The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,798 other followers

Archive for the ‘openSuSE’ Category

SUSE 12.3 – How to auto start services…?

Posted by jpluimers on 2017/07/14

Old (somehow it was blocked in the post queue), but sometimes still relevant for more modern services as, well sysv versus systemd war still are not over yet…

Interesting: systemctl gives flaky results for many services.

chkconfig nfs
chkconfig nfs on

Source: [WayBack] SUSE 12.3 – How to auto start services…?

This is on my system:

revue:~ # systemctl is-enabled shellinabox
shellinabox.service is not a native service, redirecting to systemd-sysv-install
Executing /usr/lib/systemd/systemd-sysv-install is-enabled shellinabox
shellinabox  off
enabled
revue:~ # rcshellinabox status
Checking for service shellinabox                                                       unused
● shellinabox.service - LSB: shellinabox
Loaded: loaded (/etc/init.d/shellinabox)
Active: inactive (dead)
Docs: man:systemd-sysv-generator(8)
revue:~ # rcshellinabox start
redirecting to systemctl start shellinabox.service
revue:~ # chkconfig shellinabox
shellinabox  off
revue:~ # chkconfig shellinabox on
revue:~ # chkconfig shellinabox
shellinabox  on

–jeroen

Posted in *nix, openSuSE, Power User, SuSE Linux | Leave a Comment »

OpenSuSE Tumbleweed: When apache breaks with “Invalid argument: AH00069: make_sock: for address [::]:443”

Posted by jpluimers on 2017/06/28

I had this strange break down of Apache 2 after updating to the most recent openSuSE Tumbleweed in the /var/log/apache2/error_log:

[Wed Jun 28 10:04:19.955991 2017] [ssl:info] [pid 27786] AH01887: Init: Initializing (virtual) servers for SSL
[Wed Jun 28 10:04:19.962449 2017] [ssl:info] [pid 27786] AH01876: mod_ssl/2.4.26 compiled against Server: Apache/2.4.26, Library: OpenSSL/1.0.2k
AH00558: httpd-prefork: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
[Wed Jun 28 10:04:20.029863 2017] [core:crit] [pid 27786] (22)Invalid argument: AH00069: make_sock: for address [::]:443, apr_socket_opt_set: (IPV6_V6ONLY)
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
[Wed Jun 28 10:04:20.029935 2017] [mpm_prefork:alert] [pid 27786] no listening sockets available, shutting down

This didn’t give any results for processes having port 443 open:

# /usr/bin/netstat --verbose --all --numeric | grep 443

The commands below didn’t help much either.

So I started digging in port 443 binding:

Read the rest of this entry »

Posted in *nix, Apache2, Linux, openSuSE, Power User, SuSE Linux | Leave a Comment »

OpenSuSE Tumbleweed – testing the password of any user with getent and openssl

Posted by jpluimers on 2017/06/21

For one of my VMs I forgot to note which of the initial password I had changed, so I wanted to check them.

Since I didn’t have a keyboard attached to the console and ssh wasn’t allowing root, I needed an alternative than actual login to test the passwords.

Luckily /etc/shadow, with getent and openssl came to the rescue.

Since getent varies per distribution, here is how it works on OpenSuSE:

Read the rest of this entry »

Posted in bash, Development, Linux, openSuSE, Scripting, Software Development, SuSE Linux | Leave a Comment »

Reverse ssh tunnel between two linux boxes to allow RDP traffic over port 3389

Posted by jpluimers on 2017/06/12

You know the drill: site that limits incoming traffic and has painful VPN. Luckily this time outgoing ssh traffic on port 22 was allowed (because they do SFTP which is SSH File Transfer).

Since I’ve outside Linux boxes and could run a Linux VM there (all Tumbleweed based), this allowed me to do a reverse SSH tunnel. Those are always a bit confusing, but this set of drawings really helps: What’s ssh port forwarding and what’s the difference between ssh local and remote port forwarding – Unix & Linux Stack Exchange [WayBack].

Which brings me to a statement like this:

ssh -o "ExitOnForwardFailure yes" -R :3389:192.168.199.114:3389 -p 33322 93.184.216.34

That didn’t work: a remote machine could not RDP to port 3389, but a local telnet localhost 3389 would. The reason is that by default sshd binds a remote port to the local address only and not the wildcard addres.

So you have to open up the remote config a bit: at least /etc/sshd_config and most likely also your firewall.

Read the rest of this entry »

Posted in *nix, Communications Development, Development, Internet protocol suite, Linux, openSuSE, Power User, SSH, SuSE Linux, TCP, Tumbleweed | Leave a Comment »

Hmm, named failing at start on one of the secondaries: need to investigate this further

Posted by jpluimers on 2017/05/24

I was not too happy that this just happened after updating one of the DNS secondaries:

May 24 21:29:48 laurel systemd[1]: Starting LSB: Domain Name System (DNS) server, named...
-- Subject: Unit named.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has begun starting up.
May 24 21:29:49 laurel named[3173]: Starting name server BIND cp: cannot stat '/lib/engines': No such file or directory
May 24 21:29:51 laurel named[3235]: starting BIND 9.10.4-P5  -t /var/lib/named -u named
May 24 21:29:51 laurel named[3235]: running on Linux armv6l 4.3.3-6-raspberrypi #1 Wed Dec 16 08:03:35 UTC 2015 (db72752)
May 24 21:29:51 laurel named[3235]: built with '--prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--localstatedir=/var' '--libdir=/usr/lib' '--enable-exportlib' '--with-export-libdir=/usr/lib' '--with-export-includedir=/usr/i
May 24 21:29:51 laurel named[3235]: ----------------------------------------------------
May 24 21:29:51 laurel named[3235]: BIND 9 is maintained by Internet Systems Consortium,
May 24 21:29:51 laurel named[3235]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
May 24 21:29:51 laurel named[3235]: corporation.  Support and training for BIND 9 are
May 24 21:29:51 laurel named[3235]: available at https://www.isc.org/support
May 24 21:29:51 laurel named[3235]: ----------------------------------------------------
May 24 21:29:51 laurel named[3235]: adjusted limit on open files from 4096 to 1048576
May 24 21:29:51 laurel named[3235]: found 1 CPU, using 1 worker thread
May 24 21:29:51 laurel named[3235]: using 1 UDP listener per interface
May 24 21:29:51 laurel named[3235]: using up to 4096 sockets
May 24 21:29:51 laurel named[3235]: ENGINE_by_id failed (crypto failure)
May 24 21:29:51 laurel named[3235]: error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:233:
May 24 21:29:51 laurel named[3235]: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:467:
May 24 21:29:51 laurel named[3235]: error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:390:id=gost
May 24 21:29:51 laurel named[3235]: initializing DST: crypto failure
May 24 21:29:51 laurel named[3235]: exiting (due to fatal error)
May 24 21:29:51 laurel named[3173]: ..failed
May 24 21:29:51 laurel systemd[1]: named.service: Control process exited, code=exited status=1
May 24 21:29:51 laurel systemd[1]: Failed to start LSB: Domain Name System (DNS) server, named.
-- Subject: Unit named.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has failed.
-- 
-- The result is failed.
May 24 21:29:51 laurel systemd[1]: named.service: Unit entered failed state.
May 24 21:29:51 laurel systemd[1]: named.service: Failed with result 'exit-code'.

It’s in fact a manifestation of [Archive.isBug 1040027 – bind (named): fails to start since the introduction of namespaced openSSL packages

A fix is in the pipeline at [Archice.isRequest 496968 – openSUSE Build Service

However, that fix never made it to Raspberry Pi B (the original Rasberry Pi 1B) because that is armv6l and the bind build for that has failed early April 2017.

That’s now in [Archive.isBug 1040697 – bind fails building for armv6l since 20170401 causing bugfixes not to make it to the wild.

–jeroen

Read the rest of this entry »

Posted in *nix, bind-named, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

 
%d bloggers like this: