Apache Openssl Installation error

While trying to install openssl-1.0.0n and httpd-2.2.29, configure was giving an error like this:

checking for SSL_set_cert_store… no
configure: error: … Error, SSL/TLS libraries were missing or unusable
make: *** No targets specified and no makefile found. Stop.
make: *** No rule to make target `install’. Stop.

Thanks to this page I was able to work it out, by prepending ‘export LDFLAGS=-ldl’ to the configure command.

This page also has some good discussion and possible answers.

Posted in Uncategorized | Leave a comment

Getting Postfix to use /etc/hosts file

I have a mail server on a LAN and other servers on the same LAN have trouble sending to local addresses because they resolve the mail server to the public ip address but then can’t get there. To fix this, I tried putting the mail server hostname and LAN ip into the /etc/hosts file, but frustratingly, postfix insists on not using the hosts file. I searched around and found the solution here

My config now is :

Code:
lmtp_host_lookup = native
smtp_host_lookup=native
#disable_dns_lookups = yes
ignore_mx_lookup_error = yes

Posted in Uncategorized | Leave a comment

How to Block all ports with Fail2ban

This was difficult to find so I’m noting it here for future reference. To block all ports with fail2ban, change the jail file’s port value to “0:65535″

For example, here’s my SSH Jail file:

[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port="0:65535", protocol=tcp]
sendmail-whois[name=SSH, dest=nospam@example.com, sender=nospam@example.com, sendername="Fail2Ban"]
logpath = /var/log/secure
maxretry = 3

Posted in Uncategorized | Leave a comment

FAILED: Unable to obtain the IP address of the helper virtual machine

When converting a machine using the VMWare Standalone converter, I got the subject error. The process tries to find an ip address with DHCP but that’s not available on this network. The solution is to specify the ip address of the helper machine during the last step of the converter wizard.

Posted in Uncategorized | Leave a comment

There is no /var/log/messages on Ubuntu server

On later versions of Ubuntu, the /var/log/messages is not on by default.
Since I use it for some applications, here are the steps I used to enable it:

Edit the file /etc/rsyslog.d/50-default.conf and uncomment the four lines:
(starts at line #38 on the current system I’m working on, Ubuntu 12.04)

*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages

Then restart syslog like this:

restart rsyslog

That’s it – /var/log/messages should now be there, just like the good old days!

Posted in Uncategorized | Leave a comment

Troubleshoot Stunnel on PFSense

Replaced a linux router with pfsense to handle NAT. Before stunnel worked from a remote site to a port on the linux router that forwarded to an internal mysql server. Now I haven’t been able to get it working with PFSense, I added the Stunnel package, added the certificate from the remote side into pfsense, and set up the listening port. But when the remote side tries to connect, it just gets:

“ERROR 2013 (HY000): Lost connection to MySQL server at ‘reading initial communication packet’, system error: 104″

and there doesn’t seem to be any logging in PFsense to show whether the connection happened or not. Is there any way to see that logged? how can i troubleshoot this further?

Well I just found in the ‘system’ log messages such as the following:

connect_blocking: s_poll_wait 192.168.0.2:3306: TIMEOUTconnect exceeded

but wonder why it’s timing out? This worked from the linux router on the same internal ip…

Resolved: the source address in pfsense Stunnel needs to be the internal LAN address, but I had the WAN address in there. Obvious in retrospect!

Posted in Uncategorized | Leave a comment

safari browser crashing consistently

Was trying to add some nifty jquery slider and all seemed great except safari on ipad was crashing consistently. This answer on StackOverflow was the key:

Finally found it wasn’t the javascript or any weird characters, but the CSS

-webkit-transform

in our case. After removing that, safari did not crash any more, hurray.

Posted in Uncategorized | Leave a comment

ESXi Console: Unable to connect to the MKS: A general system error occurred: Internal error

When trying to connect to the console of any virtual on the host:
Unable to connect to the MKS: A general system error occurred: Internal error
Had to sift through quite a few solutions that didn’t help to finally find this one that did:

log in with ssh:
# vdf -h
-----
Ramdisk Size Used Available Use% Mounted on
root 32M 32M 0B 100% --
etc 28M 224K 27M 0% --
tmp 192M 37M 154M 19% --
hostdstats 413M 3M 409M 0% --

# cd /
# ls -la
.... look in the results - I see 1 very large file, MegaSAS.log
# rm MegaSAS.log
# vdf -h
-----
Ramdisk Size Used Available Use% Mounted on
root 32M 748K 31M 2% --
etc 28M 228K 27M 0% --
tmp 192M 3M 188M 1% --
hostdstats 413M 4M 408M 1% --

Then I also had to undo the unchecking of the SSL box that some sites advised, without it checked, I was getting an SSL error!

Posted in Uncategorized | Leave a comment

QNAP RAID rebuild way too slow, resolved

In an 8-drive Qnap TS 879 Pro, we had a drive fail. After replacing the drive, the rebuild started automatically. A couple hours later, the status showed only 1% rebuilt. At this rate, it will take a week to rebuild – that’s no good, what if another drive fails in the meanwhile?

Searching brought me to this page that explains how to improve this. We logged into the unit as user admin and executed the following command:
echo 40000 > /proc/sys/dev/raid/speed_limit_min

Then monitoring with cat /proc/mdstat I saw the “finish” value drop from over 8800 minutes to less than 1400. Now the rebuild should be done in one day instead of one week.

Posted in Uncategorized | Leave a comment

Endicia Dazzle not working because connections to symcb.com and symcd.com blocked

We had an application (Dazzle) on a firewalled Windows 7 computer that was failing due to an unknown error. We’d already whitelisted the domains as suggested by Endicia here . Analyzing the problem, we found connections to se.symcb.com/se.crl and se.symcd.com being blocked.

Investigating this we determined that the domains are owned by Symantec Corporation and are used in the process of verifying secure certificates, more specifically, the ‘Certificate Revocation List’. We found that whenever the program starts, it tries to make this connection. After whitelisting the domains in our local proxy, the program worked normally.

Posted in Uncategorized | Leave a comment