t’s likely an old CA cert bundle on the system. Try the following to fix it:
Code:
curl -k -o /etc/ssl/certs/ISRG_Root_X1.pem https://letsencrypt.org/certs/isrgrootx1.pem
service directadmin restart
Kategori: Kategorisiz Yazilar
Hic bir kategoriye girmeyen yazilarimi buraya yazacagim..
manjaro / arch linux BTRFS chroot grub install story.
[manjaro@manjaro-cinnamon ~]$ sudo pacman -Sy arch-install-scripts
:: Synchronizing package databases...
core 163.9 KiB 303 KiB/s 00:01 [######################] 100%
extra 1865.8 KiB 2.29 MiB/s 00:01 [################################] 100%
community 7.5 MiB 5.84 MiB/s 00:01 [################################] 100%
multilib 169.3 KiB 1411 KiB/s 00:00 [################################] 100%
error: failed retrieving file 'core.db' from kambing.ui.ac.id : Failed to connect to kambing.ui.ac.id port 80 after 5212 ms: Connection timed out
error: failed retrieving file 'core.db' from ftp.cuhk.edu.hk : Failed to connect to ftp.cuhk.edu.hk port 80 after 5210 ms: Connection timed out
error: failed retrieving file 'extra.db' from kambing.ui.ac.id : Failed to connect to kambing.ui.ac.id port 80 after 5202 ms: Connection timed out
error: failed retrieving file 'extra.db' from ftp.cuhk.edu.hk : Failed to connect to ftp.cuhk.edu.hk port 80 after 5201 ms: Connection timed out
error: failed retrieving file 'community.db' from kambing.ui.ac.id : Failed to connect to kambing.ui.ac.id port 80 after 5201 ms: Connection timed out
warning: too many errors from kambing.ui.ac.id, skipping for the remainder of this transaction
error: failed retrieving file 'community.db' from ftp.cuhk.edu.hk : Failed to connect to ftp.cuhk.edu.hk port 80 after 5202 ms: Connection timed out
warning: too many errors from ftp.cuhk.edu.hk, skipping for the remainder of this transaction
:: Some packages should be upgraded first...
resolving dependencies...
looking for conflicting packages...
Packages (2) archlinux-keyring-20221123-1 manjaro-keyring-20221028-4
Total Download Size: 1.64 MiB
Total Installed Size: 2.28 MiB
Net Upgrade Size: 0.02 MiB
:: Proceed with installation? [Y/n] y
:: Retrieving packages...
archlinux-keyring-20221123... 1140.5 KiB 2.46 MiB/s 00:00 [################################] 100%
manjaro-keyring-20221028-4-any 541.6 KiB 6.96 MiB/s 00:00 [################################] 100%
Total (2/2) 1682.2 KiB 2.49 MiB/s 00:01 [################################] 100%
(2/2) checking keys in keyring [################################] 100%
(2/2) checking package integrity [################################] 100%
(2/2) loading package files [################################] 100%
(2/2) checking for file conflicts [################################] 100%
(2/2) checking available disk space [################################] 100%
:: Processing package changes...
(1/2) upgrading archlinux-keyring [################################] 100%
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signed 1 keys.
==> Importing owner trust values...
gpg: inserting ownertrust of 4
==> Disabling revoked keys in keyring...
-> Disabled 2 keys.
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 20 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 20 signed: 94 trust: 0-, 0q, 0n, 20m, 0f, 0u
gpg: depth: 2 valid: 74 signed: 28 trust: 74-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2023-01-01
==> Updating trust database...
gpg: next trustdb check due at 2023-01-01
==> Delete expired Build-Server Key
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 20 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 20 signed: 94 trust: 0-, 0q, 0n, 20m, 0f, 0u
gpg: depth: 2 valid: 74 signed: 28 trust: 74-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2023-01-01
(2/2) upgrading manjaro-keyring [################################] 100%
==> Appending keys from manjaro.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signed 4 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 22 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 22 signed: 94 trust: 0-, 0q, 0n, 22m, 0f, 0u
gpg: depth: 2 valid: 74 signed: 28 trust: 74-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2023-01-01
:: Running post-transaction hooks...
(1/2) Reloading system manager configuration...
(2/2) Arming ConditionNeedsUpdate...
resolving dependencies...
looking for conflicting packages...
Packages (1) arch-install-scripts-28-1
Total Download Size: 0.02 MiB
Total Installed Size: 0.05 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
arch-install-scripts-28-1-any 15.8 KiB 42.3 KiB/s 00:00 [################################] 100%
error: failed retrieving file 'arch-install-scripts-28-1-any.pkg.tar.zst' from kambing.ui.ac.id : Failed to connect to kambing.ui.ac.id port 80 after 6160 ms: Connection timed out
error: failed retrieving file 'arch-install-scripts-28-1-any.pkg.tar.zst' from ftp.cuhk.edu.hk : Failed to connect to ftp.cuhk.edu.hk port 80 after 5212 ms: Connection timed out
(1/1) checking keys in keyring [################################] 100%
(1/1) checking package integrity [################################] 100%
(1/1) loading package files [################################] 100%
(1/1) checking for file conflicts [################################] 100%
(1/1) checking available disk space [################################] 100%
:: Processing package changes...
(1/1) installing arch-install-scripts [################################] 100%
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...
[manjaro@manjaro-cinnamon ~]$ sudo lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
loop0
squash 4.0 0 100% /run/miso/sfs/livefs
loop1
squash 4.0 0 100% /run/miso/sfs/mhwdfs
loop2
squash 4.0 0 100% /run/miso/sfs/desktopfs
loop3
squash 4.0 0 100% /run/miso/sfs/rootfs
sda
└─sda1
ext4 1.0 10tb1 d59252fa-9b89-42c4-b966-5606a6f02b89 8.2T 4% /run/media/manjaro/10tb1
sdb
└─sdb1
ext4 1.0 10tb2 47a23e21-ec2f-4f79-b1e2-0d6d62c0c8ef 355.9G 91% /run/media/manjaro/10tb2
sdc
└─sdc1
ext4 1.0 10tb3 0ea2653e-5cb2-4f29-8904-c45c525961af 751.8G 87% /run/media/manjaro/10tb3
sdd
└─sdd1
ext4 1.0 EVO860-2 f12442dd-5018-45db-9523-d92a857bf6b1
sde
└─sde1
ext4 1.0 EVO860-1 ddb9d9b0-c043-4162-8607-28d0cfbf199f
sdf iso966 Jolie MANJARO_CINNAMON_2137
2022-08-26-08-40-30-00 0 100% /run/miso/bootmnt
├─sdf1
│ iso966 Jolie MANJARO_CINNAMON_2137
│ 2022-08-26-08-40-30-00
└─sdf2
vfat FAT12 MISO_EFI 2664-DC36
nvme1n1
├─nvme1n1p1
│ vfat FAT32 3C81-0B10
├─nvme1n1p2
│
├─nvme1n1p3
│ ntfs 429481D89481CF3B
└─nvme1n1p4
ntfs DC76D99C76D9782A
nvme0n1
├─nvme0n1p1
│ vfat FAT32 NO_LABEL D380-908E
└─nvme0n1p2
btrfs aca29224-1164-4d3f-807c-170e5a9174f2
[manjaro@manjaro-cinnamon ~]$ sudo mount -o subvol=@ /dev/nvme0n1p2 /mnt
[manjaro@manjaro-cinnamon ~]$ sudo mount -o subvol=@log /dev/nvme0n1p2 /mnt/var/log
[manjaro@manjaro-cinnamon ~]$ sudo mount -o subvol=@cache /dev/nvme0n1p2 /mnt/var/cache
[manjaro@manjaro-cinnamon ~]$ sudo mount -o subvol=@home /dev/nvme0n1p2 /mnt/home
[manjaro@manjaro-cinnamon ~]$ sudo mount /dev/nvme0n1p1 /mnt/boot/efi
[manjaro@manjaro-cinnamon ~]$
[manjaro@manjaro-cinnamon ~]$
[manjaro@manjaro-cinnamon ~]$ arch
arch-chroot archlinux-java archlinux-keyring-wkd-sync
[manjaro@manjaro-cinnamon ~]$ arch-chroot /mnt
==> ERROR: This script must be run with root privileges
[manjaro@manjaro-cinnamon ~]$ sudo arch-chroot /mnt
[manjaro-cinnamon /]# sudo arch-chroot /mnt
Installing for x86_64-efi platform.
Installation finished. No error reported.
[manjaro-cinnamon /]#
Summary:
Whenever I did a BIOS update my manjaro cinnamon installation which boots in UEFI mode and which also happens to be a BTRFS installation fucks up and never boots again , because by somehow my fucking BIOS can not find the UEFI boot entry again.
So what I do do fix this problem:
1- create a bootable manjaro cinnamon usb using etcher.
2- boot from this usb into manjaro cinnamon live using UEFI (important)
3- then appy these commands: ( details above)
sudo pacman -Sy arch-install-scripts
sudo lsblk -f
sudo mount -o subvol=@ /dev/nvme0n1p2 /mnt
sudo mount -o subvol=@log /dev/nvme0n1p2 /mnt/var/log
sudo mount -o subvol=@cache /dev/nvme0n1p2 /mnt/var/cache
sudo mount -o subvol=@home /dev/nvme0n1p2 /mnt/home
sudo mount /dev/nvme0n1p1 /mnt/boot/efi
sudo arch-chroot /mnt
grub-install
exit chroot , reboot , set BIOS UEFI boot entry to “manjaro” again and boot….
important notes: For this to work you MUST first boot into Live USB environment using UEFI boot. Otherwise you can not chroot and write grub to /boot/efi
ntp / ntpd almalinux ? chronyd
almalinuxda nedense ntp/ntpd yi kaldirmislar
yerine chronyd yi koymuslar
bu minik yazilim artik kendi kendine network icin ntpd serverda oluyor
ama ben bu ozelligini kullanmiyorum su an
kurmak icin
dnf install chrony
systemctl start chronyd
systemctl status chronyd
systemctl enable chronydAdaptec RAID controller: how to get rebuild status
[root@host ~]# arcconf getstatus 1
Controllers found: 1
Logical device Task:
Logical device : 0
Task ID : 100
Current operation : Rebuild
Status : In Progress
Priority : High
Percentage complete : 0
Command completed successfully.
[root@host ~]#Title: Adaptec ARCCONF Command Line Utility B25335
Filename: arcconf_B25335.zip
https://download.adaptec.com/raid/storage_manager/arcconf_B25335.zip
https://docs.hetzner.com/robot/dedicated-server/raid/adaptec-raid-controller/#how-to-restore-a-faulty-array
An example for the first array on the first controller would be:
arcconf SETSTATE 1 LOGICALDRIVE 0 OPTIMAL ADVANCED nocheck noprompt
https://www.thomas-krenn.com/en/wiki/Adaptec_arcconf_CLI_Commands
arcconf GETCONFIG 1
2 tane ayar ?
2 tane ayar var eger nginx_apache run etmiyorsan
ayar1: mpm event hikayesi
nano /etc/httpd/conf/extra/httpd-mpm.conf
<IfModule mpm_event_module>
StartServers 8
MinSpareThreads 48
MaxSpareThreads 148
ThreadsPerChild 64
ServerLimit 48
MaxRequestWorkers 3072
MaxConnectionsPerChild 12000
</IfModule>
ayar2: php-fpm ccocuklarinin dayanilmaz gurultusu:
nano /usr/local/php74/etc/php-fpm.conf
pm = ondemand
pm.max_children = 100
pm.process_idle_timeout = 10
pm.max_requests = 500
add dummy fake monitor to headless vm for to change screen resolution etc.
Basically install a dummy driver:
sudo apt-get install xserver-xorg-video-dummy
Then write it in the /usr/share/X11/xorg.conf.d/xorg.conf (or possibly /etc/X11/xorg.conf) file (create one, if it does not exist):
Section "Device"
Identifier "Configured Video Device"
Driver "dummy"
EndSection
Section "Monitor"
Identifier "Configured Monitor"
HorizSync 31.5-48.5
VertRefresh 50-70
EndSection
Section "Screen"
Identifier "Default Screen"
Monitor "Configured Monitor"
Device "Configured Video Device"
DefaultDepth 24
SubSection "Display"
Depth 24
Modes "1024x800"
EndSubSection
EndSection
Then restart the computer.
almalinux iptables
almalinuxda inatla iptables kullanmak istiyorum
systemctl stop firewalld
systemctl disable firewalld
systemctl mask firewalld
dnf remove firewalld
dnf update
dnf makecache --refresh
dnf -y install iptables-services
systemctl start iptables
systemctl enable iptables
systemctl status iptables
iptables-save > /etc/sysconfig/iptables
ip6tables-save > /etc/sysconfig/ip6tables
save etmiyor reboot edince hikayesi servisleri kurunca olmuyor artik.
phpinfo pff
echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/test.php
Bu Iran ISPsinin derdi nedir acaba?
Bu Iran Ispsinin derdi nedir acaba?
https://bgp.he.net/AS15828#_asinfo
Loglarda yuzbinlerce satir:
2022-03-16 07:43:45 login authenticator failed for (localhost) [5.34.207.33]: 535 Incorrect authentication data (set_id=vilte@xxx.com)
2022-03-16 07:43:45 login authenticator failed for (localhost) [5.34.207.67]: 535 Incorrect authentication data (set_id=mehdi@xxx.com)
2022-03-16 07:43:45 login authenticator failed for (localhost) [5.34.207.174]: 535 Incorrect authentication data (set_id=I’ll@xxx.com)
2022-03-16 07:43:45 login authenticator failed for (localhost) [5.34.207.67]: 535 Incorrect authentication data (set_id=mehdi@xxx.com)
2022-03-16 07:43:46 login authenticator failed for (localhost) [5.34.207.33]: 535 Incorrect authentication data (set_id=mramsey@xxx.com)
2022-03-16 07:43:46 login authenticator failed for (localhost) [5.34.207.158]: 535 Incorrect authentication data (set_id=PUTRI)
2022-03-16 07:43:46 login authenticator failed for (localhost) [5.34.207.33]: 535 Incorrect authentication data (set_id=mramsey@xxx.com)
2022-03-16 07:43:47 login authenticator failed for (localhost) [5.34.207.174]: 535 Incorrect authentication data (set_id=secureftp@xxx.com)
2022-03-16 07:43:47 login authenticator failed for (localhost) [5.34.207.97]: 535 Incorrect authentication data (set_id=s59)
Bloklayip gecelim.
Tamam asagidaki sekilde:
iptables -A INPUT -s 5.34.192.0/20 -j DROP
iptables -A INPUT -s 87.246.7.0/24 -j DROP
iptables -A INPUT -s 2.57.122.0/24 -j DROP
Configure two network cards in a different subnet on RHEL 6, RHEL 7, CentOS 6 and CentOS 7
The goal is to become symmetric routing:
Each interface on the server should have it’s own default gateway, which allows that interface to reply itself to incoming packets from other networks.
A normal routing table can only have one default gateway. This is quite logical since it’s the place where to send packets that do not match anything else in the rest of the table. To be able to have two default gateways, one for each interface, you need to setup policy based routing.
Policy based routing allows you to have multiple routing tables. Which table is used, depends on a set of rules.
To setup policy based routing for our example case, we will use two policy based tables. While it is possible to give a nice name to the tables (in /etc/iproute2/rt_tables), it’s not really when you only plan to have a few. Without a name, the tables are automatically created when you’re adding something to them.
Let’s start with adding a route for the network itself (link) and one for the default gateway for each interface. ens192 (192.168.0.10) will use table 1, ens224 (192.168.1.10) will use table 2.
[jensd@server ~]$ sudo ip route add 192.168.0.0/24 dev ens192 tab 1
[jensd@server ~]$ sudo ip route add 192.168.1.0/24 dev ens224 tab 2
[jensd@server ~]$ sudo ip route add default via 192.168.0.1 dev ens192 tab 1
[jensd@server ~]$ sudo ip route add default via 192.168.1.1 dev ens224 tab 2To define when table 1 or 2 will be used, we’ll add a rule, based on the source of the packet to the policy and refresh the policy based routing:
[jensd@server ~]$ sudo ip rule add from 192.168.0.10/32 tab 1 priority 100
[jensd@server ~]$ sudo ip rule add from 192.168.1.10/32 tab 2 priority 200
[jensd@server ~]$ sudo ip route flush cacheTo check if we did everything correctly, let’s list the tables and the rules:
[jensd@server ~]$ ip route show tab 1
default via 192.168.0.1 dev ens192
192.168.0.0/24 dev ens192 scope link
[jensd@server ~]$ ip route show tab 2
default via 192.168.1.1 dev ens224
192.168.1.0/24 dev ens224 scope link
[jensd@server ~]$ ip rule show
0: from all lookup local
100: from 192.168.0.10 lookup 1
200: from 192.168.1.10 lookup 2
32766: from all lookup main
32767: from all lookup default
[jensd@server ~]$ ip route
default via 192.168.0.10 dev ens192
169.254.0.0/16 dev ens192 scope link metric 1002
169.254.0.0/16 dev ens224 scope link metric 1003
192.168.1.0/24 dev ens224 proto kernel scope link src 192.168.1.10
192.168.0.0/24 dev ens192 proto kernel scope link src 192.168.0.10As you can see in the output from ip rule show, our policy based tables have a higher priority than the main table, which can be viewed with ip route. Nevertheless it’s import to still have a default route in the main table since packets leaving the machine itself can have a source IP of 0.0.0.0 and would not match any of the rules in our policy.
Make the changes permanent
Up to now, the changes would get lost after a reboot or restart of the networking. To make the changes permanent, create a route and rule file for every interface. For the above example, the contents would look like this:
[jensd@server ~]$ cat /etc/sysconfig/network-scripts/route-ens192
192.168.0.0/24 dev ens192 tab 1
default via 192.168.0.1 dev ens192 tab 1
[jensd@server ~]$ cat /etc/sysconfig/network-scripts/route-ens224
192.168.1.0/24 dev ens224 tab 2
default via 192.168.1.1 dev ens224 tab 2
[jensd@server ~]$ cat /etc/sysconfig/network-scripts/rule-ens192
from 192.168.0.10/32 tab 1 priority 100
[jensd@server ~]$ cat /etc/sysconfig/network-scripts/rule-ens224
from 192.168.1.10/32 tab 2 priority 200
Now your configuration should be persistent.
Some people pointed out in the comments that, in order for the routers to be persistent, you need to first perform the following actions:
yum install NetworkManager-config-routing-rules
systemctl enable NetworkManager-dispatcher.service
systemctl start NetworkManager-dispatcher.service
While this solution is slightly more work than changing the value for rp_filter, it isn’t that hard and has a lot of advantages over the other solution.
TAKEN FROM: https://jensd.be/468/linux/two-network-cards-rp_filter