NetApp SSH ciphers obsolete

By default, NetApp keep enabled SSH ciphers which are obsoletes (which should not be used at least). The following procedure has been realized on an AFF-A300

The ciphers I’m talking about are the cbc ones (aes256-cbc, aes192-cbc, aes128-cbc, 3des-cbc) and here is how to proceed :

First of all, connect to your NetApp via SSH, then you will have to set the advanced privilege mode

And finish by removing all the cipers you want to disable with the command « security ssh remove -ciphers xxxx »

Then you can check the ciphers enabled with the command « security ssh show » :

Upgrade Exchange 2013 to CU21

First of all, snapshot your VM ! If your Exchange server is a physical one, that’s baaaad.

Reboot your server, it’s always nice to execute maintenance on a « clean » server.

Download and install Framework 4.7.1 and Visual C++ Redis blablabla (https://www.microsoft.com/en-US/download/details.aspx?id=40784).

Download (https://www.microsoft.com/en-us/download/details.aspx?id=57069) and unpack CU21 where you want

After that a new reboot is good no ?

Open CMD window with root privilege and go to where you unpacked your CU21 install files. Launch these commands :

setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

 

 

 

 

As you can see, installation checks the prerequisites

 

 

 

 

setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

 

 

 

 

setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms

 

 

 

 

setup /m:upgrade /IacceptExchangeServerLicenseTerms

 

 

 

 

 

 

If like me you faced this problem due to one process running : mscorsvw.exe

Just wait a few seconds/minutes for the process to finish itself and then launch again

 

 

 

 

 

 

 

 

At the end restart again your server and everything should be OK.

Add new nodes on GANGLIA

If you don’t know what is Ganglia > http://ganglia.info/

When I managed HPC I deployed new nodes via « kickstart » (RHEL servers). But when you change of manufacturer of servers, there can be some device name changes ! For example NICs name !! So pay attention to modify in your /etc/ganglia/gmond.conf the two lines where is specify the name of the NIC on which Ganglia is looking (mcast_if)

mysql_secure_installation tips

If you need to install MySQL for what ever, you will have to launch this script :

mysql_secure_installation

The first question is to choose a password but since it’s the first installation, you didn’t choose any ! If you installed mariadb you can « bypass » this step by pressing enter but if you installed mysql-server you have to check in the log file created by mysql-server where you can find a temporary password.

Something like that : cat /var/log/mysql.log

RHEL 7 logs flooded

Sick of having your logs (/var/log/messages) flooded by useless messages :

 

 

 

 

Type this command :

echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of") then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf

Then restart your rsyslog (systemctl restart rsyslog)

phpMyAdmin tips

After installing your web server (Apache, SQL (mariadb, mysql, …) and PHP) with yum/dnf/apt you may need to install phpMyAdmin which can be usefull to manage databases…

In your /etc/http/conf.d/phpMyAdmin.conf (for CentOS7.4 and maybe other versions) modify each line beggining with « Requipe ip » and adjust with the IP address of your server. Very needed if you manage dedicated servers rent from web hosters

By default (yum install…) phpMyAdmin is installed in /usr/share. Since I want to let other people manage disk space of the web server (create new directories, …), I moved the directory to /var/www and chown everything with my « webadmin » group. And don’t forget to change paths in /etc/httpd/conf.d/phpMyAdmin.conf !