Category Archives: CentOS

NOTICE Jail started without ‘journalmatch’ set. Jail regexs will be checked against all journal entries

So!, my apache-auth (and others) weren’t showing up the File list.

2018-11-07 20:02:28,651 fail2ban.filtersystemd [23523]: NOTICE Jail started without ‘journalmatch’ set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.

 

Lets edit /etc/fail2ban/jail.d/00-systemd.conf and set backend to auto.

Refused to display ‘https://www.domain.com/admin/top.php’ in a frame because it set ‘X-Frame-Options’ to ‘deny’.

 

Refused to display ‘https://www.domain.com/admin/top.php’ in a frame because it set ‘X-Frame-Options’ to ‘deny’.

Setting this up, on your .htaccess might solve the problem

Header set X-Frame-Options SAMEORIGIN

But, I have multiple frames…

Refused to display ‘https://www.domain.com/admin/top.php’ in a frame because it set multiple ‘X-Frame-Options’ headers with conflicting values (‘DENY, SAMEORIGIN’). Falling back to ‘deny’.

This worked out!

Header always unset X-Frame-Options

As seen on https://stackoverflow.com/questions/17092154/x-frame-options-on-apache

live MySQL queries

On your mysql console…

mysql> SHOW VARIABLES LIKE "general_log%";

+------------------+----------------------------+
| Variable_name    | Value                      |
+------------------+----------------------------+
| general_log      | OFF                        |
| general_log_file | /var/run/mysqld/mysqld.log |
+------------------+----------------------------+

mysql> SET GLOBAL general_log = 'ON';

Then!

tail -f -n200 /var/run/mysqld/mysqld.log

 

After debugging… don’t forget to turn it OFF!

mysql> SET GLOBAL general_log = 'OFF';

 

 

No output on stdout) stderr: connect to address XXX.XXX.XXX.XXX port 5666: Connection refused 

This was tested on a CentOS 7.

This might have TWO possible causes

  • nrpe service is down
    use service nrpe status to test it.
    You might wanna see ‘section’ Add NRPE to service bellow, to activate nrpe as a service.
  • firewall on nrpe machine is blocking it

 

Some important files/directories

nrpe.cfg – /etc/nagios/nrpe.cfg
nagios/nrpe plugins folder – /usr/lib64/nagios/plugins/
logs – /var/log/messages

 

nrpe.cfg

My nrpe.cfg, in a CentOS 7, is located at /etc/nagios/nrpe.cfg

nano /etc/nagios/nrpe.cfg
nrpe log

In a default nrpe installation log is disabled!
You might want to enable it for better debug of the issues… Go to  and enable it.

log_file=/var/run/nrpe.log

nrpe debug mode

Yah!, the default installation will came also with debug disabled.
We want it enabled to see more information while we try to use service nrpe status for example.

debug=1

server_address

Server address… it might confuse you!
Server address ISN’T the NAGIOS’s ip address. It’s the actual external IP address of the current machine! allowed_hosts it’s actually it!

Lets check out the status of 5666 port.
lsof -i:5666
netstat -an |grep 5666

If you don’t see any result… this probably means that nrpe is down!
See the ‘section’ Add NRPE to service bellow.

Open PORT on the firewall
sudo firewall-cmd --permanent --zone=public --add-port=5666/tcp
firewall-cmd --reload
Add NRPE to service  – this will lunch nrpe on reboots –
sudo systemctl enable nrpe.service
sudo systemctl start nrpe.service

Continue reading No output on stdout) stderr: connect to address XXX.XXX.XXX.XXX port 5666: Connection refused 

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

So, I was trying to create a SSL certificate with certbot…..

[email protected]:~# certbot --apache -d blog.domain.com

This was how I’v done to properly create it.

certbot --authenticator standalone --installer apache -d blog.domain.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"

fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned

Meanwhile in a new VPS…

2018-04-18 19:56:42,211 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:43,213 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:44,214 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:45,215 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:46,217 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:47,218 fail2ban.actions [14644]: NOTICE [sshd] 195.72.223.106 already banned
2018-04-18 19:56:48,219 fail2ban.actions [14644]: NOTICE [sshd] 195.72.223.106 already banned

YAH!
Take a look at /etc/fail2ban/jail.local or /etc/fail2ban/jail.d/00-firewalld.conf
banaction = firewallcmd-ipset
or
banaction = iptables-multiport

 

Meltdown & Spectre – CentOS

This is, for what I’v read about, the two main things that we need to have updated…

kernel-3.10.0-693.11.6.el7.x86_64
microcode_ctl-2.1-22.2.el7.x86_64

Check them trought uname -r and dmesg | grep microcode

 

[[email protected] www]# systemctl status microcode -l
● microcode.service - Load CPU microcode update
 Loaded: loaded (/usr/lib/systemd/system/microcode.service; enabled; vendor preset: enabled)
 Active: inactive (dead) since Fri 2018-01-05 17:43:08 CET; 1 weeks 6 days ago
 Process: 692 ExecStart=/usr/bin/bash -c grep -l GenuineIntel /proc/cpuinfo | xargs grep -l -E "model[[:space:]]*: 79$" > /dev/null || echo 1 > /sys/devices/system/cpu/microcode/reload (code=exited, status=0/SUCCESS)
 Main PID: 692 (code=exited, status=0/SUCCESS)

Jan 05 17:43:08 sd-56969 systemd[1]: Starting Load CPU microcode update...
Jan 05 17:43:08 sd-56969 systemd[1]: Started Load CPU microcode update.