トップ 追記

Rescue Unchor: トラブル レスキュー メモ

2022 Apr. 04 (Mon.) Windowsの標準アプリを削除する方法

_ [link] Windowsの標準アプリを削除する方法

https://www.lifehacker.jp/article/2204you-can-get-rid-of-windows-bloatware/

[ツッコミを入れる]

2022 Mar. 24 (Thu.) [LibreSSL: add/change files] ver. 3.5.1

_ [server] make

make は

tarx libressl-3.5.1.tar.gz
cd libressl-3.5.1
./configure
/usr/local/bin/make
/usr/local/bin/make install

といつも通り。

_ add/change files

■bin

added: /usr/local/bin/ocspcheck
added: /usr/local/bin/openssl

■lib

added: /usr/local/lib/pkgconfig/libssl.pc
added: /usr/local/lib/pkgconfig/libtls.pc
added: /usr/local/lib/pkgconfig/libcrypto.pc
added: /usr/local/lib/pkgconfig/openssl.pc
added: /usr/local/lib/libtls.so.24
added: /usr/local/lib/libtls.so
added: /usr/local/lib/libtls.la
added: /usr/local/lib/libcrypto.a
added: /usr/local/lib/libcrypto.so.49
added: /usr/local/lib/libtls.a
added: /usr/local/lib/libssl.so
added: /usr/local/lib/libcrypto.so
added: /usr/local/lib/libtls.so.24.0.1
added: /usr/local/lib/libssl.so.52.0.0
added: /usr/local/lib/libcrypto.la
added: /usr/local/lib/libcrypto.so.49.0.0
added: /usr/local/lib/libssl.la
added: /usr/local/lib/libssl.so.52
added: /usr/local/lib/libssl.a

■include

added: /usr/local/include/tls.h

■include

---------------------------------------------------
Added files:
---------------------------------------------------
added: /usr/local/ssl/include/openssl/gost.h
added: /usr/local/ssl/include/openssl/curve25519.h
added: /usr/local/ssl/include/openssl/sm3.h
added: /usr/local/ssl/include/openssl/poly1305.h
added: /usr/local/ssl/include/openssl/chacha.h
added: /usr/local/ssl/include/openssl/ct.h
added: /usr/local/ssl/include/openssl/x509_verify.h
added: /usr/local/ssl/include/openssl/opensslfeatures.h
added: /usr/local/ssl/include/openssl/hkdf.h
added: /usr/local/ssl/include/openssl/cterr.h
added: /usr/local/ssl/include/openssl/sm4.h
---------------------------------------------------
Changed files:
---------------------------------------------------
changed: /usr/local/ssl/include/openssl/ssl2.h
changed: /usr/local/ssl/include/openssl/objects.h
changed: /usr/local/ssl/include/openssl/txt_db.h
changed: /usr/local/ssl/include/openssl/dtls1.h
changed: /usr/local/ssl/include/openssl/ssl3.h
changed: /usr/local/ssl/include/openssl/dso.h
changed: /usr/local/ssl/include/openssl/ripemd.h
changed: /usr/local/ssl/include/openssl/opensslv.h
changed: /usr/local/ssl/include/openssl/engine.h
changed: /usr/local/ssl/include/openssl/ocsp.h
changed: /usr/local/ssl/include/openssl/cast.h
changed: /usr/local/ssl/include/openssl/ts.h
changed: /usr/local/ssl/include/openssl/ssl.h
changed: /usr/local/ssl/include/openssl/idea.h
changed: /usr/local/ssl/include/openssl/ssl23.h
changed: /usr/local/ssl/include/openssl/ossl_typ.h
changed: /usr/local/ssl/include/openssl/camellia.h
changed: /usr/local/ssl/include/openssl/opensslconf.h
changed: /usr/local/ssl/include/openssl/ui.h
changed: /usr/local/ssl/include/openssl/rsa.h
changed: /usr/local/ssl/include/openssl/err.h
changed: /usr/local/ssl/include/openssl/rc2.h
changed: /usr/local/ssl/include/openssl/whrlpool.h
changed: /usr/local/ssl/include/openssl/comp.h
changed: /usr/local/ssl/include/openssl/x509.h
changed: /usr/local/ssl/include/openssl/obj_mac.h
changed: /usr/local/ssl/include/openssl/sha.h
changed: /usr/local/ssl/include/openssl/md5.h
changed: /usr/local/ssl/include/openssl/cmac.h
changed: /usr/local/ssl/include/openssl/pkcs12.h
changed: /usr/local/ssl/include/openssl/pkcs7.h
changed: /usr/local/ssl/include/openssl/asn1.h
changed: /usr/local/ssl/include/openssl/des.h
changed: /usr/local/ssl/include/openssl/stack.h
changed: /usr/local/ssl/include/openssl/rc4.h
changed: /usr/local/ssl/include/openssl/ec.h
changed: /usr/local/ssl/include/openssl/aes.h
changed: /usr/local/ssl/include/openssl/rand.h
changed: /usr/local/ssl/include/openssl/ecdh.h
changed: /usr/local/ssl/include/openssl/buffer.h
changed: /usr/local/ssl/include/openssl/conf_api.h
changed: /usr/local/ssl/include/openssl/pem.h
changed: /usr/local/ssl/include/openssl/blowfish.h
changed: /usr/local/ssl/include/openssl/safestack.h
changed: /usr/local/ssl/include/openssl/ui_compat.h
changed: /usr/local/ssl/include/openssl/crypto.h
changed: /usr/local/ssl/include/openssl/pem2.h
changed: /usr/local/ssl/include/openssl/bio.h
changed: /usr/local/ssl/include/openssl/bn.h
changed: /usr/local/ssl/include/openssl/conf.h
changed: /usr/local/ssl/include/openssl/ecdsa.h
changed: /usr/local/ssl/include/openssl/dh.h
changed: /usr/local/ssl/include/openssl/x509_vfy.h
changed: /usr/local/ssl/include/openssl/modes.h
changed: /usr/local/ssl/include/openssl/x509v3.h
changed: /usr/local/ssl/include/openssl/tls1.h
changed: /usr/local/ssl/include/openssl/evp.h
changed: /usr/local/ssl/include/openssl/lhash.h
changed: /usr/local/ssl/include/openssl/srtp.h
changed: /usr/local/ssl/include/openssl/dsa.h
changed: /usr/local/ssl/include/openssl/md4.h
changed: /usr/local/ssl/include/openssl/asn1t.h
changed: /usr/local/ssl/include/openssl/cms.h
changed: /usr/local/ssl/include/openssl/hmac.h

[end of file]

[ツッコミを入れる]

2022 Feb. 23 (Wed.) [qmail] badmailfrom

_ [server] antiSPAM

いい加減 SMAP にうんざりなので管理下の qmail の

設定

badmailfrom

に、もういいやと思って

.cn
.biz
.work
.cloud

と記述。

翌日 log をみてみる

cat /var/log/maillog| grep badmailfrom| awk '{print $9}'

と、それっぽいものが抑止されていてゆけている気も

しましたが、

@biscuit.ocn.ne.jp
@sage.ocn.ne.jp
@return.nmc.smbcnikko.co.jp

とかも抵触しているようで、どうやら badmailfrom

は正規表現が効いてくれるみたい。

_ 正規表現にて再設定

下記と書き換え。

@.*\.cn$
@.*\.biz$
@.*\.work$
@.*\.cloud$

その後 log を確認すると、効いている感が。

[ツッコミを入れる]

2022 Feb. 11 (Fri.) [yum update err.] Failed to download metadata for repo AppStream

_ [server] centos to vault

centos 8.x eol 起因で yum update 時に

Failed to download metadata for repo AppStream

err. が。

解法はあちこちに置いてあるが、例えば下記。

https://techglimpse.com/failed-metadata-repo-appstream-centos-8/

vault ゆき

http://vault.centos.org

ということで。

[ツッコミを入れる]

2022 Jan. 29 (Sat.) replacement: from letsencrypt-auto to certbot on centOS 7.9.x

_ [server] 背景

/usr/local/src/letsencrypt/letsencrypt-auto renew

にて下記

Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.

の alert が。

辿って行ったら、去年の 5月くらいから告知されていた。

_ 解法

・certbot install

yum install certbot
certbot-1.11.0-2.el7.noarch

・確認

certbot renew --dry-run

・cron 更新

前:

/usr/local/src/letsencrypt/letsencrypt-auto renew --force-renew && /bin/systemctl reload httpd

後:

/usr/bin/certbot renew && /bin/systemctl reload httpd

_ afterword

centOS 8.5.x は certbot で実行されていた。

certbot-1.22.0-1.el8.noarch
[ツッコミを入れる]

2022 Jan. 28 (Fri.) yum update: mysql err.

_ [server] 背景

yum update にて下記の err.

warning: /var/cache/yum/x86_64/7/mysql57-community/packages/mysql-community-common-5.7.37-1.el7.x86_64.rpm:
Header V4 RSA/SHA256 Signature, key ID 3a79bd29: NOKEY
Public key for mysql-community-common-5.7.37-1.el7.x86_64.rpm is not installed

_ 解法

https://support.cpanel.net/hc/en-us/articles/4419382481815

rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
[ツッコミを入れる]

2022 Jan. 01 (Sat.) new year greetings

_ [info] 2022 A Happy New Year!!

お世話になりました皆様

昨年もいろいろと 有り難うございました

本年もまた どうぞ宜しく御願い致します

___________________________

Unchor, Inc. / 01 Jan. 2022

[ツッコミを入れる]

2021 Dec. 20 (Mon.) TeraTerm & mysql: 漢字 / 日本語 入力

_ [server] 背景

 where 句に日本語が入っている sql

select * from customer where username='漢字'\G

 をコピペしたら、漢字部分が反映されなかった。

 ので

select * from customer where username=''\G

 となる。

_ 環境

 shell 自体では漢字は入力できるし、DB は下記で、

 問題ないようにみえる。

mysql> show variables like '%char%';
+--------------------------------------+----------------------------+
| Variable_name                        | Value                      |
+--------------------------------------+----------------------------+
| character_set_client                 | utf8                       |
| character_set_connection             | utf8                       |
| character_set_database               | utf8                       |
| character_set_filesystem             | binary                     |
| character_set_results                | utf8                       |
| character_set_server                 | utf8                       |
| character_set_system                 | utf8                       |
| character_sets_dir                   | /usr/share/mysql/charsets/ |
| validate_password_special_char_count | 1                          |
+--------------------------------------+----------------------------+
9 rows in set (0.01 sec)

_ 解法

 一時的に

export LANG=ja_JP.UTF-8

 とすることで、utf が入力、反映されるようになりま

 した。

 bash の LANG=C が原因だった模様。

[ツッコミを入れる]

2021 Nov. 23 (Tue.) dnf on centos8: loglevel 設定

_ [server] 背景

 下記

/var/log/dnf.log

 を確認したところ DEBUG level であり冗長

_ loglevel 仕様

 https://dnf.readthedocs.io/en/latest/conf_ref.html

 によると

logfilelevel

Log file messages output level, in the range 0 to 10. The higher the number the more debug output is put to logs. Default is 9.

This option controls dnf.log, dnf.librepo.log and hawkey.log. Although dnf.librepo.log and hawkey.log are affected only by setting the logfilelevel to 10.

 とのこと。

_ loglevel 定義

logfilelevel=8
[ツッコミを入れる]

2021 Oct. 30 (Sat.) fail2ban: restore ban 抑止

_ [server] 背景

 server 再起動、後対象 log が再読み込みされ、該当

 ip が一斉に restore ban

fail2ban.actions: NOTICE  [apache-ddos] Restore Ban

 される。

 この際、jail の設定 bantime の値が無視されるよう

 で、ipset の timeout 値が "0" で set、即ち無制限

 となる。

_ ipset entry の解除

ipset flush f2b-apache-ddos

_ jail.conf に追加

norestored = 1
本日のツッコミ(全1件) [ツッコミを入れる]

_ unchor [ norestored = 1  の設定は  jail.conf ではダメで  action.d#..]

2022年
4月
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30

最近の日記

最近のツッコミ

  1. unchor (01-17)
Generated by tDiary version 5.1.7
Powered by Ruby version 3.0.2-p107