有人在本地部署过 FleetDM 实例吗?我尝试过他们的(现在显然已经过时的)CentOS 部署步骤以及官方镜像docker compose,结合 MySQL 和 Redis。我的问题是,我在尝试访问和/或配置安装时始终得到响应。Client sent an HTTP request to an HTTPS server.
有什么方法可以解决 HTTPS 问题吗?我已经生成了自签名证书,但上述响应是一致的。它没有给我任何在浏览器中忽略证书的选项,但当我在 REPL 中时确实返回了。200requests.get("https://localhost:8080", verify=False)
mirrorlist.centos.org不再在线?
我可以下定决心centos.org但不能mirrorlist.centos.org
如果有人感兴趣的话,这是我的输出resolv.conf。dignslookup
rosdi@H-TQ0nmTkQIbRhN:~/test_ssl$ nslookup mirrorlist.centos.org
Server: 1.1.1.1
Address: 1.1.1.1#53
** server can't find mirrorlist.centos.org: NXDOMAIN
rosdi@H-TQ0nmTkQIbRhN:~/test_ssl$ nslookup centos.org
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
Name: centos.org
Address: 52.56.83.118
Name: centos.org
Address: 81.171.33.201
Name: centos.org
Address: 81.171.33.202
Name: centos.org
Address: 2001:4de0:aaae::202
Name: centos.org
Address: 2a05:d01c:c6a:cc02:225e:ab54:d58c:8b14
Name: centos.org
Address: 2001:4de0:aaae::201
rosdi@H-TQ0nmTkQIbRhN:~/test_ssl$ cat /etc/resolv.conf
nameserver 1.1.1.1
nameserver 8.8.8.8
rosdi@H-TQ0nmTkQIbRhN:~/test_ssl$ dig mirrorlist.centos.org
; <<>> DiG 9.18.24-0ubuntu5-Ubuntu <<>> mirrorlist.centos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61636
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;mirrorlist.centos.org. IN A
;; AUTHORITY SECTION:
centos.org. 2795 IN SOA ns1.centos.org. hostmaster.centos.org. 2024070102 28800 7200 2400000 3600
;; Query time: 70 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Mon Jul 01 16:31:41 +08 2024
;; MSG SIZE rcvd: 101
rosdi@H-TQ0nmTkQIbRhN:~/test_ssl$ nslookup mirrorlist.centos.org
Server: 1.1.1.1
Address: 1.1.1.1#53
** server can't find mirrorlist.centos.org: NXDOMAIN
rosdi@H-TQ0nmTkQIbRhN:~/test_ssl$
mxtoolbox也显示同样的东西。
在我的 CentOS 服务器中,出于合规性原因,我无法直接访问该文件/etc/sysconfig/network-scripts/ifcfg-eth0,但可以用来nmcli配置该文件。
我的问题是我需要将下面这一行添加到该文件中:
IPV6ADDR_SECONDARIES="4566:1p44:e000:092b:0000:0000:0000:0000/64 4566:1p44:e000:092b:0000:0000:0000:0001/64"
但我找不到任何nmcli将这一行添加到文件中的命令。我应该停止寻找还是有命令?
我正在运行 Centos 流,每次启动服务器后我都必须运行此命令行:
ssh -L 0.0.0.0:9944:localhost:9922 localhost -N
运行此命令后,操作系统将要求我以 root 身份登录(即使我已经以 root 身份登录),之后一切正常。
我的问题:我想在重新启动时将此代码添加到 cronjob 中,例如:
@reboot root ssh -L 0.0.0.0:9944:localhost:9922 localhost -N
然而它不起作用。我认为它要求输入密码,但没有人输入密码(当然)。那么我该如何解决这个问题呢?
我发现我的服务器上已经安装了 openssl
# yum list installed | grep openssl
openssl.x86_64 1:1.0.2k-26.el7_9 @updates
openssl-libs.x86_64 1:1.0.2k-26.el7_9 @updates
但是,pkg-config 找不到它
# pkg-config --libs --cflags openssl
Package openssl was not found in the pkg-config search path.
Perhaps you should add the directory containing `openssl.pc'
to the PKG_CONFIG_PATH environment variable
No package 'openssl' found
我想知道出了什么问题以及如何解决。
默认情况下,运行history -c无法同时删除/var/mail/maillog,对吗?
我如何调查日志被清除当天或(根据定义)新邮件日志启动时发生的情况?
我目前正在研究一个解决方案,每当我的邮件服务器无法将文件传输到我的 ftp 服务器时,它就会通知我。(现在我的日志每晚轮换一次并立即上传到单独的 ftp 服务器)
当前配置如下:
HOST="..."
USER="..."
PASS="..."
DIR="/var/log/maillogs/"
LATEST="$(ls -t $DIR | head -n 2 | tail-n 1)"
FILE=$(basename $LATEST)
error=$(ftp -n $HOST <<EOF
quote USER $USER
quote PASS $PASS
prompt
lcd /var/log/maillogs/
cd /home/MailLog
put $FILE
quit
EOF
)
if [ $(echo $error | grep "failed")=="failed" ]
then
*Sending Mail via sendmail*
fi
由于某种原因,if 条件总是返回 true,因此无论文件是否能够传输,我都会收到一封邮件。
有谁知道,当无法传输日志时,我将如何更改 if 语句以实际上只获取邮件?
我也已经尝试过 的方法
if [ $? -ne 0 ],但我不太确定如何测试它是否确实有效。我尝试提供错误的 IP 或错误的用户登录,但这样做后,我只收到不同的错误。
我是 Linux/CentOS 新手,现在遇到了一个小问题。
我的 CentOS7 服务器每天通过 Logrotate 记录所有邮件日志,并将它们移动到文件夹/var/log/old_maillogs. 现在日志以类似于以下的名称保存:
邮件日志-20230721
我希望根据他们的年龄改变他们的名字,这样如果日志是一天前的,那么它的名字是:
邮件日志-1
一天后,文件名更改为:
邮件日志-2
等等。
这是否可能,如果可以,让它发挥作用的最明智的方法是什么?我读过很多关于每天执行一次的脚本的内容,但话又说回来,我如何编写脚本,以便它识别文件夹中有多少日志?
这是我当前的配置:
/var/log/maillog{
daily
rotate 365
postrotate
Systemctl restart rsyslog.service
endscript
mailfirst
olddi /var/log/old_maillog
}
我正在 AlmaLinux 8.8 (Centos) 和 Apache 2.4.56 上运行一个站点。该网站有一个自签名证书。
当我访问该网站时,由于自签名证书,我收到了常见的警告。接受我要继续后,我SSL_ERROR_HANDSHAKE_FAILURE_ALERT在 Firefox 和ERR_BAD_SSL_CLIENT_AUTH_CERTChrome 中收到错误消息。
在同一服务器上,其他站点可以使用 Cloudflare + Let'Encrypt 正常工作。
我对 Apache 虚拟主机文件上的 SSL 配置没有任何疑问。我也仔细检查了证书。
我运行了这个调试工具,openssl s_client -state -debug -showcerts -verify 1 -connect example.com:443
您可以在下面找到输出的摘要。
我提请大家注意提及 Cloudflare 的行SSL3 alert read:fatal:handshake failure和另一行,即使该网站当前未使用 Cloudflare。
请帮忙。
调试工具的输出:
verify depth is 1
CONNECTED(00000005)
SSL_connect:before SSL initialization
...
SSL_connect:SSLv3/TLS write client hello
...
SSL_connect:SSLv3/TLS write client hello
...
SSL_connect:SSLv3/TLS read server hello
depth=0 C = XX, L = Default City, O = Default Company Ltd, CN = (...)
verify error:num=18:self-signed certificate
...
SSL_connect:SSLv3/TLS read server certificate
... ...
SSL_connect:SSLv3/TLS read server key exchange
SSL_connect:SSLv3/TLS read server certificate request
SSL_connect:SSLv3/TLS read server done
SSL_connect:SSLv3/TLS write client certificate
SSL_connect:SSLv3/TLS write client key exchange
SSL_connect:SSLv3/TLS write change cipher spec
...
SSL_connect:SSLv3/TLS write finished
...
SSL3 alert read:fatal:handshake failure
SSL_connect:error in error
0036800901000000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1586:SSL alert number 40
---
Certificate chain
0 s:C = XX, L = Default City, O = Default Company Ltd, CN = (...)
i:C = XX, L = Default City, O = Default Company Ltd, CN = (...)
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 14 11:41:36 2023 GMT; NotAfter: Jul 11 11:41:36 2033 GMT
-----BEGIN CERTIFICATE-----
...
Acceptable client certificate CA names
C = US, O = "CloudFlare, Inc.", OU = Origin Pull, L = San Francisco, ST = California, CN = origin-pull.cloudflare.net
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms:
...
---
SSL handshake has read 1553 bytes and written 456 bytes
Verification error: self-signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID:
Session-ID-ctx:
Master-Key: 940A6E481407D70D9F5DCFF3DD0760DC10A3A6B4B6F37D602EE8CDB83A736B049DE24DF0C8D4DE57A9E3A403553EC6D6
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1689342131
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
我正在尝试使用 cloud-init 来设置 kvm 来宾(目前是 Debian 11 和 CentOS Stream 8),我正在寻求有关更正元数据和用户数据文件的帮助。其他一切似乎都有效,但网络接口设置未设置,但我确实看到 cloud-init 日志显示它们已设置。请看下面:
对于 debian:
cat << EOF > /var/lib/libvirt/images/$meta_data_file
instance-id: $vm_name
local-hostname: $vm_name
hostname: $vm_name
fqdn: $vm_name
manage_etc_hosts: true
EOF
cat << EOF > /var/lib/libvirt/images/$cloud_config_file
#cloud-config
# Hostname management
preserve_hostname: false
hostname: $vm_name
fqdn: $vm_name
network:
version: 2
ethernets:
eth0:
match:
name: e*
dhcp4: false
addresses:
- 10.10.0.25/24
gateway4: 10.10.0.254
nameservers:
addresses:
- 10.50.0.23
- 10.50.0.17
- 10.50.0.18
search: [testing,production,admin,internal]
routes:
- to: 10.50.0.0/24
via: 10.10.0.249
users:
- default
- name: admin
sudo: ALL=(ALL) NOPASSWD:ALL
groups: wheel, sudo, admin
home: /home/admin
shell: /bin/bash
hashed_passwd: $adminpasswd
lock_passwd: false
ssh_pwauth: True
chpasswd: { expire: False }
ssh-authorized-keys:
- ssh-rsa ...
- ssh-rsa ...
# only cert auth via ssh (console access can still login)
ssh_pwauth: True
disable_root: false
chpasswd:
list: |
root:$rtpwd
expire: False
runcmd:
# disable dhcp for eth0
- [ sh, -c, sed -e '/iface eth0 inet dhcp/s/^/#/g' -i /etc/network/interfaces ]
bootcmd:
- cloud-init-per always fix-debian-autonet rm /etc/udev/rules.d/75-cloud-ifupdown.rules
- cloud-init-per always fix-debian-netconfig rm /run/network/interfaces.d/*
- cloud-init-per once ifdown ifdown ens3
- cloud-init-per once bugfix rm /run/network/interfaces.d/ens3
- cloud-init-per once ifup ifup ens3
# Configure where output will go
output:
all: ">> /var/log/cloud-init.log"
# configure interaction with ssh server
ssh_svcname: ssh
ssh_deletekeys: True
ssh_genkeytypes: ['rsa', 'ecdsa']
package_update: true
package_upgrade: true
packages:
- bind9-utils
- vim
- freeipa-client
- cloud-utils-growpart
power_state:
delay: "+2" #minutes
mode: reboot
message: Run completed
timeout: 120 #seconds
condition: True
EOF
对于 Centos Stream 8:
cat << EOF > /var/lib/libvirt/images/$cloud_config_file
#cloud-config
# Hostname management
preserve_hostname: false
hostname: $vm_name
fqdn: $vm_name
network:
version: 2
ethernets:
eth0:
match:
name: e*
dhcp4: false
addresses:
- 10.50.0.26/24
gateway4: 10.50.0.254
nameservers:
addresses:
- 10.15.0.23
- 10.15.0.17
- 10.15.0.18
search: [testing,production,admin,internal]
routes:
- to: 10.15.0.0/24
via: 10.50.0.249
users:
- default
- name: admin
sudo: ALL=(ALL) NOPASSWD:ALL
groups: wheel, sudo, admin
home: /home/admin
shell: /bin/bash
hashed_passwd: $adminpasswd
lock_passwd: false
ssh_pwauth: True
chpasswd: { expire: False }
ssh-authorized-keys:
- ssh-rsa ...
- ssh-rsa ...
ssh_pwauth: True
disable_root: false
chpasswd:
list: |
root:$rtpwd
expire: False
# Configure where output will go
output:
all: ">> /var/log/cloud-init.log"
# configure interaction with ssh server
ssh_svcname: ssh
ssh_deletekeys: True
ssh_genkeytypes: ['rsa', 'ecdsa']
package_update: true
package_upgrade: true
packages:
- bind9-utils
- vim
- freeipa-client
- cloud-utils-growpart
power_state:
delay: "+2" #minutes
mode: reboot
message: Run completed
timeout: 120 #seconds
condition: True
EOF
请问我做错了什么?