แสดงกระทู้

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - golfreeze

Pages: 1 2 [3] 4 5 ... 144
31
===install squid on ubuntu20.04
apt update
apt install squid
systemctl status squid.service
systemctl enable squid.service
vi /etc/squid/squid.conf

===start of squid.conf===
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
 # Deny CONNECT to other than secure SSL ports
 http_access deny CONNECT !SSL_ports
 # Only allow cachemgr access from localhost
 http_access allow localhost manager
 http_access deny manager
 # We strongly recommend the following be uncommented to protect innocent
 # web applications running on the proxy server who think the only
 # one who can access services on "localhost" is a local user
 #http_access deny to_localhost
 #
 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
 #
 include /etc/squid/conf.d/*
 ##allow user pass authen via proxy
 auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords
 auth_param basic realm proxy
 acl authenticated proxy_auth REQUIRED
 ##add from golf ip whois current ip check via https://whatismyipaddress.com/
 acl localnet src 49.228.38.136
 # Example rule allowing access from your local networks.
 # Adapt localnet in the ACL section to list your (internal) IP networks
 # from where browsing should be allowed
 #http_access allow localnet
 #http_access allow localhost
 http_access allow authenticated
 # And finally deny all other access to this proxy
 http_access deny all
===end of squid.conf===

===after that last step need to install for htaccess password user
apt install apache2-utils
htpasswd -c /etc/squid/passwords axpkl2
systemctl restart squid.service
ufw allow 3128

=====Ip: 116.204.180.2
=====setup proxy user and password
htpasswd  /etc/squid/passwords axpkl3


==test from pc or Macbook (49.228.38.136)
curl -v -x http://axpkl2:pklpkl2@116.204.180.2:3128 http://www.google.com/

=====show log could connect via proxy normally
===tail -f /var/log/squid/access.log
==DENIED
1643733370.341      0 49.228.38.136 TCP_DENIED/407 4051 CONNECT www.google.com:443 axpkl HIER_NONE/- text/html
==CONNECTED
1643733378.519    291 49.228.38.136 TCP_TUNNEL/200 26450 CONNECT www.google.com:443 axpkl2 HIER_DIRECT/142.250.199.36

33
=== ถ้าต้องการ ส่งจำนวนอีเมลมากๆ ไปหา gmail ต้องทำการขออนุญาตในลิ้งนี้
https://support.google.com/mail/contact/bulk_send_new?rd=1

34
migrate and export redis on prem and restore to AWS elasticache

======Example: Redis Backup ==> https://www.w3resource.com/redis/redis-backup.php
The example given below creates the backup of the current database.
127.0.0.1:6379> SAVE
OK
This command will create the dump.rdb file in your redis directory.

Restore:
CONFIG GET
To restore redis data just move redis backup file (dump.rdb) into your redis directory and start the server. To get your redis directory use CONFIG command can be used. The CONFIG GET command is used to read the configuration parameters of a running Redis server.
127.0.0.1:6379> CONFIG get dir
1) “dir"
2) "/var/lib/redis/6379”
In the output of above command "/var/lib/redis/6379" is the directory, where redis server is installed.

==== restore .rdb to AWS elastic ache  https://github.com/leonchen83/redis-rdb-cli
apt-get install openjdk-8-jdk
wget https://github.com/leonchen83/redis-rdb-cli/releases/download/v0.7.4/redis-rdb-cli-release.zip
unzip redis-rdb-cli-release.zip
cd ./redis-rdb-cli/bin
./rmt -h

==connect via stunnel4 need to connect via stunnel
./rmt -s dump.rdb -m redis://172.31.20.105:6374 -r
get golf2
or
./rmt -s dump.rdb -m redis://172.31.20.105:6374 -t list -d 0
 \[    5 B|    3 B/s]

35
##centos 8.x สามารถใช้งานตามนี้ได้เลย ต้องใช้เป็น nrpe 3.2.1 นะครับ จะได้ไม่เจอปัญหาเรื่อง
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with ip: 1

tar zxf nrpe3.2.1.tar.gz

cp init-script /etc/init.d/nrpe
chmod 755 /etc/init.d/nrpe
แก้เป็นตามนี้
#NrpeBin=${exec_prefix}/bin/nrpe
NrpeBin=/usr/local/nagios/bin/nrpe
#NrpeCfg=${prefix}/etc/nrpe.cfg
NrpeCfg=/usr/local/nagios/etc/nrpe.cfg

แล้วก็ systemctl daemon-reload

start nrpe
/etc/init.d/nrpe restart

36
upgrade php7.4 on directadmin

==== upgrade PHP7.4
cd /usr/local/directadmin/custombuild
./build update
./build set php1_release 7.4
./build set php1_mode php-fpm

./build php n
./build rewrite_confs

===If found error
Libjpeg not found

==fixed by install libjpeg-devel on centos
yum install libjpeg-devel
yum -y install krb5-devel

==fixed by install libjpeg-devel on Debian
apt install libjpeg-dev
apt install krb5-dev

==fixed by install on freebsd [checking whether to build with LIBXML support... yes
checking for libxml-2.0 >= 2.7.6... no
configure: error: in `/usr/local/directadmin/custombuild/php-7.4.2':
configure: error: The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.]
=> fixed by
pkg install pkgconf krb5

===If found error
checking for icu-uc >= 50.1 icu-io icu-i18n… no
configure: error: Package requirements (icu-uc >= 50.1 icu-io icu-i18n) were not met:
Requested 'icu-uc >= 50.1' but version of icu-uc is 4.8.1.1

===fixed by re-build icu
./build update
./build icu
==start compile php again.
./build php n

==or build only 7.4
./build php_expert 7.4 php-fpm

37
เจอ error #1264 Out of range value adjusted for column 'ID' at row 1 ID บน board smf
แก้ไขโดย
alter table smf_ads change HITS HITS BIGINT NOT NULL default '0';

38
===== send syslog to sensor node.  [normally syslog send to master node only]
https://docs.securityonion.net/en/2.3/firewall.html?highlight=syslog#allow-hosts-to-send-syslog-to-a-sensor-node

==step1 run on master
so-firewall addhostgroup syslogtosensor1

==step2 run on master
so-firewall includehost syslogtosensor1 ipของsyslog-ngที่จะส่งไปsensor

==step3 run on master “sensor_heavynode.sls” => /opt/so/saltstack/local/pillar/minions/<HOSTNAME>_<ROLE>.sls
/opt/so/saltstack/local/pillar/minions/sensor_heavynode.sls
firewall:
  assigned_hostgroups:
    chain:
      DOCKER-USER:
        hostgroups:
          syslogtosensor1:
            portgroups:
              - portgroups.syslog

==step4 run on master salt <HOSTNAME>_<ROLE> state.apply firewall
salt sensor_heavynode state.apply firewall

==step5 : run on sensor node
==check and view see connection establish for source_log send to sensor_ip
netstat -na | grep 514

39
ในกรณีเจอเครื่อง centos ไม่ให้ใช้งาน port อื่นนอกจาก 514 เพื่อรับ log สามารถตรวจเชคได้ ติด selinux หรือเปล่านะครับ

semanage port --list | grep syslog
syslogd_port_t                 tcp      601, 20514
syslogd_port_t                 udp      514, 601, 20514

ถ้าขึ้นมาเป็น 20514 สามารถใช้ตัวนี้ได้นะครับผม

40
all application on unix knowledges by golfreeze / pacemaker crm manual command
« on: สิงหาคม 16, 2021, 11:39:50 AM »
=====CRM manual  Putting cluster in maintenance mode for a maintenance activity on the SAP servers.
Many times there will be a need to do some kind of maintenance of a SAP server like OS patching, kernel upgrade, SID stacking etc.

In cases like these you might need to restart the servers but if the servers/nodes are in the cluster then the pacemaker will start migrating the services which can create a setback for the administrators. To avoid such scenarios we can simply put the cluster or a particular node in maintenance mode to avoid unwanted resource migrations.

There are three ways to achieve this depending on the situation.

Put the cluster in maintenance mode
crm configure property maintenance-mode="true"
Put the node in maintenance mode
crm node maintenance <node>
Put the node in standby mode
crm node standby <node>

==Once the activity is completed move the cluster or node out of maintenance using below commands.

Move the cluster out of maintenance
crm configure property maintenance-mode="false"
Move the node out of maintenance
crm node ready <node>
Move the node out of standby
crm node online <node>

====Most Important Commands for managing a pacemaker cluster

CRM monitoring commands-

-> crm status : Check the status of the cluster and its services.
-> crm_mon    : Live nonitoring of the cluster

CRM Node Commands

-> crm node show                : list the nodes in the cluster.
-> crm node standby <node name> : put a node on standby
-> crm node fence <node name>   : fence a particular node. (Restart)
-> crm node online <node name>  : bring a node online after standby.
-> crm node clearstate <node>   : clear a nodes state. (if in error)
-> crm node maintenance <node>  : put the node in maintenance mode. Will not affect the cluster services or resources
-> crm node ready <node>        : put the node out of maintenance

CRM Cluster Commands

-> crm cluster health           : Check the health of the cluster.
-> crm cluster start            : Start cluster services on the node.
-> crm cluster stop             : Stop cluster services on the node.
-> crm cluster restart          : Restart cluster services on the node.
-> crm cluster status           : Show cluster services on this node.

CRM Resource Commands

-> crm resource status <name>   : Check status of the resource
-> crm resource start <name>    : Start the resource.
-> crm resource stop  <name>    : Stop the resource.
-> crm resource cleanup <name>  : Cleanup the resource.(if in error)
-> crm resource migrate <name> <node> : Migrate the resource from this node to another.

==special thank you
https://www.linkedin.com/pulse/everything-you-need-know-sap-pacemaker-cluster-testing-robin-singh/

41
ตามนี้เลยครับ

Simply visit the Plugins » Installed Plugins page inside WordPress admin area.
Here you'll see the list of all your installed plugins with a link to 'Enable auto-updates' next to each plugin. You need to click on the 'Enable auto-updates' link to turn on automatic updates for individual plugins.

https://www.wpbeginner.com/plugins/how-to-enable-automatic-updates-for-wordpress-plugins/

42
command , shell script ,tool , crontab / Re: basic command for xargs
« on: กรกฎาคม 28, 2021, 10:22:31 PM »
1.txt
2.txt
3.txt
4.txt
5.txt

ทำการ rename นามสกุลไฟล์จาก .txt -> .text

ls | cut -d. -f1 | xargs -I {} mv {}.txt {}.text

เท่านี้ก็จะได้เป็น
1.text
2.text
3.text
4.text
5.text

 8)

43
หรือจะเขียนให้ อนุญาตแค่ ไฟล์ตระกูลรูปภาพ ที่เหลือ deny ทั้งหมดก็
order allow,deny
<Files ~ "\.(jpg|jpeg|png|gif|pdf|txt|bmp)$">
   allow from all
</Files>

44
=== postgres force drop database
If found error :
 database "boss_v2" is being accessed by other users
 DETAIL:  There are 2 other sessions using the database.

==fixed by force drop
REVOKE CONNECT ON DATABASE boss_v2 FROM public;
SELECT pg_terminate_backend(pg_stat_activity.pid)
FROM pg_stat_activity
WHERE pg_stat_activity.datname = 'bot’;
==and drop again
drop database boss_v2;

===when create found problem try to template0
CREATE DATABASE dbname TEMPLATE template1;
=If template1 is not available or corrupted, you can use template0 as last resort:
CREATE DATABASE dbname TEMPLATE template0;

ลองกันดูนะครับผม  8)

45
นำค่าของตำแหน่งสุดท้าย(จำนวนเงิน) มารวมกัน และเอาค่า , ออก แล้วมา sum ดูว่าเป็นทั้งหมดเท่าไร เช่น
sum.txt
05/06   20.00 USD CLOUDFLARE HTTPSWWW.CLOU US   06/06   641.84
07/06   TOPS-PIN KLAO BANGKOK TH        07/06   2,127.50

cat sum.txt | awk -F/ '{print $NF}' | awk '{print $2}' | sed 's/,//g' |  paste -sd+ | bc

Pages: 1 2 [3] 4 5 ... 144