#Security Settings start #https://securityheaders.io/?q=blog.fawcs.info&hide=on&followRedirects=on #HSTS-enabled Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; pre #Content-Security-Policy Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' ' #Public-Key-Pins #X-Frame-Options Header always set X-Frame-Options "SAMEORIGIN" #X-XSS-Protection Header always set X-Xss-Protection "1; mode=block" #X-Content-Type-Options Header always set X-Content-Type-Options "nosniff" SSLProxyEngine on SSLEngine on SSLProtocol all -SSLv2 -SSLv3 -TLSv1 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+S !3DES !MD5 !EXP !PSK !SRP !DSS" #Custom Settings TraceEnable off ServerSignature Off ServerTokens Prod
UPDATE – 20181203:
or just use the microsoft driver as described on reddit – https://www.reddit.com/r/ChipCommunity/comments/5hndoj/setting_up_the_chip_under_win10_walkthrough/
Today I got my new CHIP (https://nextthing.co) dev board/mini pc and tryed to set it up, but as I found out thats quite tricky to do.
Regarding to the documentation the chip only needs to be connected to a pc with a micro USB cable and is automatically installed as serial device. After the installation the chip should be accessible via a COM-port with putty or any other program for serial communication.
So far so good, BUT … as I had to find out, the driver didn’t got installed and so it wasn’t accessible …
By default Windows should identify the device automatically and install the CDC Composite Gadget driver out of the box. But in my case it didn’t work.
It seems that the identfier canged from A4A7 to A4AA:
After some some googleing I found a driver on kernel.org which nearly worked.
But it would have been too easy if it worked out of the box. So I had to adapt the *.inf-file to match my HW-ID.
Change the follwoing lines
In short: replace A4A7 with A4AA 😉
Afterwards the driver could be installed and the chip should work (as long as you do not have Windows 10).
If you try to install the driver on a Windows 10 machine, Windows will complain about the unsigned driver and will not install the driver.
To get it work on Windows 10, the OS needs to be rebooted in option mode:
When Windows starts up again the driver signature check could be disabled for this start and after the system is up again it’s possible to install the driver.
Today I received an useful link regarding Cisco L2 Access Switch-deployments with some interesting settings I wasn’t aware of till know.
The document is available via the following Link.
Today I once again upgraded a vCenter installation and afterwards I wanted to use the RVC, but I always got the following error when trying to open the RVC:
C:/Program Files/VMware/vCenter Server/ruby/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require’: 193: %1 is not a valid Win32 application. – C:/Program Files/VMware/vCenter Server/ruby/lib/ruby/2.1.0/x64-mingw32/zlib.so (LoadError)
So … hm … fubar. It seems that there still remain some old files on the FS when upgrading and those old files seem to cause some trouble.
To fix the problem you could try to uninstall just the vmware-ruby.msi and vmware-rvc.msi (I uninstalled both, maybe it’s enough to uninstall only the rvc-package) and reinstall. After uninstalling the file there will still be an folder rvc at “C:\Program Files\VMware\vCenter Server” – rename it before reinstallling the MSI-packages to get a clean installation!
Attention – VMware passes some parameters to the MSI-files . If you just doubleclick on the files, they will get installed, but not under:
C:\Program Files\VMware\vCenter Server
I used the parameters from the upgrade which were:
F:\vCenter-Server\Packages>msiexec /i VMware-ruby.msi ALLUSERS=1 ARPSYSTEMCOMPON
ENT=1 INSTALLPATH=”C:\Program Files\VMware\vCenter Server\” APPDATAPATH=”C:\Prog
F:\vCenter-Server\Packages>msiexec /i VMware-rvc.msi ALLUSERS=1 ARPSYSTEMCOMPONE
NT=1 INSTALLPATH=”C:\Program Files\VMware\vCenter Server\” APPDATAPATH=”C:\Progr
While I was trying to update a VMware vCenter 6 to 6u1 today I had the problem, that the upgrade failed permanently, because of the following error:
Installation of component VMware JRE standalone installer failed with error code ‘3010’. Check the logs for more details.
Searching on the net did not bring up any results regarding this error, so I had to debug it myself. I tried to call the vmware-jre.msi directly from the DVD-ISO, and at first it seemd to run through, but, after some minutes of waiting, the MSI opened a pop up and asked for the installation-CD for vmware-jre.msi. It seemd that the new MSI wanted to uninstall the old msi-package and when trying to uninstall the old package the problem with the installation-media-dialoge popped up.
Trying to install the old version from the already installed vCenter also ended up in asking for an installation media.
At the end I started an administrative cmd-window and ran “msiexec /uninstall vmware-jre.msi” which uninstalled the old JRE and afterwards an update-process of the vCenter was possible.
Dump from the Error-Log:
The MSI-packages are located on the vCenter installation disk. The iso can be downloaded from: https://my.vmware.com/web/vmware/details?productId=491&downloadGroup=VC600U1 (VMware Account needed)
Once the ISO is downloaded it can be mounted/opened (eg. 7zip) and the MSI-Packages are located at: \vCenter-Server\Packages\
Mounting the ISO and chaning with an administrative commandline to the above path is the easiest way to uninstall the file. Otherwise the DVD-content could also be extracted to any directory.
Zabbix is quite cool, but there are still some minor problems which make life a littel bit harder (or just do not look too good).
One of this little bugs it, that if you add the wrong interface to your host and try to query it (and an error is returend) – results in an red icon for the corresponding intrface in the hosts-overview.
The only way (I know) to reset those interface is to delete the host and create it new, or the easier way would be to clone the host and delte the old one. To be honest – I don’t like any of those two possiblities, so i decided to find another way.
As a matter of fact, the info is stored in the database so we could reset the icon in the DB: herefor we need to log in to the database and find the correct table. I assume you know hot wo log in to your DB 😉
The table which stores the infor about the interfaces would be the “hosts”-table. Ths table contains a column called “available” which indicates the interface status. For the zabbix agent it’s just called available, for snmp, ipmi, jmx, you alway the the type as a prefix – so snmp: snmp_available. the column stores an integer from 0 to 3 with:
0=if not in use (gray)
1=if in use and everything is fine =green
2=if in use and an error occured=red
so by updating the DB-entry we could reset the icon-indicator for a specific host.
UPDATE hosts SET available=0 WHERE hostid=12345;
… would set the icon for the Agent to gray for the host 12345. The host-id could be obtained by hovering over the link to the host or opening the host and afertwards it’s displayed in the address bar.
After setting up a ESXi-Cluster with VSAN based on VMware 6 the Fujitsu CIM-Providers did not provide any hardware health states and also the Fujitsu vCenter plugin did not provide any data. The service always timed out an no data where gathered. Instead the following error message was diplaed:
No new host data available. Data will be updated in 5 minutes
All that happened after updating the ESXi & FJ CIM providers with the VMware Update Manager.
After some investigation it seemed that the ESXi could not communicate with the CIM-Server. A restart of the CIM-Provider and clearing of the sensor-data and event-log seemed to fix the problem and the server was finaly able to gather data.
Redhat offers a great tool with Redhat satellite server especially with Satellite 6. But the price is quite high, and if you need to provides packages and updates to multiple separated environments it’s out of the picture.
(For those who are interessted – Katello is the upstream project of Redhat’s Satellite 6).
So the question is now, how to get the the Redhat repos to your deployment server.
First a subscription is needed and only channels/repos included in this subscription can be synchronized.
If we have the channels/repos availalbe on our system which we want to use to sync we can use reposync to pull all the repositoriers from the internet.
The follwoing example shows a list of repositories which are available on my machine:
The easiest way to sync a repo is to just call the following command:
Important is to add the -l option to the command. The command enables the yum-plugins and to be able to sync directly from Redhat those plugins have to be enabeld!
But I think the most people don’t want to run the synchronization by hand and some metadata also would be nice – so you can use/adapt the following script and add it as a cronjob.
So, what does this script do?
Because it’s intended to be used as a cronjob it logs the sync-process to /var/log/reposync – I don’t do any logrotation because the files are quite small and the cronjobs runs only once a week – so there is not too much space used by the logfiles and I clean them from hand. but if its ran more often you should think about log rotation.
Reposync itself creates a subfolder in the spceified directory which is named like the repoid and contains the metadata (comps & updateinfo + a directory called getPackage which contains the rpm-packages). The comps-file contains all the group-infos and updateinfo is needed if you want to use yum just for security updates.
Herefor the yum-plugin “yum-plugin-security” is a good choice.
With the “–download-metadata” parameter in the reposync command the updateinfo.xml-files are also downloaded (as far as they exist for the repo). Normaly the file is downloaded in the following format: <HASH>-updateinfo.xml.gz
To use the updateinfo-file in your synchronized repo the file has to be gunziped and renamed to updateinfo.xml – so the hash at the beginning of the filname needs to be striped away. Otherwise it is likely that the updates are not recognized correctly! So convert your downloaded updateinfo-metadata file to updateinfo.xml and run use modify repo to update your repository with the security update informations from the updateinfo.xml.
For some of Ciscos SFP modules Cisco implemented some DOM (Digital optical monitoring) capabilities. This means, that you can debug fibre-links to a certain grade with thos DOM-enabeld fibre modules. For example the GLC-LH-SMD is such a modules.
With DOM-capbale modules the command
can be executed on the switch and the RX & TX power on the modules links are displayed. It’s a cool feature to quickly debug a fibre link and check the attenuation on a link.
Further infos and an example can be found at:
Ever had the problem that you tried running a script on a linux-machine and got an error message like the following one?
-bash: ./getRaidFromIrmc.php: /usr/bin/php^M: bad interpreter: No such file or directory
The ^M indicatees that e file you are trying to run is DOS-encoded. This means that its using a CHAR 13 instead of CHAR 10 for a line break and Linux does not like that kind of line break. That often happens if you are writing a script or config file on a Windows machine and transfer it to a Linux machine.
If you try to run/parse the file in linux -> wrong encoding and BAM
The first time I ran into this problem was while deploying a RHEL machine with a faulty kickstart file, but if you know what the problem is it’s quite easy to fix it. Just run “dos2unix” over your file and everything should work again as it should work.
If you often have to modify Linux-files on widows machines I’ld recommend you to use Notepadd++, because it has a feature implemented to set the correct EOL-conversion and lots of more cool and useful plugins like the built in FTP/SFTP-plugin.