.vdi' {f54def00-2252-43f5-9178-0998636cad61} because a hard disk '/other-path/windows-marking.vdi' with UUID {f54def00-2252-43f5-9178-0998636cad61} already exists.
Result Code:
NS_ERROR_INVALID_ARG (0x80070057)
Component:
VirtualBoxWrap
Interface:
IVirtualBox {0169423f-46b4-cde9-91af-1e9d5b6cd945}
Callee RC:
VBOX_E_OBJECT_NOT_FOUND (0x80BB0001)........
Nvidia Ubuntu Linux Screentearing Video with solution driver
This seems to happen on most if not all Nvidia cards but the good news is that if you are using any of the Linux drivers and have the nvidia-settings tool installed it is just a simple command.
Solution:
nvidia-settings --assign CurrentMetaMode="nvidia-auto-select +0+0 { ForceFullCompositionPipeline = On }"
Enter the above command in your terminal and the screentearing will be fixed which is like enabling Tear Free on AMD cards.&........
Linux NIC connecting at 100M instead of 1000M gigabit speeds? It could be overheating
I was using a small box as a router and one of the ports started going off and coming back at 100M. I truly believe it is simply that it was a case of overheating. Although CPUtemps were only about 67 degrees, the physical box itself was almost burning hot. Isolved the cooling issue and never had the issue again.
Jul 28 15:09:27 swithbox kernel: e1000e: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Jul 28 15:09:28 swithbox kernel:........
Radeon R3 GPU on Debian Crashing
Occasionally my whole screen locks up and I cannot even swith to the console and I find this in my syslog:
*-display
description: VGA compatible controller
product: Mullins [Radeon R3 Graphics]
vendor: Advanced Micro Devices, Inc. [AMD/ATI]
........
Howto Set Static IP on boot in initramfs for dropbear or other purposes NFS, Linux, Debian, Ubuntu, CentOS
This is only really necessary in the case you don't want DHCP. If you are dealing with an encrypted LUKS server on the internet, you will often want to have a static IP so you know which IP to connect to (or if you have a semi-static IP assigned by DHCP).
SET IP Address by /etc/initramfs-tools/initramfs.conf
IP Address=192.168.1.27
Gateway=192.168.1.1
Subnet Mask: 255.255.255.0
Hostname=myhome.com
IP=192.1........
Cisco Unified Communications Manager Express Cheatsheet CUCME CME Tutorial Guide
Video Links:
How To Setup 2 Phones on a Single CME Router and get the GUI going.
How to use Dialpeers with CME with two routers
How to implement call restrictions using COR / Class of Restriction
Getting started, let's enable ephones and DNs we can add a phone with........
bash if statement how to test program output without assigning to variable
A common method in bash is to assign output to a variable like this:
somevar=`uptime`
That works too but it could be more efficient to do something like this:
if [[ $(uptime|awk '{print $3}') > 20 ]]; then
echo "uptime greater than 20 days";
fi........
RTNETLINK answers: Network is unreachable
This often happens if you are adding a secondary route, especially with Linux source based routing.
ip route add default via 10.10.10.254 table 10
RTNETLINK answers: Network is unreachable
If that happens you will probably find that it is unreachable because your NIC does not have an IP in the 10.10.10.0/24 range so just assign an IP in that range to your NIC and try again.
eg. ifconfig eth0 10.10.10.254 netmask 255.255.255.0 up........
Debian Ubuntu and Linux Mint Broken Kernel After Date - New Extra Module Naming Convention
I don't consider a lot of these "extra" kernel modules "nice to have" as they often contain drivers for essential items like your soundcard, your NIC and many other devices that may not work. Sometimes you may find that "sound" or "ethernet" worked before a kernel/OS upgrade and now in the new version they don't. Often it will be because you need to install the "extra" kernel modules.
One other weird thing is that sometimes........
Windows 7, 8, 10, Windows Server 2008, 2012, 2016, 2019 How To AC97 Audio Drivers and Other Unsigned Drivers
Oops did you get this error trying to install an oldschool driver and think it is hopeless in a new version of Windows?
First of all it is almost never a program compatibility issue:
........
Cisco Unified Communications Manager / CUCM IP Telephony Definitions
DN = Directory Number:
It is basically the extension of the phone
In the example below, 55 is a DN assigned to the phone.........
Cisco Router Setup Guide and Tutorial Howto With Commands and Examples
In most of the Cisco router IOS I find the ports like ge0/0 ge0/1 and ge0/2 or whatever your ports are down. They will not even give you a link light. So one of the first tasks should be getting the port you are working with up.
In my case the first goal is often connectivity with the LAN and WAN.
LAN = your local area network (eg. in the office/home )
WAN= your ISP/public internet (eg. fiber/cable/dsl/ethernet).........
Cisco Switch Setup Guide Command List
Enter configuration console:
enable
configure terminal
This is important because if your console doesn't look like below none of the commands will work!
Switch(config)#
Save and Apply Settings
wr
Show Switch Configuration:
show run
Show Port List/Sta........
SSH error cannot Forward or Listen "bind: Cannot assign requested address"
debug1: Local connections to LOCALHOST:18006 forwarded to remote address 192.168.1.93:8006
debug1: Local forwarding listening on 127.0.0.1 port 18006.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on ::1 port 18006.
bind: Cannot assign requested address
What we are seeing is that we can't listen on an IPV6 address of ::1. We need to tell SSH to stop using IPV6 so we'll edit ssh_config to take care of this issue........
VMWare Pro Workstation Nic Disconnected and No IP Using NAT
By default VMWare Workstation often doesn't work as we would like.
If you create a VM with a default NAT IP it won't work you will find the NIC is disconnected (even though on the VMWare side it says connected including at Power On).
How To Solve It
1.) Create New VMNet for NAT
Click "Edit" -> "Virtual Network Editor"
Click "Add Network"
Select Network To Add "VMNet1" (........
bind named error solutions named[2169]: error (no valid DS) resolving / error (broken trust chain) resolving / : error (no valid RRSIG) resolving 'com/DS/IN':
Below are the common errors you'll get with named AKA bind if your time is incorrect.
The simplest solution is to install and run ntpd to correct your system's time (install ntpd if it is not installed)
systemctl start ntpd
systemctl enable ntpd
Dec 20 13:36:16 hostingbox named[2169]: error (no valid DS) resolving 'develop.waxrain.com/A/IN': 14.215.150.17#53........
Linux partprobe/partx cannot access last and 4th partition
On a test machine Iwas never able to access to a newly created 4th partiton. As we can see there are dev devices for everything but the 4th partition.
The normal "partprobe" or "kpartx" or kernel being told to rescan the block device didn't help (only a reboot did).
fdisk -l /dev/sda
Disk /dev/sda: 750.2 GB, 750156374016 bytes
255 heads, 63 sectors/track, 91201 cylinders
Units........
How Does Cisco CUCM (Cisco Unified Communication Manager) Work?
Cisco's CUCM (Cisco Unified Communication Manager) is a system that combines voice, video, data and mobile products into a single unified management suite. At its core, the CUCMis like a "Super PBX" that controls the flow of all communications through an organization even single or multiple site deployments.
Cisco's CUCMmakes communication more effective and simple through centralized management and unification of communications resources.........
systemd management using systemctl and journalctl to check systemd logs
systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system.
The key commands or arguments you will use with systemctl are the following:
Unit Commands:
list-units [PATTERN...] List loaded units
&nbs........
Linux Kernel USB Export Errors
4.374647] usb_common: exports duplicate symbol usb_get_dr_mode (owned by kernel)
[ 4.403334] usbcore: exports duplicate symbol __usb_get_extra_descriptor (owned by kernel)
[ 4.427736] xhci_hcd 0000:00:15.0: xHCI Host Controller
[ 4.427844] xhci_hcd 0000:00:15.0: new USB bus registered, assigned bus number 1
[ 4.429040] xhci_hcd 0000:00:15.0: hcc params 0x200077c1 hci version 0x100 quirks 0x01109810
[ 4.429141] xhci_hcd 0000:00:15.0: cache line size of 64 is not sup........
Linux Mint 18 Screen Goes Dark or Black After Screensaver or even when using the Desktop Solution
You can search for this bug and it seems like it may be related to ecryptfs and is many years old.
The symptoms are that you return to the computer and the screensaver was active or the screen was asleep/black and it doesn't seem to come back. But you check by SSH the computer is running fine and are frustrated you'll lose your running programs and have to reboot.
There is a simple solution:
Ctrl + Alt + F1
Ctrl +Alt + F8
Ba........
Linux Mint Black Screen after boot no graphics solution
This is not the normal "black screen"issue and I was shocked to eventually find out why. The normal advice of reconfiguring Xorg didn't work. Even booting into "Recovery Mode" did not help.
Here is the short end of the stick that fixed it:
sudo apt-get install mdm mate-desktop-environment
Yes you got it right, mdm and the mate-desktop-environment / gnome were somehow uninstalled. This must be whe........
sign_and_send_pubkey: signing failed: agent refused operation - SSH Solution
sign_and_send_pubkey: signing failed: agent refused operation
This happens when you don't manually add your ssh key with ssh-add it is some weird new feature in SSH or Ubuntu/Debian that causes this weird problem.
Solution:
ssh-add
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)........
samba how to listen on specific IP only
This is useful for security purposes especially on a server which may have a public IP assigned to it but has a second NIC for the LAN.
Here is how you edit smb.conf:
[global]
interfaces = 192.168.1.50
bind interfaces only = yes
As you can see above it will only listen on 192.168.1.50 and remind to keep the "bind interfaces only"option.........
MySQL Maximum INT Size Truncation Issue/Warning
MySQL will silently truncate a larger INT than capable.
Check MySQL's own documentation here:
As we can see the maximum size of INT (which is the most commonly used) is 2147483647
A lot of coders make this mistake by using very large values such as 9999999999 but it would actually truncate to 2147483647 which is the maximum size of an INT. This is dangerous beca........
W: GPG error: http://archive.debian.org squeeze Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AED4B06F473041FA NO_PUBKEY 64481591B98321F9
W: GPG error: http://archive.debian.org squeeze Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AED4B06F473041FA NO_PUBKEY 64481591B98321F9
No clue how to fix this.........
yum how to install old obsolete packages
This is important as unfortunately Centos may designate a package obsolete and the replacement breaks everything (eg. you have a config file and the new replacement is not at all compatible with it and it breaks your application).
This is where disabling obsoletes comes into play, it can be done from yum but it doesn't work at the time I find.
yum --setopt=obsoletes=0 install someapp However Ifind it still installs the new app and not the one you ask for........
Linux Mint USB Kernel Tainted and Locked Port/Dev File
Essentially a program I was running for mining did not terminate properly with Ctrl+C it is listed as defunct and cannot be killed, kernel is tainted and normal tricks to disable the port are impossible the dev and sys entries for the device cannot be browsed or interacted with in any form without a lockup of the request. The only solution is to reboot due to the kernel taint as far as I can find so far.
[1130246.811056] INFO: task minerd:21861 blocked for more th........
ffmpeg Linux Mint download, compile and install howto
#if you have nvidia make sure you install the nvidia-cuda-toolkit so hardware acceleration can be used
wget http://ffmpeg.org/releases/ffmpeg-3.3.2.tar.bz2
tar -jxvf ffmpeg-3.3.2.tar.bz2
cd ffmpeg-3.3.2/
./configure --disable-yasm
install prefix /usr/local
source path ........
How to change reserved blocks in Linux partition
user@box:~$ sudo tune2fs -l /dev/md99
[sudo] password for user:
tune2fs 1.42.9 (4-Feb-2014)
Filesystem volume name:
Last mounted on: /mnt/md50
Filesystem UUID: 976a8655-2619-4587-878c-dab07f7b7652
Filesystem magic number: 0xEF53
Filesystem revision #: 1 (dynamic)
Fi........
Reading package lists... Done W: GPG error: http://ppa.launchpad.net trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY D46F45428842CE5E
Still looking for the solution
Working Solution 2017/07
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D46F45428842CE5E
Solution
gpg --keyserver hkp://subkeys.pgp.net --recv-keys D46F45428842CE5E
gpg: requesting key 8842CE5E from hkp server subkeys.pgp.net
gpg: keyserver timed out
gpg: keyserver........
Centos/Linux Bash Script Warning when exiting/logging out of bash/shell/terminal for scripts running in the background
This is mainly the case on Centos but applies to other distros and situations. If you are running programs in the background with the &, at least in Centos it is usually not honored and if you quit or are disconnected the backgrounded programs will be sent sighup and be shut down.
The simplest way around this instead of using & is to start any programs or commands with "nohup"
Eg.
nohup yourscript.sh........
Nvidia Linux Mint/Ubuntu screentearing horizontal line solution
Finally after ages I found the solution which is on many pages on the net but not obvious and should have been standard or more common info!
Instant Solution:
Type this into the terminal (unfortunately the driver config menu doesn't have the option as itis hidden):
nvidia-settings --assign CurrentMetaMode="nvidia-auto-select +0+0 { ForceCompositionPipeline = On }"
Make permanent
Cli........
Openshot 2.2 is very unstable always crashing in Linux Mint 18.1!
Jun 1 15:45:42 videoeditor-desktop org.mate.panel.applet.MintMenuAppletFactory[1882]: project_data:INFO Missing folder chosen by user:
Jun 1 15:45:42 videoeditor-desktop org.mate.panel.applet.MintMenuAppletFactory[1882]: project_data:INFO Removed missing file: MAH02949.MP4
Jun 1 15:45:57 videoeditor-desktop org.mate.panel.applet.MintMenuAppletFactory[1882]: ui_util:WARNING Icon theme media-playback-start not found. Will use backup........
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) - Apache Error Solution
Does this mean? [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Basically it means you created your SSL Certificate as a CA the wrong way, usually with this command:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
How can you fix it and do it properly?
Step 1.) Make a new Private KeyCreate server pass key:........
ecryptfs errors
ecryptfs-mount-private
Enter your login passphrase:
Inserted auth tok with sig [ee16d84] "into the user session keyring
mount: No such file or directory"
[ 156.118113] ecryptfs_mount: kern_path() failed
[ 156.118431] Reading sb failed; rc = [-2]
[ 164.233055] traps: mate-notificati[3472] trap int3 ip:7f43d7002c13 sp:7fff162c6600 error:0
[ 166.017061] ecryptfs_mount: kern_path() failed........
Unable to mount location Failed to retrieve share list from server: No such file or directory solution
Cannot even "Browse Network" when clicking on "Windows Network"
Unable to mount location
Failed to retrieve share list from server: No such file or directory
logs:
[2017/02/14 00:16:44.271314, 0] ../source3/nmbd/nmbd.c:58(terminate)
Got SIGTERM: going down...
[2017/02/13 17:35:41.797944, 0] ../lib/util/become_daemon.c:124(daemon_ready)
&........
Centos 5 OpenSSL does not support TLS 1.2 Apache Error
[Thu Jan 26 14:13:31 2017] [notice] caught SIGTERM, shutting down
[Thu Jan 26 14:14:00 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jan 26 14:14:00 2017] [error] Server certificate is expired: 'Server-Cert'
[Thu Jan 26 14:14:00 2017] [notice] SSL FIPS mode disabled
[Thu Jan 26 14:14:07 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jan 26 14:14:07 2017] [error] Server certificate is expired: 'Server-Ce........
DRBD Split-brain solution
Uh oh
[17925926.174277] block drbd0: Handshake successful: Agreed network protocol version 96
[17925926.174325] block drbd0: conn( WFConnection -> WFReportParams )
[17925926.174342] block drbd0: Starting asender thread (from drbd0_receiver [1682])
[17925926.174432] block drbd0: data-integrity-alg:
[17925926.174581] block drbd0: drbd_sync_handshake:
[17925926.174586] block drbd0: self 2AAE66AF9252D6DB:2815BF........
ERROR 2013 (HY000): Lost connection to MySQL server during query
The solution is simple but strange, if you copy your /var/lib/mysql directory to another server and think it will work, be sure to check if you have /var/log/mysql and binary log files. If you do, the server will not work and will give you errors like below and crash without the proper log files.
UPDATE user SET password=password("newpass") WHERE user='root';
flush privileges;
ERROR 2013 (HY000): Lost connection to MySQL server durin........
/dev/drbd0: State change failed: (-2) Need access to UpToDate data solution
Everytime I've seen this error "/dev/drbd0: State change failed: (-2) Need access to UpToDate data" it is because DRBD has no disk:
cat /proc/drbd
version: 8.3.13 (api:88/proto:86-96)
GIT-hash: 83ca112086600faacab2f157bc5a9324f7bd7f77 build by root@sighted, 2012-10-09 12:47:51
0: cs:Connected ro:Secondary/Secondary ds:Diskless/Inconsistent A r-----
ns:0 nr:0 dw:0 dr:0 al........
Cannot load /etc/httpd/modules/mod_file_cache.so into server: /etc/httpd/modules/mod_file_cache.so:
Stopping httpd: [FAILED]
Starting httpd: httpd: Syntax error on line 73 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_file_cache.so into server: /etc/httpd/modules/mod_file_cache.so: cannot open shared obje........
Nvidia Linux Card not working due to LSI 9200/SAS2008 IRQ conflict
At first my BIOS said the card may not work right because there is no more option ROM space.
I disabled the Option ROM for both LSI 1068 and 2008 chipsets, Network Boot ROM and most other PCI slots, Serial Port, etc... and the message went away but the card still does not work properly.
But it still cannot initialize the card properly(does not work):
[ 33.943272] NVRM: This PCI I/O region assigned to your NVIDIA device is invalid:........
How to install grub on virtio KVM with Linux
I messed up the bootloader by accident on a standard Centos 6.3 install because I turned the /dev/vda1 boot partition into an mdadm raid 1. This was all done correctly aside from one point Ididn't realize was an issue metadata=00.90 is the only thing that will allow you to boot (otherwise grub won't work and you won't boot).
So the next step is rescue mode from a CD right? The problem you will find is that grub does not detect your hard drives, this is Ibelieve is be........
esniper and curl errors https://signin.ebay.com/ws/eBayISAPI.dll?SignIn: Couldn't connect to server: couldn't connect to host
I kept thinking it was esniper but somehow my bash settings have a preset proxy that was creating the issue.
https://signin.ebay.com/ws/eBayISAPI.dll?SignIn: Couldn't connect to server: couldn't connect to host
curl manually to any URL is the same:
curl: (7) couldn't connect to host
Run curl with -vvvvvv mode to see the issue:
curl -vvvvvvvvvv http://realtechtalk.com
* About to c........
bash shellshock how to manually patch when there is no update for Centos/Debian/Ubuntu/Fedora
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
tar xzvf bash-4.3.tar.gz
cd bash-4.3/
wget --no-directories --level 1 --recursive http://ftp.gnu.org/gnu/bash/bash-4.3-patches/
for patch in `ls bash43-*|grep -v .sig$`; do
echo applying "$patch"
patch -p0 < $patch
done
./configure;make;make install
#it will install to /usr/bin/bash but if your bash is somewhere else you need to overwrite the old one.........
drbd won't sync 8.3.13 on OpenVZ kernel
I used the matching 8.3.13 utilities and it didn't work but strangely the newer 8.3.16 which makes DRBD complain works just fine.
GIT-hash: 83ca112086600faacab2f157bc5a9324f7bd7f77 build by root@sighted, 2012-10-09 12:47:51
0: cs:SyncSource ro:Secondary/Primary ds:UpToDate/Inconsistent A r-----
ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:5236960
&am........
heartbeat compile errors with rpmbuild
c1: warnings being treated as errors
stonith_signal.h:34: error: 'stonith_signal_set_simple_handler' defined but not used
gmake[3]: *** [apcmaster.lo] Error 1
gmake[3]: Leaving directory `/root/rpmbuild/BUILD/heartbeat-1.2.4/lib/plugins/stonith'
gmake[2]: *** [all-recursive] Error 1
gmake[2]: Leaving directory `/root/rpmbuild/BUILD/heartbeat-1.2.4/lib/plugins'
gmake[1]: *** [all-recursive] Error 1
gmake[1]: Leaving directory `/root/rpmbuild/BUI........
Dell CS24-NV7 Howto Enable LAN/NICs and PXEBoot in the BIOS
Dell CS24-NV7
Unusually the Virtualization was enabled when I got this server but all the NICs were diabled in the BIOS including PXE boot!
Advanced -> Advanced Chipset Control
PCI Slot 1 Option ROM: Enabled
Onboard LAN1 Control: Enabled
LAN1 Option ROM Scan: Enabled (you need it for PXE boot)
Onboard LAN2 Control: Enabled
LAN2 Option ROM Scan: Enabled
*you will need to reboot and........
Apache SNI is not needed what is the issue?
Iread this article and still don't understand the issue.
If I understand correctly the client negotiates after the first SSLconnection and then gets the correct hostname and thus correct certificate.
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
To their credit I know I'm not using SNIbecuase Iget this message in the Apache log :)
[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
B........
PHP Security - Enable Safe Mode to increase security
Everyone should be running with safe_mode on in /etc/php.ini (on Centos) as it makes exploiting your system more difficult is PHPcan't execute anything on the system if a script is exploited.
For example with Safe_Mode on the only executable files on the system are ones in the safe_mode_exec_dir = /safephp
This is crucial, if you must execute anything from PHPthen you have to copy the binary and assign to the user that Apache runs your site under.&........
Dell FS12-NV7 2U Server Information and Guide
I've got one of these for testing projects from work at home and got more than I bargained for with the time I've spent on it due to the storage handing/Perc 6/i cards.
My particular model came with the following:
2U Rack Mount Server with Rails
2xOpteron 2373 EE (Quad Core, there is a 6-core version that can be found at times)
16GB RAM
2 x 250GB Seagate SATA
2 x Dell Perc 6/i (horrible and a nightmare to work........
Dell Perci 6/i Firmware Upgrade Guide Tutorial
One thing to remember is that you need MegaCli to do the flashing.
You also need the correct file,I tried at least 2 different Perc 6 firmwares from Dell that kept getting rejected as corrupt by MegaCli(they were really the wrong version). I have an external PCI-E Dell 6 Perc/I butI chose images from the 'Integrated" on motherboard version as it was allI could find. They are different, and below is my first time finding success.........
Dell Perc 6/i cannot downgrade
I flashed an LSI Logic firmware to it and it broke the BIOS (cannot do Ctrl+R) for booting purposes but allows other functionality to work normally.
I tried downgrading to a Dell firmware for Perc 6i but it won't work, not even with MegaCli
wget http://downloads.dell.com/FOLDER00416606M/1/SAS-RAID_Firmware_W83M2_LN32_6.3.1-0003_A14.BIN
--2013-08-26 12:53:39-- http://downloads.dell.com/FOLDER00416606M/1/SAS-RAID_Firmware_W83M2_LN32_6.3.1-0003_A14.BIN
Resolvi........
LSI MegaRAID Adventures, Guide and HowTo
LSi Megaraid
At first it was configured as a RAID 0, then I deleted the Virtual Disk Group.
I thought both drives would be shown and detected in Linux as sda and sdb but it actually shows nothing.
To make them work you have to hit Ctrl+R before the system boots (when prompted) and create a Virtual Disk Group. In my case I created each one as RAID 0 (with a single drive only) as I just wanted JBOD but there is no such option or default in these Dell Pe........
bash script howto use heredocand assign to a variable and write to a file
zonetemplate=$(cat ........
PHP How To Create and Assign Variables from POST/Submit FORM
foreach ($_POST as $key => $value) {
if ( $key != submit )
{
$values.="$key=$value<........
eth0 changed to eth1 or eth2 and the solution to fix it
If you move your hard drive(s) around to other computers/servers, you'll find that your eth0 keeps getting higher, the first time it will become eth1 and then eth2 etc and even higher if your server has dual or quad NICs. The reason is that udevd basically assigns eth0 tot he first NIC it finds and remembers it, if it encounters a NIC with a differentMAC, it assigns it one higher (eg. eth1).
See the example below, I have eth2 now so how doI fix it?........
Thunderbird How-To Copy/Backup/Restore Accounts and Settings to Another Computer
The best way is to use rsync, I've set it up so it doesn't copy unnecessary files, or at least ones I'm sure aren't needed.
Here is the rsync command Iused (adapt to your specific Thunderbird profile location):
rsync -hazv user@remotehost.com:/home/user/.thunderbird/sbrer.default/* /home/user/.thunderbird/4nyb0.default/ --exclude=global* --exclude=Cache --exclude=ImapMail --exclude=Mail
This is a great way to get your e-mail accounts going on a new c........
Samsung Galaxy Note Upgrade to ICS 4.0 microSDHC card not detected/dataloss after upgrading - possible solutions
I backed up everything in the /mnt/sd_card directory thinking that some dataloss could occur for some reason but purposely left my microSDHC unbacked up thinking that "it won't touch that since it's external" and Samsung's and other manufacturers website even say this (that it won't be affected and not to worry etc).
Apparently I was wrong, my microSD was "undetected" and asked to be formatted after the upgrade (there goes 3-months worth of family photos). No........
xen how to resize an image properly
The best way I could figure out is to use another guest of some sort to do this, while assigning the disk that needs to be resized to the same guest.
So say we have /dev/xvda as the guests drive and we've booted it up.
We also have /dev/xvdb (this is going to be the image/disk to be resized).
In this case it's based on an ext3/4 image.
Run e2fsck on it to ensure there are no filesystem errors.
e2fsck /dev/xvdb........
Linux Out of Memory OOM Object Killer Solution "Out of memory: kill process 1955 (sshd) score 81 or a child"
I had a system running a 128MB live CD image with 2.8 gigs of available RAM and the OOM kernel killer went crazy when using dd for more than 8 minutes and kept killing everything. I've read that this is due to a low-memory issue and paging in the kernel and 32-bit systems with lots of RAM.
I even enabled swapspace on my LiveCD and the issue happened 25 minutes into dd rather than 8 minutes, so what gives?
Also no swap space was ever used!
cat /proc/s........
Openvz CPT ERR: cc4c0800,28000 :Unknown image version: 304. Can't restore.
CPT ERR: cc4c0800,28000 :Unknown image version: 304. Can't restore.
This happens when you live migrate between OpenVZ servers with different kernels running, at least significantly different by date.
There is no solution except to make sure you're running the same kernels on all machines, or at least not kernels that are much older or different (this is just a guess though, you should ensure all kernels are the same).........
95th Percentile Billing vs Usage Billing, what's better?
There are all kinds of threads and links on the internet, and this seems to be a contentious issue butI don't know why.
95th percentile is either a good deal for some or a big rip off for others, Ijust said it there :)
But the reality is that for MOST people who transfer low amounts of data but burst to higher speeds such as 40mbit+ even for short periods of time, then you'll pay a lot of money to do that.
Basically 95th percentile is an-old archaic method........
email server messsages rejected without reverse DNS DNS check failure Client host rejected: cannot find your reverse hostname Cannot resolve PTR record
Basically you should always be 100% sure that whatever IPyour mail server sends out with has reverse DNS/PTR records. Remember that unless you own your IPs then you won't be able to set your own reverse DNS. Even if you were to create a reverse PTR record on your DNS servers it will be ignored. Reverse DNS is queried to pre-assigned DNS servers of your ISP, so therefore you'll need to contact your ISP/Colo/Hosting provider to do a reverse DNS entry.
If you don't have........
Outsourced VPS Support
The Xen VPSI had was not working properly and when they asked for the login information I found the support was coming directly from India:
whois 122.178.148.*
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net node-5]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 122.178.128.0 - 122.178.191.255
netname:&........
Thunderbird Signature Problem & Solution - Defaults To Below Quote
Basically it seems that Thunderbird only remembers/savesfor the first/default identity account. It is very annoying when the signature gets placed at the bottom and another huge oversight on Mozilla's part.
Fortunately you can hack/manually set this setting.
The solution for fixing the Signature At the Bottom (Below The Quote)
Click Tools -> Options ->Advanced -> Config Editor
Then search for ".sig_bottom" and set them al........
email2fax and Asterisk to do eFaxing
It's basically free bash shell script available from: http://wpkg.org/email2fax/index.php/Main_Page
Make sure you have the required tools:
libtiff
ghostscript
mpack/munpack
Where you can e-mail your Asterisk box and it will fax it to the phone number in the subject line. The good news ends there, it is fairly undocumented and buggy.
Take for example how the documentation mentions you can invoke from the com........
PHP cannot access /usr/bin/openssl
PHP cannot access /usr/bin/opensslI have verified the username that runs the process is able to access /usr/bin/openssl and it does exist but the PHP script is saying it doesn't exist:
[code:1:1fd0f3abbe]
if (!file_exists($OPENSSL)) {
//echo "ERROR: OPENSSL $OPENSSL not foundn";
}[/code:1:1fd0f3abbe]
I don't get itI can clearly see the contents of /usr/bin by using the PHP system fu........
Vonage & Linksys Offer Trade-In Program
Vonage & Linksys Offer Trade-In ProgramVonage & Linksys Offer Trade-In Program
Monday, June 13 @ 09:22:36 PDT
Vonage is offering customers a way to get a free 802.11g router when they turn in their old one.
advertising
For a limited time, customers can trade-in their used router – any brand, any model – for a Linksys Wireless-G Router with 2 Phone Jacks for broadband telephony (WRTP54G) for free (after rebates), when they si........
Intel's Finnish Fetish
Intel's Finnish FetishIntel's Finnish Fetish
By Dave Mock
June 13, 2005
Chipmaker Intel (NASDAQ: INTC) has successfully topped the personal computer market for decades. Breaking into related areas such as communications has been much difficult for the world's largest semiconductor maker. But a new partnership with Nokia (NYSE: NOK) could help to change that.
Intel's forays into cellular-phone and home-entertaiment-device chips have........
gnuCash - Alternative to Quickbooks/Quicken and other COTS accounting software.
gnuCash is available for all main platforms, Linux/Unix, MacOS (FreeBSD anyway), and Windows.
You can download gnuCash free from here.
It does seem to be fairly full featured and somewhat straight forward, but like so many programs it is missing a few key features or things don't work quite right.
It doesn't support importation of CSV files, which is a big minus. And the developers rather than wanting to add support have just dec........
Create/Enable SSL Certificates for Apache on Linux/Unix Systems eg. Redhat,Centos,Debian
Shortcut/Easiest Way To Create A Self-Signed Key:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
Using the above, you instantly create a self-signed certificate valid for 1530 days and you can simply skip to step #5.) below.
If You Need a Real SSLCertificate (eg. Equifax/Openssl) then you need to create a CSR request (you'll need to follow Steps 1.) and 2.) in order to create the CSR. You then upload the CSR Certi........
Windows Vista sysprep.exe /generalize error "The computer restarted unexpectedly or encountered an unexpected error. Windows installation cannot proceed. To install Windows, click "OK" to restart the computer, and then restart the installation."
I wanted to disable the "Administrator" account for security purposes and Iread some "guide" on the internet that recommended that we run "C:WindowsSystem32sysprepsysprep.exe /generalize". I also clicked the option for "Generalize" and the computer rebooted and gave some OOBE error and restarted, and now I get the error above no matter what.
I read that some drivers such as ones from AVIRA AV can cause this because they're unsign........
Tyan S2735-8M motherboard/Rackable Systems 1u Server 100mbit NIC not working even when enabled in the BIOS
Itried everything Icould think of, and of course even with the NIC enabled in the BIOS nothing was working. The light would flash when you plugin the cable for a second, but that's all.
Due to another issue I'm about to post about (server is not compatible with 1TB/1000Gig Hard Drives), I updated the BIOS. I didn't even know the 100mbit NICs were not working untilI decided I should test each NIC one by one.
Inoticed that only 1 server out of........
Have an OpenVZ VPS/Linux Virtual Private Server and nothing works right?
A VPS Server I had just wasn't working right, code that I migrated there just wasn't working. For example, it kept telling me the connection to the database was unsuccessful, halfway through iterating through results it already had.
Then I realized it wasn't my code. Ichecked my /proc/user_beancounters and found this:
cat /proc/user_beancounters
Version: 2.5
uid resource held maxheld barrier limit failcnt........
iPhone 3GS 32GB "Harsh Review"
Yes, Iadmit I finally got bitten by the hype as much as I can usually see through it all. Keep in mind this review is of the "stock" phone, no jailbreaking yet which is what really unleashes the customizability and whyI bought iPhone.
I had better things to say about this phone before buying it, and it is a great phone, perhaps the best on the market by far, if not because of the Mac OS port onto the iPhone and all the apps, etc, etc.
With that said........
OCFS2 crash
When trying to even cd or ls the mounted OCFS2 partition it crashes. Ithink this is a combination of VMWare Server's problem and the way I mounted and symlinked to it.
More than anything this shows the problem and lack of forsight with VMWare, but also that OCFS2 is easily crashed if you do strange things.
Output of /var/log/messages for OCFS2
Apr 10 15:57:45 localhost kernel: [84331.691258] Modules linked in: vmnet vmci vmmon ocfs2_stac........