Michael Kane dryliketoast

## mount_qcow2.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                dryliketoast
                / mount_qcow2.md
            
            
              Created
              November 11, 2023 18:49
                — forked from shamil/mount_qcow2.md
            
              
                How to mount a qcow2 disk image
              
          
    How to mount a qcow2 disk image

This is a quick guide to mounting a qcow2 disk images on your host server. This is useful to reset passwords,
edit files, or recover something without the virtual machine running.
Step 1 - Enable NBD on the Host
modprobe nbd max_part=8


## fatrace.txt
Is there a tool like iotop but for monitoring IO on specific volumes?
https://unix.stackexchange.com/questions/72027/iotop-but-for-particular-disk/701656#701656

Check out `fatrace`

For example, cd into the partition you want to (in my case, mount point /hdd) monitor and run

sudo fatrace -c -t

Then, for example a touch /hdd/x will show:

## LENKENG-LKV373A-UDP.txt
source: https://blog.danman.eu/new-version-of-lenkeng-hdmi-over-ip-extender-lkv373a/

Device should send packets like this:
11:06:02.782172 IP 192.168.1.238.5004 > 239.255.42.42.5004: UDP, length 1328
11:06:02.782542 IP 192.168.1.238.5004 > 239.255.42.42.5004: UDP, length 1328
11:06:02.782775 IP 192.168.1.238.5004 > 239.255.42.42.5004: UDP, length 1328
11:06:02.783042 IP 192.168.1.238.5004 > 239.255.42.42.5004: UDP, length 1328

Connect to stream when on same subnet:
vlc udp://@239.255.42.42:5004

## freenas-active-directory-fix.txt
Version: FreeNAS-11.3-U5
Problem: Active Directory Faulted

Resolution:
1) Disabling the service
2) Manually delete the kerberos realm
3) Enabling the service again

Active Directory should now show as healthy and function properly
Ref: https://www.reddit.com/r/freenas/comments/fbsfq8/active_directory_faulted/

## nmap tricks
On a side note you can use nmap with ssl-enum-ciphers script as follows

`nmap --script ssl-enum-ciphers -p 443 example.com`
You will get a response like this.

```
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   SSLv3:

## serial console (qemu)
within the virtual machine, update grub with this:
GRUB_CMDLINE_LINUX=”console=tty1 console=ttyS0,115200n8″

reboot the virtual machine

so instead of using ssh from the host, you can now do this:
virsh console --domain [virtual-machine-name]

this works with most linux distributions on bare metal (ipmi) or otherwise

## gist:749f52dfde254c001abe39d94c781fa3
gsettings set org.gnome.shell.extensions.desktop-icons show-home false
gsettings set org.gnome.shell.extensions.desktop-icons show-trash false

## socat daemon systemd

https://unix.stackexchange.com/questions/125382/migrate-socat-init-script-to-systemd
For socat, I use a pure systemd approach. This is an example for a serial loopback:

[Unit]
Description=Socat Serial Loopback
#Before=my-other.service

[Service]
Type=simple

## gist:5c62027480e21db95703219689de1793
Creating a Self-Signed Certificate
As an example, we'll create a certificate that might be used to secure a personal website that's hosted with Apache.

The example will create a certificate valid for 365 days; we may wish to increase this value. We've specified the FQDN (fully qualified domain name) of the VPS for the "Common Name" entry, as this certificate will be used for generic SSL service.

$ sudo openssl req -new -x509 -sha256 -days 365 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key
Generating a 2048 bit RSA private key
.............................+++
.........................................................+++
writing new private key to '/etc/ssl/localcerts/apache.key'

## apparmor blocks ntpd activity
https://bugs.launchpad.net/mos/+bug/1475019
Denis Puchkin (dpuchkin) wrote on 2016-04-20: 	#6

Hi
The cause of these apparmor messages is misconfigured ntp apparmor profile,
 but there is nothing terrible

Apparmor banned only messages (like ntp successfully started and listen on socket )
 to rsyslog through /dev/log, this happened because NTP is running in the
 network namespase and apparmor has some issues with that.
	Is there a tool like iotop but for monitoring IO on specific volumes?
	https://unix.stackexchange.com/questions/72027/iotop-but-for-particular-disk/701656#701656

	Check out `fatrace`

	For example, cd into the partition you want to (in my case, mount point /hdd) monitor and run

	sudo fatrace -c -t

	Then, for example a touch /hdd/x will show:
	source: https://blog.danman.eu/new-version-of-lenkeng-hdmi-over-ip-extender-lkv373a/

	Device should send packets like this:
	11:06:02.782172 IP 192.168.1.238.5004 > 239.255.42.42.5004: UDP, length 1328
	11:06:02.782542 IP 192.168.1.238.5004 > 239.255.42.42.5004: UDP, length 1328
	11:06:02.782775 IP 192.168.1.238.5004 > 239.255.42.42.5004: UDP, length 1328
	11:06:02.783042 IP 192.168.1.238.5004 > 239.255.42.42.5004: UDP, length 1328

	Connect to stream when on same subnet:
	vlc udp://@239.255.42.42:5004
	Version: FreeNAS-11.3-U5
	Problem: Active Directory Faulted

	Resolution:
	1) Disabling the service
	2) Manually delete the kerberos realm
	3) Enabling the service again

	Active Directory should now show as healthy and function properly
	Ref: https://www.reddit.com/r/freenas/comments/fbsfq8/active_directory_faulted/
	On a side note you can use nmap with ssl-enum-ciphers script as follows

	`nmap --script ssl-enum-ciphers -p 443 example.com`
	You will get a response like this.

	```
	PORT STATE SERVICE
	443/tcp open https
	\| ssl-enum-ciphers:
	\| SSLv3:
	within the virtual machine, update grub with this:
	GRUB_CMDLINE_LINUX=”console=tty1 console=ttyS0,115200n8″

	reboot the virtual machine

	so instead of using ssh from the host, you can now do this:
	virsh console --domain [virtual-machine-name]

	this works with most linux distributions on bare metal (ipmi) or otherwise
	gsettings set org.gnome.shell.extensions.desktop-icons show-home false
	gsettings set org.gnome.shell.extensions.desktop-icons show-trash false

	https://unix.stackexchange.com/questions/125382/migrate-socat-init-script-to-systemd
	For socat, I use a pure systemd approach. This is an example for a serial loopback:

	[Unit]
	Description=Socat Serial Loopback
	#Before=my-other.service

	[Service]
	Type=simple
	Creating a Self-Signed Certificate
	As an example, we'll create a certificate that might be used to secure a personal website that's hosted with Apache.

	The example will create a certificate valid for 365 days; we may wish to increase this value. We've specified the FQDN (fully qualified domain name) of the VPS for the "Common Name" entry, as this certificate will be used for generic SSL service.

	$ sudo openssl req -new -x509 -sha256 -days 365 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key
	Generating a 2048 bit RSA private key
	.............................+++
	.........................................................+++
	writing new private key to '/etc/ssl/localcerts/apache.key'
	https://bugs.launchpad.net/mos/+bug/1475019
	Denis Puchkin (dpuchkin) wrote on 2016-04-20: #6

	Hi
	The cause of these apparmor messages is misconfigured ntp apparmor profile,
	but there is nothing terrible

	Apparmor banned only messages (like ntp successfully started and listen on socket )
	to rsyslog through /dev/log, this happened because NTP is running in the
	network namespase and apparmor has some issues with that.