2022 Apr. 04 (Mon.) Windowsの標準アプリを削除する方法
_ [link] Windowsの標準アプリを削除する方法
https://www.lifehacker.jp/article/2204you-can-get-rid-of-windows-bloatware/
2022 Mar. 24 (Thu.) [LibreSSL: add/change files] ver. 3.5.1
_ [server] make
make は
tarx libressl-3.5.1.tar.gz cd libressl-3.5.1 ./configure /usr/local/bin/make /usr/local/bin/make install
といつも通り。
_ add/change files
■bin
added: /usr/local/bin/ocspcheck added: /usr/local/bin/openssl
■lib
added: /usr/local/lib/pkgconfig/libssl.pc added: /usr/local/lib/pkgconfig/libtls.pc added: /usr/local/lib/pkgconfig/libcrypto.pc added: /usr/local/lib/pkgconfig/openssl.pc added: /usr/local/lib/libtls.so.24 added: /usr/local/lib/libtls.so added: /usr/local/lib/libtls.la added: /usr/local/lib/libcrypto.a added: /usr/local/lib/libcrypto.so.49 added: /usr/local/lib/libtls.a added: /usr/local/lib/libssl.so added: /usr/local/lib/libcrypto.so added: /usr/local/lib/libtls.so.24.0.1 added: /usr/local/lib/libssl.so.52.0.0 added: /usr/local/lib/libcrypto.la added: /usr/local/lib/libcrypto.so.49.0.0 added: /usr/local/lib/libssl.la added: /usr/local/lib/libssl.so.52 added: /usr/local/lib/libssl.a
■include
added: /usr/local/include/tls.h
■include
--------------------------------------------------- Added files: --------------------------------------------------- added: /usr/local/ssl/include/openssl/gost.h added: /usr/local/ssl/include/openssl/curve25519.h added: /usr/local/ssl/include/openssl/sm3.h added: /usr/local/ssl/include/openssl/poly1305.h added: /usr/local/ssl/include/openssl/chacha.h added: /usr/local/ssl/include/openssl/ct.h added: /usr/local/ssl/include/openssl/x509_verify.h added: /usr/local/ssl/include/openssl/opensslfeatures.h added: /usr/local/ssl/include/openssl/hkdf.h added: /usr/local/ssl/include/openssl/cterr.h added: /usr/local/ssl/include/openssl/sm4.h
--------------------------------------------------- Changed files: --------------------------------------------------- changed: /usr/local/ssl/include/openssl/ssl2.h changed: /usr/local/ssl/include/openssl/objects.h changed: /usr/local/ssl/include/openssl/txt_db.h changed: /usr/local/ssl/include/openssl/dtls1.h changed: /usr/local/ssl/include/openssl/ssl3.h changed: /usr/local/ssl/include/openssl/dso.h changed: /usr/local/ssl/include/openssl/ripemd.h changed: /usr/local/ssl/include/openssl/opensslv.h changed: /usr/local/ssl/include/openssl/engine.h changed: /usr/local/ssl/include/openssl/ocsp.h changed: /usr/local/ssl/include/openssl/cast.h changed: /usr/local/ssl/include/openssl/ts.h changed: /usr/local/ssl/include/openssl/ssl.h changed: /usr/local/ssl/include/openssl/idea.h changed: /usr/local/ssl/include/openssl/ssl23.h changed: /usr/local/ssl/include/openssl/ossl_typ.h changed: /usr/local/ssl/include/openssl/camellia.h changed: /usr/local/ssl/include/openssl/opensslconf.h changed: /usr/local/ssl/include/openssl/ui.h changed: /usr/local/ssl/include/openssl/rsa.h changed: /usr/local/ssl/include/openssl/err.h changed: /usr/local/ssl/include/openssl/rc2.h changed: /usr/local/ssl/include/openssl/whrlpool.h changed: /usr/local/ssl/include/openssl/comp.h changed: /usr/local/ssl/include/openssl/x509.h changed: /usr/local/ssl/include/openssl/obj_mac.h changed: /usr/local/ssl/include/openssl/sha.h changed: /usr/local/ssl/include/openssl/md5.h changed: /usr/local/ssl/include/openssl/cmac.h changed: /usr/local/ssl/include/openssl/pkcs12.h changed: /usr/local/ssl/include/openssl/pkcs7.h changed: /usr/local/ssl/include/openssl/asn1.h changed: /usr/local/ssl/include/openssl/des.h changed: /usr/local/ssl/include/openssl/stack.h changed: /usr/local/ssl/include/openssl/rc4.h changed: /usr/local/ssl/include/openssl/ec.h changed: /usr/local/ssl/include/openssl/aes.h changed: /usr/local/ssl/include/openssl/rand.h changed: /usr/local/ssl/include/openssl/ecdh.h changed: /usr/local/ssl/include/openssl/buffer.h changed: /usr/local/ssl/include/openssl/conf_api.h changed: /usr/local/ssl/include/openssl/pem.h changed: /usr/local/ssl/include/openssl/blowfish.h changed: /usr/local/ssl/include/openssl/safestack.h changed: /usr/local/ssl/include/openssl/ui_compat.h changed: /usr/local/ssl/include/openssl/crypto.h changed: /usr/local/ssl/include/openssl/pem2.h changed: /usr/local/ssl/include/openssl/bio.h changed: /usr/local/ssl/include/openssl/bn.h changed: /usr/local/ssl/include/openssl/conf.h changed: /usr/local/ssl/include/openssl/ecdsa.h changed: /usr/local/ssl/include/openssl/dh.h changed: /usr/local/ssl/include/openssl/x509_vfy.h changed: /usr/local/ssl/include/openssl/modes.h changed: /usr/local/ssl/include/openssl/x509v3.h changed: /usr/local/ssl/include/openssl/tls1.h changed: /usr/local/ssl/include/openssl/evp.h changed: /usr/local/ssl/include/openssl/lhash.h changed: /usr/local/ssl/include/openssl/srtp.h changed: /usr/local/ssl/include/openssl/dsa.h changed: /usr/local/ssl/include/openssl/md4.h changed: /usr/local/ssl/include/openssl/asn1t.h changed: /usr/local/ssl/include/openssl/cms.h changed: /usr/local/ssl/include/openssl/hmac.h
[end of file]
2022 Feb. 23 (Wed.) [qmail] badmailfrom
_ [server] antiSPAM
いい加減 SMAP にうんざりなので管理下の qmail の
設定
badmailfrom
に、もういいやと思って
.cn .biz .work .cloud
と記述。
翌日 log をみてみる
cat /var/log/maillog| grep badmailfrom| awk '{print $9}'
と、それっぽいものが抑止されていてゆけている気も
しましたが、
@biscuit.ocn.ne.jp @sage.ocn.ne.jp @return.nmc.smbcnikko.co.jp
とかも抵触しているようで、どうやら badmailfrom
は正規表現が効いてくれるみたい。
2022 Feb. 11 (Fri.) [yum update err.] Failed to download metadata for repo AppStream
_ [server] centos to vault
centos 8.x eol 起因で yum update 時に
Failed to download metadata for repo AppStream
err. が。
解法はあちこちに置いてあるが、例えば下記。
https://techglimpse.com/failed-metadata-repo-appstream-centos-8/
vault ゆき
http://vault.centos.org
ということで。
2022 Jan. 29 (Sat.) replacement: from letsencrypt-auto to certbot on centOS 7.9.x
_ [server] 背景
/usr/local/src/letsencrypt/letsencrypt-auto renew
にて下記
Your system is not supported by certbot-auto anymore. certbot-auto and its Certbot installation will no longer receive updates. You will not receive any bug fixes including those fixing server compatibility or security problems.
の alert が。
辿って行ったら、去年の 5月くらいから告知されていた。
_ 解法
・certbot install
yum install certbot certbot-1.11.0-2.el7.noarch
・確認
certbot renew --dry-run
・cron 更新
前:
/usr/local/src/letsencrypt/letsencrypt-auto renew --force-renew && /bin/systemctl reload httpd
後:
/usr/bin/certbot renew && /bin/systemctl reload httpd
2022 Jan. 28 (Fri.) yum update: mysql err.
_ [server] 背景
yum update にて下記の err.
warning: /var/cache/yum/x86_64/7/mysql57-community/packages/mysql-community-common-5.7.37-1.el7.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 3a79bd29: NOKEY Public key for mysql-community-common-5.7.37-1.el7.x86_64.rpm is not installed
_ 解法
https://support.cpanel.net/hc/en-us/articles/4419382481815
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
2021 Dec. 20 (Mon.) TeraTerm & mysql: 漢字 / 日本語 入力
_ [server] 背景
where 句に日本語が入っている sql
select * from customer where username='漢字'\G
をコピペしたら、漢字部分が反映されなかった。
ので
select * from customer where username=''\G
となる。
_ 環境
shell 自体では漢字は入力できるし、DB は下記で、
問題ないようにみえる。
mysql> show variables like '%char%'; +--------------------------------------+----------------------------+ | Variable_name | Value | +--------------------------------------+----------------------------+ | character_set_client | utf8 | | character_set_connection | utf8 | | character_set_database | utf8 | | character_set_filesystem | binary | | character_set_results | utf8 | | character_set_server | utf8 | | character_set_system | utf8 | | character_sets_dir | /usr/share/mysql/charsets/ | | validate_password_special_char_count | 1 | +--------------------------------------+----------------------------+ 9 rows in set (0.01 sec)
2021 Nov. 23 (Tue.) dnf on centos8: loglevel 設定
_ loglevel 仕様
https://dnf.readthedocs.io/en/latest/conf_ref.html
によると
logfilelevel
Log file messages output level, in the range 0 to 10. The higher the number the more debug output is put to logs. Default is 9.
This option controls dnf.log, dnf.librepo.log and hawkey.log. Although dnf.librepo.log and hawkey.log are affected only by setting the logfilelevel to 10.
とのこと。
_ loglevel 定義
logfilelevel=8
2021 Oct. 30 (Sat.) fail2ban: restore ban 抑止
_ [server] 背景
server 再起動、後対象 log が再読み込みされ、該当
ip が一斉に restore ban
fail2ban.actions: NOTICE [apache-ddos] Restore Ban
される。
この際、jail の設定 bantime の値が無視されるよう
で、ipset の timeout 値が "0" で set、即ち無制限
となる。
_ ipset entry の解除
ipset flush f2b-apache-ddos
_ jail.conf に追加
norestored = 1
_ unchor [ norestored = 1 の設定は jail.conf ではダメで action.d#..]