You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
495 lines
19 KiB
495 lines
19 KiB
<?xml version="1.0" encoding="utf-8" standalone="yes" ?> |
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> |
|
<channel> |
|
<title>Hagfi.sh</title> |
|
<link>https://hagfi.sh/index.xml</link> |
|
<description>Recent content on Hagfi.sh</description> |
|
<generator>Hugo -- gohugo.io</generator> |
|
<language>en-us</language> |
|
<lastBuildDate>Sat, 25 Aug 2018 22:08:15 +0200</lastBuildDate> |
|
<atom:link href="https://hagfi.sh/index.xml" rel="self" type="application/rss+xml" /> |
|
|
|
<item> |
|
<title>Let's Encrypt</title> |
|
<link>https://hagfi.sh/administration/letsencrypt/</link> |
|
<pubDate>Sat, 25 Aug 2018 22:08:15 +0200</pubDate> |
|
|
|
<guid>https://hagfi.sh/administration/letsencrypt/</guid> |
|
<description> |
|
|
|
<h2 id="let-s-encrypt">Let&rsquo;s Encrypt:</h2> |
|
|
|
<ul> |
|
<li>Aanmaken / vernieuwen certificaat:</li> |
|
</ul> |
|
|
|
<pre><code>/opt/letsencrypt/letsencrypt-auto certonly |
|
--expand |
|
---email support@nucleus.be |
|
--agree-tos |
|
--webroot |
|
-w /var/www/vhosts/WEB/ROOT |
|
-d domain.tld |
|
-d domainalias.tld |
|
--dry-run |
|
</code></pre> |
|
|
|
<pre><code>/bin/certbot |
|
--text |
|
--agree-tos |
|
--non-interactive |
|
certonly |
|
-a webroot |
|
--webroot-path /var/www/vhosts/WEB/ROOT |
|
-d domain.tld |
|
-d domainalias.tld |
|
--dry-run |
|
</code></pre> |
|
|
|
<p><code>--dry-run</code> om het aanmaken te testen.</p> |
|
|
|
<h3 id="apache-httpd">Apache / httpd</h3> |
|
|
|
<ul> |
|
<li>(1) Voeg volgende regels toe aan de apache config:</li> |
|
</ul> |
|
|
|
<pre><code>Alias /.well-known /var/www/vhosts/letsencrypt/.well-known |
|
&lt;Directory /var/www/vhosts/letsencrypt/.well-known&gt; |
|
order allow,deny |
|
allow from all |
|
satisfy any |
|
&lt;/Directory&gt; |
|
</code></pre> |
|
|
|
<ul> |
|
<li>Of (2) voeg volgende regels toe aan .htaccess:</li> |
|
</ul> |
|
|
|
<pre><code>&lt;IfModule mod_rewrite.c&gt; |
|
RewriteEngine on |
|
#Allow Let's Encrypt SSL renewal |
|
RewriteRule ^.well-known/ - [L,NC] |
|
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ |
|
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L] |
|
</code></pre> |
|
|
|
<ul> |
|
<li>Combineer Basic Auth met Let&rsquo;s Encrypt:<br /> |
|
<em>Dit moet je bekijken ale een if/else. (Ofwel valid-user ofwel REQUEST_URI)</em></li> |
|
</ul> |
|
|
|
<pre><code> &lt;Directory /var/www/vhosts/WEB/ROOT&gt; |
|
AuthType Basic |
|
AuthName protected |
|
AuthUserFile /etc/httpd/passwd/phpmyadmin.htpasswd |
|
require valid-user |
|
Require expr %{REQUEST_URI} =~ m#^/.well-known/acme-challenge/.*# |
|
&lt;/Directory&gt; |
|
</code></pre> |
|
|
|
<h3 id="nginx">Nginx</h3> |
|
|
|
<ul> |
|
<li>Voeg volgende regels toe aan Nginx</li> |
|
</ul> |
|
|
|
<pre><code> location /.well-known { |
|
root /var/www/vhosts/WEB/ROOT; |
|
index index.html index.htm index.php; |
|
} |
|
</code></pre> |
|
|
|
<p>-</p> |
|
|
|
<ul> |
|
<li>Controleer DNS lijst domeinen:</li> |
|
</ul> |
|
|
|
<pre><code>while read LINE; |
|
do |
|
echo $LINE &gt;&gt; list_processed.txt &amp;&amp; dig +short @9.9.9.9 $LINE &gt;&gt; list_processed.txt; |
|
done &lt; list.txt |
|
</code></pre> |
|
|
|
<ul> |
|
<li>(WIP) |
|
<br /></li> |
|
</ul> |
|
|
|
<pre><code>#!/bin/bash |
|
|
|
#IP=&lt;%= @default_ipadress %&gt; |
|
IP=$(dig +short @9.9.9.9 $(hostname)) |
|
FILE=$1 |
|
|
|
while read LINE |
|
do |
|
CHK=$(dig +short @9.9.9.9 $LINE) |
|
if $IP -eq $CHK |
|
echo &quot;$LINE|$CHK&quot; &gt;&gt; /tmp/le-ok |
|
elif |
|
echo &quot;$LINE|$CHK&quot; &gt;&gt; /tmp/le-nok |
|
fi |
|
done &lt; $FILE |
|
|
|
echo &quot;Domains OK:&quot; |
|
echo /tmp/le-ok | column |
|
echo &quot;-------------------------------&quot; |
|
echo &quot;Domains NOT OK:&quot; |
|
echo /tmp/le-nok | column |
|
|
|
rm -rf /tmp/le-ok |
|
rm -rf /tmp/le-nok |
|
</code></pre> |
|
</description> |
|
</item> |
|
|
|
<item> |
|
<title>MySQL Tuner</title> |
|
<link>https://hagfi.sh/administration/mysql_tuner/</link> |
|
<pubDate>Sat, 25 Aug 2018 22:08:15 +0200</pubDate> |
|
|
|
<guid>https://hagfi.sh/administration/mysql_tuner/</guid> |
|
<description> |
|
|
|
<h2 id="mysql-tuner">MySQL Tuner</h2> |
|
|
|
<table> |
|
<thead> |
|
<tr> |
|
<th>WAARDE</th> |
|
<th>ACTIE</th> |
|
</tr> |
|
</thead> |
|
|
|
<tbody> |
|
<tr> |
|
<td><code>query_cache_size</code></td> |
|
<td>AFBLIJVEN</td> |
|
</tr> |
|
|
|
<tr> |
|
<td><code>table_cache</code></td> |
|
<td>AFBLIJVEN <em>(maximumwaarde = 64)</em></td> |
|
</tr> |
|
|
|
<tr> |
|
<td><code>table_open_cache</code></td> |
|
<td>AFBLIJVEN</td> |
|
</tr> |
|
|
|
<tr> |
|
<td><code>join_buffer_size</code></td> |
|
<td>Verhogen indien <code>Joins performed without indexes++</code></td> |
|
</tr> |
|
|
|
<tr> |
|
<td><code>tmp_table_size</code></td> |
|
<td>Verhogen = <code>max_heap_table_size</code></td> |
|
</tr> |
|
|
|
<tr> |
|
<td><code>max_heap_table_size</code></td> |
|
<td>Verhogen <code>= tmp_table_size</code></td> |
|
</tr> |
|
|
|
<tr> |
|
<td><code>query_cache_type</code></td> |
|
<td><code>=1</code> indien <code>=0</code></td> |
|
</tr> |
|
</tbody> |
|
</table> |
|
|
|
<blockquote> |
|
<p>mysql tuning improvements |
|
<code>table_cache</code> NOOIT hoger dan 64 |
|
Sudo vim /etc/my.cnf |
|
query_cache_size&rsquo; =&gt; &lsquo;256M’, |
|
It caches the select query along with the result set, which enables the identical selects to execute faster as the data fetches from the in memory. |
|
Caching voor select queries en bijhorende result sets, wat het mogelijk maakt om identieke selects sneller op te vragen uit memory. |
|
&lsquo;open_files_limit&rsquo; =&gt; &lsquo;4096&rsquo;, |
|
Changes the number of file descriptors available to mysqld. You should try increasing the value of this option if mysqld gives you the error Too many open files. |
|
&lsquo;join_buffer_size&rsquo; =&gt; &lsquo;256K’, |
|
The minimum size of the buffer that is used for plain index scans, range index scans, and joins that do not use indexes and thus perform full table scans. Normally, the best way to get fast joins is to add indexes. Increase the value of join_buffer_size to get a faster full join when adding indexes is not possible. |
|
Minimumgrootte van buffer voor index en table scans.</p> |
|
</blockquote> |
|
|
|
<hr /> |
|
|
|
<blockquote> |
|
<p>&lsquo;max_heap_table_size&rsquo; =&gt; &lsquo;32M’, |
|
This variable sets the maximum size to which user-created MEMORY tables are permitted to grow. |
|
Max grootte van user-created memory tables |
|
These 2 need to be the same size!!! |
|
&lsquo;tmp_table_size&rsquo; =&gt; &lsquo;32M’, |
|
The maximum size of internal in-memory temporary tables. |
|
Max grootte van interne in-memory tijdelijke tabellen</p> |
|
</blockquote> |
|
|
|
<hr /> |
|
|
|
<blockquote> |
|
<p>table_cache=64 (maximumwaarde!!) |
|
Table_Cache should always - well mostly anyway - be significantly bigger than the total number of tables in the server. Otherwise it&rsquo;ll keep opening and closing tables. |
|
Maximumwaarde voor caching van geopende tabellen. |
|
thread_cache_size=4 |
|
How many threads the server should cache for reuse. |
|
Aantal threads dat de server kan cachen voor hergebruik. |
|
&lsquo;innodb_buffer_pool_size&rsquo; =&gt; &lsquo;1G&rsquo;, |
|
The size in bytes of the buffer pool, the memory area where InnoDB caches table and index data. The default value is 128MB.</p> |
|
</blockquote> |
|
|
|
<p>Sudo service mysql/mariadb reload (restart enkel onder toezicht)</p> |
|
|
|
<ul> |
|
<li><code>query_cache_*</code>:</li> |
|
</ul> |
|
|
|
<blockquote> |
|
<p><code>query_cache_type</code><br /> |
|
Needs to be set to 1 to enable caching.<br /> |
|
<code>query_cache_size</code><br /> |
|
Is the size of the cache. This can be in bytes, or you can use a M suffix to specify the amount of megabytes.<br /> |
|
<code>query_cache_limit</code><br /> |
|
Is the maximum size of an individually cached query. Queries over this size won’t go into the cache. This is also in bytes, or megabytes with the M suffix. 1MB is a safe bet.<br /> |
|
Maximumgrootte voor elke individuele gecachte query. Queries groter dan dit zullen niet gecacht worden.<br /> |
|
<code>table_open_cache</code><br /> |
|
Indicates the maximum number of tables the server keeps open</p> |
|
</blockquote> |
|
|
|
<hr /> |
|
|
|
<p><code>innodb_buffer_pool_instances=2</code><br /> |
|
<em>Enables the use of multiple threads for innodb.</em></p> |
|
|
|
<p><code>query_cache_type=1</code><br /> |
|
<em>Enables query caching.</em></p> |
|
|
|
<p><code>join_buffer_size=1024K</code><br /> |
|
<em>Increased the buffer size for non-indexed joins.</em></p> |
|
|
|
<p><code>tmp_table_size=64M &amp;&amp; max_heap_table_size=64M</code><br /> |
|
<em>Increased the size for temporary tables.</em></p> |
|
|
|
<p><code>join_buffer_size</code><br /> |
|
<em>Omwille van het aantal JOIN queries uitgevoerd zonder indexes, werd de minimumgrootte van de buffer voor index en table scans verhoogd.</em></p> |
|
|
|
<p><code>max_heap_table_size &amp; tmp_table_size</code><br /> |
|
<em>De maximale grootte van user-created memory tables en van interne in-memory tijdelijke tabellen werd verhoogd.</em></p> |
|
|
|
<p><code>thread_cache_size</code><br /> |
|
<em>Het maximale aantal threads dat de server kan cachen voor hergebruik werd verhoogd.</em></p> |
|
</description> |
|
</item> |
|
|
|
<item> |
|
<title>Windows troubleshooting</title> |
|
<link>https://hagfi.sh/administration/windows_troubleshooting/</link> |
|
<pubDate>Sat, 25 Aug 2018 22:08:15 +0200</pubDate> |
|
|
|
<guid>https://hagfi.sh/administration/windows_troubleshooting/</guid> |
|
<description> |
|
|
|
<h2 id="windows-troubleshooting">Windows troubleshooting</h2> |
|
|
|
<p>VRAGEN: |
|
+ openen vanuit ticketing, wachtwoord en gebruiker |
|
+ custom even viewer view? |
|
+ test server?</p> |
|
|
|
<h3 id="eventviewer"><em>EventViewer</em></h3> |
|
|
|
<p>run: eventvwr</p> |
|
|
|
<ul> |
|
<li>custom views</li> |
|
<li>windows |
|
|
|
<ul> |
|
<li>application (non windows standard, puppet, vmware, mssql, &hellip;)</li> |
|
<li>security, aan en afmelden</li> |
|
<li>set-up: updates en installatie verwijderen programma&rsquo;s</li> |
|
<li>system: OS meldingen</li> |
|
</ul></li> |
|
<li>application and services: diep graven |
|
<br /> |
|
<br /></li> |
|
</ul> |
|
|
|
<p>&ndash;&gt; Filter Log:</p> |
|
|
|
<ul> |
|
<li>logged (date range)<br /></li> |
|
<li>event level<br /></li> |
|
<li>event source<br /></li> |
|
<li>event ID: 99,-1024,-4634<br /></li> |
|
</ul> |
|
|
|
<p>rechtsonderaan &gt; event copy &gt; copy as text</p> |
|
|
|
<h3 id="powershell"><em>PowerShell</em></h3> |
|
|
|
<pre><code class="language-PowerShell">$first = |
|
$last = |
|
get-eventlog -Logname system - |
|
</code></pre> |
|
|
|
<pre><code class="language-PowerShell"> `get-winevent -LogName 'Microsoft-Windows-TaskScheduler/Operational' | Where-Object { $_.Message -like ‘*insta* }` |
|
</code></pre> |
|
|
|
<h3 id="task-viewer"><em>Task Viewer</em></h3> |
|
|
|
<ul> |
|
<li>tasks</li> |
|
<li>users</li> |
|
<li>performance (indien gecrasht, bevestigen anders is het netwerk)</li> |
|
</ul> |
|
|
|
<h3 id="resource-monitor"><em>Resource monitor</em></h3> |
|
|
|
<p>(task manager &gt; performance &gt; open resouce monitor)</p> |
|
|
|
<p>Overview &gt; CPU (ovenste tab) app aanvinken &ndash;&gt; filtert alles</p> |
|
|
|
<h3 id="netstat"><em>Netstat</em></h3> |
|
|
|
<p><code>netstat -abo &gt; C:\temp\log.txt</code></p> |
|
|
|
<h3 id="chocolate"><em>Chocolate</em></h3> |
|
|
|
<p>C:\ProgramData\chocolatey\bin\Procmon.exe |
|
&ndash;&gt; selecteer lijn+kolom &gt; exclude &lsquo;name&rsquo; (=grep -v) / include &lsquo;name&rsquo; (=grep)</p> |
|
|
|
<h3 id="usefull-programs"><em>Usefull programs</em></h3> |
|
|
|
<ul> |
|
<li>TreeView</li> |
|
<li>VBluescreenviewer</li> |
|
<li>Sysinternals</li> |
|
<li>Zabbix</li> |
|
<li>VMware events</li> |
|
<li>BareTail</li> |
|
<li>choco install</li> |
|
<li>choco list -lo (view choco installed programs)</li> |
|
<li>telnet 12.34.56.78 900</li> |
|
<li>powershell: <code>stop service 'name'</code></li> |
|
</ul> |
|
|
|
<h3 id="eventid-s"><em>EventID&rsquo;s</em></h3> |
|
|
|
<ul> |
|
<li>Event ID 6005: “The event log service was started.” This is synonymous to system startup.</li> |
|
<li>Event ID 6006: “The event log service was stopped.” This is synonymous to system shutdown.</li> |
|
<li>Event ID 6008: &ldquo;The previous system shutdown was unexpected.&rdquo; Records that the system started after it was not shut down properly.</li> |
|
<li>Event ID 6009: Indicates the Windows product name, version, build number, service pack number, and operating system type detected at boot time.</li> |
|
|
|
<li><p>Event ID 6013: Displays the uptime of the computer. There is no TechNet page for this id. |
|
Add to that a couple more from the Server Fault answers listed in my OP:</p></li> |
|
|
|
<li><p>Event ID 1074: &ldquo;The process X has initiated the restart / shutdown of computer on behalf of user Y for the following reason: Z.&rdquo; Indicates that an application or a user initiated a restart or shutdown.</p></li> |
|
|
|
<li><p>Event ID 1076: &ldquo;The reason supplied by user X for the last unexpected shutdown of this computer is: Y.&rdquo; Records when the first user with shutdown privileges logs on to the computer after an unexpected restart or shutdown and supplies a reason for the occurrence.</p></li> |
|
</ul> |
|
|
|
<h3 id="powershell-1"><em>PowerShell</em></h3> |
|
|
|
<pre><code class="language-PowerShell">$filter = &quot;*abbix*&quot; |
|
get-winevent -logname 'Application' | Where-Object { $_.Message -like $filter } |
|
</code></pre> |
|
</description> |
|
</item> |
|
|
|
<item> |
|
<title>Dont Let Your Application Interfere With Letsencrypt</title> |
|
<link>https://hagfi.sh/administration/dont-let-your-application-interfere-with-letsencrypt/</link> |
|
<pubDate>Thu, 23 Aug 2018 22:46:41 +0200</pubDate> |
|
|
|
<guid>https://hagfi.sh/administration/dont-let-your-application-interfere-with-letsencrypt/</guid> |
|
<description> |
|
|
|
<h2 id="tips-and-tricks-to-keep-letsencrypt-working">Tips and tricks to keep letsencrypt working</h2> |
|
</description> |
|
</item> |
|
|
|
<item> |
|
<title>Vue Js</title> |
|
<link>https://hagfi.sh/development/vue-js/</link> |
|
<pubDate>Thu, 23 Aug 2018 22:44:46 +0200</pubDate> |
|
|
|
<guid>https://hagfi.sh/development/vue-js/</guid> |
|
<description> |
|
|
|
<h2 id="awesomeness-about-vuejs">Awesomeness about VueJS</h2> |
|
</description> |
|
</item> |
|
|
|
<item> |
|
<title>Luks Encryption</title> |
|
<link>https://hagfi.sh/administration/luks-encryption/</link> |
|
<pubDate>Thu, 23 Aug 2018 22:08:15 +0200</pubDate> |
|
|
|
<guid>https://hagfi.sh/administration/luks-encryption/</guid> |
|
<description> |
|
|
|
<h2 id="add-a-new-disk-lvm">Add a new disk (LVM)</h2> |
|
|
|
<pre><code>root@server:/dev/centos # for i in /sys/class/scsi_host/host*; do echo &quot;- - -&quot; &gt; $i/scan; done |
|
root@server:/dev/centos # NEWDISK=$(dmesg|tail|grep 'Attached'|awk '{print $4}'|tail -n1|cut -d &quot;[&quot; -f2|cut -d &quot;]&quot; -f1) |
|
root@server:/dev/centos # VGROUP=$(vgdisplay|grep Name|head -n1|awk '{print $3}') |
|
root@server:/dev/centos # echo ${NEWDISK} |
|
sdd |
|
root@server:/dev/centos # echo ${VGROUP} |
|
centos |
|
root@server:/dev/centos # pvcreate /dev/${NEWDISK} |
|
Physical volume &quot;/dev/sdd&quot; successfully created. |
|
root@server:/dev/centos # vgextend ${VGROUP} /dev/${NEWDISK} |
|
Volume group &quot;centos&quot; successfully extended |
|
</code></pre> |
|
|
|
<h2 id="create-a-logical-volume-lvm">Create a logical volume (LVM)</h2> |
|
|
|
<pre><code>root@server:/dev/centos # lvcreate -L 15G -n encrypted centos |
|
Logical volume &quot;encrypted&quot; created. |
|
</code></pre> |
|
|
|
<h2 id="encrypt-the-partition">Encrypt the partition</h2> |
|
|
|
<pre><code>root@server:/dev/centos # cryptsetup -v --verify-passphrase luksFormat /dev/centos/encrypted |
|
root@server:/dev/mapper # cryptsetup luksOpen /dev/centos/encrypted luks-encrypted |
|
</code></pre> |
|
|
|
<h2 id="create-a-mountpoint">Create a mountpoint</h2> |
|
|
|
<pre><code>root@server:/dev/mapper # mkdir /encrypted |
|
root@server:/dev/mapper # mount /dev/mapper/luks-encrypted /encrypted |
|
</code></pre> |
|
|
|
<h2 id="create-a-key-to-auto-mount-the-encrypted-disk">Create a key (to auto-mount the encrypted disk)</h2> |
|
|
|
<pre><code>root@server:/dev/mapper # dd if=/dev/urandom of=/root/lukskey bs=1024 count=4 |
|
root@server:/dev/mapper # chmod 0400 /root/lukskey |
|
</code></pre> |
|
|
|
<h2 id="unmount-and-add-the-key">Unmount and add the key</h2> |
|
|
|
<pre><code>root@server:/ # umount /encrypted |
|
root@server:/ # cryptsetup luksClose luks-encrypted |
|
root@server:/ # cryptsetup luksAddKey /dev/mapper/centos-encrypted /root/lukskey |
|
</code></pre> |
|
|
|
<h2 id="get-uuid">Get UUID</h2> |
|
|
|
<pre><code>root@server:/ # blkid /dev/mapper/centos-encrypted |
|
/dev/mapper/centos-encrypted: UUID=&quot;0dab9a5c-1870-478d-8d74-226eeb512f78&quot; TYPE=&quot;crypto_LUKS&quot; |
|
</code></pre> |
|
|
|
<h2 id="auto-mount-luks-edit-etc-cypttab">Auto-mount LUKS (edit /etc/cypttab)</h2> |
|
|
|
<pre><code>luks-encrypted /dev/disk/by-uuid/0dab9a5c-1870-478d-8d74-226eeb512f78 /root/lukskey luks |
|
</code></pre> |
|
</description> |
|
</item> |
|
|
|
</channel> |
|
</rss> |