Bonne nouvelle du vendredi soir.

La bonne nouvelle du jour.

Incroyable, mais vrai .

Tellement de 😍😍😍😍

Avec un beau schéma !

Une bonne analyse d'un échec de la démocratie. C'est dépistant.

for scsi_path in $(ls /sys/class/scsi_device/); do echo 1 > /sys/class/scsi_device/${scsi_path}/device/rescan; done

Je vire Yunohost, ça me fait tout planter à chaque MAJ.
Donc je vais réutiliser ce shaarli de manière un peu plus active.

Ça semble pas mal.

Pour pouvoir faire des tests de débits qui durent plus de 30s... (pour voir les courbes et les impacts)

Reset the Root Password on AlmaLinux
Last Updated: Tue, Feb 22, 2022 FAQ Troubleshooting Guides
Using a Different System?
Introduction

If you are locked out of your AlmaLinux instance and have lost access to the root account, you need to boot into single-user mode and reset the root password.

As the system boots, press ESC to bring up the GRUB boot prompt. The prompt happens early in the boot process. If you miss the prompt, you need to restart the server from the control panel and try again.
At the GRUB boot prompt, press E to edit the first boot option.
Find the kernel line starting with linux.
Change ro to rw init=/sysroot/bin/sh.
Press CTRL+X or F10 to boot into single user mode.
Access the system with the command: chroot /sysroot.
Type passwd and follow the prompts to change the root password.
Run touch /.autorelabel to force file system relabeling. This is required for systems with SELinux. When you reboot the system, it will relabel the filesystem for SElinux. The reboot may take extra time during this process.
Run exit.
Run logout.
Run reboot to reboot the server.

Ben non, c'est pire parce que c'est même pas avec les vba. C'est un document sans macro...

Cool !

C'est moche :-(

Pas toujours d'accord avec eux, mais ils ont raison : nous sommes passé à côté de programmes fortement orientés écologie. Tout le monde en sera perdant très vite mais rien ne sera fait avant qu'on soit au fond du gouffre. Cette impuissance me dépite tous les jours et cette perspective que nos nouveaux élus s'en foutent complètement me déprime...

Apache httpd : Configure mod_md
2020/07/14

Install and Configure [mod_md] to automate managing certificates from Let's Encrypt.
It's possbile to configure each VirtualHost.
And it's not need to configure manual SSL/TLS setting like here for the Site with [mod_md].
Also it needs that it's possible to access from the Internet to the Site with [mod_md] because of verification from Let's Encrypt.
[1] Install [mod_md].
[root@www ~]# dnf -y install mod_md

after installing, [mod_md] is enabled

[root@www ~]# cat /etc/httpd/conf.modules.d/01-md.conf

LoadModule md_module modules/mod_md.so
[2] Configure [mod_md].
[root@www ~]# vi /etc/httpd/conf.d/acme.conf

create new

MDBaseServer on
MDCertificateProtocol ACME
MDCAChallenges http-01
MDDriveMode auto
MDPrivateKeys RSA 2048
MDRenewWindow 33%
MDStoreDir md
MDCertificateAuthority https://acme-v02.api.letsencrypt.org/directory
MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

<Location "/md-status">
SetHandler md-status
Require ip 127.0.0.1 10.0.0.0/24
</Location>

[MDRenewWindow]

default is [33%] if not specified

if validity of certificates falls specified duration,

[mod_md] will get new certificates

90 days * 33% ≒ 30 days

if you'd like to set with day, specify [d]

30 days ⇒ [30d]

[MDStoreDir]

the directory certificates or other data are stored

if not specified, default is [md]

it is relative path from [ServerRoot] in [httpd.conf]

[md-status]

monitor MD status

[3] If SELinux is enabled, change policy.
[root@www ~]# setsebool -P httpd_can_network_connect on
[root@www ~]# vi httpd-md.te

create new

module httpd-md 1.0;

require {
type httpd_config_t;
type httpd_t;
class dir { add_name create remove_name rename reparent rmdir setattr };
class file { create rename setattr unlink write };
}

============= httpd_t ==============

allow httpd_t httpd_config_t:dir { add_name create remove_name rename reparent rmdir setattr };
allow httpd_t httpd_config_t:file { create rename setattr unlink write };

[root@www ~]# checkmodule -m -M -o httpd-md.mod httpd-md.te

[root@www ~]# semodule_package --outfile httpd-md.pp --module httpd-md.mod

[root@www ~]# semodule -i httpd-md.pp

[4] Configure each VirtualHost you'd like to set [mod_md].
It needs to specify valid email address for each [ServerAdmin] directive because Let's Encrypt will send various notification.

for example, set on the site [www.srv.world] site

[root@www ~]# vi /etc/httpd/conf.d/www.srv.world.conf

MDomain www.srv.world
MDCertificateAgreement accepted
DirectoryIndex index.html
ServerAdmin root@www.srv.world

<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.srv.world
</VirtualHost>

<VirtualHost *:443>
SSLEngine on
DocumentRoot /var/www/html
ServerName www.srv.world
</VirtualHost>

for example, set on the site [dlp.srv.world] site

[root@www ~]# vi /etc/httpd/conf.d/dlp.srv.world.conf

MDomain dlp.srv.world
MDCertificateAgreement accepted
DirectoryIndex index.html
ServerAdmin root@dlp.srv.world

<VirtualHost *:80>
DocumentRoot /var/www/dlp.srv.world
ServerName dlp.srv.world
</VirtualHost>

<VirtualHost *:443>
SSLEngine on
DocumentRoot /var/www/dlp.srv.world
ServerName dlp.srv.world
</VirtualHost>

[root@www ~]# systemctl restart httpd

on initial start, some validation ckecks run and

dumy certificate is created under the directory you set for [MDStoreDir]

[root@www ~]# ll /etc/httpd/md/domains/dlp.srv.world

total 12
-rw-------. 1 root root 1115 Jul 13 19:33 fallback-cert.pem
-rw-------. 1 root root 1704 Jul 13 19:33 fallback-privkey.pem
-rw-------. 1 root root 471 Jul 13 19:33 md.json

restart again

[root@www ~]# systemctl restart httpd

if all checks passed, valid certificate is gotten

[root@www ~]# ll /etc/httpd/md/domains/dlp.srv.world

total 16
-rw-------. 1 root root 3899 Jul 13 19:34 job.json
-rw-------. 1 root root 516 Jul 13 19:34 md.json
-rw-------. 1 root root 1704 Jul 13 19:34 privkey.pem
-rw-------. 1 root root 3554 Jul 13 19:34 pubcert.pem

[5] It's possible to confirm expiration date and others of certificate with [openssl] command like follows.
Or it's possbile to see them to access to the URL of [md-status] you set on [2].
[root@www ~]# openssl s_client -connect www.srv.world:443 | openssl x509 -noout -startdate -enddate

depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = www.srv.world
verify return:1
notBefore=Jul 14 06:34:02 2020 GMT
notAfter=Oct 12 06:34:02 2020 GMT

[root@www ~]# openssl s_client -connect dlp.srv.world:443 | openssl x509 -noout -startdate -enddate

depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = dlp.srv.world
verify return:1
notBefore=Jul 14 06:33:49 2020 GMT
notAfter=Oct 12 06:33:49 2020 GMT

Coudé !

Pas mal ^^

Cool !

Liste des CVE