Posts

So updating an OS sometimes changes the defaults used for various pieces of crypto. In fedora to set it back to how it used to be:

update-crypto-policies --set LEGACY

You should only do this as last resort or just for testing.

Simply scanned the new units to see what ports are open:

al@alex490:~$ nmap -p- 192.168.nnn.nnn

Starting Nmap 7.60 ( https://nmap.org ) at 2020-11-25 18:41 GMT  
Nmap scan report for MyCloud-R6GNH47Y.lab.tsew.net (192.168.0.132)  
Host is up (0.0011s latency).  
Not shown: 65527 closed ports  
PORT STATE SERVICE  
80/tcp open http  
139/tcp open netbios-ssn  
443/tcp open https  
445/tcp open microsoft-ds  
548/tcp open afp  
8080/tcp open http-proxy  
9999/tcp open abyss  
33284/tcp open unknown

Easy way to update LetsEncrypt certs: stop letsencrypt

%s/HTTPS_METHOD=redirect/HTTPS_METHOD=noredirect

start letsencrypt

%s/HTTPS_METHOD=noredirect/HTTPS_METHOD=redirect

quit and verify

echo | openssl s_client -servername HostName -connect HostName:443 2>/dev/null | openssl x509 -noout -dates

yum install -y epel-release 
yum install -y yum-utils
yum install -y rpmconf
rpmconf -a
package-cleanup --leaves
package-cleanup --orphans
yum install -y dnf
dnf -y remove yum yum-metadata-parser
rm -Rf /etc/yum
dnf upgrade
dnf -y upgrade http://mirror.bytemark.co.uk/centos/8/BaseOS/x86\_64/os/Packages/centos-release-8.0-0.1905.0.9.el8.x86\_64.rpm
dnf -y upgrade https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf clean all
rpm -e zfs
rpm -e kmod-zfs
rpm -e \`rpm -q kernel\`
rpm -e --nodeps sysvinit-tools
dnf -y --releasever=8 --allowerasing --setopt=deltarpm=false distro-sync 
dnf -y install kernel-core
dnf -y groupupdate "Core" "Minimal Install"
cat /etc/redhat-release
yum install http://download.zfsonlinux.org/epel/zfs-release.el8\_0.noarch.rpm
yum -y update
yum -y install zfs
zpool upgrade -v
zpool scrub geekpool 
```Your pool name instead of geekpool in the last command

So I came across a problem with a Java App not being able to open a connection to an Oracle Database.  It wasn’t a problem with Credentials or the SID but a failure to connect.  After a bit of digging I found that there wasn’t enough entropy in the system to get the required amount of bytes from /dev/random - the solution is to edit java.security to use /dev/urandom instead:

Yeah you can’t do it - so don’t think you can save space compressing VHDs or VHDXs

Use my special docker image:

docker run -ti -v /FLAC/The\\ KLF/Chill\\ Out/:/opt albal/cuetools /bin/bash

In the container run:

shnsplit -f Chill\\ Out.cue -t %n-%t -o flac Chill\\ Out.flac
cuetag Chill\\ Out.cue \[0-9\]\*.flac

 ansible -a "docker ps -aq | xargs docker stop" docker

Where docker is a list of hosts in ansible

The following commands run on the USG will use the pppoe1 WAN for the two source addresses specified.

configure
set firewall modify LOAD\_BALANCE rule 2500 action modify
set firewall modify LOAD\_BALANCE rule 2500 modify table 5
set firewall modify LOAD\_BALANCE rule 2500 source address 192.168.0.102
set firewall modify LOAD\_BALANCE rule 2500 protocol all
set firewall modify LOAD\_BALANCE rule 2501 action modify
set firewall modify LOAD\_BALANCE rule 2501 modify table 5
set firewall modify LOAD\_BALANCE rule 2501 source address 192.168.0.115
set firewall modify LOAD\_BALANCE rule 2501 protocol all
set protocols static table 5 interface-route 0.0.0.0/0 next-hop-interface pppoe1
commit;save;exit

You possibly don’t want your client computer joined to a domain nor any messing around with your client computer DNS settings either.  So here are the three commands you need to run in an elevated command prompt on your client computer.

reg add "HKLM\\SOFTWARE\\Microsoft\\Windows Server\\Networking\\ClientDns" /v SkipAutoDnsConfig /t REG\_DWORD /d 1
reg add "HKLM\\SOFTWARE\\Microsoft\\Windows Server\\Networking\\ServerDiscovery" /v SkipAutoDNSServerDetection /t REG\_SZ /d true
reg add "HKLM\\SOFTWARE\\Microsoft\\Windows Server\\ClientDeployment" /v SkipDomainJoin /t REG\_DWORD /d 1