echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d400

Check Virtualization Extension 

Run this command to make sure you’ve enabled virtualization in on your computer. It should be above 0

titus@debian:~$  egrep -c '(vmx|svm)' /proc/cpuinfo
12

If the output is zero then go to bios settings and enable VT-x (Virtualization Technology Extension) for Intel processor and AMD-V for AMD processor.
Install QEMU and Virtual Machine Manager

titus@debian:~$ sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virtinst libvirt-daemon virt-manager -y

Verify that Libvirtd service is started

titus@debian:~$ sudo systemctl status libvirtd.service

Start Default Network for Networking

VIRSH is a command to directly interact with our VMs from terminal. We use it to list networks, vm-status and various other tools when we need to make tweaks. Here is how we start the default and make it auto-start after reboot. 

titus@debian:~$ sudo virsh net-start default
Network default started
titus@debian:~$ sudo virsh net-autostart default
Network default marked as autostarted

Check status with:

titus@debian:~$ sudo virsh net-list --all
 Name      State      Autostart   Persistent
----------------------------------------------
 default   active       yes          yes

Add User to libvirt to Allow Access to VMs

titus@debian:~$ sudo adduser titus libvirt
titus@debian:~$ sudo adduser titus libvirt-qemu

Reboot and you are Finished!

Taken from: https://www.christitus.com/vm-setup-in-linux

routing traffic over wireguard with mikrotik to a specific ip address…

Routing traffic for a specific destination over the VPN is definitely much easier. After creating the VPN tunnel between two Mikrotik routers, it was a two-more step process:

/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=NAME-OF-WG-INTERFACE

/ip route
add distance=1 dst-address=ip.ip.ip.ip/32 gateway=IP-OF-WG-SERVER

Larger subnets than a single ip can be routed through the VPN, and multiple subnets can be routed too. The caveat for this simpler method is that you cannot route “all” traffic (ie. to 0.0.0.0) through the VPN, or else the client Mikrotik itself cannot route its own traffic either.

apt update
apt install apache2-utils squid -y
htpasswd -c /etc/squid/passwd kullaniciadi
wget -O /etc/squid/squid.conf http://shukko.com/squid/squ2022.conf
nano /etc/squid/squid.conf (ip adreslerini duzenle)
systemctl restart squid
systemctl enable squid

PROBLEM:

I’ve got several Ryzen Boxes with AsrockRack X470D4U and X470D4U2-2T Mainboards,

I know a lot of providers here using these exact mainboards here with their Ryzen offerrings, So maybe some help here:

My problem is after updating the latest official BMC Firmware updates,
Here https://www.asrockrack.com/general/productdetail.asp?Model=X470D4U#Download and Here https://www.asrockrack.com/general/productdetail.asp?Model=X470D4U2-2T#Download

Each and every mainboards BMC IPMI interface is now not responding to pings or accessible over LAN.

I can send commands using ipmitool application from linux command line.

But no matter what I do, I can’t be able to access to BMC IPMI over LAN.

Only info I can find from AsRock side is this thread from their forum:

https://forum.asrock.com/forum_posts.asp?TID=19681&KW=X470D4U&title=asrock-x470d4u-after-update-to-bmc-03-02-00-ipmi-g

But also this has got no official updates from AsRock.

Somebody mentioned https://www.asrockrack.com/support/faq.asp?id=40 this solution in that thread , but I also don’t have the luxury to reboot and flash old version of firmware as all these boxes are production boxes with several virtual servers on them.

Anybody using these mainboards have any clue about what to do to regain access to BMC IPMI Web interface?

As I said I can get response using IPMITOOL from command line. And everything seems to be working.

Please help..

SOLUTION:

Updates on this matter:

1- After tons / hours of brain thinkering and google searches I figure out that the most sensible way is to downgrade the bmc firmware to a “working” one.

2- I then needed ASPEED socflash utility v 1.2 linux version – which is very hard to get – Aspeed was providing it from their website but no more – After some google foo I found it. If anybody needs socflash utility v1.2 linux version, you are free to contact me.

3- flashed old bmc firmware with socflash linux utilty

root@r5:~/socflash/SOCFLASH# ./socflash.sh X470D4U_P2.20.00.ima X470D4U_calismayan.ima 
ASPEED SOC Flash Utility v.1.20.00 
Warning:
SoCflash utility is only for engineers to update the firmware in lab,
it is not a commercialized software product,
ASPEED has not done compatibility/reliability stress test for SoCflash.
Please do not use this utility for any mass production purpose.
Press y to continue if you are agree ....
y
Find ASPEED Device 1a03:2000 on 22:0.0 
MMIO Virtual Address: a364e000 
Relocate IO Base: f000 
Found ASPEED Device 1a03:2500 rev. 41 
Static Memory Controller Information: 
CS0 Flash Type is SPI 
CS1 Flash Type is SPI 
CS2 Flash Type is SPI 
CS3 Flash Type is NOR 
CS4 Flash Type is NOR 
Boot CS is 0 
Option Information: 
CS: 0 
Flash Type: SPI 
[Warning] Don't AC OFF or Reboot System During BMC Firmware Update!! 
[SOCFLASH] Flash ID : 1940ef 
Find Flash Chip #1: WinbondW25Q256/257 
Backup Flash Chip O.K.                 
Update Flash Chip #1 O.K.            
Update Flash Chip O.K.         
root@r5:~/socflash/SOCFLASH# 

4- After firmware downgrade:

root@r5:~/socflash/SOCFLASH# ipmitool mc info
Device ID                 : 32
Device Revision           : 1
Firmware Revision         : 2.20
IPMI Version              : 2.0
Manufacturer ID           : 49622
Manufacturer Name         : Unknown (0xC1D6)
Product ID                : 514 (0x0202)
Product Name              : Unknown (0x202)
Device Available          : yes
Provides Device SDRs      : no
Additional Device Support :
    Sensor Device
    SDR Repository Device
    SEL Device
    FRU Inventory Device
    IPMB Event Receiver
    IPMB Event Generator
    Chassis Device
Aux Firmware Rev Info     : 
    0x00
    0x00
    0x00
    0x00
root@r5:~/socflash/SOCFLASH# ipmitool lan print 1
MAC Address             : a8:a1:59:86:f3:ec
SNMP Community String   : AMI
IP Header               : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
BMC ARP Control         : ARP Responses Enabled, Gratuitous ARP Disabled
Gratituous ARP Intrvl   : 0.0 seconds
Default Gateway IP      : 0.0.0.0
Default Gateway MAC     : 00:00:00:00:00:00
Backup Gateway IP       : 0.0.0.0
Backup Gateway MAC      : 00:00:00:00:00:00
802.1q VLAN ID          : Disabled
802.1q VLAN Priority    : 0
RMCP+ Cipher Suites     : 0,1,2,3,6,7,8,11,12,15,16,17
Cipher Suite Priv Max   : caaaaaaaaaaaXXX
                        :     X=Cipher Suite Unused
                        :     c=CALLBACK
                        :     u=USER
                        :     o=OPERATOR
                        :     a=ADMIN
                        :     O=OEM
Bad Password Threshold  : 0
Invalid password disable: no
Attempt Count Reset Int.: 0
User Lockout Interval   : 0
root@r5:~/socflash/SOCFLASH# 

5- Now it’s time to Enter the usual ip address / gateway of the IPMI

LAN Configuration

ipmitool lan set 1 ipsrc static
ipmitool lan set 1 ipaddr 192.168.1.211
ipmitool lan set 1 netmask 255.255.255.0
ipmitool lan set 1 defgw ipaddr 192.168.1.254
ipmitool lan set 1 defgw macaddr 00:0e:0c:aa:8e:13
ipmitool lan set 1 arp respond on
ipmitool lan set 1 auth ADMIN MD5
ipmitool lan set 1 access on

User Configuration
A user will now be setup with admin rights.
ipmitool user set name 2 admin
ipmitool user set password 2
Password for user 2: 
Password for user 2: 
ipmitool channel setaccess 1 2 link=on ipmi=on callin=on privilege=4
ipmitool user enable 2
 

6- WEB INTERFACE WORKS NOW!!!

7- Time to upgrade to latest version of BMC firmware now 

Thank you for all your answers!

hello, you can download it here:

https://nc.dandik.net/let/socflash.linux.v.1.20.tar.gz

full package for all OS’s is here:

https://nc.dandik.net/let/v12000.zip

cd /usr/local/directadmin/custombuild
./build set litespeed_serialno litespeedlicense#

cd /usr/local/directadmin/custombuild
./build update
./build set webserver litespeed
./build set php1_mode lsphp
./build set php2_mode lsphp
./build set php3_mode lsphp
./build set php4_mode lsphp
./build litespeed
./build php n

IF ERROR AFTER LOGIN:

Can not find handler with type: 17, name: lsphp70.
Can not find External Application: lsphp70, type: lsapi

Litespeed admin panel -> Configuration -> Server -> External App

Command Line Should Be:

php 56  : /usr/local/php56/bin/lsphp
php 70  : /usr/local/php70/bin/lsphp
php 71  : /usr/local/php71/bin/lsphp
php 72  : /usr/local/php72/bin/lsphp
php 73  : /usr/local/php73/bin/lsphp

save & Graceful Restart

UNINSTALL:

/usr/local/lsws/admin/misc/cp_switch_ws.sh apache

Proxmox – Shrink local ZFS disk

1- boot gparted and shrink partitions leaving free space as you like
2- in pve shell

$zfs set volsize=<new size>G rpool/data/vm-<vm id>-disk-<disk number>

Ex: zfs set volsize=50G rpool/data/vm-141-disk-0

3- edit vm config in /etc/pve/qemu-server/vm-id.conf

virtio0: local-zfs:vm-<vm id>-disk-<disk number>,size=<new size>G

IF can not boot and corrupted partition table for shrinked disk:

boot gparted

gdisk /dev/sda

press

v
x
e
w
y

Done!

Oncelikle su dosyayi indir:

http://shukko.com/IPMICFG_1.32.0_build.200910.zip

sonrasinda icinden uygun dosyayi cikart

chmod +x IPMICFG-Linux.x86_64 ornegin

sonrasinda

./IPMICFG-Linux.x86 -help mesela x86 dosyasi icin

hatta mevcut ipmi admin pass degistirmek icin

./IPMICFG-Linux.x86 -user list

Maximum number of Users : 10
Count of currently enabled Users : 2

User ID	User Name	Privilege Level	Enable
2	admin	Administrator	Yes
3	ekkullanici	Administrator	Yes

./IPMICFG-Linux.x86 -user setpwd 2 supergizliparola1
Done.

there is no xmmp auto configuration in BIOS in these motherboards,

So to set the correct memory speed do the following:

In BIOS there are 2 separate ways to get to the memory settings.

Although these 2 ways should lead to the very same “folders” and settings, changes done via the first way don’t show up if you access the settings via the second way.

I don’t know if this is really necessary but I use both ways, one after the other and change the “same” settings to the very same values each time.

First way:

BIOS -> Advanced -> AMD CBS -> UMC Common Options -> DDR4 Common Options -> DRAM Timing Configuration -> (Accept the risks to access menu) -> Memory Clock Speed: From “Auto” to 1333MHz for DDR4-2666, for example.

Second way:

BIOS -> Advanced -> AMD Overclocking -> (Accept the risks to access menu) -> DDR and Infinity Fabric Frequency/Timings -> DDR Frequency and Timings -> DRAM Timing Configuration

When you are in BIOS also set the amd precision boost to enable for extra benefirt.

taken from: https://hostio.solutions/kb/how-to-install/pure-ftpd/

How to Install Pure-FTPd with Let’s Encrypt

If you manage multiple servers, it is super important to make backups yourself. Hosting providers often do offer backup services, however, it’s also important to have a back-up server elsewhere so that you always have access to your own data. This is especially useful when, for example, your hosting provider is completely offline.

In this “how to install” we’ll explain step by step how you can setup an FTP server with Pure-FTPd and how you can secure it with a certificate.

For this setup, we recommend that you use a dedicated server with Debian 10.

Step 1: Update server

Make sure that your Debian 10 server is up-to-date.

Step 2: Pure-FTPd installation

When your server is up-to-date, we can install the FTP server with Pure FTPd. For this, we use the following command:

apt-get install pure-ftpd

Step 3: Configuration and setup of Pure-FTPd

To ensure that everything runs properly, the following commands must be executed:

echo "yes" > /etc/pure-ftpd/conf/Daemonize
echo "yes" > /etc/pure-ftpd/conf/NoAnonymous
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
echo "2" > /etc/pure-ftpd/conf/TLS

We recommend setting your FTP to IPv4 only, as the performance of IPv6 is not the same for every provider. You can do this by using the following command:

echo "yes" > /etc/pure-ftpd/conf/IPV4Only

Now we are going to set the config. Out of experience we know that the following works best:

We start with deleting the existing config. To do this, you can use the following command:

rm -rf /etc/pure-ftpd/pure-ftpd.conf

Now that we’ve deleted the existing config, we can complete the config file with our settings. Open the pure-ftpd.conf.

nano /etc/pure-ftpd/pure-ftpd.conf

Now that we have the text editor open, you can copy & paste the following:

ChrootEveryone               		yes
BrokenClientsCompatibility   	no
MaxClientsNumber             	        50
Daemonize                   		        yes
MaxClientsPerIP              		8
VerboseLog                   		no
DisplayDotFiles              		yes
AnonymousOnly                		no
NoAnonymous                  		no
SyslogFacility               		        ftp
DontResolve                  		yes
MaxIdleTime                  		15
LimitRecursion               		10000
AnonymousCanCreateDirs     	no
MaxLoad                      		        4
AntiWarez                    		        yes
Umask                        			133:022
MinUID                       			100
AllowUserFXP                 		no
AllowAnonymousFXP            	no
ProhibitDotFilesWrite        	        no
ProhibitDotFilesRead         	        no
AutoRename                   		no
AnonymousCantUpload         	no
MaxDiskUsage                   		99
CustomerProof                		yes
CertFile                       		        /etc/ssl/private/pure-ftpd.pem

Everything is now set up and configured.

Step 4: Secure the FTP server with Let’s Encrypt.

It’s important to make sure that you’re using a secure connection for your FTP traffic.

If you want to use an SSL/TLS, we first need to create the folder for it. The certificate will be placed in this folder. To do this, you can use the following command:

mkdir -p /etc/ssl/pure-ftpd

Secure your FTP server with the SSL of Let’s Encrypt

In order to use Let’s Encrypt we first have to install Certbot.

apt-get install certbot

Now that we have done the installation, it is time to request an SSL. Make sure you have a hostname and A record for your server and go through all the steps of certbot.

certbot certonly --standalone

Now we are going to merge the created Let’s Encrypt certificate files. We do this with the following command:

cat /etc/letsencrypt/live/*/privkey.pem /etc/letsencrypt/live/*/fullchain.pem > /etc/ssl/private/pure-ftpd.pem

After we’ve merged the certificates, we have to make sure that the renewed SSL is automatically merged via cronob:

nano /etc/cron.d/certbot

If all goes well, the last line should say:

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

Now we have to add the following to the last line:

&& cat /etc/letsencrypt/live/*/privkey.pem /etc/letsencrypt/live/*/fullchain.pem > /etc/ssl/private/pure-ftpd.pem

It should then look as follows:

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew && cat /etc/letsencrypt/live/*/privkey.pem /etc/letsencrypt/live/*/fullchain.pem > /etc/ssl/private/pure-ftpd.pem

If all went well, we can restart Pure-FTPd with the following command:

service pure-ftpd restart

Step 5: create user(s)

There are two ways: create a user with SSH access or create a user without SSH access and set a storage limit.

For every account that is created, a home profile is created at /home.

Easy way to create user(s)

Use the following command to easily create an user:

adduser USERNAME

After entering this command, you can set your password. After having set the password, everything will be ready for this user and a profile will be created on /home/username.

Create user with extra options

If you want to create a user with extra options, we first have to create a user group for FTP users without SSH access.

groupadd ftpgroup

Now we can create the user:

useradd -g ftpgroup -d /dev/null -s /etc USERNAME 

pure-pw useradd USERNAME -u USERNAME -g ftpgroup -d /home/USERNAME

If you want to give the user a storage limit you can add: -N 1000.
This gives the user a storage limit of 1000MB.

Example of the command with a storage limit of 1000 MB:

pure-pw useradd USERNAME -u ftpuser -g ftpgroup -d /home/USERNAME -N 1000

Now we have to create the directory for the FTP user with the following command:

mkdir /home/USERNAME

chown -R USERNAME:ftpgroup /home/USERNAME

The next step is to update the Pure-FTPd database. You can do this with the following command:

pure-pw mkdb

ln -s /etc/pure-ftpd/pureftpd.passwd /etc/pureftpd.passwd

ln -s /etc/pure-ftpd/pureftpd.pdb /etc/pureftpd.pdb

ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/PureDB

Finally, we have to restart the Pure-FTPd:

service pure-ftpd restart

Every time you make changes to a user, the database must be updated:

pure-pw mkdb

Do you want to change the password for an FTP user? Then you can use the following command:

pure-pw passwd USERNAME

I