blog
Table des matières
- 2026:
- 2025:
1 billet(s) pour avril 2026
| Notes ping ICMP | 2026/04/03 23:01 | Jean-Baptiste |
Audit Debian différences de version entre un fichier d'origine et le fichier actuelle
Trouver les fichiers ne correspondant pas/plus à ceux de la version original du paquet
dpkg --verify debsums -as
Comparer les différences
cmpfiledeb.sh
#! /bin/bash rm -rf /tmp/plop/* mkdir /tmp/plop 2>/dev/null PAQ=$(dpkg -S $1 | cut -d':' -f1) cd /tmp/plop apt-get download $PAQ ar x *.deb tar xf data.tar.* > /dev/null #vimdiff /tmp/plop/$1 $1 #vimdiff <(egrep -v "^$|^;|^#" /tmp/plop/$1) <(egrep -v "^$|^;|^#" $1) diff <(egrep -v "^$|^;|^#" /tmp/plop/$1) <(egrep -v "^$|^;|^#" $1)
Exemple :
./cmpfiledeb.sh /etc/mysql/my.cnf
< bind-address = 127.0.0.1 --- > event_scheduler = ON > open_files_limit = 2048 22a24 > max_connections = 520
Penser au include /etc/my.cnf.d/* etc… !!
for fic in $(LANG=C debsums -as 2>&1 |grep -v "/etc/apache2" |sed -e 's/^debsums: changed file //' |awk '{print $1}') do echo $fic read ./cmpfiledeb.sh $fic done
Notes Chromium
Debug
https://chromedevtools.github.io/devtools-protocol/
chromium --headless chromium --remote-debugging-port=9222 & chromium --user-data-dir=/tmp/plop http://localhost:9222 # Allow URL file:// chromium --allow-file-access-from-files.
Install
Chrome sur RedHat 6 & 7
sudo wget https://chromedriver.storage.googleapis.com/84.0.4147.30/chromedriver_linux64.zip sudo unzip chromedriver_linux64.zip sudo mv chromedriver /usr/bin/chromedriver chromedriver –version sudo curl https://intoli.com/install-google-chrome.sh | bash sudo mv /usr/bin/google-chrome-stable /usr/bin/google-chrome google-chrome –version
Autres
Cache DNS
chrome:net-internals/#dns
Notes certs root CA
Voir :
curl
$ strace -f --trace=%file curl https://www.acme.fr 2>&1 |egrep -v 'ENOENT|/lib/' |grep ^open openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/etc/ssl/certs/ca-certificates.crt", O_RDONLY) = 6 openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 6
A voir si curl utilise la LIBNSS
Test
curl -v -s --noproxy '*' -D - https://127.0.0.1:443/some-secure-endpoint
Afficher les CA sous Debian
awk -v cmd='openssl x509 -noout -subject' ' /BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt
Afficher les CA sous RedHat
awk -v cmd='openssl x509 -noout -subject' ' /BEGIN/{close(cmd)};{print | cmd}' < /etc/pki/tls/certs/ca-bundle.crt
Vérifier les CA
openssl s_client -connect localhost:7000 -servername www.acme.fr -CAfile /tmp/cert.pem </dev/null
trust list --filter=ca-anchors --purpose=server-auth |grep ACME -i -A2 -B3
find /etc/ssl/certs -type l -iname "*.0" -exec cat "{}" \; | awk -v cmd='openssl x509 -noout -subject -enddate 2>/dev/null | tr "\n" " " ; echo' '/BEGIN/{cert=""};{cert=sprintf("%s\n%s",cert,$0)};/END/{print cert | cmd ;close(cmd)}' | sed -r 's:^subject=::' | sort -u # Autres cat /etc/ssl/certs/ca-certificates.crt | keytool -printcert 2>/dev/null | grep "^Certificate\[" -A11 | less csplit -z ca-bundle.crt /#/ '{*}'
Liste blanche / noire
# /etc/pki/ca-trust/source/whitelist/ # update-ca-trust
# trust dump --filter "pkcs11:id=%BD%BD%98%7A%34%B4%26%F7%FA%C4%26%54%EF%03%BD%E0%24%CB%54%1B;type=cert" > /etc/pki/ca-trust/source/blacklist/addtrust-external-root.p11-kit
# update-ca-trust extract
# trust list | grep -C2 "AddTrust External"
p11-kit: overriding trust for anchor in blacklist: addtrust-external-root.p11-kit
pkcs11:id=%bd%bd%98%7a%34%b4%26%f7%fa%c4%26%54%ef%03%bd%e0%24%cb%54%1B;type=cert
type: certificate
label: AddTrust External Root
trust: blacklisted
category: authority
Sauvegarde PKI RedHat
# Sauvegarde cp -a /etc/pki /etc/pki.bak # Restore rsync -ax --delete /etc/pki.bak/ /etc/pki/
Remove a CA certificate
trust anchor --remove pkcs11:id=%15%FF%08%56%E0%6C%64%24%D0%56%70%91%87%8A%2B%2C%C6%5C%DD%34;type=cert # ou trust anchor --remove path.to/certificate.crt
or
rm /etc/pki/ca-trust/source/anchors/<CA Certificate Filename> update-ca-trust
split the bundle into individual certificates
Source : https://www.redhat.com/sysadmin/configure-ca-trust-list
Cut bundle into individual files:
csplit -z ca-bundle.crt /#/ '{*}'
Remove blank lines:
sed -i '/^$/d' xx*
Rename files:
for file in xx*; do mv $file $(head -n 1 $file | tr -d \#" "); done
Ajouter une CA
Voir :
curl http://satellite.example.com/pub/katello-server-ca.crt -o /etc/pki/ca-trust/source/anchors/satellite-ca.crt update-ca-trust
Autres
# # rpm -ql ca-certificates
# rpm -q --filesbypkg ca-certificates |awk '/bin\// { print $2}'
/usr/bin/ca-legacy
/usr/bin/update-ca-trust
Notes Centreon
Je vous conseille de ne pas mettre en place Centreon Si vous avez besion d'une solution de supervision vous pouvez essayer Zabbix
Généralités
/etc/centreon-engine/resource.cfg
$USER1$=/usr/lib64/nagios/plugins $CENTREONPLUGINS$=/usr/lib/centreon/plugins
Conf via WebUI
Laisser les valeurs par défaut jusqu'à l'écran 4
Puis à l'écran 5:
password : yieCh4ha Firt name : admin Last name : admin email : root@localhost
Ecran 6
Database Host Address (default: localhost) : 192.168.5.1 Root password : [See roles/centreon-docker/templates/env.sh.j2] Database user password : idem
Dialogbox "Feature testing" => "No"
Login Configuration Pollers Check "Central" Clic "Export configuration" check all and select "Restart" Method
Mise à jour
- Mettre à jour les paquets
- Mettre à jours les extensions via le Extensions Manager
- Mise à jour des Plugin Packs
- Lancer la procédure http://localhost/centreon/install/upgrade.php
Reset mot de passe
Exemple pour admin / centreon
INSERT INTO contact_password (password, contact_id, creation_date) VALUES ('$2y$10$ubq1hJ9z3YPXBhejjae.Ie9u3AcMrwFNImPhOnnkLmEoNtwRGwNrC', 1, (SELECT UNIX_TIMESTAMP(NOW())));
Logs
Partition DB
Voir :
mysql -u centreon -p centreon_storage
ALTER TABLE logs REMOVE PARTITIONING;
su - centreon php /usr/share/centreon/cron/centstorage_purge.php php /usr/share/centreon/bin/centreon-partitioning.php -m data_bin php /usr/share/centreon/bin/centreon-partitioning.php -m log_archive_service php /usr/share/centreon/bin/centreon-partitioning.php -m log_archive_host php /usr/share/centreon/bin/centreon-partitioning.php -m logs
Autres
1
systemctl status cbd centengine gorgoned httpd
2
rm -f /var/lib/centreon/metrics/* rm -f /var/lib/centreon/status/* rm -f /var/lib/centreon/nagios-perf/*/*
3
mysql -u centreon -p centreon_storage
DELETE logs_old ; TRUNCATE logs ; TRUNCATE servicestateevents ; DELETE FROM data_bin WHERE id_metric NOT IN (SELECT metric_id FROM metrics) ;
su - centreon -c "/usr/share/centreon/cron/eventReportBuilder -r" #su - centreon -c "/usr/share/centreon/cron/dashboardBuilder -r" # CRON su - centreon -c "/usr/share/centreon/cron/eventReportBuilder --config=/etc/centreon/conf.pm" su - centreon -c "/usr/share/centreon/cron/dashboardBuilder --config=/etc/centreon/conf.pm"
Pb
# yum install -y centreon-base-config-centreon-engine centreon
--> Finished Dependency Resolution
Error: Package: nagios-plugins-perl-1.4.16-10.el7.centos.x86_64 (centreon-stable)
Requires: nagios-plugins = 1.4.16-10.el7.centos
Available: nagios-plugins-1.4.16-10.el7.centos.x86_64 (centreon-stable)
nagios-plugins = 1.4.16-10.el7.centos
Installing: nagios-plugins-2.3.3-2.el7.x86_64 (epel)
nagios-plugins = 2.3.3-2.el7
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
Solution
# repoquery --location centreon-plugins http://yum.centreon.com/standard/3.4/el7/stable/noarch/RPMS/centreon-plugins-2.8.32-1.el7.centos.noarch.rpm
rpm -Uvh --nodeps $(repoquery --location centreon-plugins)
blog.txt · Dernière modification : de 127.0.0.1