Replace defective HDD on CentOS 6 (mbr)

Prologue: sda old but works, sdc defective. I will replace sdc.

First of all, mark disk sdc as defective and remove from raid.

mdadm --manage /dev/md0 --fail /dev/sdc2
mdadm --manage /dev/md1 --fail /dev/sdc1
mdadm --manage /dev/md2 --fail /dev/sdc3
mdadm /dev/md0 -r /dev/sdc2
mdadm /dev/md1 -r /dev/sdc1
mdadm /dev/md2 -r /dev/sdc3

Physically replace disk and copy partition table to new one.

Continue reading “Replace defective HDD on CentOS 6 (mbr)”

UFW for antizapret

Couple UFW rules for antizapret node

ufw default deny incoming
ufw default allow outgoing
ufw allow ssh / ufw allow from 203.0.113.4 to any port 22
ufw allow 1194
ufw route allow proto tcp from any to any port 1194
ufw route allow proto udp from any to any port 1194
ufw allow in on lxdbr0
ufw route allow in on lxdbr0

ufw enable
systemctl enable ufw

Nginx as CDN POP

This released on ubuntu with packages nginx and nginx-extras (some modules used additionally that not avail on Alma packages, that’s why ubuntu).

We will store cached files in /cdncache and logs in /var/log/nginx/cdnlogs.

Our CDN URL is yourcdn1.domain.name for site1.dev and yourcdn2.domain.name for site2.dev

We will server static files (mp4,jpg,png,gif,jpeg,js,ico,html,htm,webp,css,mp3,wav,swf,mov,doc,pdf,xls,ppt,docx,pptx,xlsx,ttf,woff,woff2), accept only GET queries and disallow listing for /.

Continue reading “Nginx as CDN POP”

Working fail2ban for Asterisk (security log)

Hey, just another config draft from me. In that article we will enable fail2ban jail for asterisk on UDP/5060 via iptables.

In /etc/sysconfig/iptables we should allow UDP/5060 for all (if you want to enable only for your subnet why you need fail2ban? Just allow 192.168.1.0/24 and don’t read that article).

Continue reading “Working fail2ban for Asterisk (security log)”