It has been established that CVE-2021-44228 and CVE-2021-45046 affect vCenter Server 7.0.x, vCenter 6.8.x, and vCenter 6.5.x via the Apache Log4j open source component that it ships. Please read the VMware Security Advisory (VMSA) below before moving to the next step to learn more about this vulnerability and its potential impact on VMware products. Before …
How to roll back an update using yum in CentOS & AlmaLinux
Rollback an update using yum as follows. As an example, we will be using the install and rollback of the screen package. Note that it is not possible to rollback selinux, selinux-policy-*, kernel, or glibc (dependencies of glibc such as gcc) packages to a previous version. Downgrading a system to a minor version is not …
SSH connection fails with messages “no hostkey alg”
The SSH connection from CentOS 6 to CentOS 8 fails while running CentOS 8 in FIPS mode. Getting the following ssh debug output: debug2: mac_setup: found hmac-sha1debug1: kex: server->client aes128-ctr hmac-sha1 nonedebug2: mac_setup: found hmac-sha1debug1: kex: client->server aes128-ctr hmac-sha1 noneno hostkey alg To resolve this issue, on CentOS 6 you should generate ECDSA host keys …
How to configure Telnet in Linux
For security reasons, It is advised to use secure SSH rather than Telnet to connect to a server. When you use Telnet, your passwords are sent through the network in plain text. As a result, the root user is not permitted to use Telnet by default. Make sure you have the necessary telnet-server and telnet …
Unable to disable SELinux
The SELINUX=disabled option in the /etc/selinux/config file was removed from the kernel with the RHEL9.0 release. The system boots up with SELinux enabled but no policy loaded if SELINUX=disabled is defined in /etc/selinux/config. The only way to turn it off is to run the kernel with the selinux=0 option. Use grubby to ensure that the …
nginx: [emerg] socket() [::]:8080 failed (97: Address family not supported by protocol)
When starting nginx, you may get the following error. nginx: [emerg] socket() [::]:8080 failed (97: Address family not supported by protocol) This indicates that the server’s IPv6 is disabled, causing the service to fail owing to an unsupported address family. Search for the following directive in the NGINX configuration file to resolve this error. # …
Failed to parse PID from file /run/nginx.pid: Invalid argument
This is simply a case of nginx and systemd competing for resources. This warning is harmless since systemd only uses the PIDFile option to remove PIDFile after the nginx service terminates. The workaround is to add the following line to /usr/lib/systemd/system/nginx.service. ExecStartPost=/bin/sleep 1
How to configure NGINX to display 404 errors locally
The error_page directive handles nginx problems, whereas proxy_intercept_errors controls whether proxied replies with codes greater than or equal to 300 should be delivered to a client or intercepted and redirected to nginx for processing. Regardless of the http status code, nginx will return whatever the proxy server returns by default. proxy_intercept_errors on;error_page 404 /404.html;
Difference between NGINX load balance methods
NGINX Open Source supports four load‑balancing methods. Round Robin Least Connections IP Hash Generic Hash Round Robin Requests are spread uniformly across the servers, taking into account server weights. This approach is used by default (there is no way to turn it off). upstream backend {# no load balancing method is specified for Round Robinserver …
How can I enable Secure cookie flag in Nginx?
To secure cookies in NGINX, add the following directive to nginx configuration file. add_header Set-Cookie "Path=/; HttpOnly; Secure; SameSite=strict";