dmesg | grep -i error; dmesg | grep -i warning
[    0.125368] acpi PNP0A08:00: _OSC failed (AE_ERROR); disabling ASPM
[    2.954602] RAS: Correctable Errors collector initialized.
[   47.613161] EXT4-fs (sdb1): re-mounted. Opts: errors=remount-ro
[   47.649651] random: 7 urandom warning(s) missed due to ratelimiting
[   48.377477] ACPI Warning: SystemIO range 0x0000000000000428-0x000000000000042F conflicts with OpRegion 0x0000000000000400-0x000000000000047F (\PMIO) (20170831/utaddress-247)
[   48.377488] ACPI Warning: SystemIO range 0x0000000000000540-0x000000000000054F conflicts with OpRegion 0x0000000000000500-0x0000000000000563 (\GPIO) (20170831/utaddress-247)
[   48.377494] ACPI Warning: SystemIO range 0x0000000000000530-0x000000000000053F conflicts with OpRegion 0x0000000000000500-0x0000000000000563 (\GPIO) (20170831/utaddress-247)
[   48.377499] ACPI Warning: SystemIO range 0x0000000000000500-0x000000000000052F conflicts with OpRegion 0x0000000000000500-0x0000000000000563 (\GPIO) (20170831/utaddress-247) 

Гугл сказал что изза недостатка оперативы, ее там реально мало 100 метров свободных, swap запрещен впс сервисом как я понял потому нивкакую не ставится.

пробовал разные версии. Пробовал компилить на убунту, а make install делать на centos тоже ошибки:

/usr/include/c++/4.8.2/bits/c++0x_warning.h:32:2: ошибка: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support is currently experimental, and must be enabled with the -std=c++11 or -std=gnu++11 compiler options.
 #error This file requires compiler and library support for the \
  ^
ntlmauth.cc: В функции «void ntlm_make_nonce(char*)»:
ntlmauth.cc:187:12: ошибка: «mt19937» in namespace «std» does not name a type
     static std::mt19937 mt(time(0));
            ^
In file included from ../../compat/compat.h:57:0,
                 from ../../include/squid.h:43,
                 from ntlmauth.cc:12:
../../compat/types.h:173:35: ошибка: «uniform_int_distribution» in namespace «std» does not name a type
 #define xuniform_int_distribution std::uniform_int_distribution
                                   ^
ntlmauth.cc:188:12: замечание: in expansion of macro «xuniform_int_distribution»
     static xuniform_int_distribution<uint8_t> dist;
            ^
ntlmauth.cc:191:43: ошибка: нет декларации «mt» в этой области видимости
         nonce = static_cast<char>(dist(mt) & 0xFF);
                                           ^
ntlmauth.cc:191:45: ошибка: нет декларации «dist» в этой области видимости
         nonce = static_cast<char>(dist(mt) & 0xFF);
                                             ^
At global scope:
cc1plus: ошибка: некорректный ключ "-Wno-deprecated-register" [-Werror]

имею centos7 64, 3proxy 0.8.12

Subnet	2a01:xxx:xx:xxxx:xxx::/80
Gateway	2a01:xxx:xx:xxxx:xxx::1
Nameserver	2001:4860:4860::8888
Nameserver	2001:4860:4860::8844
-----------------------------------
IP Address NAT	10.10.xx.xxx
-----------------------------------
ip6 2a01:xxx:xx:xxxx:xxx::b1c1
ip4 95.216.20.157 внешний но к нему доступа нет, я все через ip6 делаю.
-----------------------------------
пишу в 3proxy.cfg
proxy -6 -n -a -p30022 -i10.10.xx.xxx -e2a01:xxx:xx:xxxx:xxx::b1c1
socks -n -p30033 -6 -a -i10.10.xx.xxx -e2a01:xxx:xx:xxxx:xxx::b1c1
------------------------------------
лог пустой
-------------------------------------
tcp        0      0 10.10.xx.xxx:30022      0.0.0.0:*               LISTEN      1100/3proxy         
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/init              
tcp        0      0 10.10.xx.xxx:30033      0.0.0.0:*               LISTEN      1100/3proxy 
udp6       0      0 :::666                :::*                                446/openvpn   
--------------------------------------
venet0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet 127.0.0.1  netmask 255.255.255.255  broadcast 0.0.0.0  destination 127.0.0.1
        inet6 e2a01:xxx:xx:xxxx:xxx::b1c1  prefixlen 80  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)
        RX packets 33224  bytes 24481079 (23.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 30430  bytes 22661470 (21.6 MiB)
        TX errors 0  dropped 54 overruns 0  carrier 0  collisions 0

venet0:0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet 10.10.xx.xxx  netmask 255.255.255.255  broadcast 10.10.xx.xxx  destination 10.10.xx.xxx
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)
---------------------------------------
service 3proxy stop
Stopping 3Proxy
kill: sending signal to 1099 failed: No such process

-----------------------------------------
что не так? openvpn работает, а к прокси через ip6 немогу подключиться.
....... мануал от сих https://hosteiweb.com/proxy-server

гуглил много так ниче и не понял, в основном инфа о том чтобы определенные сайты работали через впн но не приложение

они ненужны, в телнет и фаил конфиг под рукой. удалять могу только в телнете и до перезагрузки. kennetic

udp UNCONN 0 0 :::34343 :::* На всем сервере больше нет открытых портов авторизация к нему по ключам

Уведомления fail2ban о блоках ssh как правильно?

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=25, protocol=tcp]
logpath  = /var/log/ssh2ban
maxretry = 5


например уведомления о блоках ftp приходят вот с такими настройкаи:
[pure-ftpd]

enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = pure-ftpd
action   = iptables[name=PUREFTP, port=ftp, protocol=tcp]
           sendmail-whois[name=PUREFTP, dest=user@mail.com]
logpath = /var/log/ftp2ban
maxretry = 5
[========================================================]
Как сделать от ssh уведомления? Просто добавить строку?

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=25, protocol=tcp]
           sendmail-whois[name=ssh-iptables, dest=user@mail.com] 
logpath  = /var/log/ssh2ban
maxretry = 5

помогает перезапуск службы pureftp но это не вариант, без TLS подключает всегда, логи при невозможности подключится не пишутся.

Статус:	TLS соединение установлено.
Статус:	Авторизовались
Статус:	Получение списка каталогов...
Команда:	PWD
Ответ:	157 «/» is your current location
Команда:	TYPE I
Ответ:	100 TYPE is now 8-bit binary
Команда:	PASV
Ответ:	127 Entering Passive Mode (111,111,111,1115,1111,85)
Команда:	MLSD
Ошибка:	Соединение прервано после 20 секунд неактивности
Ошибка:	Не удалось получить список каталогов
Статус:	Отключен от сервера


/etc/pure-ftpd/pure-ftpd.conf



ChrootEveryone              yes

# If the previous option is set to «no», members of the following group
# won't be caged. Others will be. If you don't want chroot()ing anyone,
# just comment out ChrootEveryone and TrustedGID.

# TrustedGID                    100



# Turn on compatibility hacks for broken clients

BrokenClientsCompatibility  no



# Maximum number of simultaneous users

MaxClientsNumber            50



# Fork in background

Daemonize                   yes



# Maximum number of sim clients with the same IP address

MaxClientsPerIP             8



# If you want to log all client commands, set this to «yes».
# This directive can be duplicated to also log server responses.

VerboseLog                  no



# List dot-files even when the client doesn't send "-a".

DisplayDotFiles             yes



# Don't allow authenticated users - have a public anonymous FTP only.

AnonymousOnly               no



# Disallow anonymous connections. Only allow authenticated users.

NoAnonymous                 no



# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
# The default facility is «ftp». «none» disables logging.

SyslogFacility              ftp



# Display fortune cookies

# FortunesFile              /usr/share/fortune/zippy



# Don't resolve host names in log files. Logs are less verbose, but 
# it uses less bandwidth. Set this to «yes» on very busy servers or
# if you don't have a working DNS.

DontResolve                 yes



# Maximum idle time in minutes (default = 15 minutes)

MaxIdleTime                 15



# LDAP configuration file (see README.LDAP)

# LDAPConfigFile                /etc/pure-ftpd/pureftpd-ldap.conf



# MySQL configuration file (see README.MySQL)

# MySQLConfigFile               /etc/pure-ftpd/pureftpd-mysql.conf


# Postgres configuration file (see README.PGSQL)

# PGSQLConfigFile               /etc/pure-ftpd/pureftpd-pgsql.conf


# PureDB user database (see README.Virtual-Users)

PureDB /etc/pure-ftpd/pureftpd.pdb


# Path to pure-authd socket (see README.Authentication-Modules)

# ExtAuth                       /var/run/ftpd.sock



# If you want to enable PAM authentication, uncomment the following line

PAMAuthentication    yes



# If you want simple Unix (/etc/passwd) authentication, uncomment this

UnixAuthentication       yes






# 'ls' recursion limits. The first argument is the maximum number of
# files to be displayed. The second one is the max subdirectories depth

LimitRecursion              10000 8



# Are anonymous users allowed to create new directories ?

AnonymousCanCreateDirs      no



# If the system is more loaded than the following value,
# anonymous users aren't allowed to download.

MaxLoad                     4



# Port range for passive connections replies. - for firewalling.

# PassivePortRange          30000 50000



# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
# addresses.

# ForcePassiveIP                192.168.0.1



# Upload/download ratio for anonymous users.

# AnonymousRatio                1 10



# Upload/download ratio for all users.
# This directive superscedes the previous one.

# UserRatio                 1 10



# Disallow downloading of files owned by «ftp», ie.
# files that were uploaded but not validated by a local admin.

AntiWarez                   yes



# IP address/port to listen to (default=all IP and port 21).

# Bind                      127.0.0.1,21



# Maximum bandwidth for anonymous users in KB/s

# AnonymousBandwidth            8



# Maximum bandwidth for *all* users (including anonymous) in KB/s
# Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.

# UserBandwidth             8



# File creation mask. <umask for files>:<umask for dirs> .
# 177:077 if you feel paranoid.

Umask                       133:022



# Minimum UID for an authenticated user to log in.

MinUID                      500



# Do not use the /etc/ftpusers file to disable accounts. We're already
# using MinUID to block users with uid < 500

UseFtpUsers no



# Allow FXP transfers for authenticated users.

AllowUserFXP                no



# Allow anonymous FXP for anonymous and non-anonymous users.

AllowAnonymousFXP           no



# Users can't delete/write files beginning with a dot ('.')
# even if they own them. If TrustedGID is enabled, this group
# will have access to dot-files, though.

ProhibitDotFilesWrite       no



# Prohibit *reading* of files beginning with a dot (.history, .ssh...)

ProhibitDotFilesRead        no



# Never overwrite files. When a file whoose name already exist is uploaded,
# it get automatically renamed to file.1, file.2, file.3, ...

AutoRename                  no



# Disallow anonymous users to upload new files (no = upload is allowed)

AnonymousCantUpload         yes



# Only connections to this specific IP address are allowed to be
# non-anonymous. You can use this directive to open several public IPs for
# anonymous FTP, and keep a private firewalled IP for remote administration.
# You can also only allow a non-routable local IP (like 10.x.x.x) to
# authenticate, and keep a public anon-only FTP server on another IP.

#TrustedIP                  10.1.1.1



# If you want to add the PID to every logged line, uncomment the following
# line.

#LogPID                     yes



# Create an additional log file with transfers logged in a Apache-like format :
# fw.c9x.org - jedi [13/Dec/1975:19:36:39] «GET /ftp/linux.tar.bz2» 200 21809338
# This log file can then be processed by www traffic analyzers.

AltLog                     clf:/var/log/pureftpd.log



# Create an additional log file with transfers logged in a format optimized
# for statistic reports.

# AltLog                     stats:/var/log/pureftpd.log



# Create an additional log file with transfers logged in the standard W3C
# format (compatible with most commercial log analyzers)

# AltLog                     w3c:/var/log/pureftpd.log



# Disallow the CHMOD command. Users can't change perms of their files.

#NoChmod                     yes



# Allow users to resume and upload files, but *NOT* to delete them.

#KeepAllFiles                yes



# Automatically create home directories if they are missing

#CreateHomeDir               yes



# Enable virtual quotas. The first number is the max number of files.
# The second number is the max size of megabytes.
# So 1000:10 limits every user to 1000 files and 10 Mb.

#Quota                       1000:10



# If your pure-ftpd has been compiled with standalone support, you can change
# the location of the pid file. The default is /var/run/pure-ftpd.pid

#PIDFile                     /var/run/pure-ftpd.pid



# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.
# Don't enable this option if you don't actually use pure-uploadscript.

#CallUploadScript yes



# This option is useful with servers where anonymous upload is 
# allowed. As /var/ftp is in /var, it save some space and protect 
# the log files. When the partition is more that X percent full,
# new uploads are disallowed.

MaxDiskUsage               99



# Set to 'yes' if you don't want your users to rename files.

#NoRename                  yes



# Be 'customer proof' : workaround against common customer mistakes like
# 'chmod 0 public_html', that are valid, but that could cause ignorant
# customers to lock their files, and then keep your technical support busy
# with silly issues. If you're sure all your users have some basic Unix
# knowledge, this feature is useless. If you're a hosting service, enable it.

CustomerProof              yes



# Per-user concurrency limits. It will only work if the FTP server has
# been compiled with --with-peruserlimits (and this is the case on
# most binary distributions) .
# The format is : <max sessions per user>:<max anonymous sessions>
# For instance, 3:20 means that the same authenticated user can have 3 active
# sessions max. And there are 20 anonymous sessions max.

# PerUserLimits            3:20



# When a file is uploaded and there is already a previous version of the file
# with the same name, the old file will neither get removed nor truncated.
# Upload will take place in a temporary file and once the upload is complete,
# the switch to the new version will be atomic. For instance, when a large PHP
# script is being uploaded, the web server will still serve the old version and
# immediatly switch to the new one as soon as the full file will have been
# transfered. This option is incompatible with virtual quotas.

# NoTruncate               yes



# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      1



# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
# By default, both IPv4 and IPv6 are enabled.

# IPV4Only                 yes



# Listen only to IPv6 addresses in standalone mode (ie. disable IPv4)
# By default, both IPv4 and IPv6 are enabled.

# IPV6Only                 yes

# UTF-8 support for file names (RFC 2640)
# Define charset of the server filesystem and optionnally the default charset
# for remote clients if they don't use UTF-8.
# Works only if pure-ftpd has been compiled with --with-rfc2640

# FileSystemCharset	big5
# ClientCharset		big5

в консоли, работает не стабильно.

например у 2ip.ru/domain-list-by-ip/ можно чекнуть и все покажет, как скрыть? CF не вариант

когда убунту просто включена без прог, пустая. вот это выдается:

IP pc8.33314 > 177.143.198.104.bc.googleusercontent.com.http: Flags S, seq 4135551235, win 111111,
options mss 3210,sackOK,TS val 5123103219 ecr 0,nop,wscale 7, length 0

как заблокировать и повлияет ли на что то?

Есть несколько VPN (.ovpn) подключений в network manager, можно включить по очереди, получатся интерфейсы tun0, tun1. но ip будет tun0.

1. Когда включены сразу два vpn что происходит? Второе соединение бездействует?
2. Как сделать duble vpn из них?

Как это так? никогда такого не видел, как работает и какие минусы и плюсы?

У меня сервер на центос, настраивал по гуглу, плохо понимаю что то, на авось обновлять боюсь по гуглу так как настроено много, и если что слетит то будет оч плохо. Вопрос такой можно ли забить на эту проблему или как ее исправить? Или как обновить безопасно? Пишет типа работать будет но есть уязвимость.

CentOS release 6.9 (Final)
version.bind. «9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5

https://ednscomp.isc.org/ednscomp тест вот что выдает:
Warning: failure to address issues identified here may make
future DNS extensions that you want to use ineffective. In
particular echoing back unknown EDNS options and unknown
EDNS flags will break future signaling between DNS client
and DNS server. We already have examples of this where you
cannot depend on the AD flag bit meaning anything in
replies because too many DNS servers just echo it back.
Similarly the EDNS Client Subnet (ECS) option cannot just be
sent to everyone in part because of servers just echoing
it back.
EDNS - Unknown Version Handling (edns1)
dig +nocookie +norec +noad +edns=1 +noednsneg soa zone @server
expect: BADVERS
expect: OPT record with version set to 0
expect: not to see SOA
See RFC6891, 6.1.3. OPT Record TTL Field Use

EDNS - Unknown Version with Unknown Option Handling (edns1opt)
dig +nocookie +norec +noad +edns=1 +noednsneg +ednsopt=100 soa
zone @server expect: BADVERS
expect: OPT record with version set to 0
expect: not to see SOA
expect: that the option will not be present in response

See RFC6891

Перевод:

( читать дальше... )

(ns01.freenom.com.): dns=ok edns=ok edns1=noerror,badversion,soa edns@512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok,nsid (aws2)

http://dulh.ru/alogin/index.php?g=1
под видом голосования просит ввести данные авторизации вк.
whois дал инфу что хостинг на timeweb те мне ответили что не их и
надо: Требуется обращаться к администратору IP-адреса 137.74.151.2
а как к нему обратится как узнать контакты админа этого ИП?

В вк был человек в друзях я его незнаю, скинул ссылку типа
проголосуй за меня http://dulh.ru/index.php?id=227220#gotox
мне не жалко перешол и вот такие дела выясняются

sudo -H pip install vk_api

( sudo -H pip install vk_api )

Вставляю че нить из буфера, предпосмотр все в кучу одну страку выдает. Делаю ентером отступы вручную оставляет промежутки между строк.

Пачему так? Нечто аналогичное с крита, там если что с буфера вставиш то все все в кучу.

как настроить не пойму, и куда вписывать по гуглу одни одно другие друге пишут. Например в гугле пишут /etc/fail2ban/jail.conf редактировать этот файл, а в этом фаиле написано на инглише: YOU SHOULD NOT MODIFY THIS FILE. Provide customizations in a jail.local file or a jail.d/customisation.local.

окей создаю cp jail.conf jail.local и добовляю в него загуглинные правила для самбы:

[samba]

filter = samba enabled = true action = iptables-multiport [name = samba, port = “135,139,445,137,138” protocol = tcp] mail [name = samba, dest=admin@MYDOMAIN.DE] logpath = / var / log / syslog maxretry = 5 #the first attempt is punishable find time = 600 #always check the last 10 minutes bantime = 86400 #ban for a whole day

service fail2ban restrt

sudo iptables -L -n

и ни слова о самбе одни ufv

что не так?

одна планка бука с бэдами, придется заменить, а про совместимость не знаю ничего. там стояли две 2rx8 pc3-10600s 09 10 f20, одна осталась, что можно к ней в пару поставить чтоб на авито найти:?

да знаю есть гугл, но там много вариантов, где с просто адрес где с php и тд. если вас не затруднит подскажите.

это ссылка КНОПКИ в админ веб панели на обновление сертификатов сайтов. надо сделать чтоб раз в 2 месца запускать, сертификаты дают на 3 месца. И еще смущает run_cron на конце, что это?

https://site.com/admin/index.php?module=ssl_vhosts&action=run_cron

будет ли такой вариант работать:

* * * */2 * /usr/bin/wget --spider "https://site.com/admin/index.php?module=ssl_vhosts&action=run_cron" >/dev/null 2>&1