Selasa, 29 Mei 2018

How to install oracle java 7.0.80 centos 7 from tar.gz

  Tidak ada komentar

cd /opt/jdk1.8.0_171/
alternatives --install /usr/bin/java java /opt/jdk1.8.0_171/bin/java 2
alternatives --config java


There are 3 programs which provide 'java'.

  Selection    Command
-----------------------------------------------
*  1           /opt/jdk1.7.0_71/bin/java
 + 2           /opt/jdk1.8.0_45/bin/java
   3           /opt/jdk1.8.0_144/bin/java
   4           /opt/jdk1.8.0_171/bin/java

Enter to keep the current selection[+], or type selection number: 4

alternatives --install /usr/bin/jar jar /opt/jdk1.8.0_171/bin/jar 2
alternatives --install /usr/bin/javac javac /opt/jdk1.8.0_171/bin/javac 2
alternatives --set jar /opt/jdk1.8.0_171/bin/jar
alternatives --set javac /opt/jdk1.8.0_171/bin/javac


java -version

java version "1.8.0_171"
Java(TM) SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.171-b11, mixed mode)

Minggu, 27 Mei 2018

Virtual Machine Failed to extend swap file from 0 KB to xxxx KB

  Tidak ada komentar

Resolution

This issue occurs if the ESX/ESXi host is unable to create the swap file required to power on the virtual machine. This is most likely due to a storage problem on the datastore where the swap file is located.
To workaround this issue when you see the Invalid metadata error, perform one of these options:
Note: This workaround allows you to power on the virtual machine. You still need to investigate the underlying storage issue.
To workaround this issue when you see the error No space left on device, grow or add extents to the volume in question.

Source : https://kb.vmware.com/s/article/1030719

Jumat, 18 Mei 2018

Rabu, 16 Mei 2018

Selasa, 15 Mei 2018

Install Comodo Certificate Haproxy solved error chain issues incomplete

  Tidak ada komentar
Install Comodo Certificate Haproxy solved error chain issues incomplete contain anchor

When we buy certificate from comodo, we will get 4 files on zip
  • Root CA Certificate - AddTrustExternalCARoot.crt
  • Intermediate CA Certificate - COMODORSAAddTrustCA.crt
  • Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
  • Your PositiveSSL Certificate - www_example_com.crt (or the subdomain you gave them)
Private key you get when you generate the csr for buy certificate from comodo
here is how to generate csr :

openssl req -new -newkey rsa:2048 -nodes -keyout example_com.key -out example_com.csr

Merge all certificate except Add Trus External, because it provided on browser by default

cat private.key www_example_com.crt COMODORSADomainValidationSecureServerCA.crt  COMODORSAAddTrustCA.crt  > domain.pem

Mapping the certificate on haproxy 

Run config test to make sure the certificate is valid

haproxy -c -V -f /etc/haproxy/haproxy.cfg



Before exclude add trust external certificate

After exclude add trust external certificate

Selasa, 08 Mei 2018

Creating a .pem Certificate from Comodo CA

  Tidak ada komentar

Creating a dot pem File

SSL .pem files (concatenated certificate container files), are frequently required for certificate installations when multiple certificates are being imported as one file.

This article contains multiple sets of instructions that walk through various .pem file creation scenarios.

Creating a .pem with the Entire SSL Certificate Trust Chain

Log into your Comodo Management Console and download your Intermediate (COMODOCA.crt), Root (addtrustexternalcaroot.crt), and Primary Certificates (your_domain_name.crt).

Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:

The Primary Certificate - your_domain_name.crtThe Intermediate Certificate - COMODOCA.crtThe Root Certificate - AddTrustExternalCAROOT.crt

Make sure to include the beginning and end tags on each certificate. The result should look like this:

-----BEGIN CERTIFICATE----- 
(Your Primary SSL certificate: your_domain_name.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Intermediate certificate: COMODOCA.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Root certificate: AddTrustExternalCAROOT.crt) 
-----END CERTIFICATE-----

Save the combined file as your_domain_name.pem. The .pem file is now ready to use.

Creating a .pem with the Server and Intermediate Certificates

Log into your COMODO Management Console and download your Intermediate (COMODOCA.crt) and Primary Certificates (your_domain_name.crt).

Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:

The Primary Certificate - your_domain_name.crtThe Intermediate Certificate - COMODOCA.crt

Make sure to include the beginning and end tags on each certificate. The result should look like this:

-----BEGIN CERTIFICATE----- 
(Your Primary SSL certificate: your_domain_name.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Intermediate certificate: COMODOCA.crt) 
-----END CERTIFICATE-----

Save the combined file as your_domain_name.pem. The .pem file is now ready to use.

Creating a .pem with the Private Key and Entire Trust Chain

Log into your COMODO Management Console and download your Intermediate (COMODOCA.crt) and Primary Certificates (your_domain_name.crt).

Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:

The Private Key - your_domain_name.keyThe Primary Certificate - your_domain_name.crtThe Intermediate Certificate - COMODOCA.crtThe Root Certificate - AddTrustExternalCARoot.crt

Make sure to include the beginning and end tags on each certificate. The result should look like this:

-----BEGIN RSA PRIVATE KEY----- 
(Your Private Key: your_domain_name.key) 
-----END RSA PRIVATE KEY----- 
-----BEGIN CERTIFICATE----- 
(Your Primary SSL certificate: your_domain_name.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Intermediate certificate: COMODOCA.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Root certificate: AddTrustExternalCARoot.crt) 
-----END CERTIFICATE-----

Save the combined file as your_domain_name.pem. The .pem file is now ready to use.

Sabtu, 05 Mei 2018

How to enable and disable sslv3 in popular browser

  Tidak ada komentar


Internet Explorer®
Take the following steps to enable or disable SSL in Microsoft Internet Explorer:
Open Internet ExplorerClick ToolsClick Internet OptionsClick the Advanced tabCheck or uncheck the options for Use SSL 2.0 and Use SSL 3.0Click OKExit and relaunch the browser
Chrome®
Take the following steps to enable or disable SSL in Google Chrome:
Open Google ChromeClick the Chrome menu button
Note: The button is in the upper right of the browser and is indicated by three horizontal lines.Click SettingsClick Show advanced settingsClick Change proxy settings under the Network sectionClick the Advanced tabCheck or uncheck the options for Use SSL 2.0 and Use SSL 3.0Close the Settings tabExit and relaunch the browser
Firefox®
Take the following steps to enable or disable SSL in Mozilla Firefox on Microsoft Windows:
Open Mozilla FirefoxClick the Firefox menuClick OptionsClick the Advanced iconClick the Encryption tab and check or uncheck the box next to Use SSL 3.0Click OKExit and relaunch the browser
Take the following steps to enable or disable SSL in Mozilla Firefox on Macintosh OS X:
Open Mozilla FirefoxClick the Firefox menuClick PreferencesClick the Advanced tabClick the Encryption tabCheck or uncheck Use SSL 3.0Close the Preferences windowExit and relaunch the browser
Safari®
SSL is enabled by default in the Safari browser and cannot be disabled.

How to Disable and Re-enable SSL 3.0 in Firefox

  Tidak ada komentar

How to Disable and Re-enable SSL 3.0 in Firefox?

POODLE vulnerability in SSLv3 is a major security risk and you should take immediate action by disabling SSL 3.0 in your web browser. This article will show you how to turn off or disable SSL 3.0 in Mozilla Firefox. Also learn, how to temporarily enable SSLv3 in Firefox.

Secure Sockets Layer (SSL) is a cryptographic protocol that ensures communication security over the Internet. Back in 2014, Google discovered a vulnerability in SSL 3.0. Named “POODLE”, the vulnerability can be exploited to steal various confidential information, including passwords and cookies. So, SSL 3.0 is now officially insecure. Websites and browsers are urged to turn off SSLv3 and use modern protocols such as Transport Layer Security (TLS).

Disable SSLv3 in Firefox:

SSLv3 is disabled by default since Firefox 34. If you are using an older version of Firefox, follow the steps mentioned below to disable SSL 3.0 and secure your browser.

Open Mozilla Firefox browser.In the Location Bar, enter about:config and press the enter button (or click the arrow symbol in the location bar).You’ll receive following warning message: “This might void your warranty”. Click I’ll be careful, I promise!.In the Search box under about:config, type tls and some results will appear.From the results, find preference named security.tls.version.min and double click on it. The Enter integer value window will appear. Enter 1 and press OK button.Next step is to enable default maximum supported TLS version (TLS 1.2). Find preference named security.tls.version.max and double click on it. Enter 3 as the integer value and press OK.

That’s it! You have successfully turned off the SSL 3.0 protocol in your Firefox browser.

The preference security.tls.version.min specifies the minimum required protocol version, while the security.tls.version.max denotes the maximum supported protocol version. Integer value for the both preferences can range from 0 to 3. 0 means SSL 3.0; 1 means TLS 1.0; 2 means TLS 1.1 and 3 means TLS 1.2. In the above mentioned guide, we used integer value 1 for security.tls.version.min. That means TLS 1.0 is the minimum supported protocol in your browser. And a value of 3 for preference security.tls.version.max means, your browser supports encryption protocol up to TLS 1.2.

How to enable SSL 3.0 in Firefox?

Considering the seriousness of the POODLE vulnerability, I’d never suggest anyone to enable SSLv3. Do you want to re-enable SSL 3.0 for testing purpose or for visiting a certain website? If yes, follow the steps below to enable SSLv3 in Firefox.

Open Firefox browser.Enter about:config in the location bar and press the enter button.When the warning message appears, press I’ll be careful, I promise! button.Go to the Search box inside about:config and type tls.Find preference named security.tls.version.min, double click on it.Enter 0 in the integer value box and press OK button.

That’s all! By setting 0 as value of security.tls.version.min, you have successfully re-enable SSLv3 in Mozilla Firefox. Don’t make it permanent. Reset or the value for security.tls.version.min or re-enable SSL 3.0 once you are done with your testing.

Kamis, 03 Mei 2018

Rabu, 02 Mei 2018

How to extend AIX file system df lsvg chfs

  Tidak ada komentar

Summary

df -k [FILESYSTEM] to find out existing filesystem usage and LV for that filesystem
lslv [LVNAME] to find out VG for that LV
lsvg [VGNAME] to find out how many PPs are free
chfs -a size=[size setting] [FILESYSTEM]to grow the filesystem

If your chfs command above errors out with 0516-787 extendlv: Maximum allocation for logical volume LVNAME is NUMBER, then you need to: chlv -x [num] [lvname]

df -k [FILESYSTEM] to see changes made


Our /home directory reached 90%

# df -k /home
Filesystem 1024-blocks Free %Used Iused %Iused Mounted on
/dev/hd1 2097152 218780 90% 25894 30% /home
#

Do we have enough space available in VG to expand?

Find out the VG.

# lslv hd1
LOGICAL VOLUME: hd1 VOLUME GROUP: rootvg
LV IDENTIFIER: 0007b8420000d9000000011f2491100e.8 PERMISSION: read/write
VG STATE: active/complete LV STATE: opened/syncd
TYPE: jfs2 WRITE VERIFY: off
MAX LPs: 512 PP SIZE: 128 megabyte(s)
COPIES: 1 SCHED POLICY: parallel
LPs: 20 PPs: 20
STALE PPs: 0 BB POLICY: relocatable
INTER-POLICY: minimum RELOCATABLE: yes
INTRA-POLICY: center UPPER BOUND: 32
MOUNT POINT: /home LABEL: /home
MIRROR WRITE CONSISTENCY: on/ACTIVE
EACH LP COPY ON A SEPARATE PV ?: yes
Serialize IO ?: NO
#

How much space is available in the VG?

# lsvg rootvg
VOLUME GROUP: rootvg VG IDENTIFIER: 0007b8420000d9000000011f2491100e
VG STATE: active PP SIZE: 128 megabyte(s)
VG PERMISSION: read/write TOTAL PPs: 599 (76672 megabytes)
MAX LVs: 256 FREE PPs: 282 (36096 megabytes)
LVs: 13 USED PPs: 317 (40576 megabytes)
OPEN LVs: 11 QUORUM: 2 (Enabled)
TOTAL PVs: 1 VG DESCRIPTORS: 2
STALE PVs: 0 STALE PPs: 0
ACTIVE PVs: 1 AUTO ON: yes
MAX PPs per VG: 32512
MAX PPs per PV: 1016 MAX PVs: 32
LTG size (Dynamic): 256 kilobyte(s) AUTO SYNC: no
HOT SPARE: no BB POLICY: relocatable
#

Use chfs command to expand

Examples

chfs -a size=3G /home
chfs -a size=3000M /home
chfs -a size=+1G /home
chfs -a size=+500M /home

What those mean

The “M” stands for megabytesThe “G” stands for gigabytesThe “+” is relative sizing: change the current amount by adding this muchWithout the “+” is absolute sizing: change the current amount TO this muchNOTE: You can use “-” to decrease a filesystem size. Generally speaking for LVs, it is harder to shrink a filesystem. Sometimes it cannot be done while the filesystem is mounted, and sometimes depending on fragmentation it may not be able to be done at all. I have found AIX to be more robust in this department than various Linux LVM implementations. Generally speaking, though, when you increase your filesystem size, it is best to think of it as permanent .. (for the most part).

From the chfs man page …

If Value has the M suffix, it is interpreted to be in Megabytes. If Value has a G suffix, it is interpreted to be in Gigabytes. If Value begins with a +, it is interpreted as a request to increase the file system size by the specified amount. If the specified size is not evenly divisible by the physical partition size, it is rounded up to the closest number that is evenly divisible.

My example.. Change to absolute size 2.5G or 2500M

# df -k /home
Filesystem 1024-blocks Free %Used Iused %Iused Mounted on
/dev/hd1 2097152 218780 90% 25894 30% /home
# chfs -a size=2500M /home
Filesystem size changed to 5242880
# df -k /home
Filesystem 1024-blocks Free %Used Iused %Iused Mounted on
/dev/hd1 2621440 742988 72% 25894 13% /home
#

If chfs errors with 0516-787: extendlv: Maximum allocation (etc)…

If you get an error like:

0516-787 extendlv: Maximum allocation for logical volume vg01vol1
is 512.

This means that you have hit the limit on the LV of how large you can make it.

The first time I hit this error I almost had a heart attack. Fortunately, you can extend this very easily either using chlvor smitty

In this example I was trying to expand my LV (mydatalv01) to 600 PPs and the limit was 512 PPs

# chlv -x 600 mydatalv01

After that you can then do your chfs command

# chfs -a size=+25G /mydata01

In smitty:

smitty chlv -> Change a Logical Volume -> [ENTER] -> LOGICAL VOLUME name -> [F4]

And from there you can change LV properties.

DONE!