CentOS corrupted due to HDD failure. How to recover.

December 31st, 2016

It just happened that due to some poweroutage or something my backup server’s HDD got messed up.
Upon booting from a rescue CD I was able to fsck it but there were a lot of inodes with problems, files/folders unattached etc.
After I accepted all fixes, I ended up with system that had boot errors complaining of various errors.
Mounting it in rescue cd I noticed the bin folder was missing.

So I installed the same CentOD version in a virtual machine and copied over the bin folder.
This brought up the login prompt but I was not able to login.
There was a user request but after that no password request, just got back to login prompt.
So I ended up rsync-ing most of the system folders one by one.

like (from the virtual machine)

rsync -c -r -l -v /sys/ root@a.b.c.d:/mnt/hdd/sys/

for bin, sbin, var, usr, etc. (/mnt/hdd/ is the mount point in rescue cd for the server’s hdd)

Once that happened, I got the login and password prompts but the session was closed right after.

So I logged in single mode and disabled selinux (after noticing the access problems in log messages)

This allowed logging in. Most services started up fine, except named, which required re-setting the owner on the config and rndc.key

It’s a very messy and results in a garbage system, but at least it’s up and running. Allowing me to migrate things much easier than messing around with files and configs manually.

Hope this helps someone, cause it took me almost an entire day until I managed to put the pieces together.

Related posts

Apache + php + mysql cannot connect to remote DB Permission denied

October 1st, 2016

Long story short, ’cause I’m very busy setting up some major stuff:

setsebool -P httpd_can_network_connect_db 1

Took me hours to zero in, and eventually that came from the same old

sealert -a /var/log/audit/audit.log

Related posts

Control DropBox access with iptables

March 24th, 2016

I have a few VMs on my network which do not require internet access. However I received a requirement to allow dropbox on them.
My iptables rules are configured to either allow full internet, or one at all.
So After some poking around, I managed to set up forward rules so that specific VMs get dropbox. from here: http://superuser.com/a/1056155/70234
a basic iptables for this scneario looks like this:

*filter
:partinet - [0:0]
:dropbox - [0:0]
-A partinet -p icmp -j ACCEPT

-A dropbox -p tcp -d 162.125.32.129 -j ACCEPT
-A dropbox -p tcp -s 162.125.32.129 -j ACCEPT
-A dropbox -p tcp -d 162.125.17.131 -j ACCEPT
-A dropbox -p tcp -s 162.125.17.131 -j ACCEPT

-A FORWARD -s 192.168.1.x -j partinet
-A FORWARD -d 192.168.1.x -j partinet
-A FORWARD -s 192.168.1.x -j dropbox
-A FORWARD -d 192.168.1.x -j dropbox

COMMIT

and in order to properly support all/most dropbox IPs, I found this blog: https://blog.varonis.com/detect-dropbox-network/ which pointed me to http://whois.arin.net/rest/org/DROPB/nets
so I computed the following iptables rules for my dropbox chain (the list needs to be maintained, of course. I may or may not write a script to automate the creation of these rules based on the arin.net page):

-A dropbox -i eth1 -o eth0 -p tcp -d 162.125.0.0/16 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 162.125.0.0/16 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 199.47.216.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 162.47.216.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 199.47.217.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 162.47.217.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 199.47.218.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 162.47.218.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 199.47.219.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 162.47.219.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.160.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.160.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.161.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.161.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.162.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.162.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.163.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.163.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.164.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.164.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.165.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.165.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.166.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.166.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.167.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.167.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.168.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.168.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.169.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.169.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.170.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.170.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.171.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.171.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.172.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.172.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.173.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.173.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.174.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.174.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.175.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.175.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 205.189.0.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 205.189.0.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 209.99.70.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 209.99.70.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.64.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.64.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.65.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.65.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.66.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.66.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.67.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.67.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.68.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.68.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.69.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.69.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.70.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.70.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.71.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.71.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.72.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.72.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.73.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.73.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.74.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.74.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.75.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.75.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.76.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.76.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.77.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.77.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.78.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.78.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.79.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.79.0/24 -j ACCEPT

Related posts

FireDAC MsSQL server compound field/column

March 17th, 2016

So I bumped into this problem with firedac (8.0.x) where I had a table like


CREATE TABLE test(
col1 integer,
col2 integer,
col3 AS ISNULL(col1, col2)
)

and when inserting or updating the col1 or col2 fields, the dataset would not update the col3.
I did quite some debugging and found that there is no support in FireDAC for mssql server for compound fields. There is some in firebird though.
So spending some more time in debugging, I managed to find a workaround by subclassing the dataset like this:


type
TADQuery = class(uADCompClient.TADQuery)
private
FOnAfterInitFieldDefs: TNotifyEvent;
protected
procedure InternalInitFieldDefs; override;
public
property OnAfterInitFieldDefs: TNotifyEvent read FOnAfterInitFieldDefs write FOnAfterInitFieldDefs;
end;

procedure TADQuery.InternalInitFieldDefs;
begin
inherited;

if Assigned(FOnAfterInitFieldDefs) then
FOnAfterInitFieldDefs(self);
end;

... in formcreate or wherever ...

qrySomething.OnAfterInitFieldDefs := DoAfterInitFieldDefs;

procedure TForm1.DoAfterInitFieldDefs(Sender: TObject);
var i: integer;
col: TADDatSColumn;
begin
for i := 0 to TDataSet(Sender).FieldDefs.Count - 1 do
if TDataSet(Sender).FieldDefs[i].Name = 'col3' then
begin
col := TADDataSet(Sender).Table.Columns.ColumnByName('col3');
col.Options := col.Options + [coAfterInsChanges, coAfterUpdChanged];
col.Attributes := col.Attributes + [caDefault];
end;
end;

Enjoy.

Related posts

conta ro fa-ti PFA… ba nu, mai bine nu. Sau poate totusi da?

January 12th, 2016

nici eu nu stiu ce sa aleg….
conta-ro-contradictie

Related posts

How to remove password from committed svn revision

June 6th, 2015

Or pretty much make any changes to a committed revision.

You start by checking out the revision and doing an md5sum and a sha1sum on the desired file(s). You will need these hashes.
Next is to make your desired changes to the file(s) and then run another md5sum and sha1sum on them. You will need these hashes too.
Note also the file sizes in bytes if you make changes: before and after.

NOTE: It is best to use the same size in replaced values, because I haven’t found a good way to update the size. Yet…

Next, you dump the repo.
#svnadmin dump /path/to/repo > dump_file

Now you alter it. First the values:
#sed "s/password/XXXXXXXX/g" dump_file > dump_file_tmp
NOTE: see how the number of chars in the password matches the number of X’es? This is important as it keeps the file size intact.

next the hashes
#sed -e "s/orig_md5/altered_md5/" -e "s/orig_sha1/altered_sha1/" dump_file_tmp > dump_file_ok
NOTE: for both md5 and sha1.

Be careful, if you have more values, use the -e parameter to sed and pass each value as a separate expression, OR, use other file names, because if you keep changing the same dump file you will end up having only changed the last value.
Same with hashes.

Now you backup the old repo
#mv /path/to/repo /path/to/repo_backup

Create it clean
#svnadmin create /path/to/repo

And load the altered dump file
#svnadmin load dump_file_ok

Now you can verify the affected revisions to confirm the changes. All should be good, if not, you have the backup, and try again, paying much attention to every detail I wrote above.

Depending on your set, you may need to
#chown -R svn_user:svn_group /path/to/repo

and also re-checkout your working copy.

Related posts

Found 1st site that shares/sells your email address

May 13th, 2015

I’ve been using unique email addresses to sign-up to sites for some months now. As a result, one of them managed to share/sell my email address to a 3rd party. I don’t really care if they sold it or not, or if they have some statement in their policies or what not stating that you agree with them sharing or whatever. It’s WRONG.

I’ve made a new account on the publi24 dot ro site, which is a romanian ads/listings site and which shared/sold my email address to romimo dot ro who email me via bounce dot tele dot net
Yes, they appear to be under the same company, but it is still WRONG.

That’s what they call “legal spamming”. I which they both go out of business.

Related posts

VMWare ESXi force MAC Address re-generation

April 2nd, 2015

This is on 5.1u2

I don’t know how this happened as I am doing these steps every time, yet today the newly created VM with added templated disk is getting the same MAC address every time.

I tried the solutions with deleting those 5 entries form the fwx file, to no avail.

The next logical thing to do is to move the VM to another folder. I simply renamed the VM container folder. And that solved my problem.

BUT, renaming the folder back, surprise, gets the old MAC address and UUIDs back! I don’t know why and I don’t have time to figure it out, so I just leave it in new folder and choose “I copied it” when powering on the VM.

Related posts

[Solved] Adobe Reader 11 on Windows XP SP3 does not start

October 21st, 2014

So I had to setup a brand new WinXP SP3 and amongst other things, I installed Adobe Reader 11. But it wouldn’t start. It plain simply didn’t work.
I already had .NET framework 4 installed so that puzzled me. Googling showed up a bunch of irrelevant posts.
Then finally I figured… lets RTFM. (that’s normally the last thing you do when you’re an IT person).
And obviously, it’s there. Minimum requirements: IE 7. WinXP SP3 comes with IE6 by default.

So, download IE 8 (use a 3rd party site since WinXP is no longer supported by MS and as such they no longer offer IE7 nor 8 to download) and problem solved.

Enjoy.

Related posts

ESXi: vmware workstation 10 bridged network not working

August 23rd, 2014

So You installed a virtual machine solution (of any kind, in this case VMWare WorkStation) inside a gues running on a VMWare ESX or ESXi, and using bridge netw9orking is not working for you inside the guest from the virtual host.

If you tried all the solutions on the net pertaining to host issues (firewall, vpn software, etc) there is one issue pertaining to the ESX/ESXi host itself:
– by default, the virtual NIC has promiscuous mode disabled.
Which means that traffic coming from a VM which is not of its IP will be discarded.

So, solution is to go in vsphere client, to the esxi configuration page, Networking, click on “Properties” on your desired switch, click Edit in the ports tab, then go to Security tab and set promiscuous mode to “accept”.

Enjoy.

Related posts