sysadmin – Another computering website

NetApp SSH ciphers obsolete

By default, NetApp keep enabled SSH ciphers which are obsoletes (which should not be used at least). The following procedure has been realized on an AFF-A300

The ciphers I’m talking about are the cbc ones (aes256-cbc, aes192-cbc, aes128-cbc, 3des-cbc) and here is how to proceed :

First of all, connect to your NetApp via SSH, then you will have to set the advanced privilege mode

And finish by removing all the cipers you want to disable with the command « security ssh remove -ciphers xxxx »

Then you can check the ciphers enabled with the command « security ssh show » :

Upgrade Exchange 2013 to CU21

First of all, snapshot your VM ! If your Exchange server is a physical one, that’s baaaad.

Reboot your server, it’s always nice to execute maintenance on a « clean » server.

Download and install Framework 4.7.1 and Visual C++ Redis blablabla (https://www.microsoft.com/en-US/download/details.aspx?id=40784).

Download (https://www.microsoft.com/en-us/download/details.aspx?id=57069) and unpack CU21 where you want

After that a new reboot is good no ?

Open CMD window with root privilege and go to where you unpacked your CU21 install files. Launch these commands :

setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

As you can see, installation checks the prerequisites

setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms

setup /m:upgrade /IacceptExchangeServerLicenseTerms

If like me you faced this problem due to one process running : mscorsvw.exe

Just wait a few seconds/minutes for the process to finish itself and then launch again

At the end restart again your server and everything should be OK.

LSB functions

Sometimes you need to use old system (/etc/init.d) to start programs but when you want to add a new one and try to start it :

Simply install « redhat-lsb-core » and that’s OK !

Add new nodes on GANGLIA

If you don’t know what is Ganglia > http://ganglia.info/

When I managed HPC I deployed new nodes via « kickstart » (RHEL servers). But when you change of manufacturer of servers, there can be some device name changes ! For example NICs name !! So pay attention to modify in your /etc/ganglia/gmond.conf the two lines where is specify the name of the NIC on which Ganglia is looking (mcast_if)

mysql_secure_installation tips

If you need to install MySQL for what ever, you will have to launch this script :

mysql_secure_installation

The first question is to choose a password but since it’s the first installation, you didn’t choose any ! If you installed mariadb you can « bypass » this step by pressing enter but if you installed mysql-server you have to check in the log file created by mysql-server where you can find a temporary password.

Something like that : cat /var/log/mysql.log

RHEL 7 logs flooded

Sick of having your logs (/var/log/messages) flooded by useless messages :

Type this command :

echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of") then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf

Then restart your rsyslog (systemctl restart rsyslog)