Rpmfusion fedora and h264/codecs

 Uncategorized  Comments Off on Rpmfusion fedora and h264/codecs
Sep 162019
 

yum install https://download1.rpmfusion.org/{free/fedora/rpmfusion-free,nonfree/fedora/rpmfusion-nonfree}-release-$(rpm -E %fedora).noarch.rpm

yum install install compat-ffmpeg28 ffmpeg-libs

 Posted by at 16:52

Spotify on fedora

 Uncategorized  Comments Off on Spotify on fedora
Sep 162019
 
dnf config-manager --add-repo=http://negativo17.org/repos/fedora-spotify.repo && yum update && yum -y install spotify-client 
 Posted by at 16:46

xfce4 terminal shortcut

 Uncategorized  Comments Off on xfce4 terminal shortcut
Sep 162019
 

open xfce4-settings-manager

keyboard

(while you are there, set Restore Num Lock on startup)

application shortcuts

add

xfce4-terminal

shortcut

 Posted by at 16:44

Fix: Digital ID name cannot be found by underlying security system

 Uncategorized  Comments Off on Fix: Digital ID name cannot be found by underlying security system
Jun 252019
 

I got this error when sending signed emails using my outlook cert by Digicert.

Solution:

  1. Open certmgt
  2. Navigate to Personal/Certificates
  3. Delete the signing cert
  4. Import your cert from backup (or request a new one)
  5. Select again in Security center in outlook

 Posted by at 06:12

Bash array operations and examples

 Uncategorized  Comments Off on Bash array operations and examples
Jun 112019
 

Split to array:

while IFS=’;’ read -ra ADDR; do
for i in “${ADDR[@]}”; do
# process “$i”
done
done <<< “$IN”

Define:

distro=(“redhat” “debian” “gentoo”)

Element:


${ArrayName[subscript]}

Length:


echo “${#distro[@]}”

Example

!/bin/bash

define array

name server names FQDN

NAMESERVERS=(“ns1.nixcraft.net.” “ns2.nixcraft.net.” “ns3.nixcraft.net.”)

get length of an array

tLen=${#NAMESERVERS[@]}

use for loop read all nameservers

for (( i=0; i<${tLen}; i++ ));
do
echo ${NAMESERVERS[$i]}
done

 Posted by at 06:58

Bash color variables

 Uncategorized  Comments Off on Bash color variables
Apr 112019
 
# Reset
Color_Off='\033[0m'       # Text Reset

# Regular Colors
Black='\033[0;30m'        # Black
Red='\033[0;31m'          # Red
Green='\033[0;32m'        # Green
Yellow='\033[0;33m'       # Yellow
Blue='\033[0;34m'         # Blue
Purple='\033[0;35m'       # Purple
Cyan='\033[0;36m'         # Cyan
White='\033[0;37m'        # White

# Bold
BBlack='\033[1;30m'       # Black
BRed='\033[1;31m'         # Red
BGreen='\033[1;32m'       # Green
BYellow='\033[1;33m'      # Yellow
BBlue='\033[1;34m'        # Blue
BPurple='\033[1;35m'      # Purple
BCyan='\033[1;36m'        # Cyan
BWhite='\033[1;37m'       # White

# Underline
UBlack='\033[4;30m'       # Black
URed='\033[4;31m'         # Red
UGreen='\033[4;32m'       # Green
UYellow='\033[4;33m'      # Yellow
UBlue='\033[4;34m'        # Blue
UPurple='\033[4;35m'      # Purple
UCyan='\033[4;36m'        # Cyan
UWhite='\033[4;37m'       # White

# Background
On_Black='\033[40m'       # Black
On_Red='\033[41m'         # Red
On_Green='\033[42m'       # Green
On_Yellow='\033[43m'      # Yellow
On_Blue='\033[44m'        # Blue
On_Purple='\033[45m'      # Purple
On_Cyan='\033[46m'        # Cyan
On_White='\033[47m'       # White

# High Intensity
IBlack='\033[0;90m'       # Black
IRed='\033[0;91m'         # Red
IGreen='\033[0;92m'       # Green
IYellow='\033[0;93m'      # Yellow
IBlue='\033[0;94m'        # Blue
IPurple='\033[0;95m'      # Purple
ICyan='\033[0;96m'        # Cyan
IWhite='\033[0;97m'       # White

# Bold High Intensity
BIBlack='\033[1;90m'      # Black
BIRed='\033[1;91m'        # Red
BIGreen='\033[1;92m'      # Green
BIYellow='\033[1;93m'     # Yellow
BIBlue='\033[1;94m'       # Blue
BIPurple='\033[1;95m'     # Purple
BICyan='\033[1;96m'       # Cyan
BIWhite='\033[1;97m'      # White

# High Intensity backgrounds
On_IBlack='\033[0;100m'   # Black
On_IRed='\033[0;101m'     # Red
On_IGreen='\033[0;102m'   # Green
On_IYellow='\033[0;103m'  # Yellow
On_IBlue='\033[0;104m'    # Blue
On_IPurple='\033[0;105m'  # Purple
On_ICyan='\033[0;106m'    # Cyan
On_IWhite='\033[0;107m'   # White
 Posted by at 11:41

Get x11 forwarding working on Centos 7 & Putty & Xming

 Uncategorized  Comments Off on Get x11 forwarding working on Centos 7 & Putty & Xming
Jan 042019
 
  1. Install xming
  2. Set up putty, use x forwarding, diplay loc localhost:0.0, rest is default
  3. Start xming
  4. On centos:
yum install xorg-x11-fonts* libXtst xorg-x11-xauth xorg-server xclock

Test using xclock. If $DISPLAY is not set you did it wrong. You can also test mobaxterm, it works well.

 Posted by at 07:38

Auto root login Centos 7 / EL 7

 Uncategorized  Comments Off on Auto root login Centos 7 / EL 7
Nov 222018
 
sed -i '/ExecStart/ s/agetty/agetty --autologin root/' /etc/systemd/system/getty.target.wants/getty@tty1.service
 Posted by at 07:07

Set up TOTP/Google authenticator on Centos 7

 Uncategorized  Comments Off on Set up TOTP/Google authenticator on Centos 7
Nov 032018
 

Remember to keep an SSH session open (in a separate terminal) while doing this.

  1. yum install google-authenticator
  2. google-authenticator
  3. follow steps, save backup stuff
  4. vim /etc/ssh/sshd_config:
    1. ChallengeResponseAuthentication yes ;
    PermitRootLogin yes ; PasswordAuthentication yes
  5. vim /etc/pam.d/ssh, add “auth required pam_google_authenticator.so” after the auth line with password.

Now you can also set up httpd to use this:

yum install mod_authnz_external.x86_64 ,

(will do this later)

 Posted by at 16:34

Found ArcSight parser functions

 Uncategorized  Comments Off on Found ArcSight parser functions
Oct 192018
 

__LOOKUP(
__concatenate(
__concatenateDeleting(
__contains(
__convertMSDNSURL(
__createGMTTimeStamp(
__createLocalTimeStampFromGMT(
__createLocalTimeStampFromGMTSecondsMillis(
__createLocalTimeStampFromGMTSecondsNanoseconds(
__createLocalTimeStampFromNTP(
__createLocalTimeStampFromNanoSeconds(
__createLocalTimeStampFromSecondsMicrosZone(
__createLocalTimeStampFromSecondsSinceEpoch(
__createLocalTimeStampStringFromGMTMilliseconds(
__createLocalTimeStampStringFromLocalMilliseconds(
__createOptionalTimeStampFromString(
__createSafeLocalTimeStamp(
__createTimeStamp(
__createTimeStampByHexEncodedTime(
__createTimeStampByStartTimeElapsed(
__createTimeStampForOpsecStartTime(
__doubleToAddress(
__extractNDomain(
__extractNTDomain(
__extractNTUser(
__extractProtocol(
__foundScanHostName(
__getCEFSeverity(
__getDeviceDirection(
__getIronMailActions(
__getIronMailAlertImpact(
__getIronMailEventStatus(
__getLongMACAddressByHexString(
__getLongMACAddressByString(
__getManhuntPriority(
__getNormalizedOS(
__getNotZeroPort(
__getOriginator(
__getOriginatorFromSourcePort(
__getProtocolName(
__getProtocolNameFromString(
__getSymantecNSPriority(
__getTimeZone(
__getTrendMicroHostName(
__getTrendMircoUser(
__getType(
__getVendor(
__getVulnerabilityCategory(
__getXForceStringFor(
__hexStringToAddress(
__hexStringToLong(
__hexStringToString(
__hourMinuteSecondsToSeconds(
__ifGreaterOrEqual(
__ifThenElse(
__ifThenElseAddress(
__ifTrueThenElse(
__ignoreZeroIp(
__ignoreZeroMac(
__integerConstant(
__integerToAddressMcAfee(
__integerToLong(
__longToString(
__longToTimeStamp(
__mazuProfilerDestinationAddress(
__numberToAddress(
__oneOf(
__oneOfAddress(
__oneOfDateTime(
__oneOfHostName(
__oneOfInteger(
__oneOfLong(
__oneOfMac(
__oneOfNetBIOSName(
__parseMultipleTimeStamp(
__parseMutableTimeStamp(
__parseMutableTimeStampSilently(
__parseSignedLong(
__regexToken(
__regexTokenAsAddress(
__regexTokenAsInteger(
__regexTokenAsLong(
__regexTokenFindAndJoin(
__regexTokenNoWarning(
__replaceAll(
__reverseDottedDecimalAddressByteOrder(
__safeToDate(
__safeToInteger(
__safeToLong(
__safeToRoundedLong(
__safteToInt(
__setYearToCurrentYear(
__signedNumberToAddress(
__simpleMap(
__split(
__splitAsAddress(
__splitAsInteger(
__stringConstant(
__stringTrim(
__subAgentTokenizer(
__toGMTTimeStamp(
__toHex(
__toLocalTimeStamp(
__toUpperCase(

 Posted by at 07:38

Tail: prepend file name to tailing output (bash)

 Uncategorized  Comments Off on Tail: prepend file name to tailing output (bash)
Sep 042018
 


cd /opt/arcsight/connectors/; tail -f *_con1_rsyslog_paloalto_2500*/current/logs/agent.out.wrapper.log | awk '/^==> / {a=substr($0, 5, length-8); next} {print a":"$0}'

 Posted by at 07:37

Node Rocketchat npm fibers not running ( versionGLIBCXX_3.4.20 not found ) on centos/rhel

 Uncategorized  Comments Off on Node Rocketchat npm fibers not running ( versionGLIBCXX_3.4.20 not found ) on centos/rhel
Aug 312018
 
  1. cd /opt/Rocket.Chat/programs/server/node_modules/fibers/
  2. ln -s /usr/local/n/versions/node/8.9.3/bin/node-gyp /bin/
  3. node-gyp rebuild
  4. cp build/Release/fibers.node bin/linux-x64-57/fibers.node

https://github.com/RocketChat/Rocket.Chat/issues/9167#issuecomment-352804066

 Posted by at 13:02

Personal (manual) template for internal hosts

 Uncategorized  Comments Off on Personal (manual) template for internal hosts
Jul 202018
 

This might help someone else, too. These are the things I do for an internal VM (on my hypervisor at home). This document will/might evolve over time. Default OS is centos7.

  1. yum -y install epel-release && yum -y update && yum -y install wget vim htop tcpdump yum-cron yum-utils ntp figlet lynis bind-utils bash-completion mlocate autojump vnstat psmisc rsync ack strace iotop
  2. yum -y install centos-release-ovirt42 && yum -y install ovirt-guest-agent-common && systemctl enable --now ovirt-guest-agent.service
  3. vnstat --create -i eth0 && chown -R vnstat. /var/lib/vnstat/ && systemctl enable --now vnstat
  4. ssh-copy-id my keys to the server, cat >> /etc/ssh/sshd_config
    X11Forwarding no
    IgnoreRhosts yes
    UseDNS no
    PermitEmptyPasswords no
    MaxAuthTries 2
    PubkeyAuthentication yes
    PasswordAuthentication no
    PermitRootLogin without-password
    Protocol 2
    systemcyl restart sshd
  5. vim -O /etc/yum/yum-cron.conf /etc/ntp.conf && systemctl enable ntpd && systemctl start ntpd
  6. hostname | cut -d. -f1 | figlet > /etc/motd && vim /etc/motd
  7. vim /etc/sysctl.d/harden.conf , add file below
  8. echo smtpd_banner=0 >> /etc/postfix/main.cf && systemctl restart postfix ; echo “bg=dark >> /etc/vimrc”
  9. ip a&& read&& hostname >> /etc/hosts && vim /etc/hosts #, add local host
  10. vi /etc/aliases && newaliases
  11. reboot
  12. check sestatus enabled, firewalld active, lynis audit system
  13. IPTables firewalld replace


# The following is suitable for dedicated web server, mail, ftp server etc.
# ---------------------------------------
# BOOLEAN Values:
# a) 0 (zero) - disabled / no / false
# b) Non zero - enabled / yes / true
# --------------------------------------
# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
#net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2

########## IPv4 networking start ##############
# Send redirects, if router, but this is just server
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0

# Accept packets with SRR option? No
net.ipv4.conf.all.accept_source_route = 0

# Accept Redirects? No, this is not router
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0

# Log packets with impossible addresses to kernel log? yes
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.secure_redirects = 0

# Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Prevent against the common ‘syn flood attack’
net.ipv4.tcp_syncookies = 1

# Enable source validation by reversed path, as specified in RFC1812
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

########## IPv6 networking start ##############
# Number of Router Solicitations to send until assuming no routers are present.
# This is host and not router
net.ipv6.conf.default.router_solicitations = 0

# Accept Router Preference in RA?
net.ipv6.conf.default.accept_ra_rtr_pref = 0

# Learn Prefix Information in Router Advertisement
net.ipv6.conf.default.accept_ra_pinfo = 0

# Setting controls whether the system will accept Hop Limit settings from a router advertisement
net.ipv6.conf.default.accept_ra_defrtr = 0

#router advertisements can cause the system to assign a global unicast address to an interface
net.ipv6.conf.default.autoconf = 0

#how many neighbor solicitations to send out per address?
net.ipv6.conf.default.dad_transmits = 0

# How many global unicast IPv6 addresses can be assigned to each interface?
net.ipv6.conf.default.max_addresses = 1

########## IPv6 networking ends ##############

#Enable ExecShield protection
kernel.exec-shield = 1
kernel.randomize_va_space = 1

# TCP and memory optimization
# increase TCP max buffer size setable using setsockopt()
#net.ipv4.tcp_rmem = 4096 87380 8388608
#net.ipv4.tcp_wmem = 4096 87380 8388608

# increase Linux auto tuning TCP buffer limits
#net.core.rmem_max = 8388608
#net.core.wmem_max = 8388608
#net.core.netdev_max_backlog = 5000
#net.ipv4.tcp_window_scaling = 1

# increase system file descriptor limit
fs.file-max = 65535

#Allow for more PIDs
kernel.pid_max = 65536

#Increase system IP port limits
net.ipv4.ip_local_port_range = 2000 65000

kernel.dmesg_restrict=1
kernel.kptr_restrict=2
kernel.randomize_va_space=2
kernel.yama.ptrace_scope=2
net.ipv4.conf.default.log_martians=1
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.default.accept_redirects=0

 

 Posted by at 12:02

Certmonger defunct RHEL7

 Uncategorized  Comments Off on Certmonger defunct RHEL7
Nov 202017
 

getcert modify-ca -c dogtag-ipa-retrieve-agent-submit -e /usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit
fixed for me, see helper lines in /var/lib/certmonger/cas/*

 Posted by at 12:22

Yum Error: database disk image is malformed fix

 Uncategorized  Comments Off on Yum Error: database disk image is malformed fix
Jul 112017
 

root@host:~# yum update
Loaded plugins: product-id, search-disabled-repos, security, subscription-manager
Setting up Update Process
Error: database disk image is malformed
root@host:~# yum clean all
Loaded plugins: product-id, search-disabled-repos, security, subscription-manager
Cleaning repos: *
Cleaning up Everything
root@host:~# mv /var/lib/rpm/__db* /tmp
root@host:~# rpm –rebuilddb

 Posted by at 14:03