Can’t wait to live this again. Hella Mega Tour…

Posted on August 3, 2021 by clucas

GreenDay tour is on the way (Hella Mega tour). Hope to see you there in Paris in June 2022, feel free to join me, you know me twitter account 🙂

FRR Routing v8.0 is out and happy to see SR

Posted on August 3, 2021August 3, 2021 by clucas

Hey,

For (perhaps) futur projet I read different documentations around Bird, FRR Routing, … and I am really happy to see in FRR Routing v8.0 the new ‘pathd‘ daemon, which implement SR (Segment Routing). It is really cool to see this.

There is others new feature which have been implemented in this release and are major IMHO.

TI-LFA for OSPF and IS-IS (great too for SR) ;
VRF for OSPFv3 ;
EVPN full-implementation.

It is really great work !!!

More information there : https://frrouting.org/release/8.0/

See you soon 🙂

NextCloud and Memcached-APCu

Posted on July 19, 2021 by clucas

For those of you which update your personal cloud to the lastest stable version of Nextcloud due to CVE (https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-543/), you could encountered this error :

An unhandled exception has been thrown:
OC\HintException: [0]: Memcache \OC\Memcache\APCu not available for local cache (Is the matching PHP module installed and enabled?)

You could solve the issue :

echo 'apc.enable_cli=1' >> /etc/php/7.x/mods-available/apcu.ini

Have fun.

FreeBSD and fail2ban

Posted on July 16, 2021July 15, 2021 by clucas

Hey,

To go on configuring my FreeBSD server, I install my traditionnal package : “fail2ban”. By the way with Linux distro, apt install fail2ban is enough.

Not now 😀

You must add :

root@pluton:/usr/local/etc/fail2ban/jail.d# cat ssh-ipfw.local 
[ssh-ipfw]
enabled = true
filter = sshd
action = ipfw[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/auth.log
findtime = 600
maxretry = 3
bantime = 3600
root@pluton:/usr/local/etc/fail2ban/jail.d#

And edit action file so that “localhost” is your public IP :

root@pluton:/usr/local/etc/fail2ban/action.d# cat ipfw.conf 
# Fail2Ban configuration file
#
# Author: Nick Munger
# Modified by: Cyril Jaquier
#
#
[...]
# Option:  localhost
# Notes.:  the local IP address of the network interface
# Values:  IP
#
localhost = <YOUR_PUBLIC_IP_ADDRESS>


# Option:  blocktype
# Notes.:  How to block the traffic. Use a action from man 5 ipfw
#          Common values: deny, unreach port, reset
# Values:  STRING
#
blocktype = unreach port
root@pluton:/usr/local/etc/fail2ban/action.d#

Blog, bsd, apache2, certbot and fun

Posted on July 15, 2021July 15, 2021 by clucas

It was long time ago I used a FreeBSD system. I was really impressed by the way it great evolved. It is easy to add package due to “pkg” tool and “portsnap”.

After :

pkg install apache24 mysql57-server mod_php73 php73-mysqli php73-xml php73-hash php73-gd php73-curl php73-tokenizer php73-zlib php73-zip

I have a really fast install of an HTTP server as I can do with “apt-get”.

I have needed to load some modules by editiing /usr/local/etc/apache24/httpd.conf such as :

[...]
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
LoadModule php7_module libexec/apache24/libphp7.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
[...]

Some more work width certbot for Let’s Encrypt SSL certificate :

root@ns326804:/usr/ports/security/py-certbot # make install clean
root@ns326804:/usr/ports/security/py-certbot-apache # make install clean
root@ns326804:/usr/ports/security/py-certbot # rehash

I can now install my SSL certificates with :

certbot --apache -d clucas.fr
certbot install --cert-name www.clucas.fr
certbot install --cert-name blog.clucas.fr

I have moved my SQL data to my fresh FreeBSD install and try yo access my blog (it is using wordpress)… It was a FAIL. It lacks some PHP module :

pkg install php73-json php73-filter php73-ctype

It was some tips. I have not listed all the tasks I have done but only the one I think which can give you some information. By the way I was really pleased to move some of my contents on this fresh-installed FreeBSD server. Lot of fun to do this.

And Voilà you can read this blog’s post now 🙂

July 15, 2021 01:35pm :

Update : Don’t forget to add AllowOverride on your data directory so that mod_rewrite can do his job correctly such as :

    <Directory "/usr/local/www/apache24/data/blog.clucas.fr">
        AllowOverride All
    </Directory>

Long long time ago, blog and FreeBSD…

Posted on July 14, 2021July 14, 2021 by clucas

It was a long long timeago I wrote here. ot of things happens to me but I don’t think it is the time and place to explain it.

This post is about a new experience to me : hosting this blog on FreeBSD machine. I am in love with BSD but don’t use it everyday. Networking&Telco is not an professional area where you can use it or your employer allow you to use it. Damn Windows, Teams, … and his egemony.

I will move this blog from Debian to FreeBSD server. I think it will lot of fun. If I have FreeBSD’s tips or remarks I will post it here. By the way I am currently studying for Cisco’s CCNP SPCOR (350-501) exam. Either I will try to give me a kick in the ass to post more technical posts.

Have fun 🙂

CCIE v5.1 self assessment spreadsheet.

Posted on June 11, 2019 by clucas

Now, I go to CCIE and need to begin by first of all : CCIE Written. And to know where to start, you begin with a __real__ self assessment on your knowledge and where to work hard to.

blueprint-ccie-written-assement-v5.1 Download

06/06/19 – D-Day

Posted on June 6, 2019June 6, 2019 by clucas

In memory of all the soldiers who paid with their life the cost to peace and democracy in Europe. Please read these words and keep it in mind.

https://lyricstranslate.com/en/n%C3%A9-en-17-%C3%A0-leidenstadt-born-1917-leidenstadt.html

If I 'd been born in 1917 in Leidenstadt
On top of ruins, in a battlefield
Would I have behaved better of worse than those people
If I'd been German?
 
Born into humiliation, hatred and ignorance
Fed on dreams of revenge
Would I have been one of those unlikely beings with a conscience
Like some teardrops in the midst of a flood?
 
If I'd grown up in the docklands of Belfast
Soldier of a faith, of a class
Would I have had the strength to withstand and fight against my Own kind: to betray, to hold out a hand in friendship?
 
If I'd been born white and rich in Johannesburg
Between the power and the fear
Would I have heard the cries carried by the wind?
Nothing will be like it was before.
 
One never knows what one really has in one's guts,
Hidden behind our appearances
The soul of a brave man, an accomplice, an executioner?
The worst or the best?
Would we be one of those who resist or just those who follow like sheep
If it was a question of more than just words?
 
(Refrain)
If I 'd been born in 1917 in Leidenstadt
On top of ruins in a battlefield
Would I have behaved better of worse than those
If I'd been German?

Cisco & IP NAT

Posted on January 16, 2018July 14, 2021 by clucas

Hi,

It’s been a while I have posted a blog entry. A simple tip from IOS 12.4(20) to 12.4(24) and above to use OID “.1.3.6.1.4.1.9.10.77.1.2.3.0” to graph your NAT translations :

R(conf)# ip nat service enable-mib %NAT: Old NAT-MIB support enabled R(conf)#

HTH
++Christophe

R.I.P Jieff

Posted on November 12, 2017 by clucas

You will be for me the guy who wrote this kind of post and talk technology with Remy Card (ext2).

Path: bga.com!news.sprintlink.net!pipex!oleane!univ-lyon1.fr!ensta!itesec!frmug.fr.net!renux.frmug.fr.net!marouchka.gna.org!not-for-mail
From: ji...@marouchka.gna.org (Jean-Francois Monnet)
Newsgroups: fr.comp.os.linux
Subject: Re: LINUX ET E-IDE
Date: 23 Nov 1994 08:43:22 +0100
Organization: Marouchka, A Private Linux Site, France
Lines: 23
Distribution: world
Message-ID: <3aurqq$3mb@marouchka.gna.org>
References: <3asg5c$sp0@imag.imag.fr>
Reply-To: mon...@dir.univ-rouen.fr (Jean-Francois Monnet)
NNTP-Posting-Host: marouchka.gna.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsreader: TIN [version 1.2 PL2]

Yves Arrouye (arr...@petole.imag.fr) ecrit:

> Tu vas peut-etre pouvoir m'aider : je veux mettre un 3e disque (sur un 2e
> controleur). Mon 2e controleur ne tourne que sur irq 14, mais on peut changer
> les adresses des disques (il en a deux plages). Je n'arrive pas a ce que le
> patch reconnaisse gentiment mon 3e disque, quelque soit la config. Au secours
> ! Help !

	Chez moi, le deuxieme controleur n'a ete bien reconnu qu'a partir
du moment ou j'ai pris le fer a souder et devie la piste IRQ 14 -> IRQ 15,
comme explique dans la doc de l'archive atdisk2-0.9.tgz (ancien patch pour
gerer deux cartes controleur IDE). Je crois que cette doc n'est plus
fournie avec les patches ide-x.x*. Je peux te l'envoyer si tu ne trouves
pas l'archive atdisk. Car, meme avec deux adresses I/O differentes pour les
cartes, l'utilisation de la meme IRQ avec plus de 2 disques peut poser des
problemes.

> (Linux 1.1.64 + ide-2.5.patch-64+)

	Je tourne en 1.1.61 + ide-2.01.patch.61+.gz et ca roule sans pbs pour
l'IDE.
-- 
Marouchka - 76 Rouen

And a great linux kernel programmer (Telsat Turbo), rock’n roll & Nina Hagen fan.

Have fun with luxman…

++Jieff :-/

—
~Christophe