• 0 Votes
    1 Posts
    209 Views
    No one has replied
  • 0 Votes
    1 Posts
    241 Views
    No one has replied
  • Essential WSL Tweaks You Should Try

    Starwind
    1
    0 Votes
    1 Posts
    210 Views
    No one has replied
  • Hardening RHEL (and RHEL Based OSs)

    IT Discussion
    1
    1 Votes
    1 Posts
    218 Views
    No one has replied
  • Decrypting a LUKS encrypted drive at boot

    Unsolved IT Discussion
    8
    0 Votes
    8 Posts
    761 Views
    IThomeboy80I

    Here is something i found:

    Ensure LUKS Drive is Configured
    If the drive isn’t encrypted yet, you can encrypt it with LUKS:

    bash
    Copy
    Edit
    sudo cryptsetup luksFormat /dev/sdX
    Replace /dev/sdX with the appropriate drive/partition. Be cautious—this step will erase all data on the drive.

    Add the Drive to /etc/crypttab
    Edit the /etc/crypttab file to configure the system to unlock the drive at boot.

    Open the file:

    bash
    Copy
    Edit
    sudo nano /etc/crypttab
    Add an entry for the encrypted drive:

    bash
    Copy
    Edit
    cryptname /dev/sdX none luks
    cryptname: A name for the decrypted device (used later in /etc/fstab).
    /dev/sdX: Path to the encrypted device.
    none: Use none for a passphrase prompt at boot or specify a path to a key file.
    luks: Indicates LUKS encryption.
    Example:

    bash
    Copy
    Edit
    cryptdrive /dev/sdb1 none luks
    3. Add the Decrypted Device to /etc/fstab
    To automatically mount the decrypted drive after unlocking:

    Edit /etc/fstab:

    bash
    Copy
    Edit
    sudo nano /etc/fstab
    Add an entry for the decrypted drive:

    bash
    Copy
    Edit
    /dev/mapper/cryptname /mnt/mountpoint ext4 defaults 0 2
    Replace:

    /dev/mapper/cryptname with the mapped device from /etc/crypttab.
    /mnt/mountpoint with your desired mount point.
    ext4 with your file system type.
    4. Generate an Initramfs
    If the root file system or a critical drive is encrypted, you’ll need to update the initramfs to include decryption tools.

    Update the initramfs:

    bash
    Copy
    Edit
    sudo update-initramfs -u
    Verify that the cryptsetup package is installed in your initramfs configuration.

    Test Boot Behavior
    Reboot the system and observe the decryption process:

    If you specified none in /etc/crypttab, you should be prompted for a passphrase at boot.
    If a key file was used, the drive should decrypt automatically.
    6. Using a Key File for Automatic Decryption
    To avoid entering a passphrase at boot, use a key file:

    Generate a key file:

    bash
    Copy
    Edit
    sudo dd if=/dev/urandom of=/root/luks-keyfile bs=4096 count=1
    Set permissions:

    bash
    Copy
    Edit
    sudo chmod 600 /root/luks-keyfile
    Add the key file to the LUKS header:

    bash
    Copy
    Edit
    sudo cryptsetup luksAddKey /dev/sdX /root/luks-keyfile
    Update /etc/crypttab:

    bash
    Copy
    Edit
    cryptname /dev/sdX /root/luks-keyfile luks
    Update the initramfs:

    bash
    Copy
    Edit
    sudo update-initramfs -u
    Reboot to test automatic decryption.

    Troubleshooting
    Device not found during boot: Ensure the correct device path is used in /etc/crypttab.
    Passphrase prompt not appearing: Verify cryptsetup is installed and included in initramfs.
    Boot hangs or fails: Boot into a live session, comment out entries in /etc/fstab or /etc/crypttab, and investigate.
  • NFS vs SMB: Which Protocol Should You Choose?

    Starwind
    1
    0 Votes
    1 Posts
    304 Views
    No one has replied
  • IBM Datapower on Linux

    Solved IT Discussion
    5
    0 Votes
    5 Posts
    951 Views
    DustinB3403D

    Okay for anyone still around, I was able to get this sorted, it appears that the initial file I was using was either corrupted or maybe a patch for an existing installation.

    I've documented the process, copied below for reference. I won't be sharing IBMs RPM's on this post. You should be able to get these directly from IBM's website free of charge, but your mileage may vary.

    Installing IBM Datapower on CentOS 8/9 or Rocky Linux 8/9 to your Hypervisor/Cloud Provider

    Minimum System Requirements
    • 4 vCPU
    • 16 GiB RAM
    • 80 GiB Disk Space
    • 4 Network Interfaces – with DHCP or Statically Assigned IPs
    • 2 Available Loop devices – Documented Below
    • Default Partitioning will work, can be configured to meet any security requirements (separate LV for VAR for example)
    • Installation without a GUI recommended with these below features
    ◦ “Server Installation” Option
    ▪ Guest Agents (Drivers for Hypervisor/Cloud recommended)
    ▪ Remote Management for Linux recommended – SSH and or Cockpit
    • Root only account – User accounts are unnecessary
    • Security Policy to adhere to any State/Fed requirements (may effect Installation Destination configuration – not documented here).

    Configure Timezone and any other settings as required – no specific documentation needed

    Sample User: root
    Password: your-password

    Upon installation check for updates and install a few required repositories.

    sudo dnf update -y sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm sudo dnf update -y sudo dnf search schroot sudo dnf install schroot ipvsadm kmod telnet -y

    Post installation of dependencies we need to confirm our loop devices are configured.

    Confirm what loop devices exist (likely there is only 1) so we’ll need to create some with the below.

    List your loop devices:

    ls -l /dev/loop* brw-r----- 1 rootls disk 7, 0 Jul 24 17:49 /dev/loop-control

    We only have the loop-control device, so create two more loop devices with the below.

    mknod -m660 /dev/loop1 b 7 8 mknod -m660 /dev/loop2 b 7 8

    Confirm the devices are listed.

    ls -l /dev/loop* brw-rw----. 1 root root 7, 8 Nov 27 08:10 /dev/loop1 brw-rw----. 1 root root 7, 8 Nov 27 08:10 /dev/loop2 crw-rw----. 1 root disk 10, 237 Nov 27 07:51 /dev/loop-control

    Now transfer or download the Datapower and LibgCrypt RPMs to this system using something line wget or WinSCP depending on access. You can find libgcrypt here (https://rpmfind.net)

    Once transferred, you may have to decompress the installation files.

    tar -xf idg_lx10540.cd.ASL.prod.tar

    Now we can install the program

    sudo yum install idg_lx.10540.image.x86_64.rpm idg_lx10540.common.x86_64.rpm

    Once installed, you’ll connect to the system via telnet on the system’s loopback address

    telnet 127.0.0.1 2200 Initial login is: admin Initial Password is: admin

    Confirm to all prompts with Y and then run/create and confirm a new password

    You must restart the DataPower Gateway to make the Common Criteria policies effective.

    idg# configure terminal;web-mgmt;admin-state enabled;local-address 0 9090;exit Global mode Modify Web management service configuration

    Now you can go to the web console via your computer and using the primary IP address. In our example
    https://ip-address:9090

    You’ll use the login password you created while connected via SSH. You’ll have to create yet another new password.

    Once the password is updated, you’ll be able to login and complete the setup by accepting the license agreement.

    After accepting the licensing agreement the system will need to reboot. After logging in via SSH you’ll need to restart the web interface.

    telnet 127.0.0.1 2200 admin <password> idg<config> idg <config> configure terminal;web-mgmt;admin-state enabled;local-address 0 9090;exit

    That's the complete installation process from start to finish. The last step would be to setup initialization of the datapower service upon restart. I'll be working on this sometime this week probably so that the environment is fault tolerant.

  • 1 Votes
    1 Posts
    457 Views
    No one has replied
  • 0 Votes
    1 Posts
    273 Views
    No one has replied
  • 0 Votes
    1 Posts
    279 Views
    No one has replied
  • 1 Votes
    3 Posts
    2k Views
    scottalanmillerS

    @CCWTech said in Clean a Linux or UNIX Text File to Strip Hidden Characters:

    @scottalanmiller Great, but can you explain the syntax of the command?

    trim anything accept characters 11, 12, or 40-176. The acceptable character ranges.

  • 3 Votes
    5 Posts
    747 Views
    EddieJenningsE

    @DustinB3403

    Ha! That's the thing though, I am curious if sudo will be (at least partially derived) from the sudo we know and love, or will it be Microsoft's own thing that happens to use a command named sudo.

  • 0 Votes
    3 Posts
    712 Views
    ObsolesceO

    @NetworkNerd

    1. Identify the Cause of High Disk IO and CPU Wait MariaDB Activity: Since mariadb is showing high IO during the problematic window, it's crucial to identify the queries causing this load. You can enable the slow query log in MariaDB to capture queries that are taking an unusually long time to execute. Scheduled Tasks: Check for any scheduled tasks (cron jobs) on the server that run around 5 AM CST. These could be system tasks, WordPress cron jobs, or database maintenance tasks. 2. Systemd-journald Failure The failure of systemd-journal-flush.service suggests that the journaling system is overwhelmed, likely due to the high IO load. Investigate the journal logs (journalctl) for any errors or warnings that occur around this time. 3. Review WordPress Plugins and Activities Plugin Behavior: Even though plugins like Updraft Plus are scheduled for different times, they might be triggering background tasks. Verify plugin behavior and logs. WordPress Cron: WordPress has its own cron system (wp-cron.php) that can sometimes trigger resource-intensive tasks. Review the WordPress cron events. 4. Server and Database Optimization Database Optimization: Run a check and optimization task on your MariaDB database. Over time, databases can become inefficient and slow. Upgrade Resources: An e2-micro instance is quite limited in resources. If this issue is related to resource constraints, consider upgrading the VM instance type. 5. Monitoring and Logs Enable Enhanced Monitoring: Tools like sar, iotop, or atop can provide in-depth system metrics. Make sure they are configured correctly. Access and Error Logs: Review NGINX, PHP-FPM, and MariaDB logs for any anomalies during the problematic time frame. 6. External Factors Traffic Spikes: Although Jetpack stats show low traffic, consider checking the access logs for unexpected traffic spikes, which might be bots or crawlers. Network Analysis: Use tools to monitor network activity. Unexpected external connections might be contributing to the load. 7. Testing and Isolation Isolate Components: Temporarily disable certain components or plugins during the problem window to see if the issue persists. Test in a Staging Environment: If possible, replicate the setup in a staging environment to test without affecting the live site.
  • 3 Votes
    1 Posts
    396 Views
    No one has replied
  • Not much luck with Linux Distro's

    IT Discussion
    35
    0 Votes
    35 Posts
    3k Views
    scottalanmillerS

    The Linux / Windows approach gives you far more flexibility. MacOS is useless in a million scenarios. But when it is good, it's really good. The UI is still pretty crap, but things like patching they can do with a reliability no one else can. No matter how hard anyone tries, vertical integration of components means things like patching can be tested completely, not just spot checked.

  • Powershell (or CMD) to print PDF files

    Unsolved IT Discussion
    13
    0 Votes
    13 Posts
    2k Views
    P

    There is a ppd you can use for cups in the Mac driver.

    Primera LX900 - ColorLabelSugned - Payload~~ - Library - Printers - PPDs - Contents - Resources - CL900.ppd

  • 1 Votes
    1 Posts
    338 Views
    No one has replied
  • 0 Votes
    1 Posts
    341 Views
    No one has replied
  • 1 Votes
    17 Posts
    2k Views
    stacksofplatesS

    @scottalanmiller said in Installing Mastodon 4.1.2 on Debian 11:

    @stacksofplates said in Installing Mastodon 4.1.2 on Debian 11:

    Their official image is here ghcr.io/mastodon/mastodon

    Yeah, that one was flaky. But is it official? Why's it on a different account?

    Yes it's their official. Ghcr is the GitHub packages repo. It's similar to GCR, ECR, etc. Other OCI image repositories are more popular now since Docker has imposed limits on Docker Hub.

  • 1 Votes
    1 Posts
    411 Views
    No one has replied