If freshclam updates are failing even though the update servers are available and you find error messages like the following in the log you may have outdated or wrong data in freshclams data files:
Thu Mar 29 12:49:52 2018 -> ClamAV update process started at Thu Mar 29 12:49:52 2018
Thu Mar 29 12:49:52 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Thu Mar 29 12:49:52 2018 -> WARNING: getpatch: Can't download daily-24428.cdiff from db.local.clamav.net
Thu Mar 29 12:49:52 2018 -> WARNING: getpat...
Disclaimer
This should not be necessary in any case and is only for special cases, for e.g. if the assets directory is linked to a shared storage (for e.g. glusterfs). Please mind that it isn't wise to move your assets directory to a shared storage. The data in this directory should always be reproducible on all appservers when executing a assets precompile (so you don't need to sync this data). Other data should not be stored in the assets directory.
User uploads or files generated by requests should be stored in public/system.
You can use wscat:
sudo apt-get install node-ws
#
wscat -c ws://echo.websocket.org
connected (press CTRL+C to quit)
> foo
< foo
> bar
< bar
>
If a users password for https://monitor.makandra.de/ is unknown one can set it like this:
sudo python /opt/graphite/webapp/graphite/manage.py changepassword ${USERNAME}
This card is just about creating simple PostgreSQL dumps. This is no instruction for a backup strategy nor a guide for SQL dump performance optimization.
postgres user on a database server master. Please mind that you should stop the replication on a slave PostgreSQL server before creating dumpsThis applies only to distribusions based on Debian
If you have multiple Postgres Versions installed on a server and want to start/stop/restore/.. them separately you need to use pg_ctlcluster
Usage: /usr/bin/pg_ctlcluster <version> <cluster> <action>
For e.g.
/usr/bin/pg_ctlcluster 9.5 main start
With systemd you can start/stop the services via:
systemctl <action> postgresql@<version>-<cluster>.service
For e.g.
systemctl start postgresql@10-main.service
The Version of P...
If you're trying to start a cloud-init based Ubuntu VM with KVM you will suffer long boot times and confusing output on the terminal. If you want to get rid of it you need to remove cloud-init.
echo 'datasource_list: [ None ]' | sudo -s tee /etc/cloud/cloud.cfg.d/90_dpkg.cfgsudo apt-get purge cloud-initsudo rm -rf /etc/cloud/; sudo rm -rf /var/lib/cloud/Touch the file /etc/cloud/cloud-init.disabled or use the kernel parameter cloud-init=disabled to disabl...
Because systemd is the greatest thing ever it's not enough to stop the libvirt service. You need to disable the libvirt socket too.
sudo systemctl stop libvirt-bin
sudo systemctl stop libvirt-bin.socket
sudo systemctl start libvirt-bin
When receiving a new SSL-Certificate for an existing SSL-key it should be checked that they match cryptographically.
Maybe the customer accidentally created a new key and certificate and sent us just the certificate.
It's also possible that the certificate chain is in the wrong order. Make sure that the server certificate is the first. This is also necessary for nginx.
It is recommended to pipe the public keys of both files through an hashing algorithm, to easier identify differences. Instead of comparing the modulus the same syntax appli...
You will need to look here and find your own device. Look for the "bootable CD" download, which will give you an ISO file.
Then you need a Perl script from the internet (geteltorito.pl, I attached it too, because, you know. Internet.) to extract the El Torito boot image from the Lenovo-supplied ISO.
Pro-Tip: Don't clic...
To see all jails:
fail2ban status
Our $JAIL is usually ssh.
To see which IPs are banned currently:
fail2ban-client status ssh
If you want to unban a host banned by fail2ban on Ubuntu 14.04 or later use this method:
fail2ban-client set $JAIL unbanip $IP
#example with a jail named ssh
fail2ban-client set ssh unbanip 10.0.0.20
Please don't try to undo the ban by deleting the iptables rule. Fail2ban will recreate the rule if it is missing but fail2ban has still stored the ban.
On 12.04 hosts fail2ban ...
Create htpasswd entry and print to stdout:
$ sudo apt install apache2-utils # Optional
$ htpasswd -n $USERNAME
New password:
Re-type new password:
$USERNAME:<Password Hash>
Brendan Gregg is the Linux performance god. Use the information in this link to find out what ways there are for performacne analysis.
This link is shows the more sophisticated way and encourages to dig deeper for optimizing your system. If you're in a hurry look at Linux Performance Analysis in 60,000 Milliseconds
We want to make the following firewall rule to be applyable to different network interfaces (for e.g. different environments) with just one variable:
firewall { "010-reject-port":
ensure => present,
dport => [ 80 ],
destination => $::ipaddress_eth0,
proto => 'tcp',
action => 'drop',
iniface => 'eth0',
}
We can create a $firewall_interface variable and apply it to iniface but how can we ensure that the correct ipaddress factof the corresponding interface is used for `destina...
Bash stores the exitcodestatus of piped commands in the environment variable PIPESTATUS
So you can just echo ${PIPESTATUS[@]} to get them all.
13:52:30 ✔ claus:~$ ps ax | grep /usr/bin/ruby
13205 pts/20 S+ 0:00 grep --color=auto /usr/bin/ruby
13:52:43 ✔ claus:~$ echo ${PIPESTATUS[@]}
0 0
PIPESTATUS is an array, so you can get the exitcode of an specific command (first pipe):
13:54:20 ✔ claus:~$ echo ${PIPESTATUS[1]}
0
If you need the debug output of the puppetmaster running with passenger you have to uncomment this setting in the config.ru:
#ARGV << "--debug"
If you don't know where your config.ru is, check the Apache DocumentRoot. It's in /path/to/DocumentRoot/../config.ru. For example if your DocumentRoot is /etc/puppet/rack/public/ the config.ru is in /etc/puppet/rack/config.ru.
The exim documentation says:
Freezing occurs when a bounce message encounters a permanent failure because the sender address of the original message that caused the bounce is invalid, so the bounce cannot be delivered. This is probably the most common case, but there are also other conditions that cause freezing, and frozen messages are not always bounce messages.
By default, frozen bounce messages will b...
swaks is a very nice tool to test SMTP. For the most linux distributions you can easily install it with your package management system.
This example send an email from from@example.com to to@example.com via the server mail23.example.com with the user from@example.com and password mysupersecurepasswordyouneverget for authentication and require the connection to use STARTTLS.
$ swaks -tls --to to@example.com --from from@example.com --auth-user from@example.com --server mail23.example....
Install and configure the AWS Command Line Interface
Show existing certificates to test if the AWS Cli is working:
$ aws iam list-server-certificates
{
"ServerCertificateMetadataList": [
{
"Path": "/",
"Arn": "arn:aws:iam::5xxxxxxxxxxx:server-certificate/www.example.com-201307-201407",
"ServerCertificateId": "AXXXXXXXXXXXXXXXXXXXX",
"ServerCertificateName": "www.example.com-201210-201310",
...
I'm creating certificate requests with this command:
openssl req -new -out www.example.com.csr -keyout www.example.com.key -newkey rsa:2048 -nodes
When I try to upload the certificate to AWS IAM I get this error:
$ aws iam upload-server-certificate --server-certificate-name www.example.com-2013010-2014010 --certificate-body www.example.com.crt --private-key www.example.com.key --certificate-chain www.example.com.ca-bundle
A client error (MalformedCertificate) occurred: Invalid Public Key Certificate.
That's because o...
Create a 1 GB file to swap to (we have sufficient space on / on this machine. Use a different partition if necessary)
sudo dd if=/dev/zero of=/var/swapfile bs=1M count=1024
If you prefer 2GB swap, chose count=2048, 4GB: count=4096
Change permissions of swap file:
sudo chmod 0600 /var/swapfile
Set up swap file and enable it:
sudo mkswap /var/swapfile
sudo swapon /var/swapfile
You should see your swap space now:
thomas@machine:~$ free -m
total used free shared buffers...
This is a way to run multiple redis server on one ubuntu server.
Change some Variables.
From this:
DAEMON_ARGS=/etc/redis/redis.conf
NAME=redis-server
DESC=redis-server
PIDFILE=/var/run/redis.pid
to this:
NAME=`basename ${0}`
DAEMON_ARGS=/etc/redis/${NAME}.conf
DESC=${NAME}
PIDFILE=/var/run/${NAME}.pid
These steps y...