Senin, 07 September 2020

How to split and compress apache log with logrotate

  Tidak ada komentar

 Open the httpd log rotate script on /etc/logrotate.d/httpd

/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
    endscript
}

Change the script to following script
/var/log/httpd/*log {
    daily
    rotate 365
    missingok
    notifempty
    dateext
    compress
    compresscmd /usr/bin/bzip2
    compressext .bz2
    copytruncate
    sharedscripts
}

You can testing the script directly using following command
logrotate -df /etc/logrotate.d/httpd
You can execute the script directly using following command
logrotate -f /etc/logrotate.d/httpd

Selasa, 25 Agustus 2020

Logrotate sample script to moving old archieve log to directory in different disk

  Tidak ada komentar

Log rotate sample script

/var/log/SoaPlan.err {
    daily
    rotate 28
    missingok
    notifempty
#    olddir /var/log/PaymentRobot
#    compress
    dateext
    compress
#    compresscmd /bin/bzip2
     compresscmd /usr/bin/bzip2
    compressext .bz2
    copytruncate
    sharedscripts
#    postrotate
    lastaction
        day=$(date +%Y%m%d)
        daytime=$(date +%Y%m%d-%H:%M:%S)
        mv SoaPlan.err-$day.bz2 /var/log/soaplan/SoaPlan.err-$daytime.bz2
    endscript
}


Command to compress file using bzip2

How to compress decompress file using bzip2

  Tidak ada komentar

File size before compressed

   0 -rw-------   1 root   root      0 Aug 16 03:12 maillog-20200823
512K -rw-------   1 root   root   287K Aug 26 11:10 messages
211M -rw-------   1 root   root   211M Aug  2 03:28 messages-20200802
225M -rw-------   1 root   root   225M Aug  9 03:46 messages-20200809
200M -rw-------   1 root   root   200M Aug 16 03:12 messages-20200816
164M -rw-------   1 root   root   164M Aug 23 03:10 messages-20200823
3.8M -rw-------   1 root   root   3.8M Aug 26 10:58 messages-20200826.bz2
   0 drwxr-xr-x.  2 root   root    132 Jul 13 16:47 ntopng

Command to compress file using bzip2
[[email protected] log]# bzip2 -z messages-20200802
[[email protected] log]#

The result of file after compressed
   0 -rw-------   1 root   root      0 Aug 16 03:12 maillog-20200823
512K -rw-------   1 root   root   377K Aug 26 11:13 messages
 10M -rw-------   1 root   root    10M Aug  2 03:28 messages-20200802.bz2
225M -rw-------   1 root   root   225M Aug  9 03:46 messages-20200809
200M -rw-------   1 root   root   200M Aug 16 03:12 messages-20200816
164M -rw-------   1 root   root   164M Aug 23 03:10 messages-20200823
3.8M -rw-------   1 root   root   3.8M Aug 26 10:58 messages-20200826.bz2
   0 drwxr-xr-x.  2 root   root    132 Jul 13 16:47 ntopng


Some files size after compression using bzip2
   0 -rw-------   1 root   root      0 Aug 16 03:12 maillog-20200823
512K -rw-------   1 root   root   455K Aug 26 11:16 messages
 10M -rw-------   1 root   root    10M Aug  2 03:28 messages-20200802.bz2
9.7M -rw-------   1 root   root   9.7M Aug  9 03:46 messages-20200809.bz2
9.0M -rw-------   1 root   root   9.0M Aug 16 03:12 messages-20200816.bz2
7.5M -rw-------   1 root   root   7.5M Aug 23 03:10 messages-20200823.bz2
3.8M -rw-------   1 root   root   3.8M Aug 26 10:58 messages-20200826.bz2
   0 drwxr-xr-x.  2 root   root    132 Jul 13 16:47 ntopng

Command to decompress file that compressed using bzip2
[[email protected] log]# bzip2 -d messages-20200802.bz2
[[email protected] log]#
File result after decompression
   0 -rw-------   1 root   root      0 Aug 16 03:12 maillog-20200823
512K -rw-------   1 root   root   458K Aug 26 11:16 messages
211M -rw-------   1 root   root   211M Aug  2 03:28 messages-20200802
9.7M -rw-------   1 root   root   9.7M Aug  9 03:46 messages-20200809.bz2
9.0M -rw-------   1 root   root   9.0M Aug 16 03:12 messages-20200816.bz2
7.5M -rw-------   1 root   root   7.5M Aug 23 03:10 messages-20200823.bz2
3.8M -rw-------   1 root   root   3.8M Aug 26 10:58 messages-20200826.bz2
   0 drwxr-xr-x.  2 root   root    132 Jul 13 16:47 ntopng


Jumat, 14 Agustus 2020

How to reset password rootdn Ldap

  Tidak ada komentar

 Export rootdn configuration to file

[[email protected] ~]# ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW | tee ~/newpasswd.ldif
dn: olcDatabase={0}config,cn=config
olcRootDN: cn=config
olcRootPW: {SSHA}1g3T4jH5NhFOmIHwLHAinajpXTUlJHyx

dn: olcDatabase={2}bdb,cn=config
olcRootDN: cn=cognos,dc=wachid,dc=com
olcRootPW: {SSHA}FIu/Nv95MMiMH/rEMk4A4cVCGIYKVQ8+

[[email protected] ~]#
Check the exported configuration
[[email protected] ~]# cat newpasswd.ldif
dn: olcDatabase={2}bdb,cn=config
olcRootDN: cn=cognos,dc=wachid,dc=com
olcRootPW: {SSHA}FIu/Nv95MMiMH/rEMk4A4cVCGIYKVQ8+

[[email protected] ~]#
Create new ldap password to exported configuration
[[email protected] ~]# slappasswd -h {SSHA} >> newpasswd.ldif
New password:
Re-enter new password:
[[email protected] ~]#
[[email protected] ~]# vi newpasswd.ldif
[[email protected] ~]#

 Modify the old password using modified exported configuration file

[[email protected] ~]# ldapmodify -H ldapi:// -Y EXTERNAL -f ~/newpasswd.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}bdb,cn=config"

[[email protected] ~]#

 Testing the ldap using new password

[[email protected] ~]# ldapsearch -h localhost -b "dc=wachid,dc=com" -D "cn=cognos,dc=wachid,dc=com" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=wachid,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# wachid.com
dn: dc=wachid,dc=com
objectClass: dcObject
objectClass: organization
o: wachid.com
dc: wachid

# users, wachid.com
dn: ou=users,dc=wachid,dc=com
objectClass: organizationalUnit
objectClass: top
ou: users

# groups, wachid.com
dn: ou=groups,dc=wachid,dc=com
objectClass: organizationalUnit
objectClass: top
ou: groups

# userwachidgrp, groups, wachid.com
dn: cn=userwachidgrp,ou=groups,dc=wachid,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 100
cn: userwachidgrp

# userwachid, users, wachid.com
dn: uid=userwachid,ou=users,dc=wachid,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: menhub
uid: menhub
uidNumber: 16859
gidNumber: 100
homeDirectory: /home/userwachid
loginShell: /bin/bash
gecos: menhub
userPassword:: e1NTSEF9Rkl1L052OTVNTWlNSC9yRU1rNEE0Y1ZDR0lZS1ZROCs=
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
..
..
# search result
search: 2
result: 0 Success

# numResponses: 14
# numEntries: 13
[[email protected] ~]#


Sabtu, 11 Juli 2020

How to remove brick from replication gluster and add the brick for distributed type

  Tidak ada komentar
Check gluster volume info
[[email protected] ~]# gluster volume info

Volume Name: hubla-dev
Type: Replicate
Volume ID: 4d3c0286-1689-469d-8d67-5af4bd440b84
Status: Started
Snapshot Count: 0
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: doksvrdc-dev:/data/brick1/h0
Brick2: doksvrdrc-dev:/data/brick1/h0
Options Reconfigured:
transport.address-family: inet
nfs.disable: on
performance.client-io-threads: off
[[email protected] ~]#

Remove brick from volume
[[email protected] ~]# gluster volume remove-brick hubla-dev replica 1 doksvrdc-dev:/data/brick1/h0 start
volume remove-brick start: failed: Migration of data is not needed when reducing replica count. Use the 'force' option
[[email protected] ~]# gluster volume remove-brick hubla-dev replica 1 doksvrdc-dev:/data/brick1/h0 force
Removing brick(s) can result in data loss. Do you want to Continue? (y/n) y
volume remove-brick commit force: success
[[email protected] ~]#

Check the gluster volume again
[[email protected] ~]# gluster volume info

Volume Name: hubla-dev
Type: Distribute
Volume ID: 4d3c0286-1689-469d-8d67-5af4bd440b84
Status: Started
Snapshot Count: 0
Number of Bricks: 1
Transport-type: tcp
Bricks:
Brick1: doksvrdrc-dev:/data/brick1/h0
Options Reconfigured:
transport.address-family: inet
nfs.disable: on
performance.client-io-threads: on
[[email protected] ~]#

Check gluster volume info
[[email protected] ~]# lsblk
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
fd0               2:0    1    4K  0 disk
sda               8:0    0   16G  0 disk
├─sda1            8:1    0    1G  0 part /boot
└─sda2            8:2    0   14G  0 part
  ├─centos-root 253:0    0   10G  0 lvm  /
  └─centos-swap 253:1    0    4G  0 lvm  [SWAP]
sdb               8:16   0  100G  0 disk
└─sdb1            8:17   0  100G  0 part /data/brick1
sdc               8:32   0  100G  0 disk
sr0              11:0    1    4G  0 rom
[[email protected] ~]#
[[email protected] ~]# cfdisk /dev/sdc

Disk has been changed.

WARNING: If you have created or modified any
DOS 6.x partitions, please see the cfdisk manual
page for additional information.
[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]# lsblk
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
fd0               2:0    1    4K  0 disk
sda               8:0    0   16G  0 disk
├─sda1            8:1    0    1G  0 part /boot
└─sda2            8:2    0   14G  0 part
  ├─centos-root 253:0    0   10G  0 lvm  /
  └─centos-swap 253:1    0    4G  0 lvm  [SWAP]
sdb               8:16   0  100G  0 disk
└─sdb1            8:17   0  100G  0 part /data/brick1
sdc               8:32   0  100G  0 disk
└─sdc1            8:33   0  100G  0 part
sr0              11:0    1    4G  0 rom
[[email protected] ~]#


Create the directory and filesystem
[[email protected] ~]# mkdir -p /data/brick2
[[email protected] ~]#
[[email protected] ~]# mkfs.xfs /dev/sdc
sdc   sdc1
[[email protected] ~]# mkfs.xfs /dev/sdc1
meta-data=/dev/sdc1              isize=256    agcount=4, agsize=6553598 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=0        finobt=0
data     =                       bsize=4096   blocks=26214392, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal log           bsize=4096   blocks=12799, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[[email protected] ~]# mount /dev/sdc1 /data/brick2
[ro[email protected] ~]#
[[email protected] ~]# df -h
df: ‘/gclient’: Transport endpoint is not connected
Filesystem                Size  Used Avail Use% Mounted on
/dev/mapper/centos-root    10G  884M  9.2G   9% /
devtmpfs                  3.9G     0  3.9G   0% /dev
tmpfs                     3.9G     0  3.9G   0% /dev/shm
tmpfs                     3.9G  8.6M  3.9G   1% /run
tmpfs                     3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/sdb1                 100G   33M  100G   1% /data/brick1
/dev/sda1                1014M  129M  886M  13% /boot
tmpfs                     783M     0  783M   0% /run/user/0
doksvrdrc-dev:/hubla-dev  100G   33M  100G   1% /data/test
/dev/sdc1                 100G   33M  100G   1% /data/brick2
[[email protected] ~]#

Check gluster volume info
[[email protected] ~]# gluster volume add-brick hubla-dev doksvrdrc-dev:/data/brick2/h0
volume add-brick: success
[[email protected] ~]#
[[email protected] ~]# gluster volume info

Volume Name: hubla-dev
Type: Distribute
Volume ID: 4d3c0286-1689-469d-8d67-5af4bd440b84
Status: Started
Snapshot Count: 0
Number of Bricks: 2
Transport-type: tcp
Bricks:
Brick1: doksvrdrc-dev:/data/brick1/h0
Brick2: doksvrdrc-dev:/data/brick2/h0
Options Reconfigured:
transport.address-family: inet
nfs.disable: on
performance.client-io-threads: on
[[email protected] ~]#


Reballance the volume
[[email protected] h0]# gluster volume rebalance hubla-dev start
volume rebalance: hubla-dev: success: Rebalance on hubla-dev has been started successfully. Use rebalance status command to check status of the rebalance process.
ID: b406fbef-4022-445d-be6f-6158bcb96159
[[email protected] h0]# ls
test100.txt  test15.txt  test25.txt  test39.txt  test45.txt  test51.txt  test59.txt  test66.txt  test77.txt  test87.txt  test98.txt
test11.txt   test19.txt  test28.txt  test40.txt  test47.txt  test54.txt  test5.txt   test67.txt  test78.txt  test8.txt   test9.txt
test12.txt   test20.txt  test2.txt   test41.txt  test48.txt  test55.txt  test60.txt  test68.txt  test82.txt  test92.txt  testting1.txt
test13.txt   test21.txt  test33.txt  test42.txt  test49.txt  test56.txt  test62.txt  test6.txt   test84.txt  test93.txt
test14.txt   test23.txt  test36.txt  test44.txt  test50.txt  test57.txt  test65.txt  test76.txt  test86.txt  test95.txt
[[email protected] h0]# pwd
/data/brick2/h0
[[email protected] h0]# ls ../../brick1/h0/
test10.txt  test1.txt   test27.txt  test32.txt  test38.txt  test4.txt   test61.txt  test70.txt  test74.txt  test80.txt  test88.txt  test94.txt  testting2.txt
test16.txt  test22.txt  test29.txt  test34.txt  test3.txt   test52.txt  test63.txt  test71.txt  test75.txt  test81.txt  test89.txt  test96.txt
test17.txt  test24.txt  test30.txt  test35.txt  test43.txt  test53.txt  test64.txt  test72.txt  test79.txt  test83.txt  test90.txt  test97.txt
test18.txt  test26.txt  test31.txt  test37.txt  test46.txt  test58.txt  test69.txt  test73.txt  test7.txt   test85.txt  test91.txt  test99.txt
[[email protected] h0]#


Selasa, 30 Juni 2020

How to solve Unit logstash.service could not be found

  1 komentar
Check the logstash service status
[[email protected] ~]# service logstash status
Redirecting to /bin/systemctl status logstash.service
Unit logstash.service could not be found.
[[email protected] ~]#
Running following command
[[email protected] ~]# /usr/share/logstash/bin/system-install /etc/logstash/startup.options systemd
Using provided startup.options file: /etc/logstash/startup.options
Manually creating startup for specified platform: systemd
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/pleaserun-0.0.31/lib/pleaserun/platform/base.rb:112: warning: constant ::Fixnum is deprecated
Successfully created system startup script for Logstash
[[email protected] ~]#
Check service status and start the service
[[email protected] ~]# service logstash status
Redirecting to /bin/systemctl status logstash.service
● logstash.service - logstash
   Loaded: loaded (/etc/systemd/system/logstash.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[[email protected] ~]#
[[email protected] ~]# service logstash start
Redirecting to /bin/systemctl start logstash.service
[[email protected] ~]# service logstash status
Redirecting to /bin/systemctl status logstash.service
● logstash.service - logstash
   Loaded: loaded (/etc/systemd/system/logstash.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2020-06-30 16:05:17 WIB; 2s ago
 Main PID: 26344 (java)
    Tasks: 24 (limit: 26213)
   Memory: 237.8M
   CGroup: /system.slice/logstash.service
           └─26344 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.a>

Jun 30 16:05:17 syslog systemd[1]: Started logstash.

[[email protected] ~]#

Jumat, 24 April 2020

How to install prometheus on centos 7

  Tidak ada komentar


Download Prometheus package
[[email protected] ~]# wget https://github.com/prometheus/prometheus/releases/download/v2.17.2/prometheus-2.17.2.linux-amd64.tar.gz
--2020-04-24 08:42:05--  https://github.com/prometheus/prometheus/releases/download/v2.17.2/prometheus-2.17.2.linux-amd64.tar.gz
Resolving github.com (github.com)... 52.74.223.119
Connecting to github.com (github.com)|52.74.223.119|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/6838921/70e29d80-830b-11ea-91f7-0e535a551978?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200424T014206Z&X-Amz-Expires=300&X-Amz-Signature=842daed1a8eeda464238c85d29ffa4f97be6754b8d4a2d324df41e9707d86ff0&X-Amz-SignedHeaders=host&actor_id=0&repo_id=6838921&response-content-disposition=attachment%3B%20filename%3Dprometheus-2.17.2.linux-amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
--2020-04-24 08:42:06--  https://github-production-release-asset-2e65be.s3.amazonaws.com/6838921/70e29d80-830b-11ea-91f7-0e535a551978?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200424T014206Z&X-Amz-Expires=300&X-Amz-Signature=842daed1a8eeda464238c85d29ffa4f97be6754b8d4a2d324df41e9707d86ff0&X-Amz-SignedHeaders=host&actor_id=0&repo_id=6838921&response-content-disposition=attachment%3B%20filename%3Dprometheus-2.17.2.linux-amd64.tar.gz&response-content-type=application%2Foctet-stream
Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.204.235
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.204.235|:443... connected                                                                     .
HTTP request sent, awaiting response... 200 OK
Length: 60150384 (57M) [application/octet-stream]
Saving to: ‘prometheus-2.17.2.linux-amd64.tar.gz’

100%[======================================>] 60,150,384  3.06MB/s   in 21s

2020-04-24 08:42:30 (2.72 MB/s) - ‘prometheus-2.17.2.linux-amd64.tar.gz’ saved [60150384/60150384]

[[email protected] ~]# 
 Perform following command
[[email protected] ~]# useradd --no-create-home --shell /bin/false prometheus
[[email protected] ~]# mkdir /etc/prometheus
[[email protected] ~]# mkdir /var/lib/prometheus
[[email protected] ~]# chown prometheus:prometheus /etc/prometheus
[[email protected] ~]# chown prometheus:prometheus /var/lib/prometheus
Extract Prometheus package
[[email protected] ~]# ls
anaconda-ks.cfg                       skema-prefork
check-mk-agent_1.6.0p10-1_all.deb     skema-prefork.tar
composer-setup.php                    skemaraja
L60464-1302TMP.html.gz                strace_dir
npm-debug.log                         update-source.sh
prometheus-2.17.2.linux-amd64.tar.gz
[[email protected] ~]#
[[email protected] ~]# tar -xzf prometheus-2.17.2.linux-amd64.tar.gz
[[email protected] ~]# ls
anaconda-ks.cfg                    prometheus-2.17.2.linux-amd64.tar.gz
check-mk-agent_1.6.0p10-1_all.deb  skema-prefork
composer-setup.php                 skema-prefork.tar
L60464-1302TMP.html.gz             skemaraja
npm-debug.log                      strace_dir
prometheus-2.17.2.linux-amd64      update-source.sh
[[email protected] ~]#
Rename the prometheus directory
[[email protected] ~]# mv prometheus-2.17.2.linux-amd64 prometheuspackage
[[email protected] ~]#
[[email protected] ~]# cp prometheuspackage/prometheus /usr/local/bin/
[[email protected] ~]# cp prometheuspackage/promtool /usr/local/bin/
[[email protected] ~]#
[[email protected] ~]# chown prometheus:prometheus /usr/local/bin/prometheus
[[email protected] ~]# chown prometheus:prometheus /usr/local/bin/promtool
[[email protected] ~]#
[[email protected] ~]# cp -r prometheuspackage/consoles /etc/prometheus
[[email protected] ~]# cp -r prometheuspackage/console_libraries /etc/prometheus                                                                     [[email protected] ~]#
[[email protected] ~]# vi /etc/prometheus/prometheus.yml
[[email protected] ~]# chown prometheus:prometheus /etc/prometheus/prometheus.yml
[[email protected] ~]#
[[email protected] ~]# vi /etc/systemd/system/prometheus.service
[[email protected] ~]# systemctl daemon-reload
[[email protected] ~]#
Check prometheus service status and open the firewall
[[email protected] ~]# systemctl status prometheus
● prometheus.service - Prometheus
   Loaded: loaded (/etc/systemd/system/prometheus.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-04-24 08:54:19 WIB; 12s ago
 Main PID: 25241 (prometheus)
   CGroup: /system.slice/prometheus.service
           └─25241 /usr/local/bin/prometheus --config.file /etc/prometheus/prometheus.yml --storage.tsdb.path /var/lib/prometheus/ --web.console.t...

Apr 24 08:54:19 app01 prometheus[25241]: level=info ts=2020-04-24T01:54:19.847Z caller=main.go:667 msg="Starting TSDB ..."
Apr 24 08:54:19 app01 prometheus[25241]: level=info ts=2020-04-24T01:54:19.847Z caller=web.go:515 component=web msg="Start listenin...0.0:9090
Apr 24 08:54:19 app01 prometheus[25241]: level=info ts=2020-04-24T01:54:19.849Z caller=head.go:575 component=tsdb msg="replaying WA... awhile"
Apr 24 08:54:19 app01 prometheus[25241]: level=info ts=2020-04-24T01:54:19.851Z caller=head.go:624 component=tsdb msg="WAL segment ...egment=0
Apr 24 08:54:19 app01 prometheus[25241]: level=info ts=2020-04-24T01:54:19.851Z caller=head.go:627 component=tsdb msg="WAL replay c...279231ms
Apr 24 08:54:19 app01 prometheus[25241]: level=info ts=2020-04-24T01:54:19.852Z caller=main.go:683 fs_type=XFS_SUPER_MAGIC
Apr 24 08:54:19 app01 prometheus[25241]: level=info ts=2020-04-24T01:54:19.852Z caller=main.go:684 msg="TSDB started"
Apr 24 08:54:19 app01 prometheus[25241]: level=info ts=2020-04-24T01:54:19.852Z caller=main.go:788 msg="Loading configuration file"...heus.yml
Apr 24 08:54:29 app01 prometheus[25241]: level=info ts=2020-04-24T01:54:29.251Z caller=main.go:816 msg="Completed loading of config...heus.yml
Apr 24 08:54:29 app01 prometheus[25241]: level=info ts=2020-04-24T01:54:29.251Z caller=main.go:635 msg="Server is ready to receive ...quests."
Hint: Some lines were ellipsized, use -l to show in full.
[[email protected] ~]#
[[email protected] ~]# firewall-cmd --zone=public --add-port=9090/tcp --permanent
success
[[email protected] ~]# firewall-cmd --reload
success
[[email protected] ~]#
[[email protected] ~]#

Kamis, 12 Maret 2020

How to solved Failed to synchronize cache for repo 'AppStream', ignoring this repo. Centos 8

  Tidak ada komentar
Failed to synchronize cache
[[email protected] ~]# yum install nginx
CentOS-8.0 - AppStream                                                                                                16  B/s |  38  B     00:02
CentOS-8.0 - Base                                                                                                     25  B/s |  38  B     00:01
CentOS-8.0 - Extras                                                                                                   24  B/s |  38  B     00:01
Extra Packages for Enterprise Linux 8.0 - x86_64                                                                      11 kB/s |  57 kB     00:05
Failed to synchronize cache for repo 'AppStream', ignoring this repo.
Failed to synchronize cache for repo 'BaseOS', ignoring this repo.
Failed to synchronize cache for repo 'extras', ignoring this repo.
Failed to synchronize cache for repo 'epel', ignoring this repo.
Last metadata expiration check: 1:52:33 ago on Thu 12 Mar 2020 05:58:49 PM WIB.
No match for argument: nginx
Error: Unable to find a match
[[email protected] ~]#
 Perform following command
[[email protected] ~]# cd /etc/yum.repos.d && sed -i.BAK -e 's/$releasever/8/g' *.repo
[[email protected] yum.repos.d]#
[[email protected] yum.repos.d]# yum install nginx
CentOS-8 - AppStream                                                                                                 890 kB/s | 6.5 MB     00:07
CentOS-8 - Base                                                                                                      1.0 MB/s | 5.0 MB     00:04
CentOS-8 - Extras                                                                                                    638  B/s | 2.1 kB     00:03
Extra Packages for Enterprise Linux 8 - x86_64                                                                       668 kB/s | 6.0 MB     00:09
Node.js Packages for Enterprise Linux 8 - x86_64                                                                     492  B/s | 2.5 kB     00:05
Dependencies resolved.
=====================================================================================================================================================
 Package                                   Arch                 Version                                                Repository               Size
=====================================================================================================================================================
Installing:
 nginx                                     x86_64               1:1.14.1-9.module_el8.0.0+184+e34fea82                 AppStream               570 k
Upgrading:
 nginx-filesystem                          noarch               1:1.14.1-9.module_el8.0.0+184+e34fea82                 AppStream                24 k
Installing dependencies:
 nginx-all-modules                         noarch               1:1.14.1-9.module_el8.0.0+184+e34fea82                 AppStream                23 k
 nginx-mod-http-image-filter               x86_64               1:1.14.1-9.module_el8.0.0+184+e34fea82                 AppStream                35 k
 nginx-mod-http-perl                       x86_64               1:1.14.1-9.module_el8.0.0+184+e34fea82                 AppStream                45 k
 nginx-mod-http-xslt-filter                x86_64               1:1.14.1-9.module_el8.0.0+184+e34fea82                 AppStream                33 k
 nginx-mod-mail                            x86_64               1:1.14.1-9.module_el8.0.0+184+e34fea82                 AppStream                64 k
 nginx-mod-stream                          x86_64               1:1.14.1-9.module_el8.0.0+184+e34fea82                 AppStream                85 k

Transaction Summary
=====================================================================================================================================================
Install  7 Packages
Upgrade  1 Package

Total download size: 881 k
Is this ok [y/N]: y
Downloading Packages:
(1/8): nginx-all-modules-1.14.1-9.module_el8.0.0+184+e34fea82.noarch.rpm                                              22 kB/s |  23 kB     00:01
(2/8): nginx-mod-http-image-filter-1.14.1-9.module_el8.0.0+184+e34fea82.x86_64.rpm                                    31 kB/s |  35 kB     00:01
(3/8): nginx-mod-http-xslt-filter-1.14.1-9.module_el8.0.0+184+e34fea82.x86_64.rpm                                    547 kB/s |  33 kB     00:00
(4/8): nginx-mod-http-perl-1.14.1-9.module_el8.0.0+184+e34fea82.x86_64.rpm                                           513 kB/s |  45 kB     00:00
(5/8): nginx-mod-mail-1.14.1-9.module_el8.0.0+184+e34fea82.x86_64.rpm                                                512 kB/s |  64 kB     00:00
(6/8): nginx-mod-stream-1.14.1-9.module_el8.0.0+184+e34fea82.x86_64.rpm                                              659 kB/s |  85 kB     00:00
(7/8): nginx-filesystem-1.14.1-9.module_el8.0.0+184+e34fea82.noarch.rpm                                              382 kB/s |  24 kB     00:00
(8/8): nginx-1.14.1-9.module_el8.0.0+184+e34fea82.x86_64.rpm                                                         395 kB/s | 570 kB     00:01
-----------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                174 kB/s | 881 kB     00:05
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                             1/1
  Running scriptlet: nginx-filesystem-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch                                                              1/1
  Running scriptlet: nginx-filesystem-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch                                                              1/9
  Upgrading        : nginx-filesystem-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch                                                              1/9
  Installing       : nginx-mod-http-image-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                   2/9
  Running scriptlet: nginx-mod-http-image-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                   2/9
  Installing       : nginx-mod-http-perl-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                           3/9
  Running scriptlet: nginx-mod-http-perl-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                           3/9
  Installing       : nginx-mod-http-xslt-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                    4/9
  Running scriptlet: nginx-mod-http-xslt-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                    4/9
  Installing       : nginx-mod-mail-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                                5/9
  Running scriptlet: nginx-mod-mail-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                                5/9
  Installing       : nginx-all-modules-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch                                                             6/9
  Installing       : nginx-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                                         7/9
  Running scriptlet: nginx-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                                         7/9
warning: /etc/nginx/mime.types created as /etc/nginx/mime.types.rpmnew
warning: /etc/nginx/mime.types.default created as /etc/nginx/mime.types.default.rpmnew
warning: /etc/nginx/nginx.conf created as /etc/nginx/nginx.conf.rpmnew

  Installing       : nginx-mod-stream-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                              8/9
  Running scriptlet: nginx-mod-stream-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                              8/9
  Cleanup          : nginx-filesystem-1:1.14.1-8.module_el8.0.0+5+258f653c.noarch                                                                9/9
  Running scriptlet: nginx-filesystem-1:1.14.1-8.module_el8.0.0+5+258f653c.noarch                                                                9/9
  Verifying        : nginx-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                                         1/9
  Verifying        : nginx-all-modules-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch                                                             2/9
  Verifying        : nginx-mod-http-image-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                   3/9
  Verifying        : nginx-mod-http-perl-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                           4/9
  Verifying        : nginx-mod-http-xslt-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                    5/9
  Verifying        : nginx-mod-mail-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                                6/9
  Verifying        : nginx-mod-stream-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                                                              7/9
  Verifying        : nginx-filesystem-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch                                                              8/9
  Verifying        : nginx-filesystem-1:1.14.1-8.module_el8.0.0+5+258f653c.noarch                                                                9/9

Upgraded:
  nginx-filesystem-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch

Installed:
  nginx-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64                           nginx-all-modules-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch
  nginx-mod-http-image-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64     nginx-mod-http-perl-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64
  nginx-mod-http-xslt-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64      nginx-mod-mail-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64
  nginx-mod-stream-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64

Complete!
[[email protected] yum.repos.d]#


How to install IBM ACE

  Tidak ada komentar
Create IBM directory on opt, copy IBM Ace installer to it 
anaconda-ks.cfg  IBM_ACE_11.0.0.5_LNX_X8664_INCTKT.tar.gz  MQ_V9.0_F_LNX_ON_X86_64_EIMAGE.tar.gz  nohup.out
[[email protected] ~]#
[[email protected] ~]# mkdir /opt/IBM
[[email protected] ~]# cp IBM_ACE_11.0.0.5_LNX_X8664_INCTKT.tar.gz /opt/IBM/
[[email protected] ~]# cd /opt/IBM/
[[email protected] IBM]# ls
IBM_ACE_11.0.0.5_LNX_X8664_INCTKT.tar.gz
[[email protected] IBM]#
Extract the IBM Ace installer and check the directory
[[email protected] IBM]# tar -zxf IBM_ACE_11.0.0.5_LNX_X8664_INCTKT.tar.gz
[[email protected] IBM]#
[[email protected] IBM]# ls
ace-11.0.0.5  IBM_ACE_11.0.0.5_LNX_X8664_INCTKT.tar.gz
[[email protected] IBM]#
[[email protected] IBM]# cd ace-11.0.0.5/
[[email protected] ace-11.0.0.5]#
[[email protected] ace-11.0.0.5]# ls -l
total 40
-rwxr-xr-x.  1 root root 27298 Jun 27  2019 ace
drwxrwxr-x. 11 root root   198 Jun 27  2019 common
drwxrwxr-x.  2 root root     6 Jun 27  2019 extensions
drwxr-xr-x.  5 root root    80 Jun 27  2019 ie02
drwxrwxr-x.  2 root root   150 Jun 27  2019 license
drwxrwxr-x. 15 root root   175 Jun 27  2019 readmes
drwxrwxr-x. 37 root root  4096 Jun 27  2019 server
drwxrwxr-x.  2 root root  4096 Jun 27  2019 swidtag
drwxrwxr-x. 13 root root  4096 Jun 27  2019 tools
[[email protected] ace-11.0.0.5]#

 run the ./ace command to run the installer


[[email protected] ace-11.0.0.5]# ./ace make registry global accept license
International Program License Agreement

Part 1 - General Terms

BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, CLICKING ON
AN "ACCEPT" BUTTON, OR OTHERWISE USING THE PROGRAM,
LICENSEE AGREES TO THE TERMS OF THIS AGREEMENT. IF YOU ARE
ACCEPTING THESE TERMS ON BEHALF OF LICENSEE, YOU REPRESENT
AND WARRANT THAT YOU HAVE FULL AUTHORITY TO BIND LICENSEE
TO THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS,

* DO NOT DOWNLOAD, INSTALL, COPY, ACCESS, CLICK ON AN
"ACCEPT" BUTTON, OR USE THE PROGRAM; AND

* PROMPTLY RETURN THE UNUSED MEDIA, DOCUMENTATION, AND

Press Enter to continue viewing the license agreement, or
enter "1" to accept the agreement, "2" to decline it, "3"
to print it, "4" to read non-IBM terms, or "99" to go back
to the previous screen.

PROOF OF ENTITLEMENT TO THE PARTY FROM WHOM IT WAS OBTAINED
FOR A REFUND OF THE AMOUNT PAID. IF THE PROGRAM WAS
DOWNLOADED, DESTROY ALL COPIES OF THE PROGRAM.

1. Definitions

"Authorized Use" - the specified level at which Licensee is
authorized to execute or run the Program. That level may be
measured by number of users, millions of service units
("MSUs"), Processor Value Units ("PVUs"), or other level of
use specified by IBM.

"IBM" - International Business Machines Corporation or one
of its subsidiaries.


Press Enter to continue viewing the license agreement, or
enter "1" to accept the agreement, "2" to decline it, "3"
to print it, "4" to read non-IBM terms, or "99" to go back
to the previous screen.

"License Information" ("LI") - a document that provides
information and any additional terms specific to a Program.
The Program's LI is available at www.ibm.com/software/sla.
The LI can also be found in the Program's directory, by the
use of a system command, or as a booklet included with the
Program.

"Program" - the following, including the original and all
whole or partial copies: 1) machine-readable instructions
and data, 2) components, files, and modules, 3) audio-
visual content (such as images, text, recordings, or
pictures), and 4) related licensed materials (such as keys
and documentation).

"Proof of Entitlement" ("PoE") - evidence of Licensee's

Press Enter to continue viewing the license agreement, or
enter "1" to accept the agreement, "2" to decline it, "3"
to print it, "4" to read non-IBM terms, or "99" to go back
to the previous screen.
1
License accepted
Group 'mqbrkrs' will be created
[[email protected] ace-11.0.0.5]#
[[email protected] ace-11.0.0.5]# cat /etc/group | grep mqbrkrs
mqbrkrs:x:1000:
[[email protected] ace-11.0.0.5]#
[[email protected] ace-11.0.0.5]# cat /etc/group | grep mqsi
[[email protected] ace-11.0.0.5]#
Check the 
[[email protected] ace-11.0.0.5]#
[[email protected] ace-11.0.0.5]# ls -l /var/
total 8
drwxr-xr-x.  2 root root       6 Apr 11  2018 adm
drwxr-xr-x.  5 root root      44 Nov 25 17:18 cache
drwxr-xr-x.  2 root root       6 Aug  8  2019 crash
drwxr-xr-x.  3 root root      34 Mar 11 16:45 db
drwxr-xr-x.  3 root root      18 Nov 25 17:18 empty
drwxr-xr-x.  2 root root       6 Apr 11  2018 games
drwxr-xr-x.  2 root root       6 Apr 11  2018 gopher
drwxr-xr-x.  3 root root      18 Sep 14 01:13 kerberos
drwxr-xr-x. 24 root root    4096 Nov 25 17:18 lib
drwxr-xr-x.  2 root root       6 Apr 11  2018 local
lrwxrwxrwx.  1 root root      11 Nov 25 17:16 lock -> ../run/lock
drwxr-xr-x.  7 root root    4096 Mar 12 03:14 log
lrwxrwxrwx.  1 root root      10 Nov 25 17:16 mail -> spool/mail
drwxrwxr-x. 12 root mqbrkrs  162 Mar 12 15:39 mqsi
drwxr-xr-x.  2 root root       6 Apr 11  2018 nis
drwxr-xr-x.  2 root root       6 Apr 11  2018 opt
drwxr-xr-x.  2 root root       6 Apr 11  2018 preserve
lrwxrwxrwx.  1 root root       6 Nov 25 17:16 run -> ../run
drwxr-xr-x.  8 root root      87 Nov 25 17:18 spool
drwxrwxrwt.  4 root root     108 Mar 11 21:33 tmp
drwxr-xr-x.  2 root root       6 Apr 11  2018 yp
[[email protected] ace-11.0.0.5]#
[[email protected] ace-11.0.0.5]# ls -l /var/mqsi/
total 0
drwxrwxr-x. 7 root mqbrkrs 72 Mar 12 15:39 common
drwxrwsr-x. 2 root mqbrkrs  6 Mar 12 15:39 components
drwxrwxr-x. 2 root mqbrkrs  6 Mar 12 15:39 config
drwxrwsr-x. 2 root mqbrkrs  6 Mar 12 15:39 connectors
drwxrwxr-x. 2 root mqbrkrs  6 Mar 12 15:39 node_modules
drwxrwxr-x. 2 root mqbrkrs  6 Mar 12 15:39 odbc
drwxrws---. 2 root mqbrkrs 18 Mar 12 15:39 registry
drwxrwxr-x. 2 root mqbrkrs  6 Mar 12 15:39 shared-classes
drwxrwxr-x. 3 root mqbrkrs 22 Mar 12 15:39 XML
drwxrwxr-x. 3 root mqbrkrs 22 Mar 12 15:39 XSL
[[email protected] ace-11.0.0.5]#

Create the ecpa user
[[email protected] ace-11.0.0.5]# useradd ecpa
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
Creating mailbox file: File exists
[[email protected] ace-11.0.0.5]# passwd ecpa
Changing password for user ecpa.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
[[email protected] ace-11.0.0.5]#
[[email protected] ace-11.0.0.5]# usermod -aG mqbrkrs maswachid
[[email protected] ace-11.0.0.5]#
[[email protected] ace-11.0.0.5]# cat /etc/group | mqbrkrs
-bash: mqbrkrs: command not found
[[email protected] ace-11.0.0.5]# cat /etc/group | grep mqbrkrs
mqbrkrs:x:1000:ecpa
[[email protected] ace-11.0.0.5]#
[[email protected] ace-11.0.0.5]# usermod -aG mqbrkrs root
[[email protected] ace-11.0.0.5]#
[[email protected] ace-11.0.0.5]# cat /etc/group | grep mqbrkrs
mqbrkrs:x:1000:ecpa,root
[[email protected] ace-11.0.0.5]#


Switch to user
[[email protected] ace-11.0.0.5]#
[[email protected] ace-11.0.0.5]# su - maswachid
[[email protected] ~]$
[[email protected] ~]$ vi .bash_profile
[[email protected] ~]$
[[email protected] ~]$ exit
logout
[[email protected] ace-11.0.0.5]# su - maswachid
Last login: Thu Mar 12 16:11:21 WIB 2020 on pts/1

MQSI 11.0.0.5
/opt/IBM/ace-11.0.0.5/server

[[email protected] ~]$
[[email protected] ~]$ mqsilist
BIP1281I: No integration nodes have been defined on this machine.
BIP8071I: Successful command completion.
[[email protected] ~]$
[[email protected] ace-11.0.0.5]# usermod -aG wheel maswachid
[[email protected] ace-11.0.0.5]#




P

Sabtu, 15 Februari 2020

How to install wazuh agent on linux centos 7

  Tidak ada komentar
Add the wazuh agent repository
[[email protected]_bck ~]# rpm --import http://packages.wazuh.com/key/GPG-KEY-WAZU                                                                     H
cat > /etc/yum.repos.d/wazuh.repo <<\EOF
[wazuh_repo]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=Wazuh repository
baseurl=https://packages.wazuh.com/3.x/yum/
protect=1
EOF[[email protected]_apps_bck ~]# cat > /etc/yum.repos.d/wazuh.repo <<\EOF
> [wazuh_repo]
> gpgcheck=1
> gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
> enabled=1
> name=Wazuh repository
> baseurl=https://packages.wazuh.com/3.x/yum/
> protect=1
> EOF
[[email protected]_apps_bck ~]#
Pertform package installation with yum install command
[[email protected]_apps_bck ~]# yum install wazuh-agent
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
epel/x86_64/metalink                                     | 8.9 kB     00:00
 * base: mirror.telkomuniversity.ac.id
 * epel: mirror.telkomuniversity.ac.id
 * extras: mirror.telkomuniversity.ac.id
 * updates: mirror.telkomuniversity.ac.id
base                                                     | 3.6 kB     00:00
cheese                                                   | 3.5 kB     00:00
epel                                                     | 5.3 kB     00:00
extras                                                   | 2.9 kB     00:00
updates                                                  | 2.9 kB     00:00
wazuh_repo                                               | 3.4 kB     00:00
(1/6): extras/7/x86_64/primary_db                          | 159 kB   00:00
(2/6): epel/x86_64/updateinfo                              | 1.0 MB   00:00
(3/6): wazuh_repo/primary_db                               | 142 kB   00:00
(4/6): updates/7/x86_64/primary_db                         | 6.7 MB   00:07
(5/6): epel/x86_64/primary_db                              | 6.7 MB   00:11
(6/6): cheese/7/x86_64/primary_db                          | 551 kB   00:12
Resolving Dependencies
--> Running transaction check
---> Package wazuh-agent.x86_64 0:3.11.3-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package             Arch           Version            Repository          Size
================================================================================
Installing:
 wazuh-agent         x86_64         3.11.3-1           wazuh_repo         9.9 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 9.9 M
Installed size: 78 M
Is this ok [y/d/N]: y
Downloading packages:
wazuh-agent-3.11.3-1.x86_64.rpm                                                                                               | 9.9 MB  00:00:08
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-agent-3.11.3-1.x86_64                                                                                                       1/1
  Verifying  : wazuh-agent-3.11.3-1.x86_64                                                                                                       1/1

Installed:
  wazuh-agent.x86_64 0:3.11.3-1

Complete!
[[email protected]_bck ~]#


Rabu, 29 Januari 2020

How to disable weak chipper DES on haproxy

  Tidak ada komentar
Change the default ssl chiphers with following text, you can disable the chipper by add ! on first character of chipper method
ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DES-CBC3-SHA:!DSS
    ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DES-CBC3-SHA:!DSS
    ssl-default-server-options no-sslv3 no-tls-tickets
    tune.ssl.default-dh-param 4096

Selasa, 28 Januari 2020

How to rotate haproxy info log with log rotate in linux

  Tidak ada komentar
The script
[[email protected] ~]$ cat /etc/logrotate.d/haproxy
/var/log/haproxy.log {
    daily
    rotate 10
    missingok
    notifempty
    compress
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}
[[email protected] ~]$
The result
[[email protected] log]$ ls -l
total 11721548
drwxr-xr-x. 2 root   root         4096 Dec  8  2015 anaconda
drwx------. 2 root   root           94 Jan 28 22:24 audit
...
...
-rw-r--r--  1 root   root          296 Aug 18  2017 grubby_prune_debug
-rw-------  1 root   root     12418990 Jan 29 01:37 haproxy-allbutinfo.log
-rw-------  1 root   root     71729139 Jan 29 09:32 haproxy-info.log
-rw-------  1 root   root     92709637 Jan  9 03:34 haproxy-info.log-20200109.gz
-rw-------  1 root   root     90156952 Jan 11 03:32 haproxy-info.log-20200111.gz
-rw-------  1 root   root    103152189 Jan 14 03:35 haproxy-info.log-20200114.gz
-rw-------  1 root   root     96725226 Jan 16 03:24 haproxy-info.log-20200116.gz
-rw-------  1 root   root     89752038 Jan 18 03:21 haproxy-info.log-20200118.gz
-rw-------  1 root   root    107073804 Jan 21 03:10 haproxy-info.log-20200121.gz
-rw-------  1 root   root     93141582 Jan 23 03:22 haproxy-info.log-20200123.gz
-rw-------  1 root   root    102277415 Jan 25 03:34 haproxy-info.log-20200125.gz
-rw-------  1 root   root     71145364 Jan 27 03:49 haproxy-info.log-20200127.gz
-rw-------  1 root   root    111749083 Jan 29 03:42 haproxy-info.log-20200129.gz
drwx------  2 root   root            6 Aug  8 18:42 httpd
-rw-r--r--. 1 root   root       294336 Jan 29 09:28 lastlog
-rw-------  1 root   root          536 Jan 29 03:42 maillog


How to log rotate mysql slow query

  Tidak ada komentar
Log rotate script 
[email protected] mysql $ cat /etc/logrotate.d/mysql-slowlog
/var/log/mysql/mysql-slow.log {
        compress
        dateext
        size 300M
        copytruncate
        maxage 365
        dateformat -%Y%m%d%s
        daily
        rotate 30
        notifempty
}
[email protected] 
the result
[email protected] mysql $ ls -l
total 272
-rw-rw---- 1 mysql mysql 219213 Jan 28 23:12 mysql-slow.log
-rw-rw---- 1 mysql mysql  38057 Jan 28 23:06 mysql-slow.log-202001281580227618.gz
-rw-rw---- 1 mysql mysql   8216 Jan 28 23:08 mysql-slow.log-202001281580227706.gz
-rw-rw---- 1 mysql mysql   2397 Jan 28 23:09 mysql-slow.log-202001281580227747.gz
[email protected] mysql $

Kamis, 23 Januari 2020

How to upgrade debian 8 jessie to debian 9 stretch

  Tidak ada komentar
How to upgrade debian 8 jessie to debian 9 stretch

Check the distro release
[email protected]:/$ cat /etc/*ease
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
[email protected]:/$

Backup the source list
[email protected]:~# cp /etc/apt/sources.list /etc/apt/sources.list.bak
[email protected]:~#
[email protected]:~# cat /etc/apt/sources.list
#

# deb cdrom:[Debian GNU/Linux 8.0.0 _Jessie_ - Official amd64 NETINST Binary-1 2                                                                     0150425-12:50]/ jessie main

#deb cdrom:[Debian GNU/Linux 8.0.0 _Jessie_ - Official amd64 NETINST Binary-1 20                                                                     150425-12:50]/ jessie main

deb http://deb.debian.org/debian debian jessie main

deb http://deb.debian.org/debian jessie-updates main

deb http://deb.debian.org/debian jessie/updates main
[email protected]:~#


Edit the source list from jessie to stretch
[email protected]:~# nano /etc/apt/sources.list
[email protected]:~#
[email protected]:~# cat /etc/apt/sources.list
#

# deb cdrom:[Debian GNU/Linux 8.0.0 _Jessie_ - Official amd64 NETINST Binary-1 2                                                                     0150425-12:50]/ jessie main

#deb cdrom:[Debian GNU/Linux 8.0.0 _Jessie_ - Official amd64 NETINST Binary-1 20                                                                     150425-12:50]/ jessie main

#deb http://deb.debian.org/debian debian strech main

#deb http://deb.debian.org/debian stretch-updates main

#deb http://deb.debian.org/debian stretch/updates main
[email protected]:~#
Update the package

[email protected]:~# apt-get update
Ign http://kambing.ui.ac.id jessie InRelease
Hit http://kambing.ui.ac.id jessie-updates InRelease
Get:1 http://kambing.ui.ac.id jessie/updates InRelease [44.9 kB]
Ign http://kartolo.sby.datautama.net.id jessie InRelease
Hit http://kartolo.sby.datautama.net.id jessie-updates InRelease
Hit http://kambing.ui.ac.id jessie Release.gpg
Hit http://kambing.ui.ac.id jessie Release
Get:2 http://kartolo.sby.datautama.net.id jessie/updates InRelease [44.9 kB]
Hit http://kambing.ui.ac.id jessie-updates/main amd64 Packages
Hit http://kartolo.sby.datautama.net.id jessie Release.gpg
Hit http://kartolo.sby.datautama.net.id jessie Release
Hit http://kambing.ui.ac.id jessie-updates/contrib amd64 Packages
..
..

Hit http://kebo.vlsm.org jessie/updates/non-free Translation-en
Hit http://kebo.vlsm.org jessie/main amd64 Packages
Hit http://kebo.vlsm.org jessie/contrib amd64 Packages
Hit http://kebo.vlsm.org jessie/non-free amd64 Packages
Hit http://kebo.vlsm.org jessie/contrib Translation-en
Hit http://kebo.vlsm.org jessie/main Translation-en
Hit http://kebo.vlsm.org jessie/non-free Translation-en
Fetched 3,491 kB in 6s (518 kB/s)
Reading package lists... Done
[email protected]:~#
Upgrade the package


[email protected]:~# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... The following packages were automatically installed and a                                                                     re no longer required:
  libasprintf0c2 libtimedate-perl
Use 'apt-get autoremove' to remove them.
Done
The following packages have been kept back:
  apt apt-utils build-essential cmake cmake-data cpp curl dmeventd dmsetup
  eject g++ gcc gcc-mingw-w64-base gcc-mingw-w64-i686 gcc-mingw-w64-x86-64
  gnupg gnupg-agent gnupg2 ifupdown init init-system-helpers initramfs-tools
  initscripts iproute2 iptables iputils-ping isc-dhcp-client isc-dhcp-common
  libarchive13 libatomic1 libaudit1 libc-bin libc-dev-bin libc6 libc6-dev
  libcairo2 libcilkrts5 libcloog-isl4 libcryptsetup4 libcups2 libcupsfilters1
  libcupsimage2 libcurl3 libcurl3-gnutls libdevmapper-event1.02.1
  libdevmapper1.02.1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0

..
..

Configuration file '/etc/issue.net'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** issue.net (Y/I/N/O/D/Z) [default=N] ? Y
Installing new version of config file /etc/issue.net ...
Updating /etc/profile to current default.
Updating /root/.profile to current default.
[email protected]:~#
Upgrade the distro
[email protected]:~# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... The following packages were automatically installed and are no longer required:
  g++-4.9 libasprintf0c2 libassuan-dev libcurl3-gnutls libelfg0 libgpgme11 libhiredis0.10 libjasper1 liblinear1 liblua5.2-0 libmicrohttpd10
  libopenjpeg5 libpng12-0 libpoppler46 libpth-dev libpth20 libssh-4 libssl-dev libtimedate-perl
Use 'apt-get autoremove' to remove them.
Done
The following packages will be REMOVED:
  libgpgme11-dev libpcrecpp0 libperl5.20 libsigc++-2.0-0c2a libssh-dev perl-modules
The following NEW packages will be installed:
  cpp-6 dh-python dirmngr fonts-lmodern g++-6 gcc-6 gcc-6-base gnome-icon-theme gtk-update-icon-cache hicolor-icon-theme icu-devtools
  initramfs-tools-core libapparmor1 libapt-inst2.0 libapt-pkg5.0 libasan3 libc-l10n libcap-ng0 libcc1-0 libcroco3 libdns-export162 libelf1
  libfastjson4 libfdisk1 libgcc-6-dev libgnutls-dane0 libgnutls30 libhiredis0.13 libhogweed4 libicu-dev libicu57 libidn11-dev libidn2-0 libip4tc0
  libip6tc0 libiptc0 libisc-export160 libisl15 libjsoncpp1 libldap-common liblinear3 liblognorm5 liblua5.3-0 liblvm2app2.2 liblz4-1 libmicrohttpd12
  libmpdec2 libmpx2 libnetfilter-conntrack3 libnettle6 libnghttp2-14 libnpth0 libnspr4 libnss3 libpcre16-3 libpcre32-3 libpcrecpp0v5 libperl5.24
  libpng16-16 libpoppler64 libprocps6 libpsl5 libpython3-stdlib libpython3.5-minimal libpython3.5-stdlib libreadline7 librsvg2-2 librsvg2-common
  libseccomp2 libsecret-1-0 libsecret-common libssl1.0.2 libssl1.1 libstdc++-6-dev libtexlua52 libtexluajit2 libudev-dev libunbound2 libunistring0
  libuv1 libxtables12 linux-image-4.9.0-11-amd64 perl-modules-5.24 python3 python3-minimal python3.5 python3.5-minimal t1utils xxd
The following packages will be upgraded:
..
..

Setting up dmeventd (2:1.02.137-2) ...
Setting up lvm2 (2.02.168-2) ...
Installing new version of config file /etc/lvm/lvm.conf ...
update-initramfs: deferring update (trigger activated)
Created symlink /etc/systemd/system/sysinit.target.wants/lvm2-lvmpolld.socket → /lib/systemd/system/lvm2-lvmpolld.socket.
Processing triggers for libc-bin (2.24-11+deb9u4) ...
Processing triggers for initramfs-tools (0.130) ...
update-initramfs: Generating /boot/initrd.img-4.9.0-11-amd64
Processing triggers for systemd (232-25+deb9u12) ...
[email protected]:~#

Check the distro release
[email protected]:~# cat /etc/*ease
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
VERSION_CODENAME=stretch
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
[email protected]:~#


Remove unnecessary package
[email protected]:~# apt-get autoremove
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  g++-4.9 libasprintf0c2 libassuan-dev libcurl3-gnutls libelfg0 libgpgme11 libhiredis0.10 libjasper1 liblinear1 liblua5.2-0 libmicrohttpd10
  libopenjpeg5 libpng12-0 libpoppler46 libpth-dev libpth20 libssh-4 libssl-dev libtimedate-perl
0 upgraded, 0 newly installed, 19 to remove and 0 not upgraded.
After this operation, 44.6 MB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 68593 files and directories currently installed.)
Removing g++-4.9 (4.9.2-10+deb8u2) ...
Removing libasprintf0c2:amd64 (0.19.3-2) ...
Removing libassuan-dev (2.4.3-2) ...
Removing libcurl3-gnutls:amd64 (7.52.1-5+deb9u9) ...
Removing libelfg0:amd64 (0.8.13-5) ...
Removing libgpgme11:amd64 (1.8.0-3+b2) ...
Removing libhiredis0.10:amd64 (0.11.0-4) ...
Removing libjasper1:amd64 (1.900.1-debian1-2.4+deb8u6) ...
Removing liblinear1:amd64 (1.8+dfsg-4) ...
Removing liblua5.2-0:amd64 (5.2.4-1.1+b2) ...
Removing libmicrohttpd10 (0.9.37+dfsg-1+b1) ...
Removing libpoppler46:amd64 (0.26.5-2+deb8u13) ...
Removing libopenjpeg5:amd64 (1:1.5.2-3) ...
Removing libpng12-0:amd64 (1.2.50-2+deb8u3) ...
Removing libpth-dev (2.0.7-20+b2) ...
Removing libpth20:amd64 (2.0.7-20+b2) ...
Removing libssh-4:amd64 (0.7.3-2+deb9u2) ...
Removing libssl-dev:amd64 (1.1.0l-1~deb9u1) ...
Removing libtimedate-perl (2.3000-2) ...
Processing triggers for libc-bin (2.24-11+deb9u4) ...
Processing triggers for man-db (2.7.6.1-2) ...
[email protected]:~#