Januari 2020

Home Archives for Januari 2020

Rabu, 29 Januari 2020

How to disable weak chipper DES on haproxy

03.27 Tidak ada komentar

Change the default ssl chiphers with following text, you can disable the chipper by add ! on first character of chipper method

ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DES-CBC3-SHA:!DSS
    ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DES-CBC3-SHA:!DSS
    ssl-default-server-options no-sslv3 no-tls-tickets
    tune.ssl.default-dh-param 4096

Selasa, 28 Januari 2020

How to rotate haproxy info log with log rotate in linux

Haproxy 18.44 Tidak ada komentar

The script

[myuser@loadbalance ~]$ cat /etc/logrotate.d/haproxy
/var/log/haproxy.log {
    daily
    rotate 10
    missingok
    notifempty
    compress
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}
[myuser@loadbalance ~]$

The result

[myuser@loadbalance log]$ ls -l
total 11721548
drwxr-xr-x. 2 root   root         4096 Dec  8  2015 anaconda
drwx------. 2 root   root           94 Jan 28 22:24 audit
...
...
-rw-r--r--  1 root   root          296 Aug 18  2017 grubby_prune_debug
-rw-------  1 root   root     12418990 Jan 29 01:37 haproxy-allbutinfo.log
-rw-------  1 root   root     71729139 Jan 29 09:32 haproxy-info.log
-rw-------  1 root   root     92709637 Jan  9 03:34 haproxy-info.log-20200109.gz
-rw-------  1 root   root     90156952 Jan 11 03:32 haproxy-info.log-20200111.gz
-rw-------  1 root   root    103152189 Jan 14 03:35 haproxy-info.log-20200114.gz
-rw-------  1 root   root     96725226 Jan 16 03:24 haproxy-info.log-20200116.gz
-rw-------  1 root   root     89752038 Jan 18 03:21 haproxy-info.log-20200118.gz
-rw-------  1 root   root    107073804 Jan 21 03:10 haproxy-info.log-20200121.gz
-rw-------  1 root   root     93141582 Jan 23 03:22 haproxy-info.log-20200123.gz
-rw-------  1 root   root    102277415 Jan 25 03:34 haproxy-info.log-20200125.gz
-rw-------  1 root   root     71145364 Jan 27 03:49 haproxy-info.log-20200127.gz
-rw-------  1 root   root    111749083 Jan 29 03:42 haproxy-info.log-20200129.gz
drwx------  2 root   root            6 Aug  8 18:42 httpd
-rw-r--r--. 1 root   root       294336 Jan 29 09:28 lastlog
-rw-------  1 root   root          536 Jan 29 03:42 maillog

How to move file after more than some days with command line linux

08.29 Tidak ada komentar

Find file more than 90 days and move it to specified directory

myuser@washost wmb-archives $ sudo find /opt/wmb-archives/ -name "*.gz" -type f -mtime +90 -exec /bin/mv '{}' /disk2/backup-wmb-archives/ \;

How to log rotate mysql slow query

08.15 Tidak ada komentar

Log rotate script

wahid@atindb mysql $ cat /etc/logrotate.d/mysql-slowlog
/var/log/mysql/mysql-slow.log {
        compress
        dateext
        size 300M
        copytruncate
        maxage 365
        dateformat -%Y%m%d%s
        daily
        rotate 30
        notifempty
}
wahid@atindb

the result

wahid@atindb mysql $ ls -l
total 272
-rw-rw---- 1 mysql mysql 219213 Jan 28 23:12 mysql-slow.log
-rw-rw---- 1 mysql mysql  38057 Jan 28 23:06 mysql-slow.log-202001281580227618.gz
-rw-rw---- 1 mysql mysql   8216 Jan 28 23:08 mysql-slow.log-202001281580227706.gz
-rw-rw---- 1 mysql mysql   2397 Jan 28 23:09 mysql-slow.log-202001281580227747.gz
wahid@atindb mysql $

Kamis, 23 Januari 2020

How to upgrade debian 8 jessie to debian 9 stretch

04.50 Tidak ada komentar

How to upgrade debian 8 jessie to debian 9 stretch

Check the distro release

root@openvas8-demo:/$ cat /etc/*ease
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root@openvas8-demo:/$

Backup the source list

root@openvas8-demo:~# cp /etc/apt/sources.list /etc/apt/sources.list.bak
root@openvas8-demo:~#
root@openvas8-demo:~# cat /etc/apt/sources.list
#

# deb cdrom:[Debian GNU/Linux 8.0.0 _Jessie_ - Official amd64 NETINST Binary-1 2                                                                     0150425-12:50]/ jessie main

#deb cdrom:[Debian GNU/Linux 8.0.0 _Jessie_ - Official amd64 NETINST Binary-1 20                                                                     150425-12:50]/ jessie main

deb http://deb.debian.org/debian debian jessie main

deb http://deb.debian.org/debian jessie-updates main

deb http://deb.debian.org/debian jessie/updates main
root@openvas8-demo:~#

Edit the source list from jessie to stretch

root@openvas8-demo:~# nano /etc/apt/sources.list
root@openvas8-demo:~#
root@openvas8-demo:~# cat /etc/apt/sources.list
#

# deb cdrom:[Debian GNU/Linux 8.0.0 _Jessie_ - Official amd64 NETINST Binary-1 2                                                                     0150425-12:50]/ jessie main

#deb cdrom:[Debian GNU/Linux 8.0.0 _Jessie_ - Official amd64 NETINST Binary-1 20                                                                     150425-12:50]/ jessie main

#deb http://deb.debian.org/debian debian strech main

#deb http://deb.debian.org/debian stretch-updates main

#deb http://deb.debian.org/debian stretch/updates main
root@openvas8-demo:~#

Update the package

root@openvas8-demo:~# apt-get update
Ign http://kambing.ui.ac.id jessie InRelease
Hit http://kambing.ui.ac.id jessie-updates InRelease
Get:1 http://kambing.ui.ac.id jessie/updates InRelease [44.9 kB]
Ign http://kartolo.sby.datautama.net.id jessie InRelease
Hit http://kartolo.sby.datautama.net.id jessie-updates InRelease
Hit http://kambing.ui.ac.id jessie Release.gpg
Hit http://kambing.ui.ac.id jessie Release
Get:2 http://kartolo.sby.datautama.net.id jessie/updates InRelease [44.9 kB]
Hit http://kambing.ui.ac.id jessie-updates/main amd64 Packages
Hit http://kartolo.sby.datautama.net.id jessie Release.gpg
Hit http://kartolo.sby.datautama.net.id jessie Release
Hit http://kambing.ui.ac.id jessie-updates/contrib amd64 Packages
..
..

Hit http://kebo.vlsm.org jessie/updates/non-free Translation-en
Hit http://kebo.vlsm.org jessie/main amd64 Packages
Hit http://kebo.vlsm.org jessie/contrib amd64 Packages
Hit http://kebo.vlsm.org jessie/non-free amd64 Packages
Hit http://kebo.vlsm.org jessie/contrib Translation-en
Hit http://kebo.vlsm.org jessie/main Translation-en
Hit http://kebo.vlsm.org jessie/non-free Translation-en
Fetched 3,491 kB in 6s (518 kB/s)
Reading package lists... Done
root@openvas8-demo:~#

Upgrade the package

root@openvas8-demo:~# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... The following packages were automatically installed and a                                                                     re no longer required:
  libasprintf0c2 libtimedate-perl
Use 'apt-get autoremove' to remove them.
Done
The following packages have been kept back:
  apt apt-utils build-essential cmake cmake-data cpp curl dmeventd dmsetup
  eject g++ gcc gcc-mingw-w64-base gcc-mingw-w64-i686 gcc-mingw-w64-x86-64
  gnupg gnupg-agent gnupg2 ifupdown init init-system-helpers initramfs-tools
  initscripts iproute2 iptables iputils-ping isc-dhcp-client isc-dhcp-common
  libarchive13 libatomic1 libaudit1 libc-bin libc-dev-bin libc6 libc6-dev
  libcairo2 libcilkrts5 libcloog-isl4 libcryptsetup4 libcups2 libcupsfilters1
  libcupsimage2 libcurl3 libcurl3-gnutls libdevmapper-event1.02.1
  libdevmapper1.02.1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0

..
..

Configuration file '/etc/issue.net'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** issue.net (Y/I/N/O/D/Z) [default=N] ? Y
Installing new version of config file /etc/issue.net ...
Updating /etc/profile to current default.
Updating /root/.profile to current default.
root@openvas8-demo:~#

Upgrade the distro

root@openvas8-demo:~# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... The following packages were automatically installed and are no longer required:
  g++-4.9 libasprintf0c2 libassuan-dev libcurl3-gnutls libelfg0 libgpgme11 libhiredis0.10 libjasper1 liblinear1 liblua5.2-0 libmicrohttpd10
  libopenjpeg5 libpng12-0 libpoppler46 libpth-dev libpth20 libssh-4 libssl-dev libtimedate-perl
Use 'apt-get autoremove' to remove them.
Done
The following packages will be REMOVED:
  libgpgme11-dev libpcrecpp0 libperl5.20 libsigc++-2.0-0c2a libssh-dev perl-modules
The following NEW packages will be installed:
  cpp-6 dh-python dirmngr fonts-lmodern g++-6 gcc-6 gcc-6-base gnome-icon-theme gtk-update-icon-cache hicolor-icon-theme icu-devtools
  initramfs-tools-core libapparmor1 libapt-inst2.0 libapt-pkg5.0 libasan3 libc-l10n libcap-ng0 libcc1-0 libcroco3 libdns-export162 libelf1
  libfastjson4 libfdisk1 libgcc-6-dev libgnutls-dane0 libgnutls30 libhiredis0.13 libhogweed4 libicu-dev libicu57 libidn11-dev libidn2-0 libip4tc0
  libip6tc0 libiptc0 libisc-export160 libisl15 libjsoncpp1 libldap-common liblinear3 liblognorm5 liblua5.3-0 liblvm2app2.2 liblz4-1 libmicrohttpd12
  libmpdec2 libmpx2 libnetfilter-conntrack3 libnettle6 libnghttp2-14 libnpth0 libnspr4 libnss3 libpcre16-3 libpcre32-3 libpcrecpp0v5 libperl5.24
  libpng16-16 libpoppler64 libprocps6 libpsl5 libpython3-stdlib libpython3.5-minimal libpython3.5-stdlib libreadline7 librsvg2-2 librsvg2-common
  libseccomp2 libsecret-1-0 libsecret-common libssl1.0.2 libssl1.1 libstdc++-6-dev libtexlua52 libtexluajit2 libudev-dev libunbound2 libunistring0
  libuv1 libxtables12 linux-image-4.9.0-11-amd64 perl-modules-5.24 python3 python3-minimal python3.5 python3.5-minimal t1utils xxd
The following packages will be upgraded:
..
..

Setting up dmeventd (2:1.02.137-2) ...
Setting up lvm2 (2.02.168-2) ...
Installing new version of config file /etc/lvm/lvm.conf ...
update-initramfs: deferring update (trigger activated)
Created symlink /etc/systemd/system/sysinit.target.wants/lvm2-lvmpolld.socket → /lib/systemd/system/lvm2-lvmpolld.socket.
Processing triggers for libc-bin (2.24-11+deb9u4) ...
Processing triggers for initramfs-tools (0.130) ...
update-initramfs: Generating /boot/initrd.img-4.9.0-11-amd64
Processing triggers for systemd (232-25+deb9u12) ...
root@openvas8-demo:~#

Check the distro release

root@openvas8-demo:~# cat /etc/*ease
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
VERSION_CODENAME=stretch
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root@openvas8-demo:~#

Remove unnecessary package

root@openvas8-demo:~# apt-get autoremove
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  g++-4.9 libasprintf0c2 libassuan-dev libcurl3-gnutls libelfg0 libgpgme11 libhiredis0.10 libjasper1 liblinear1 liblua5.2-0 libmicrohttpd10
  libopenjpeg5 libpng12-0 libpoppler46 libpth-dev libpth20 libssh-4 libssl-dev libtimedate-perl
0 upgraded, 0 newly installed, 19 to remove and 0 not upgraded.
After this operation, 44.6 MB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 68593 files and directories currently installed.)
Removing g++-4.9 (4.9.2-10+deb8u2) ...
Removing libasprintf0c2:amd64 (0.19.3-2) ...
Removing libassuan-dev (2.4.3-2) ...
Removing libcurl3-gnutls:amd64 (7.52.1-5+deb9u9) ...
Removing libelfg0:amd64 (0.8.13-5) ...
Removing libgpgme11:amd64 (1.8.0-3+b2) ...
Removing libhiredis0.10:amd64 (0.11.0-4) ...
Removing libjasper1:amd64 (1.900.1-debian1-2.4+deb8u6) ...
Removing liblinear1:amd64 (1.8+dfsg-4) ...
Removing liblua5.2-0:amd64 (5.2.4-1.1+b2) ...
Removing libmicrohttpd10 (0.9.37+dfsg-1+b1) ...
Removing libpoppler46:amd64 (0.26.5-2+deb8u13) ...
Removing libopenjpeg5:amd64 (1:1.5.2-3) ...
Removing libpng12-0:amd64 (1.2.50-2+deb8u3) ...
Removing libpth-dev (2.0.7-20+b2) ...
Removing libpth20:amd64 (2.0.7-20+b2) ...
Removing libssh-4:amd64 (0.7.3-2+deb9u2) ...
Removing libssl-dev:amd64 (1.1.0l-1~deb9u1) ...
Removing libtimedate-perl (2.3000-2) ...
Processing triggers for libc-bin (2.24-11+deb9u4) ...
Processing triggers for man-db (2.7.6.1-2) ...
root@openvas8-demo:~#

Langganan: Postingan ( Atom )

wachid web id