This is a small desktop / short tower case which is connected to a couple of tape libraries. This post replaces a previous post. Partitions [dan@tape01:~] $ gpart show => 40 5860533088 ada0 GPT (2.7T) 40 1024 1 freebsd-boot (512K) 1064 984 – free – (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 5856335872 3 freebsd-zfs (2.7T) 5860532224 904 – free – (452K) => 40 5860533088 ada1 GPT (2.7T) 40 1024 1 freebsd-boot (512K) […]
The R720 is showing a message like this from time to time: Jan 1 07:42:20 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in queue awaiting acceptance (1 occurrences) Jan 1 08:02:21 r720-01 syslogd: last message repeated 1 times Jan 1 08:27:22 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in queue awaiting acceptance (2 occurrences) Jan 1 16:07:04 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already
Listen queue overflow Read More »
See also OpenVPN: unsupported certificate purpose. NOTES NOTE: When using ssl-admin for Bacula: use option 4 (Perform a one-step request/sign) for clients (bacula-fd) use option S (Create new Signed Server certificate) for servers (bacula-sd and bacula-dir) I know these things, but I repeatedly go to option 4 and forget…. Original post follows Sometimes I forget about TLS / SSL / x509 certificates being available in both server and client versions, particularly when it
SSL client vs server certificates and bacula-fd Read More »
Today I found out about a vuln in net/py-urllib3. Nagios told me: Checking for security vulnerabilities in base (userland & kernel): Host system: Database fetched: Tue Nov 26 18:23:32 UTC 2019 py36-urllib3-1.22,1 I logged into that host and ran a pkg upgrade py36-urllib3. What other hosts have that installed? There. That’s the hosts I have to update. How about a list for csshX? Ideally, I’d like to take the query output, and construct
Which hosts have this vuln package installed? SamDrucker knows. Read More »
Today this Nagios alert showed up: I admit it. I have not patched my micro code before. I’m doing it only because it turned up in Nagios. Browsing to that URL, I found “Starting with version 1.26, the devcpu-data port/package includes updates and mitigations for the following technical and security advisories (depending on CPU model).”. Looking on FreshPorts, I found that port. I built it. I installed it on all hosts. I followed
patching your Intel CPU Microcode using FreeBSD ports Read More »
I use pf as my packet filter. Everything blocked gets logged to /var/log/pflog.conf Late last week, I noticed my rules were allowing everything in on one interface. I changed that. Overnight I see that my Let’s Encrypt certificate renewals failed. Nagios also tells me that the DNS servers are not in sync. I suspect firewall rules. Reviewing pflog It is because I use: block log all in /etc/pf.conf pflog_enable=”YES” in /etc/rc.conf that I
Reviewing /var/log/pflog contents Read More »
This post has been replaced by a newer post. For future reference, this is the knew server … oh wait, I think it’s this server which is was mounted in the 4U chassis mentioned in this post. It runs a few jails, including Bacula regression testing services. It is now mounted in a SuperChassis 846E16-R1200B This is the previous post for this system configuration. Photos of the assembly. File systems Paritions zpools Those
I rebooted knew yesterday for upgrades. When it came back, the main storage zpool was degraded: Is the drive alive? The drive is not listed at all in /var/run/dmesg.boot. I keep a list of the expected drives in /etc/periodic.conf, for use by a Nagios check: [dan@knew:~] $ /usr/sbin/sysrc -nf /etc/periodic.conf daily_status_smart_devices /dev/da22 /dev/da21 /dev/da20 /dev/da19 /dev/da18 /dev/da17 /dev/da16 /dev/da15 /dev/da14 /dev/da13 /dev/da12 /dev/da11 /dev/da10 /dev/da9 /dev/da8 /dev/da7 /dev/da6 /dev/da5 /dev/da4 /dev/da3 /dev/da2 /dev/da1
zpool degraded – one drive missing from system Read More »
When the time comes to replace a drive, it is very nice to know which drives is missing. I created this drive map to help me figure out which drive disappeared. I created this drive-bay map using a combination of: zpool status sesutil map lsblk camcontrol /var/run/dmesg.boot I have not included /var/run/dmesg.boot here. If you click on this image, you’ll see a larger version which is easier to read. I went through sesutil
Creating a drive-bay map Read More »
This post has been replaced by a new one. For reference, the previous post on this server is still available. FYI, this server is named after Joshua Slocum, who was the first person to sail single-handedly around the world. This server was upgraded on Feb 2 2019. Only the storage persisted. Everything else was upgraded. The hardware M/B – Supermicro X9DRE-TF+ RAM – 128GB composed of 8x 16GB DDR3 1600Mhz 21300 ECC/REG CPU