トップ 追記

Rescue Unchor: トラブル レスキュー メモ


2023 Dec. 03 (Sun.) yum downGrade [長年日記]

_ 互換性

mysql を 5.7.44 に upgrade したら、諸事情で用い

ている option @my.cnf の

tls_version=TLSv1

が効かなくなり、db server に接続できず。

downGrade することで解決。

yum downgrade mysql-community-common-5.7.42-1.el7.x86_64 \
mysql-community-libs-5.7.42-1.el7.x86_64 \
mysql-community-client-5.7.42-1.el7.x86_64 \
mysql-community-server-5.7.42-1.el7.x86_64 \
mysql-community-libs-compat-5.7.42-1.el7.x86_64

2023 Dec. 02 (Sat.) seLinux command [長年日記]

_ 大抵は無効化しているので

何時も忘れる

ls -Z
restorecon fileName
chcon -u **** fileName

2023 Nov. 29 (Wed.) root server B [長年日記]

_ もう wget を使う人もいないかもしれませんが

wget https://www.internic.net/domain/named.cache


2022 Dec. 31 (Sat.) new year greetings [長年日記]

_ 2023 A Happy New Year!!

お世話になりました皆様

昨年もいろいろと 有り難うございました

本年もまた どうぞ宜しく御願い致します

___________________________

Unchor, Inc. / 01 Jan. 2023


2022 Aug. 31 (Wed.) [ruby / bundle] update

_ [server] command

bundle

gem update --system

bundle clean --force

※bundle update digest


2022 Apr. 04 (Mon.) Windowsの標準アプリを削除する方法


2022 Mar. 24 (Thu.) [LibreSSL: add/change files] ver. 3.5.1

_ [server] make

make は

tarx libressl-3.5.1.tar.gz
cd libressl-3.5.1
./configure
/usr/local/bin/make
/usr/local/bin/make install

といつも通り。

_ add/change files

■bin

added: /usr/local/bin/ocspcheck
added: /usr/local/bin/openssl

■lib

added: /usr/local/lib/pkgconfig/libssl.pc
added: /usr/local/lib/pkgconfig/libtls.pc
added: /usr/local/lib/pkgconfig/libcrypto.pc
added: /usr/local/lib/pkgconfig/openssl.pc
added: /usr/local/lib/libtls.so.24
added: /usr/local/lib/libtls.so
added: /usr/local/lib/libtls.la
added: /usr/local/lib/libcrypto.a
added: /usr/local/lib/libcrypto.so.49
added: /usr/local/lib/libtls.a
added: /usr/local/lib/libssl.so
added: /usr/local/lib/libcrypto.so
added: /usr/local/lib/libtls.so.24.0.1
added: /usr/local/lib/libssl.so.52.0.0
added: /usr/local/lib/libcrypto.la
added: /usr/local/lib/libcrypto.so.49.0.0
added: /usr/local/lib/libssl.la
added: /usr/local/lib/libssl.so.52
added: /usr/local/lib/libssl.a

■include

added: /usr/local/include/tls.h

■include

---------------------------------------------------
Added files:
---------------------------------------------------
added: /usr/local/ssl/include/openssl/gost.h
added: /usr/local/ssl/include/openssl/curve25519.h
added: /usr/local/ssl/include/openssl/sm3.h
added: /usr/local/ssl/include/openssl/poly1305.h
added: /usr/local/ssl/include/openssl/chacha.h
added: /usr/local/ssl/include/openssl/ct.h
added: /usr/local/ssl/include/openssl/x509_verify.h
added: /usr/local/ssl/include/openssl/opensslfeatures.h
added: /usr/local/ssl/include/openssl/hkdf.h
added: /usr/local/ssl/include/openssl/cterr.h
added: /usr/local/ssl/include/openssl/sm4.h
---------------------------------------------------
Changed files:
---------------------------------------------------
changed: /usr/local/ssl/include/openssl/ssl2.h
changed: /usr/local/ssl/include/openssl/objects.h
changed: /usr/local/ssl/include/openssl/txt_db.h
changed: /usr/local/ssl/include/openssl/dtls1.h
changed: /usr/local/ssl/include/openssl/ssl3.h
changed: /usr/local/ssl/include/openssl/dso.h
changed: /usr/local/ssl/include/openssl/ripemd.h
changed: /usr/local/ssl/include/openssl/opensslv.h
changed: /usr/local/ssl/include/openssl/engine.h
changed: /usr/local/ssl/include/openssl/ocsp.h
changed: /usr/local/ssl/include/openssl/cast.h
changed: /usr/local/ssl/include/openssl/ts.h
changed: /usr/local/ssl/include/openssl/ssl.h
changed: /usr/local/ssl/include/openssl/idea.h
changed: /usr/local/ssl/include/openssl/ssl23.h
changed: /usr/local/ssl/include/openssl/ossl_typ.h
changed: /usr/local/ssl/include/openssl/camellia.h
changed: /usr/local/ssl/include/openssl/opensslconf.h
changed: /usr/local/ssl/include/openssl/ui.h
changed: /usr/local/ssl/include/openssl/rsa.h
changed: /usr/local/ssl/include/openssl/err.h
changed: /usr/local/ssl/include/openssl/rc2.h
changed: /usr/local/ssl/include/openssl/whrlpool.h
changed: /usr/local/ssl/include/openssl/comp.h
changed: /usr/local/ssl/include/openssl/x509.h
changed: /usr/local/ssl/include/openssl/obj_mac.h
changed: /usr/local/ssl/include/openssl/sha.h
changed: /usr/local/ssl/include/openssl/md5.h
changed: /usr/local/ssl/include/openssl/cmac.h
changed: /usr/local/ssl/include/openssl/pkcs12.h
changed: /usr/local/ssl/include/openssl/pkcs7.h
changed: /usr/local/ssl/include/openssl/asn1.h
changed: /usr/local/ssl/include/openssl/des.h
changed: /usr/local/ssl/include/openssl/stack.h
changed: /usr/local/ssl/include/openssl/rc4.h
changed: /usr/local/ssl/include/openssl/ec.h
changed: /usr/local/ssl/include/openssl/aes.h
changed: /usr/local/ssl/include/openssl/rand.h
changed: /usr/local/ssl/include/openssl/ecdh.h
changed: /usr/local/ssl/include/openssl/buffer.h
changed: /usr/local/ssl/include/openssl/conf_api.h
changed: /usr/local/ssl/include/openssl/pem.h
changed: /usr/local/ssl/include/openssl/blowfish.h
changed: /usr/local/ssl/include/openssl/safestack.h
changed: /usr/local/ssl/include/openssl/ui_compat.h
changed: /usr/local/ssl/include/openssl/crypto.h
changed: /usr/local/ssl/include/openssl/pem2.h
changed: /usr/local/ssl/include/openssl/bio.h
changed: /usr/local/ssl/include/openssl/bn.h
changed: /usr/local/ssl/include/openssl/conf.h
changed: /usr/local/ssl/include/openssl/ecdsa.h
changed: /usr/local/ssl/include/openssl/dh.h
changed: /usr/local/ssl/include/openssl/x509_vfy.h
changed: /usr/local/ssl/include/openssl/modes.h
changed: /usr/local/ssl/include/openssl/x509v3.h
changed: /usr/local/ssl/include/openssl/tls1.h
changed: /usr/local/ssl/include/openssl/evp.h
changed: /usr/local/ssl/include/openssl/lhash.h
changed: /usr/local/ssl/include/openssl/srtp.h
changed: /usr/local/ssl/include/openssl/dsa.h
changed: /usr/local/ssl/include/openssl/md4.h
changed: /usr/local/ssl/include/openssl/asn1t.h
changed: /usr/local/ssl/include/openssl/cms.h
changed: /usr/local/ssl/include/openssl/hmac.h

[end of file]


2022 Feb. 23 (Wed.) [qmail] badmailfrom

_ [server] antiSPAM

いい加減 SMAP にうんざりなので管理下の qmail の

設定

badmailfrom

に、もういいやと思って

.cn
.biz
.work
.cloud

と記述。

翌日 log をみてみる

cat /var/log/maillog| grep badmailfrom| awk '{print $9}'

と、それっぽいものが抑止されていてゆけている気も

しましたが、

@biscuit.ocn.ne.jp
@sage.ocn.ne.jp
@return.nmc.smbcnikko.co.jp

とかも抵触しているようで、どうやら badmailfrom

は正規表現が効いてくれるみたい。

_ 正規表現にて再設定

下記と書き換え。

@.*\.cn$
@.*\.biz$
@.*\.work$
@.*\.cloud$

その後 log を確認すると、効いている感が。


2022 Feb. 11 (Fri.) [yum update err.] Failed to download metadata for repo AppStream

_ [server] centos to vault

centos 8.x eol 起因で yum update 時に

Failed to download metadata for repo AppStream

err. が。

解法はあちこちに置いてあるが、例えば下記。

https://techglimpse.com/failed-metadata-repo-appstream-centos-8/

vault ゆき

http://vault.centos.org

ということで。


2022 Jan. 29 (Sat.) replacement: from letsencrypt-auto to certbot on centOS 7.9.x

_ [server] 背景

/usr/local/src/letsencrypt/letsencrypt-auto renew

にて下記

Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.

の alert が。

辿って行ったら、去年の 5月くらいから告知されていた。

_ 解法

・certbot install

yum install certbot
certbot-1.11.0-2.el7.noarch

・確認

certbot renew --dry-run

・cron 更新

前:

/usr/local/src/letsencrypt/letsencrypt-auto renew --force-renew && /bin/systemctl reload httpd

後:

/usr/bin/certbot renew && /bin/systemctl reload httpd

_ afterword

centOS 8.5.x は certbot で実行されていた。

certbot-1.22.0-1.el8.noarch