Docker
Reanimate container after EXIT
docker start `docker ps -q -l`
воскресенье, 17 сентября 2023 г.
четверг, 18 июня 2020 г.
Backup to Network Drive
For backup to network drive user below command:
EXEC xp_cmdshell 'net use Z: \\192.168.28.12\e$\PVGBACK P@yvand!@#45A /USER:Administrator /PERSISTENT:yes'
GO
After successfully executing go to backup settings (Maintenance - New - Backup) in destination field choose drive Z (configured through command before)
EXEC xp_cmdshell 'net use Z: \\192.168.28.12\e$\PVGBACK P@yvand!@#45A /USER:Administrator /PERSISTENT:yes'
GO
After successfully executing go to backup settings (Maintenance - New - Backup) in destination field choose drive Z (configured through command before)
воскресенье, 20 января 2019 г.
Strognswan Mikrotik IPSec
Mikrotik
[admin@MikroTik] > /ip ipsec peer add address=StrongSWANIP/32 port=500 auth-method=pre-shared-key secret="PSK" generate-policy=no exchange-mode=main send-initial-contact=yes nat-traversal=no proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-256 dh-group=modp1024 lifetime=8h lifebytes=0 dpd-interval=2m dpd-maximum-failures=5
[admin@MikroTik] > /ip ipsec policy add src-address=Mikrotik Private IP/24 src-port=any dst-address=Swan Private IP/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=MikrotikPublicIP sa-dst-address=SwanPublicIP proposal=default priority=0
[admin@MikroTik] > /ip ipsec proposal set 0 auth-algorithms=sha1 enc-algorithms=3des lifetime=1h pfs-group=none
[admin@MikroTik] > /ip ipsec peer add address=StrongSWANIP/32 port=500 auth-method=pre-shared-key secret="PSK" generate-policy=no exchange-mode=main send-initial-contact=yes nat-traversal=no proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-256 dh-group=modp1024 lifetime=8h lifebytes=0 dpd-interval=2m dpd-maximum-failures=5
[admin@MikroTik] > /ip ipsec policy add src-address=Mikrotik Private IP/24 src-port=any dst-address=Swan Private IP/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=MikrotikPublicIP sa-dst-address=SwanPublicIP proposal=default priority=0
[admin@MikroTik] > /ip ipsec proposal set 0 auth-algorithms=sha1 enc-algorithms=3des lifetime=1h pfs-group=none
StrongSWAN
ipsec.conf
###Pv -Komils Home
conn tunnel
rightsendcert=never
left=SWAN Public IP
leftsubnet=SWAN Private IP/24
right=Mikrotik Public IP
rightsubnet=Mikrotik Private IP/24
ike=aes256-sha1-modp1024!
esp=3des-sha1!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=clear
authby=secret
auto=start
keyexchange=ikev1
type=tunnel
ipsec.secret
SWAN_IP Mikrotik_IP : PSK 'PSK'
пятница, 11 января 2019 г.
Firewalld open specific port for IP
I hope you can find many articles about installation and deployment, but I faced to issues during open specific ports for IP. Below my example
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.154.30.20" port protocol="udp" port="10000-10100" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.154.30.20" port protocol="udp" port="4569" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.154.30.20" port protocol="udp" port="2727" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.154.30.20" port protocol="udp" port="5060-5061" accept'
Important to reload firewall after changes
firewall-cmd --reload
Hope will save life to someone :)
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.154.30.20" port protocol="udp" port="10000-10100" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.154.30.20" port protocol="udp" port="4569" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.154.30.20" port protocol="udp" port="2727" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.154.30.20" port protocol="udp" port="5060-5061" accept'
Important to reload firewall after changes
firewall-cmd --reload
Hope will save life to someone :)
среда, 25 апреля 2018 г.
Lets Encrypt renew certificate
Thanks to Lets Encrypt for free certificates but certificates has feature of expiration and need to renew. Lets start, for renew certificate we need only one command:
certbot --authenticator standalone --installer apache -d domain.com -d www.domain.com --pre-hook "sudo systemctl stop httpd.service" --post-hook "sudo systemctl start httpd.service"
certbot --authenticator standalone --installer apache -d domain.com -d www.domain.com --pre-hook "sudo systemctl stop httpd.service" --post-hook "sudo systemctl start httpd.service"
пятница, 29 декабря 2017 г.
Strongswan Cisco IPsec
Приветствую,
Очень долго искал при поиске решений на облаке для подключения по IPsec и в итоге вот оно Strongwan, отличное решение на базе Линукс для такого рода задач. Ну в общем внизу хочу показать рабочий пример при подключении с моего сервера на Strongwan к роутеру Cisco 2801
- strongswan : wan ip : 185.105.229.61
lan ip: 192.168.29.0/24
- cisco wan ip: 185.105.229.99
lan ip: 192.168.28.0/24
*** cisco side
!
crypto isakmp policy 15
encr aes 256
authentication pre-share
group 2
!
crypto isakmp key mypassword address 185.105.229.61 no-xauth
crypto ipsec transform-set gw2 esp-aes 256 esp-sha-hmac
crypto ipsec df-bit clear
crypto map MAIN 14 ipsec-isakmp
description GW2
set peer 185.105.229.61
set transform-set gw2
match address gw2
ip route 192.168.29.1 255.255.255.255 185.105.229.61 permanent
ip route 192.168.29.7 255.255.255.255 185.105.229.61 permanent
ip access-list extended gw2
permit ip 192.168.28.0 0.0.0.255 192.168.29.0 0.0.0.255
permit icmp 192.168.28.0 0.0.0.255 192.168.29.0 0.0.0.255
deny ip any any
*** Strongswan side
config setup
charondebug="all"
uniqueids=no
strictcrlpolicy=no
conn %default
dpdaction=restart
dpddelay=30
ikelifetime=1440m
keylife=60m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
conn cisco
left=185.105.229.61 #strongswan outside address
leftid=185.105.229.61 #IKEID sent by strongswan
leftsubnet=192.168.29.0/32 #network behind strongswan
leftfirewall=yes
right=185.105.229.99 #CISCO outside address
rightsubnet=192.168.28.0/24 #network behind CISCO
Конечно же не надо прописать в /etc/ipsec.secret PSK формат примерно такой:
Left IP (Your IP) Right IP (Partner IP) : PSK 'mypassword'
Очень долго искал при поиске решений на облаке для подключения по IPsec и в итоге вот оно Strongwan, отличное решение на базе Линукс для такого рода задач. Ну в общем внизу хочу показать рабочий пример при подключении с моего сервера на Strongwan к роутеру Cisco 2801
- strongswan : wan ip : 185.105.229.61
lan ip: 192.168.29.0/24
- cisco wan ip: 185.105.229.99
lan ip: 192.168.28.0/24
*** cisco side
!
crypto isakmp policy 15
encr aes 256
authentication pre-share
group 2
!
crypto isakmp key mypassword address 185.105.229.61 no-xauth
crypto ipsec transform-set gw2 esp-aes 256 esp-sha-hmac
crypto ipsec df-bit clear
crypto map MAIN 14 ipsec-isakmp
description GW2
set peer 185.105.229.61
set transform-set gw2
match address gw2
ip route 192.168.29.1 255.255.255.255 185.105.229.61 permanent
ip route 192.168.29.7 255.255.255.255 185.105.229.61 permanent
ip access-list extended gw2
permit ip 192.168.28.0 0.0.0.255 192.168.29.0 0.0.0.255
permit icmp 192.168.28.0 0.0.0.255 192.168.29.0 0.0.0.255
deny ip any any
*** Strongswan side
config setup
charondebug="all"
uniqueids=no
strictcrlpolicy=no
conn %default
dpdaction=restart
dpddelay=30
ikelifetime=1440m
keylife=60m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
conn cisco
left=185.105.229.61 #strongswan outside address
leftid=185.105.229.61 #IKEID sent by strongswan
leftsubnet=192.168.29.0/32 #network behind strongswan
leftfirewall=yes
right=185.105.229.99 #CISCO outside address
rightsubnet=192.168.28.0/24 #network behind CISCO
Конечно же не надо прописать в /etc/ipsec.secret PSK формат примерно такой:
Left IP (Your IP) Right IP (Partner IP) : PSK 'mypassword'
вторник, 11 октября 2016 г.
STOP RMAN backup job
Sometimes RMAN job take long time and need to kill job to investigate problem, below script show you how to kill job.
SQL>SELECT p.SPID, s.sid, s.serial#, sw.EVENT, sw.SECONDS_IN_WAIT AS SEC_WAIT, sw.STATE, CLIENT_INFO
FROM V$SESSION_WAIT sw, V$SESSION s, V$PROCESS p
WHERE s.client_info LIKE 'rman%'
AND s.SID=sw.SID
AND s.PADDR=p.ADDR;
When you found necessary data you should use below script to kill job
SQL> alter system kill session '683, 43845';
SQL>SELECT p.SPID, s.sid, s.serial#, sw.EVENT, sw.SECONDS_IN_WAIT AS SEC_WAIT, sw.STATE, CLIENT_INFO
FROM V$SESSION_WAIT sw, V$SESSION s, V$PROCESS p
WHERE s.client_info LIKE 'rman%'
AND s.SID=sw.SID
AND s.PADDR=p.ADDR;
When you found necessary data you should use below script to kill job
SQL> alter system kill session '683, 43845';
Подписаться на:
Сообщения (Atom)