Can’t restart auditd with systemctl

The following command

systemctl restart auditd

Returns the following error on CentOS

Failed to restart auditd.service: Operation refused, unit auditd.service may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status auditd.service' for details.

Work around is to use service for the restart

service auditd restart

 

VMware esxtop, looking for CPU performance issues

http://www.yellow-bricks.com/esxtop/#esxtop-thresholds has some guidance on thresholds for different metrics.

Run esxtop, hit the “c” key to view CPU info and compare the usage with the thresholds.

Here are few from the above link.

Metric Threshold
%RDY 10
%CSTP 3
%MLMTD 0

Note: if your in esxtop you can hit the “f” key and it’ll give you a menu to specify more fields to display.

esxtop not displaying properly and is not interactive

Ran into an issue where esxtop was basically displaying a bunch of CSV data that was hard to make sense of in a terminal.

From reading here https://kb.vmware.com/s/article/2001448

It appears that the issue is that the environment TERM variable is not specified.

echo $TERM

returns nothing.

To fix, specify the terminal to use

TERM=xterm

To get a list of terminals available, run the following

find /usr/share/terminfo -type f

Troubleshoot MySQL Performance

Login to MySQL

mysql -u root -p

Show Active processes

SHOW PROCESSLIST;

or to list all the processes use “FULL”

SHOW FULL PROCESSLIST;

Run MySQL optimizer

wget https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl
perl ./mysqltuner.pl

MySQL tuner should give some recommendations on settings to tweak.

Start Minecraft server on RAM disk Linux

Create tmpfs ramdisk.  Note if your Linux user is something other than steve you’ll need to change where appropriate.

mkdir /home/steve/mcdisk

In etc/fstab add the following

tmpfs /home/steve/mcdisk tmpfs defaults,size=4096m 0 0

This creates a 4GB ram disk at /home/steve/mcdisk

To mount it you can either reboot, or run

mount -a

Copy your current Minecraft directory to the ram disk

cp -R /home/steve/Current_MC_Server/ /home/steve/mcdisk

Create a Bash script in “/home/steve” named “ramdisk_save.sh”

Paste the following in.  You may need to install rsync if you do not have it installed

!/bin/bash

RAMDISK="/home/steve/mcram/"
MCDIR="/home/steve/1.13"

rsync -r -t $RAMDISK/ $MCDIR/
rsync -r -t $MCSTORE/ $MCPATH/

Now add the script to crontab

crontab -e

and

 */5 * * * * /home/steve/ramdisk_save.sh

This will now run every 5 minutes and sync any changes on the ram disk to the original directory.

Start the Minecraft server

java -Xmx3072M -Xms3072M -jar server.jar nogui

Windows 10 – Super slow copy speeds

It looks like the Windows Defender Real-time protection can cause issues when trying to copy files on a local drive even if the drive is an SSD.  Typically a copy seems to start out great, but then slows down to a crawl less then 1MB/s copy rate.  Probably has to do with Defender having to scan every file as it is copied.

To fix/increase the copy speeds you can turn off Real-time protection.

To turn off Windows Defender Real-time protection, open up Settings > Update and Security > Windows Security > Virus & threat protection “That should open up the Windows Defender Security Center” > Virus & threat protection settings

Now Turn Real-time protection off.

 

Add a SSL Certificate to Ubiquiti UniFi-Video server using Lets Encrypt

Install certbot

sudo apt-get install python-certbot

Generate certificate.  Change unifi.yourdomain.com to the domain name you have pointing to your UniFi-Video controller.

sudo certbot certonly -d unifi.yourdomain.com

Certbot will create the files in “/etc/letsencrypt/live/unifi.yourdomain.com/”

Now you should stop the unifi service.

systemctl stop unifi-video

The following two commands create and install the keystore for the UniFi-Video application.  These commands were copied from here.  Thanks scobber!

echo ubiquiti | openssl pkcs12 -export -inkey /etc/letsencrypt/live/unifi.yourdomain.com/privkey.pem -in /etc/letsencrypt/live/unifi.yourdomain.com/cert.pem -name airvision -out /usr/lib/unifi-video/data/keys.p12 -password stdin
echo y | keytool -importkeystore -srckeystore /etc/letsencrypt/live/unifi.yourdomain.com/keys.p12 -srcstoretype pkcs12 -destkeystore /usr/lib/unifi-video/data/keystore -storepass ubiquiti -srcstorepass ubiquiti

Remove or rename the Trusted Store.  If you don’t, the cameras will connect, but will not record.  The controller will rebuild the ufv-truststore when it starts up and the cameras will be able to record.

mv /usr/lib/unifi-video/data/ufv-truststore{,.old}

Start the UniFi-Video service

systemctl start unifi-video

Now you can check it by going to https://unifi.yourdomain.com:8443