GreenDay tour is on the way (Hella Mega tour). Hope to see you there in Paris in June 2022, feel free to join me, you know me twitter account 🙂
FRR Routing v8.0 is out and happy to see SR
For (perhaps) futur projet I read different documentations around Bird, FRR Routing, … and I am really happy to see in FRR Routing v8.0 the new ‘pathd‘ daemon, which implement SR (Segment Routing). It is really cool to see this.
There is others new feature which have been implemented in this release and are major IMHO.
It is really great work !!!
More information there : https://frrouting.org/release/8.0/
See you soon 🙂
NextCloud and Memcached-APCu
For those of you which update your personal cloud to the lastest stable version of Nextcloud due to CVE (https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-543/), you could encountered this error :
An unhandled exception has been thrown: OC\HintException: : Memcache \OC\Memcache\APCu not available for local cache (Is the matching PHP module installed and enabled?)
You could solve the issue :
echo 'apc.enable_cli=1' >> /etc/php/7.x/mods-available/apcu.ini
FreeBSD and fail2ban
To go on configuring my FreeBSD server, I install my traditionnal package : “fail2ban”. By the way with Linux distro, apt install fail2ban is enough.
Not now 😀
You must add :
root@pluton:/usr/local/etc/fail2ban/jail.d# cat ssh-ipfw.local [ssh-ipfw] enabled = true filter = sshd action = ipfw[name=SSH, port=ssh, protocol=tcp] logpath = /var/log/auth.log findtime = 600 maxretry = 3 bantime = 3600 root@pluton:/usr/local/etc/fail2ban/jail.d#
And edit action file so that “localhost” is your public IP :
root@pluton:/usr/local/etc/fail2ban/action.d# cat ipfw.conf # Fail2Ban configuration file # # Author: Nick Munger # Modified by: Cyril Jaquier # # [...] # Option: localhost # Notes.: the local IP address of the network interface # Values: IP # localhost = <YOUR_PUBLIC_IP_ADDRESS> # Option: blocktype # Notes.: How to block the traffic. Use a action from man 5 ipfw # Common values: deny, unreach port, reset # Values: STRING # blocktype = unreach port root@pluton:/usr/local/etc/fail2ban/action.d#
Blog, bsd, apache2, certbot and fun
It was long time ago I used a FreeBSD system. I was really impressed by the way it great evolved. It is easy to add package due to “pkg” tool and “portsnap”.
pkg install apache24 mysql57-server mod_php73 php73-mysqli php73-xml php73-hash php73-gd php73-curl php73-tokenizer php73-zlib php73-zip
I have a really fast install of an HTTP server as I can do with “apt-get”.
I have needed to load some modules by editiing /usr/local/etc/apache24/httpd.conf such as :
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
LoadModule php7_module libexec/apache24/libphp7.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
Some more work width certbot for Let’s Encrypt SSL certificate :
root@ns326804:/usr/ports/security/py-certbot # make install clean root@ns326804:/usr/ports/security/py-certbot-apache # make install clean root@ns326804:/usr/ports/security/py-certbot # rehash
I can now install my SSL certificates with :
certbot --apache -d clucas.fr
certbot install --cert-name www.clucas.fr
certbot install --cert-name blog.clucas.fr
I have moved my SQL data to my fresh FreeBSD install and try yo access my blog (it is using wordpress)… It was a FAIL. It lacks some PHP module :
pkg install php73-json php73-filter php73-ctype
It was some tips. I have not listed all the tasks I have done but only the one I think which can give you some information. By the way I was really pleased to move some of my contents on this fresh-installed FreeBSD server. Lot of fun to do this.
And Voilà you can read this blog’s post now 🙂
July 15, 2021 01:35pm :
Update : Don’t forget to add AllowOverride on your data directory so that mod_rewrite can do his job correctly such as :
<Directory "/usr/local/www/apache24/data/blog.clucas.fr"> AllowOverride All </Directory>
Long long time ago, blog and FreeBSD…
It was a long long timeago I wrote here. ot of things happens to me but I don’t think it is the time and place to explain it.
This post is about a new experience to me : hosting this blog on FreeBSD machine. I am in love with BSD but don’t use it everyday. Networking&Telco is not an professional area where you can use it or your employer allow you to use it. Damn Windows, Teams, … and his egemony.
I will move this blog from Debian to FreeBSD server. I think it will lot of fun. If I have FreeBSD’s tips or remarks I will post it here. By the way I am currently studying for Cisco’s CCNP SPCOR (350-501) exam. Either I will try to give me a kick in the ass to post more technical posts.
Have fun 🙂
CCIE v5.1 self assessment spreadsheet.
Now, I go to CCIE and need to begin by first of all : CCIE Written. And to know where to start, you begin with a __real__ self assessment on your knowledge and where to work hard to.
06/06/19 – D-Day
In memory of all the soldiers who paid with their life the cost to peace and democracy in Europe. Please read these words and keep it in mind.
https://lyricstranslate.com/en/n%C3%A9-en-17-%C3%A0-leidenstadt-born-1917-leidenstadt.html If I 'd been born in 1917 in Leidenstadt On top of ruins, in a battlefield Would I have behaved better of worse than those people If I'd been German? Born into humiliation, hatred and ignorance Fed on dreams of revenge Would I have been one of those unlikely beings with a conscience Like some teardrops in the midst of a flood? If I'd grown up in the docklands of Belfast Soldier of a faith, of a class Would I have had the strength to withstand and fight against my Own kind: to betray, to hold out a hand in friendship? If I'd been born white and rich in Johannesburg Between the power and the fear Would I have heard the cries carried by the wind? Nothing will be like it was before. One never knows what one really has in one's guts, Hidden behind our appearances The soul of a brave man, an accomplice, an executioner? The worst or the best? Would we be one of those who resist or just those who follow like sheep If it was a question of more than just words? (Refrain) If I 'd been born in 1917 in Leidenstadt On top of ruins in a battlefield Would I have behaved better of worse than those If I'd been German?
Cisco & IP NAT
It’s been a while I have posted a blog entry. A simple tip from IOS 12.4(20) to 12.4(24) and above to use OID “.184.108.40.206.220.127.116.11.18.104.22.168.0” to graph your NAT translations :
R(conf)# ip nat service enable-mib
%NAT: Old NAT-MIB support enabled
You will be for me the guy who wrote this kind of post and talk technology with Remy Card (ext2).
Path: bga.com!news.sprintlink.net!pipex!oleane!univ-lyon1.fr!ensta!itesec!frmug.fr.net!renux.frmug.fr.net!marouchka.gna.org!not-for-mail From: ji...@marouchka.gna.org (Jean-Francois Monnet) Newsgroups: fr.comp.os.linux Subject: Re: LINUX ET E-IDE Date: 23 Nov 1994 08:43:22 +0100 Organization: Marouchka, A Private Linux Site, France Lines: 23 Distribution: world Message-ID: <email@example.com> References: <firstname.lastname@example.org> Reply-To: mon...@dir.univ-rouen.fr (Jean-Francois Monnet) NNTP-Posting-Host: marouchka.gna.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Newsreader: TIN [version 1.2 PL2] Yves Arrouye (arr...@petole.imag.fr) ecrit: > Tu vas peut-etre pouvoir m'aider : je veux mettre un 3e disque (sur un 2e > controleur). Mon 2e controleur ne tourne que sur irq 14, mais on peut changer > les adresses des disques (il en a deux plages). Je n'arrive pas a ce que le > patch reconnaisse gentiment mon 3e disque, quelque soit la config. Au secours > ! Help ! Chez moi, le deuxieme controleur n'a ete bien reconnu qu'a partir du moment ou j'ai pris le fer a souder et devie la piste IRQ 14 -> IRQ 15, comme explique dans la doc de l'archive atdisk2-0.9.tgz (ancien patch pour gerer deux cartes controleur IDE). Je crois que cette doc n'est plus fournie avec les patches ide-x.x*. Je peux te l'envoyer si tu ne trouves pas l'archive atdisk. Car, meme avec deux adresses I/O differentes pour les cartes, l'utilisation de la meme IRQ avec plus de 2 disques peut poser des problemes. > (Linux 1.1.64 + ide-2.5.patch-64+) Je tourne en 1.1.61 + ide-2.01.patch.61+.gz et ca roule sans pbs pour l'IDE. -- Marouchka - 76 Rouen
And a great linux kernel programmer (Telsat Turbo), rock’n roll & Nina Hagen fan.
Have fun with luxman…