Archive for the ‘Educational’ Category

Living of unknown saint Saint Sophronius of Sofia, known also as Saint Soprhonius of the Bulgaria / Sofronij of the Balkans

Saturday, May 28th, 2022

Sveti-Sofronij-Bylgarski-SofijskiSaint-Sophronius-of-Sofia-Bulgaria-of-the-Balkans
 

Biography of Staint Sofronij / Sophronius of Bulgaria Sofia, Known also as Saint Soprhonius of the Balkans

The parish priest of the village of Penkyovtsi (Sofia, Bulgaria region) Stefan (Te fled to Sofia with his wife due to Turkish violence, from hence he later fled to Wallachia region to the great Wallachian voivode (Duke) Radul. His wife died there and he became a monk named Sophronius (not to be mistaken with the very famous Bulgarian saint Saint Sofronius of Vratza / Sofronij Vrachanski).

After the death of Duke Radul, he returned from the Danube river to his homeland and settled in a monastery near city of Ruse (probably he lived in the cave monastery of Saint Joachim I Patriarch of Tarnovo and the Venerable Demetrius Besarabovsky, that even today is the biggest monastery nearby the city of Ruse).

There he struggled with common sanctification practices as fasting, prayer, work and alms for the poor. The devil did not tolerate his monastic great achievements and set a monastic servant against him, who struck him on the head with an ax and killed him.

Three years later, Sophronius appeared to the people living in the monastery, who obeyed his suggestion (obviously they got inspired to  dug up his grave which is a common ancient Christian practice for notable christians who might have been saints) and look up if his relics are incorruptable and found his relics incorruptible and fragrant (emitting a heavenly odor), as they have been inspired by God's Spirit to do.
People with great joy placed the holy relics in a coffin for common (universal) worship of all the Christians.

We do not know the exact dates he was  born or has been killed, because of the devilish envy, as at that time Bulgaria has been under the Ottoman turks and the founding of his holy relics has happened years after his martyrdom. But most probably the Venerable Sofronij  lived in the second half of the fifteenth century and the beginning of the sixteenth century, by the second decade of which he must have suffered. This information about him is told to us by the Bulgarian writer and priest Father (the bulgarian word for which is Pop – stems from the greek word Papas (Father) Peyu. The same Pop Peyu has been also the author of the life of Saint George of Sofia the New not to be mistaken with Saint George the Newest from Sofia  who maryrdom suffered in year 1515 because of his unwillingless to accept the false Islamic faith.

© Lives of the Saints. Synodal Publishing House, Sofia, 1991, edited by Parthenius, Bishop of Lefkada and Archimandrite Dr. Athanasius (Bonchev) with minor inclusions of the article author Georgi Georgiev

Let by his holy prayers the Bulgarian homeland and especially the suffering in Ukraine and all people everywhere, finds more Peace, Love, Hope, Faith and Goodness 

Christ is Risen ! Truly He is Risen ! The origin of the tradition Paschal Greeting and Coloring of Eggs on Easter Holidays in the Church

Wednesday, April 27th, 2022

 

Christ-is-Risen-Truly-he-is-risen-and-the-christian-origin-of-red-eggs-worldwide-Christ-triumphant-icon

Christ is Risen ! Truly He is Risen !

Христос воскресе ! Воистину воскресе ! (Khristos voskrese! Voistinu voskrese!) – Church Slavonic Paschal Greeting

Χριστὸς ἀνέστη!  Ἀληθῶς ἀνέστη ! (Khristós anésti! – Alithós anésti!) – Greek Paschal Greeting

Christus Resurrexit ! Resurrexit Vere ! – Latin Paschal Greeting

The Easter Eggs are so famous today for the kids worldwide, even though the world does not put much accent on the feast of Pascha (Easter). All kind of colored eggs are to be find in stores, many christian countries both Western and Eastern all throughout the world have the tradition of coloring eggs for Easter. 
The tradition is also the same here in Orthodox Bulgaria, as we have the tradition to boil and color eggs in various colors. 
Usually the first egg is colored in Dark Red and once sanctified in the Church is put on the iconostasis (the prayer corner in the house) in front of Christ, Virgin Mary and saints icons and kept their until next year.

Miraculously this Egg usually does not start decaying or smelling as an ordinary egg will do if left out of the fridge for a month or so. This first egg in dedication and memory of Christ's resurrection is kept on the iconostasis until the next year's Pascha and then buried somewhere in a green clean place for sanctification of the land.

This is a good and well followed tradition for those strict about religion, but even those who did not strictly follow Christianity or orthodoxy do color eggs for the fun of kids and as an expression for joy of the Paschal feast. Both grown and kids then try out their forces whose egg is more powerful by knocking each other's eggs to test whose egg shell is more solid and can stand up the break. The egg that is "victorious" once people test their power that is stronger and withstand the "egg fight" is kept for another egg duel with another person.

According to old superstitious belief if you win over in an eggs fight this is interpteted as you will have a good health and well being for the upcoming period till next year's Pascha.
 

How and from wherein this Boiled Eggs coloring originated ?


The short answer is it is connected to one of Church's traditions about the poor apostle Equal Saint Mary ( Maria ) Magdalene, who have given as a gift to Roman emperor Tiberius an Egg with the All Famous Greeting dialog in the Orthodox Churches among people with person A saying:   Christ is Risen ! person B responding: Truly he is Risen! (Христос Воскресе Войстину Воскресе !)

From the time of the many appearances of the Savior Christ in flesh after his Glorious Resurrection described by the Holy Evangelists in the Gospels and the fervent sermon of St. Mary Magdalene (one of the of the so called Myrrh- Bearing Woman who were the first who have visited the tomb where Dead body of Christ was led and become witnesses of  the Resurrection). The surviving Bible's New Testament 4 Gospel books do not provide further details about the activities of St. Mary Magdalene and her life. The Church mouth-by -mouth tradition of her later life in several local Christian churches differ slightlyhowever everywhere they essentially report on the zealous co-apostolic activity of St. Mary Magdalene. And the differences between these traditions depend on which of the evangelical women these churches understand by the name of St. Mary Magdalene.

Some Western Christian churches, as well as the Church Fathers and learned theologians, unite in one or two personalities three evangelical women: the sinner who repented in the house of Simon the Pharisee, shed tears at the Savior Christ's feet, wiped them with her hair. and she anointed them with precious ointment, and Mary of Bithynia, sister of Lazarus of Bythynia ( resurrected in the fourth day after death by Chrsit and commemorated one day before Palm Sunday )' and Mary Magdalene, who was delivered from the Savior Christ by seven demons. But the Orthodox Church now, as before, recognizes those mentioned in the Gospels with different signs, three persons as different separate ones, and does not want to base historical information on arbitrary, plausible interpretations. Therefore, the tradition of the Orthodox Church states that after the Gospel appearances of the Risen Christ before His Ascension and after, St. Mary Magdalene resided with the Blessed Virgin and the Apostles and was an active helper of the first successes of spreading the Christian faith first in Jerusalem. But full of zeal, fervent faith, and zealous love for God's gospel, she then preached in other lands, proclaiming everywhere the heavenly grace, joy, and salvation of all who believed in the Savior of the world, the Risen Christ.

Saint-Mary-Magdalene-gifting-red-egg-to-emperor-Tiberius-Orthodox-icon-one-of-Myrrh-Bearing-Woman

While visiting Italy to preach, St. Mary Magdalene found an opportunity to appear before the then-reigning Emperor Tiberius I, and presented him, according to generally accepted Eastern custom, with an egg painted red and greated him with "Christ is risen!"

The modesty of the gift of Mary Magdalene did not surprise the emperor, because he knew the ancient custom of the East, also among the Jews, going for the first time to superiors, or on solemn occasions to acquaintances or patrons, to offer a gift of honor, with some known or special, symbolic meaning. Examples of this can be found in Jewish Old Testament history, as are the gifts presented by the rich Wise men (magis – today their relics are kept for veneration in Cathedral of Cologne Germany) to the born Jesus Christ in Bethlehem of Judea. Even the poor in such cases offered as a gift various fruits from their locality or eggs from birds. Thus, partly following this ancient custom and with the red color of the egg laid and with the hitherto unheard words "Christ is risen!" to arouse the curiosity of the suspicious Emperor Tiberius. The holy co-apostle Mary Magdalene, by explaining the significance of this gift, began her fervent sermon on the Resurrection truth and the teachings of the Savior Christ for salvation. With great inspiration and conviction she told the emperor about the life, miracles, crucifixion and resurrection of Jesus Christ according to his own prophecy. She gave a direct, simple-minded account of the extremely unjust, biased judgment of Jesus Christ by the embittered members of the Jerusalem Sanhedrin. governor of Judea Pilate of Pontus, in condemning Jesus Christ to crucifixion. She explained how all this incurred the wrath of the Roman emperor then and how Tiberius handed them over to a court in which Pilate was deprived of power and exiled to Gaul, in the city of Vienna, where, according to legend, tormented by remorse and despair, he killed himself. According to another legend, Pilate repented, turned to Christ in prayer, as a sign of which his head was accepted by an angel after being cut off.

According to Church tradition, the sisters of Lazarus Martha and Mary went to Italy with St. Mary Magdalene; and Pilate, learning of this and fearing the denunciation of his unlawful actions by the Christians, himself sent a message to the Emperor Tiberius about Jesus Christ, in which he testified to the virtuous life of Christ, the healing of all diseases and infirmities from Him, even for the resurrection of the dead and for His other great miracles. Pilate asserted that in examining the accusations of the Jews, he found no fault in Jesus Christ; he made great efforts to deliver Him from the hands of the troubled Jews, but failed to deliver Him and betrayed Jesus to their will because of the cries of the people and the rebellious accusation of the Jews against Pilate himself …

 

... as a witness, overwhelmed with fear, he told the emperor about everything that had happened to Jesus Christ, who became an object of faith as God …

After such testimonies from the Roman governor of Judea and the worshipers of the Savior Christ, Emperor Tiberius, according to legend, himself believed in the Savior Christ, proposed to include Jesus Christ in the image of the Roman gods, and even when the Roman Senate rejected this proposal, Tiberius by royal decree threatened to punish anyone who dared to grieve believers in Jesus Christ.

In this way, with the zealous, fearless sermon on the Savior Christ, St. Mary Magdalene, along with other devout Christians, persuaded the pagan governor of Judea to testify in writing about the universal event of Christ's Resurrection before the pagan world and persuaded the then Roman emperor of the Savior Christ, thus facilitating the spread of Christianity.

Anastasis-Hristos-Voskrese-beautiful-orthodox-Mosaic
Anastasis (Resurrection) Church Fresco


And the Christians of that time, learning about the significance and strength of the impression caused by the offering of a red egg by Mary Magdalene to Emperor Tiberius with the words: "Christ is risen!" then began to imitate her in this and as a remembrance of Christ's Resurrection they began to give each other red eggs and say: "Christ is risen! … He is risen indeed! …"

Thus, this custom gradually spread everywhere and became universal for Christians around the world. In it, the egg serves as a symbol of Christ's resurrection and the resurrection of the dead, and of our expected new-birth for eternal bliss in the future life, the pledge for which is Christ's Resurrection.

Just as a bird is born from an egg and begins to live an independent life after its release from the shell, and the vast circle of life is revealed to it, so we, at the second coming of Christ to earth , rejected from ourselves together with the earthly body all that is mortal on earth.

By the power of Christ's Resurrection we will be resurrected and resurrected to another, higher, eternal, immortal life.

And the red color of the Easter egg reminds us that the redemption of mankind and our future new life have been acquired through the shedding of the cross on the pure blood of the Savior Christ.

Thus, the red egg serves to remind us of one of the most important dogmas of the Divine revealed Christian faith.

 

After the crucifixion of Jesus by the Jews in terrible miracles took place in nature, many dead righteous people rose, with His resurrection on the third day.Pilate, as a witness overwhelmed with great fear, informed the Caesar of all things that had happened to Jesus Christ.

In Eastern Orthodox Tradition Christ is Risen ! Truly he is Risen Greeting is used to joyfully great each other all around the Orthodox countries in the first 3 days of easter, and can be used instead of normal Hello greeting ! for the upcoming week The Holy Easter Weak which is a week of great joy and even by a hello greating in the Church could be used for 40 days as a normal greeting.

It is worthy to close this article with the praisal words, read on the first day of Pascha  authored by one of the most important Church fathers and
compiler of most served Liturgy service throughout the yearly service calendar:

"Christ is risen, and you are overthrown!
Christ is risen, and the demons are fallen!
Christ is risen, and the angels rejoice!
Christ is risen, and life reigns!
Christ is risen, and not one dead remains in a tomb!
For Christ, being raised from the dead, has become the first-fruits of them that have slept."

Saint John Chrysostom

The Holy and Great Week of Passions of Christ in the Church – Day by day explained

Tuesday, April 19th, 2022

Christ-the-bridegroom-orthodox-passion-of-Christ-week

The Holy Great Week of Christ Passions

The last week of the earthly life of the Lord Jesus Christ is called the "Great" or "Passion Week", i.e. A week of suffering, a prelude to eternal life. The Lord's life was coming to an end. Having resurrected Lazarus on the Sabbath as a proof of the Mass coming Resurrection known in the Church as Lazarus Saturday as it is always celebrated Saturday in the Orthodox Church on which people gathered to solemnly welcome the Messiah Christ, and triumphantly entered Jerusalem on Palm Sunday. Following that the Savior Jesus Christ who prophecised his betrayel to the Cross for human sin, the Lord voluntarily walked step by step to His predestined inevitability.

Every day of the Passion Week is called Great and Holy for the reason this week is the most Holy and Sanctified week of the whole Calendar Church year. Each of the Seven days of it, the Church commemorates events of last week of Christ's life and suffering on earth before Resurrection and Ascension to Heaven through special services the way of Christ to Golgotha, the sufferings and His redemptive work on the Cross.

Worship during Holy Week

Lent services on the weekdays of Lent are characterized by their penitential singing. The royal doors (of the alter known as Dveri) remain closed as a symbol of man's separation from the Kingdom of God. Church vestments are dark, usually purple in the color of repentance.

Bulgariand-Church-Kings-doors-Carski_dveri_-_Sv._Spas_(Rashtak)_in_North_Macedonia

No Divine Liturgy is performed on weekdays, but so that the (ordinary chrsitians who go often and pray God) – so called faithful can support themselves in their ascetic effort of fasting by accepting Holy Communion, a Liturgy of the Presanctified Gifts is performed (a specific Liturgy prepared for the Purpose that is only served during great Lent). This service is very ancient, it is mentioned in the canons of the VII century, but it was established earlier for sure. Most likely the Liturgy of the Presanctified Gifts, practice to sanctify bread and wine in prior has later evolved in the Roman-Catholic Churchs errenous from Eastern Orthodox point of view – Eucharistic Adoration
– (a consacration host kept usually in the so called (monstrace). Traditionally, Presanctified Liturgy creator is considered to be Pope St. Gregory I the (Dialogus), Pope who governed the Western Church in (VI century) – some  theologians today claims it was developed at least partially or coauthored also by Saint Ambrose of Mediolan (Milan).

The pre-consecrated liturgy consists of a solemn Lenten Vespers (prelonged repentance songs) with elements from Psalms and readings from Holy Scripts regarding life and suffering of Christ, to which is added the part of "transfer" of the Holy Gifts from the Alter to the Upper place (the place where the proskomidia occurs) and walked in on the "Great Entrance" Liturgy part with the Sacraments placed in the Holy Chalice held by the priest in front of iconstansisa and back to the Alter of Sacrifice, however the consecration of the Gifts itself is not performed, the Eucharistic gifts are already sanctified and prepared on previous Sunday Saint Basil or Saint John Chrysostomos liturgy.  That is why the service is called the Presanctified Liturgy, i.e. of the pre-consecrated Gifts.

Usually This service takes place on Wednesdays and Fridays or at least on one of these days and on the 6th week of Maria of Egypt is served 3 times instead of 2 throughout the week to venerate the Most Holy Mother Mary of Egypt which from a Harlot turned a saint by immerse repentance, and cause of that become the patron saint for repentance and example for true repentance, that each and every Christian aims follow, every day of his life.

Following the 6th weeks of Fasting a period that the ancient Church placed for try out of ones self soul state and cleanance of passions comes saint Lazarus Saturday.

Lazarus Saturday is the only day of the year when Sunday service worship is integrated in Saturday.  Usually Sunday service is a service of higher importance than the other ones, a faithful gathering to share the unspeakable joy for the Resurrection of Christ and his triumph of Life over Death. 

Lazarus Saturday is the beginning of the Easter celebration. During the Liturgy of Lazarus, the Church glorifies Christ as "Resurrection and Life", who even before His sufferings and death, with the resurrection of Lazarus, confirmed the foreshadowing of the universal resurrection of mankind coming. It was because of the resurrection of Lazarus that Christ was glorified by the people as the long-awaited Messiah (no man ever was able to rise up a death rotting person from the Death after four days in grave) truly identifying him as the promised King of Israel and the fulfillment of long ages awaited Old Testament prophecies.

The very feast of the triumphal entrance of the Lord into Jerusalem (Palm Sunday) belongs to the twelve most importance Church feasts, known in the Church as "Feasts of the Lord". Christ immediate worship by all Jews on his entrance in Jerusalem  is directly connected with that of Lazarus Day on which he did the miracle of commanding Lazarus to wake up from Death,  returning life of a long dead Lazarus.

On the eve of the feast, the prophecies about the Messianic King from the Old Testament are read, along with the Gospel accounts of Christ's entry into Jerusalem, as another confirmation that Christ is the True Messiah.

In the morning, the willow twigs we hold in our hands throughout the Liturgy are blessed, thus showing that we welcome Jesus Christ as King and Savior, just like the Jews has received him in Jerusalem 21 centuries again in  year 0 A.D.

Extract Prot. Thomas HOPCO "Fundamentals of Orthodoxy" with short modifications from:
Church NewsPaper of Bulgarian Orthodox Church, Issue 7 of April 17, 1998

Holy Monday, Holy Tuesday and Holy Wednesday

se-jenih-griadet-v-polunoshti-molitva-here-is-the-bridgeroom-comes-church-slavonic-prayer

Church Slavonic (Old Bulgarian) notable singing during the first 3 days of the Holy Week sung in the Orthodox Church

Text translates as:

Behold, the Bridegroom comes at midnight,

And blessed is that servant whom He shall find watching,

And again, unworthy is the servant whom He shall find heedless.

Beware, therefore, O my soul, do not be weighed down with sleep,

Lest you be given up to death, and lest you be shut out of the Kingdom.

But rouse yourself crying: Holy, Holy, Holy, art Thou, O our God,

Through the Theotokos have mercy on us.

Troparion of Bridegroom Matins

During the first three days of Holy Week, the Church commemorates the Lord's last stay in Jerusalem. In these days the worship is very intense: there is a Midnight Office (Μεσονύκτικον, Mesonýktikon; Slavonic: Полунощница), The Hours matins, Psalms Book chapters, reading of the Gospel and Liturgy of the Presanctified Gifts. During the "lessons" given by, the four Gospels to the Gospel of John are read. 13, verses 30
 

Great and Holy Monday

On Holy Monday, the evangelists tell us how the Son of God entered the Jerusalem temple and found it full of merchants. Overwhelmed with holy wrath, He overthrew their tables and drove them out, because the temple is a house of prayer, not a marketplace. (Matt. 21: 12-13, Mark 11: 15-19; Luke 19: 45-46).

Great-and-holy-Monday-the-parable-of-the-fig-tree-icon

On Holy Monday, the Church celebrates St. Patriarch Joseph, the son of St. James the Patriarch and a type of Jesus Christ.

Saint_Joseph-the-Patriarch-sold-in-Egypt-by-his-brothers-a-prototype-for-Christ
Joseph The Magnificient

Joseph was sold by his brothers to merchants traveling to Egypt.

Joseph-the-brilliant-as-Second-after-Pharaoh-in-Egypt-the-all-comely-icon

There, in a foreign land, he went through many sufferings, but Pharaoh made him second in power and position in the whole kingdom (Gen. 41: 38-46). Like Joseph, the Lord Jesus Christ was betrayed by the Jews to the Gentiles, tortured, and suffered for human sins.

Great-and-Holy-Monday-Christ-extreme-humility-icon

The Icon of Christ the Bridegroom (Ο Νυμφίος)

The Church also invites us to reflect on the image of the barren fig tree, which withered after being cursed by the Lord (Mark 11: 12-14, 20-26, Matt. 21: 18-22). "Every tree that bringeth not forth good fruit is hewn down, and cast into the fire" (Matt. 3:10).

Great-and-holy-Monday-the-parable-of-the-fig-tree-icon
 

In the same way, we will be condemned if we do not live in prayerful communion with God, do not strive to improve our faith, do not fill ourselves with virtues, and do not bear spiritual fruit.

Great and Holy Tuesday

"Watch therefore: for ye know neither the day nor the hour wherein the Son of man cometh" (Matt. 25:13).

(Gospel reading: Matins 22: 15-23: 39; Liturgy Mat. 24: 36-26: 2).

Holy Tuesday is a day for teachings and final moral instructions:

The Lord Jesus Christ gives us an example of how to do good – not to give from our surplus for this purpose, but as a poor widow to set aside from our last material means.

Great-Holy-Tuesday-the-10-virgins-parable-orthodox-christian-icon

Speaking of the approaching days of struggle and trial, Christ tells of the ten wise virgins who were always ready to meet the Savior (Matt. 25: 1-13). It reminds us that we must "be vigilant and not be discouraged" and keep our lamps lit in anticipation of the Divine Bridegroom.

That is why on Holy Tuesday the Church sings:

Here comes the bridegroom at midnight,
and blessed is that servant whom he hath found awake,
and unworthy is he whom he finds careless.

Therefore beware, my soul, lest you sleep,
to be delivered to death and to remain outside the closed doors of the Kingdom,
but come to your senses and exclaim: Holy, holy, holy, O God,
have mercy on us for the sake of the Mother of God!

"The light of the body is the eye" (Matt. 6:22), says the Lord. the unsullied human heart and soul, and "the oil is alms or all our good deeds" (St. John Chrysostom).

Living virtuously, with the fear of God and trust in the Lord, we will be ready to meet the Savior and enter the marriage hall – the Kingdom of Heaven.

The church also reminds us of the parable of the talents (Matt. 25: 14-30) and invites us to work hard and improve the abilities God has given us.

Then follow prophecies about the fate of the city of Jerusalem for the last days of the Second Coming of the Lord
(Matt. 25: 31-46, Mark 13: 1-31, Luke 21: 5-38).

Great Holy Wednesday

On the day of Holy and Holy Wednesday we remember one of the last events before the Lord's saving sufferings for us: the precious ointment, which in his sincere repentance a sinner woman poured on the Savior's head (Matt. 26: 6-13, Mark 14: 3-9).

She managed to enter the house where Christ was, the woman carrying an alabaster vessel with precious very expensive ointment, she wanted to pay her enormous respects to Him. In a hurry (scared that someone from the people in surrounding Christ might stop here) in order for not to interfere with her good intentions, she broke the vessel that was helding a high amount of oilment, making it easier to spill the ointment on Christ.

Great-wednesday-the-sinful-harlot-woman-with-oilments-cleaning-up-feets-of-Christ-with-her-hair

The precious ointment cost three hundred dinars ! (Mark 14: 5), so some being sick of the passion of Judah the Iscariot (The Love for Money the works of the Flesh) resented it: "Why is this waste?", "The ointment could be sold and the money given to the poor."
And Christ answered them, "You always have the poor with you, but you do not always have Me," "she has done a good work for Me [by] deceiving to anoint My body for burial." Her zeal will be heard all over the world.
Like the prodigal son, the sinner realized her sins and "came to her senses."

Let us also come to our senses about our real spiritual condition and repent of our sins, so that with our repentant tears we may "anoint" the Lord like that repentant woman !

Jude-Betrays-Christ-selling-him-for-30-silver-coins

On the same day, we recall the decision of the Sanhedrin to condemn Jesus Christ. Then Judas Iscariot went to the Jewish leaders and agreed to hand him over for thirty pieces of silver (Matt. 26: 14-16, Mark 14: 10-11, Luke 22: 1-6).

We should well think:

Do we, who bear the name of Christ, not betray Christ through our ungodly deeds?

From that day on, the kneeling prayers do not cease, as one should understand we have done plenty of badness and has inflicted additional pains to Christ, who suffered for all great sins on the Cross.
 

Great Wednesday

Great and Holy Thursday – Remembrance of the Last Supper

On that day, the Lord Jesus Christ celebrated the Passover in the home of a resident of Jerusalem
(Matt. 26: 17-35, Mark 14: 12-31, Luke 22: 7-38, John 13: 1-17, 26).

Before supper He washed the feet of the apostles and said, "I did not come to serve, but to serve."
The Savior then instituted the sacrament of the Eucharist (Communion) by Himself partaking of the holy apostles.

By His great mercy, the Lord also gives us the opportunity to receive His true body and blood during the Holy Liturgy, so that by accepting Christ within us, we may strive to keep Him through the purity of our hearts.

The-Secret-Supper-Tajna-vecherya-Aton-Manuil-Panselinos-Protata

After bequeathing the new commandment to love all, Christ revealed to His disciples that He would be betrayed.
Bewildered, the students asked who would do this.

The-Betrayal-of-Juda-Orthodox-icon-heprodosia
Judas asked is it him that will betray ? 
Christ answered him so meekly that the others did not understand.
Judas got up, went out leaving the holy eucharistic supper.
And pupils, thought he was going shopping for required goods for the brothers because he was a treasurer (an accent how we should keep a good mind and try to think well about others all the time).

Next  great accent is Lord's Prayer.

The-Prayer-of-Christ-in-Gethsemane-garden-Great-Tarnovo-Museum-MOLENIE-Muzej_V-Turnovo

Christ Prayer in Gethsemane Garden – Bulgarian Icon museum Great Tarnovo

In the Garden of Gethsemane After supper Christ and the apostles went to the Garden of Gethsemane (Matt. 26: 36-46, Luke 22: 39-46, John 18: 1), where he prayed until the coming of the traitor.

Mockery-of-Christ-icon

Usually on Thursday evening the morning of Good Friday service is served, when the so-called Twelve Gospels are read, ie. the twelve passages of the Gospel that tell of Christ's sufferings.


Through them we witness the mockery, suffering, and crucifixion of Christ, through which He redeemed us.
"Here is the Lamb of God who took away our sins."

And again we wonder if we do not crucify Christ through our passions and sins.

Jesus_in_Golgotha_by_Theophanes_the_Cretan-orthodox-icon-fifteen-century

Jesus in Golgotha – Theophanes the Cretan

On this day, the priests take the Cross out of the altar, which symbolizes its carrying from Christ to Golgotha.

The Great annointing of the sick service is served so called "Велик Маслосвет" – during whose many prayers to saints healers are red to intercede for us following by 7 Act of Apostle readings and 7 Gospel Chapter Readings, wherever possible in large Cathedral Churches, this is served by 7 priests  every willing layman is anointed with oil 7 times after reading each of the 7 Gospels for restorating of Health of the sick as well as a special blessing in the manner of the ancient Church tradition.

Great and Holy Friday

The Way of the Cross and Golgotha ​​We remember the great sufferings of Jesus Christ, who freely agreed to be judged, flogged, spat upon, beaten with slaps, and shown before the people in a purple robe, with a cross in his hand and a crown of thorns on his head. 

Armed with a heavy cross from Pilate's praetorium (judgement place), Christ was led to Golgotha ​​on the crucifixion.

The-Crucifix-of-Christ-Razpiatie-Hristovo

Crucified between two robbers for desecration in terrible natural disturbances – an earthquake and an eclipse of the sun, he died, accepted death to save all mankind from death.

On this day, every Christian should follow complete fasting (eat nothing and drink nothing) and pray and sorrow deeply for the Lord.
According to church rules, even the sick should only eat bread (at best a very dry one) and drink a little bit of water. Joys of any kind of type should be abstained and all passions avoived and one should ask God for mercy for himself, his family and ask is merceful to everyone.

Great and Holy Saturday

The burial of Christ the Savior and His descent into hell are commemorated.
He died on the cross, blood and water flowed from His pierced ribs.
Joseph of Arimathea and Nicodemus, asking Pilate for permission, removed Him from the cross, anointed Him with perfume, wrapped Him in a new shroud, and laid Him in a new tomb carved into a rock in the Garden of Gethsemane.

The_Burial_Lamentations_by_Theophanes_the_Cretan-Stavronikita-monastery-mount-athos-wall-painting

Epitaphios (Lamentation of Christ) from Stavronikita monastery, Mount Athos – Theophanes the Cretan

Holy-Saturday-The-Resurrected-Christ-Empty-tomb-grave-icon

Myrrh-bearing women were present at His burial in the tomb, among whom, in tears with her grief-stricken heart, was His Mother the Holy Mother of God.

The church sings regarding this great events:

"In the grave with his body and in hell with his soul as God,
in heaven with the thief and on the throne with the Father and the Spirit You were, Christ,
Who fills everything. "

The Jews sealed the tomb and set up a guard.

Great secret! "Let the human creature silence !" – sings the Church instead of the Cherubim song on Holy Saturday.
The lord of life is in the grave, but he will soon be famous for the miracle of the resurrection.

On the Saturday morning after the liturgy, in some places it is customary for the priest to give flowers to the faithful as an expression of joyful anticipation of the Resurrection.

Holy Week in the statutes of the ancient churches

Initially, Easter was preceded by a two-three-day fast, which took place one week – the so-called.
Passion Week, or the Week of Christ's Suffering.

Subsequently, the 40-day fast was added to Lent, similar to the forty days during which Christ fasted in the wilderness. It was intended for the "announced", that is, for those who would be baptized on Easter.

For a long time during the practice of mass baptisms of the elderly, the sacrament was performed on Easter, when baptism was especially experienced as a participation in the voluntary death and resurrection of the Lord.
That is why the Easter Liturgy is extremely baptismal in nature.

After the sixth century, the baptism of children began to predominate, so the mass baptism of adults on Easter was gradually abandoned.
It was then that the meaning of Pentecost was changed – from a catechetical period, fasting became a period of repentance for members of the Church.

In the ninth century, Pentecost the word stems from the Greek Πεντηκοστή (Pentēkostē) meaning "fiftieth" was finally united with Holy Week, and so the duration of Lent increased.

The length of Lent varied, depending on how local churches viewed the inclusion of Holy Week at Pentecost and whether they considered Saturdays and Sundays, when canons forbid fasting, to be part of it.

In the Constantinople Statutes (followed by our Bulgarian Orthodox Church), Holy Week is not considered part of Pentecost, and Saturdays and Sundays are included in the Lent period, although they are not Lent days in the full sense of the word.

Thus, according to the Constantinople Statute, The Pentecost Lent had 6 weeks of 7 days, ie 42 days.
If Lazarus Saturday and Palm Sunday are excluded from it, the duration of Lent is exactly 40 days.

According to this statute, Lent begins on Maundy Monday from the first week of Lent and ends on Friday of the sixth week, that is, on the eve of Palm Sunday.

The troparions included in the Triodion (Постен Триод – The Church Service book with sung text used during the Lent, for this day speak of the "fulfillment of the soul-beneficial fortieth Pentecost" and the anticipation of the "holy week of the Passion."

The interpretation of the rule in the Apostolic Decrees (Church rules guidance book text from the end of the IV century) is similar, where it says:

"Perform this fast before Easter, beginning on the second day (that is, Monday) and ending on Friday. After these days, as completing the fasting, begin the holy week of Easter by fasting through it with fear and trembling."

It is no coincidence that the liturgies of Lazarus Sabbath and the Lord's Entrance into Jerusalem have baptismal elements.

According to another tradition, reflected in the 29th canon of the Sixth Ecumenical Council (681) – that is the year of Creation of Today's country of Bulgaria (which is the only country in Europe that did not change his name as of year 681), Holy Week was part of Pentecost, where it is called "the last week of Pentecost".

This other practice is preserved by the ancient churches, which separated from Orthodoxy after the Fourth Ecumenical Council in Chalcedon (451) – The Armenian, Coptic, Syriac Orthodox Church of Antioch, Ethiopian Church of Toledo, (perhaps the Jacobite Syrian Church) etc.

Even though this historic tradition was well preserved in those Churches and many of their church order or customs such as veneration for the icons, holy relics, the problem with them preventing them to be in  ull communion with Eastern Orthodox Church stems in their rejection to accept the V-th XI-th and XII Ecumenical Ecumenical Councils and their perseverance on monophysitism (literally translated as, one nature – a teaching that says Christ has only one Nature and one Will a Godly, they say they do not reject that Christ was also real man in flesh but they consider the Godly nature of Christ has consumed the manly, which makes up their wrong understanding that Christ on the Cross did not fully suffer with his manly nature, but both God and man has suffered on the Cross – a doctrine which according to the Church councils is a pure hearesy, we can also conclude by the one nature of Christ that the so called today Oriental Orthodox Churches teach, that Christ on the Cross did not bear all the sins of the world as a man but he received all the sins and turmoils and evils as God.

In contrast in Eastern Orthodox Churches we do consider the truth that Christ has two Natures manly and Godly as well as Two Wills.
Some of the upmentioned ancient Oriental Orthodox Churches keep up to the heresy of monothelitism and that is why they're not communion with us the Eastern Orthodox.

The two wills in Orthodoxy is known under the term dyothelitism or dythelitism (stems from Greek δυοθελητισμός "doctrine of two wills") is a particular Christological doctrine that teaches the existence of two wills (divine and human) in the person of Jesus Christ.
Specifically, dyothelitism correlates the distinctiveness of two wills with the existence of two specific natures (divine and human) in the person of Jesus Christ (dyophysitism).

The Catechism of the One Holy Orthodox Church is stated: "Similarly, at the Sixth ecumenical council, Constantinople III in 681, the Church confessed that Christ possesses two wills and two natural operations, divine and human. They are not opposed to each other, but co-operate in such a way that the Word made flesh willed humanly in obedience to his Father all that he had decided divinely with the Father and the Holy Spirit for our salvation. Christ's human will 'does not resist or oppose but rather submits to his divine and almighty will.'"

This position is in opposition to the Monothelitism position in the Christological debates. The debate concerning the Monothelite churches and the Catholic Church came to a conclusion at the Third Council of Constantinople in 681. The Council declared that in line with the declarations of the Council of Chalcedon in 451, which declared two natures in the one person of Jesus Christ, there are equally two "wills" or "modes of operation" in the one person of Jesus Christ as well.

Dyothelitism was championed by Maximus the Confessor against monothelitism, the doctrine of one will. 

According to their tradition, Saturdays and Sundays as "non-fasting days" are not included in the calculation of Pentecost, so these churches fast 8 weeks for 5 days, ie 40, but fasting for pre-Chalcedonians begins one week earlier (when we have The week where orthodox stop eating Milk and Diary – Сиропустна Неделя (Milk-quit Sunday).

According to some liturgists, the appearance of the preparatory "Milk-quit" week before the beginning of Lent is the result of the desire to combine the two traditions in the Church.

Important clarification to make here is we have different view from  upmention Ancient considered schismatic Churches. Cause these ones only accept Church father decision in ecumenical councils until the 4th and cause they reject authencity of the IV th, XI th and  XII th ecumenical councils and consider Christ has only one nature a Godly one, they don't reject the existence of Human nature completely, however they stand for that Godly nature of Christ completely succumbs the human one and therefore it turns out Christ suffered on the Cross only as God (that Eastern Orthodox Churches consider as heresy).

Our believe of the Eastern Orthodox Church  Jesus Christ has two natures and two wills a Manly and Godly and his desire to humilate the Will of the Father and the Holy Spiritut to fulfill the salvational plan was voluntery.

The Roman Catholic Church since ancient times, has included Holy Week of Pentecost. However, through several councils, she lifted the ban on fasting on the Sabbath (64 Apostolic Rule). Unfortunately fasting today in Western Roman Catholic Churches is trongly reduced and all in all officially the layman in that Church has to fast about 4 days in the whole year, where in practice most people usually fast only one day on the Good Friday.

This practice is sharply condemned in the 55th canon of the Sixth Ecumenical Council. That is why the Roman Catholic Church calculates Lent as follows: 6 weeks of 6 days of fasting makes 36 days. To them are added 4.
Therefore for Catholics, the Great Lent begins on Wednesday, the so-called. Clean Wednesday (which according to Church tradition is the day on which Judah decided to betray Christ promising the Sanhedrin to sell them Christ for 30 silver coins … )

What is the reason for Holy Week Fasting

In our Eastern Orthodox Church on Holy and Great Friday, is a very holy and sad day – considered the saddest day in the year, because we sorrow for the great unrighhtousness done to King and The master of Light and Universe and Son of God Christ, being betrayed, joked and beaten in a substitute for us (as we in reality deserve this disgraceful faith for our multitude of transgressions).

Therefore the Goal of following the whole 7 days of Passion week in a Steady fasting is to cleanse up the soul and body, increase our talents (the virtues), prepare to receive Christ in His Glorious Resurrection in our Souls through the Mystery of the Mysterious – the Holy Communion and most importantly win over our sinful passion's rooted in hatred,lust, gluttony, greed, sloth, wrath, envy, pride and all evil and most importantly commune with God with constant prayer and spiritual labors.

The constant prayer is attained in church laymans differently by reading of morning, evening private rules, canons, attendance of the many, many morning and evening services.
What is unique is the church services are constructed in a way that the morning services are served in the evenings where possible after Sunrise about 19:00 o'clock, and evening services are
served in the mornings together with the Hours and on Fridays united with a Liturgy of the Presanctified gifts.

In monasteries especially in Holy Mount Athos and some of the more ascetic ones, the frequent custom is often to use with a blessing of their elder the constant repetition in one self of the so called "Jesus Prayer";

Lord Jesus Christ have mercy on me the sinner!  Lord Jesus Christ have mercy on me the sinner! Lord Jesus Christ have mercy on me the sinner! 

The weapons of the spiritual war used are abstinence of food or at least reducing the food intake and more importantly, reduce the passions. The most important fasting of course is the spiritual.

But for the spiritual advancement a good leverage shown by the Holy Fathers is the Fleshly fasting given to be followed during this week.
Fasting according to church canons for this week, includes only eating if heath allows it of raw foods, vegetables and fruits, bread and plant foods without oil, the local custom not mandatory tradition in the Bulgarian Orthodox Church is to also not eat fat containing nuts, throughout the week with exceptions on Great Thursday the day of The Last Support, where oil is allowed because of the Greatness of the Feast.

The fast during Holy Week is especially strict – "without wine and oil", ie dry foods, as only on Holy Thursday, after Holy Communion, believers used for the spiritual holiday "oil", ie vegetable oil.
Holy Sabbath was treated with special care, as it was the only Sabbath that the canons decreed as a fast day.

Fasting on Holy Saturday lasts until midnight, until the Lord's Day, when the Lord's Resurrection is announced.
The Apostolic Decrees stipulate: "The Sabbath lasts until the roosters sing, the fast ends with the coming of the first day after the Sabbath, which is the Resurrection."

Create Linux High Availability Load Balancer Cluster with Keepalived and Haproxy on Linux

Tuesday, March 15th, 2022

keepalived-logo-linux

Configuring a Linux HA (High Availibiltiy) for an Application with Haproxy is already used across many Websites on the Internet and serious corporations that has a crucial infrastructure has long time
adopted and used keepalived to provide High Availability Application level Clustering.
Usually companies choose to use HA Clusters with Haproxy with Pacemaker and Corosync cluster tools.
However one common used alternative solution if you don't have the oportunity to bring up a High availability cluster with Pacemaker / Corosync / pcs (Pacemaker Configuration System) due to fact machines you need to configure the cluster on are not Physical but VMWare Virtual Machines which couldn't not have configured a separate Admin Lans and Heartbeat Lan as we usually do on a Pacemaker Cluster due to the fact the 5 Ethernet LAN Card Interfaces of the VMWare Hypervisor hosts are configured as a BOND (e.g. all the incoming traffic to the VMWare vSphere  HV is received on one Virtual Bond interface).

I assume you have 2 separate vSphere Hypervisor Physical Machines in separate Racks and separate switches hosting the two VMs.
For the article, I'll call the two brand new brought Virtual Machines with some installation automation software such as Terraform or Ansible – vm-server1 and vm-server2 which would have configured some recent version of Linux.

In that scenario to have a High Avaiability for the VMs on Application level and assure at least one of the two is available at a time if one gets broken due toe malfunction of the HV, a Network connectivity issue, or because the VM OS has crashed.
Then one relatively easily solution is to use keepalived and configurea single High Availability Virtual IP (VIP) Address, i.e. 10.10.10.1, which would float among two VMs using keepalived so at a time at least one of the two VMs would be reachable on the Network.

haproxy_keepalived-vip-ip-diagram-linux

Having a VIP IP is quite a common solution in corporate world, as it makes it pretty easy to add F5 Load Balancer in front of the keepalived cluster setup to have a 3 Level of security isolation, which usually consists of:

1. Physical (access to the hardware or Virtualization hosts)
2. System Access (The mechanism to access the system login credetials users / passes, proxies, entry servers leading to DMZ-ed network)
3. Application Level (access to different programs behind L2 and data based on the specific identity of the individual user,
special Secondary UserID,  Factor authentication, biometrics etc.)

 

1. Install keepalived and haproxy on machines

Depending on the type of Linux OS:

On both machines
 

[root@server1:~]# yum install -y keepalived haproxy

If you have to install keepalived / haproxy on Debian / Ubuntu and other Deb based Linux distros

[root@server1:~]# apt install keepalived haproxy –yes

2. Configure haproxy (haproxy.cfg) on both server1 and server2

 

Create some /etc/haproxy/haproxy.cfg configuration

 

[root@server1:~]vim /etc/haproxy/haproxy.cfg

#———————————————————————
# Global settings
#———————————————————————
global
    log          127.0.0.1 local6 debug
    chroot       /var/lib/haproxy
    pidfile      /run/haproxy.pid
    stats socket /var/lib/haproxy/haproxy.sock mode 0600 level admin 
    maxconn      4000
    user         haproxy
    group        haproxy
    daemon
    #debug
    #quiet

#———————————————————————
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#———————————————————————
defaults
    mode        tcp
    log         global
#    option      dontlognull
#    option      httpclose
#    option      httplog
#    option      forwardfor
    option      redispatch
    option      log-health-checks
    timeout connect 10000 # default 10 second time out if a backend is not found
    timeout client 300000
    timeout server 300000
    maxconn     60000
    retries     3

#———————————————————————
# round robin balancing between the various backends
#———————————————————————

listen FRONTEND_APPNAME1
        bind 10.10.10.1:15000
        mode tcp
        option tcplog
#        #log global
        log-format [%t]\ %ci:%cp\ %bi:%bp\ %b/%s:%sp\ %Tw/%Tc/%Tt\ %B\ %ts\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq
        balance roundrobin
        timeout client 350000
        timeout server 350000
        timeout connect 35000
        server app-server1 10.10.10.55:30000 weight 1 check port 68888
        server app-server2 10.10.10.55:30000 weight 2 check port 68888

listen FRONTEND_APPNAME2
        bind 10.10.10.1:15000
        mode tcp
        option tcplog
        #log global
        log-format [%t]\ %ci:%cp\ %bi:%bp\ %b/%s:%sp\ %Tw/%Tc/%Tt\ %B\ %ts\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq
        balance roundrobin
        timeout client 350000
        timeout server 350000
        timeout connect 35000
        server app-server1 10.10.10.55:30000 weight 5
        server app-server2 10.10.10.55:30000 weight 5 

 

You can get a copy of above haproxy.cfg configuration here.
Once configured roll it on.

[root@server1:~]#  systemctl start haproxy
 
[root@server1:~]# ps -ef|grep -i hapro
root      285047       1  0 Mar07 ?        00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
haproxy   285050  285047  0 Mar07 ?        00:00:26 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid

Bring up the haproxy also on server2 machine, by placing same configuration and starting up the proxy.
 

[root@server1:~]vim /etc/haproxy/haproxy.cfg


 

3. Configure keepalived on both servers

We'll be configuring 2 nodes with keepalived even though if necessery this can be easily extended and you can add more nodes.
First we make a copy of the original or existing server configuration keepalived.conf (just in case we need it later on or if you already had something other configured manually by someone – that could be so on inherited servers by other sysadmin)
 

[root@server1:~]# mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.orig
[root@server2:~]# mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.orig

a. Configure keepalived to serve as a MASTER Node

 

[root@server1:~]# vim /etc/keepalived/keepalived.conf

Master Node
global_defs {
  router_id server1-fqdn # The hostname of this host.
  
  enable_script_security
  # Synchro of the state of the connections between the LBs on the eth0 interface
   lvs_sync_daemon eth0
 
notification_email {
        linuxadmin@notify-domain.com     # Email address for notifications 
    }
 notification_email_from keepalived@server1-fqdn        # The from address for the notifications
    smtp_server 127.0.0.1                       # SMTP server address
    smtp_connect_timeout 15
}

vrrp_script haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 2
  user root
}

vrrp_instance LB_VIP_QA {
  virtual_router_id 50
  advert_int 1
  priority 51

  state MASTER
  interface eth0
  smtp_alert          # Enable Notifications Via Email
  
  authentication {
              auth_type PASS
              auth_pass testp141

    }
### Commented because running on VM on VMWare
##    unicast_src_ip 10.44.192.134 # Private IP address of master
##    unicast_peer {
##        10.44.192.135           # Private IP address of the backup haproxy
##   }

#        }
# master node with higher priority preferred node for Virtual IP if both keepalived up
###  priority 51
###  state MASTER
###  interface eth0
  virtual_ipaddress {
     10.10.10.1 dev eth0 # The virtual IP address that will be shared between MASTER and BACKUP
  }
  track_script {
      haproxy
  }
}

 

 To dowload a copy of the Master keepalived.conf configuration click here

Below are few interesting configuration variables, worthy to mention few words on, most of them are obvious by their names but for more clarity I'll also give a list here with short description of each:

 

  • vrrp_instance – defines an individual instance of the VRRP protocol running on an interface.
  • state – defines the initial state that the instance should start in (i.e. MASTER / SLAVE )state –
  • interface – defines the interface that VRRP runs on.
  • virtual_router_id – should be unique value per Keepalived Node (otherwise slave master won't function properly)
  • priority – the advertised priority, the higher the priority the more important the respective configured keepalived node is.
  • advert_int – specifies the frequency that advertisements are sent at (1 second, in this case).
  • authentication – specifies the information necessary for servers participating in VRRP to authenticate with each other. In this case, a simple password is defined.
    only the first eight (8) characters will be used as described in  to note is Important thing
    man keepalived.conf – keepalived.conf variables documentation !!! Nota Bene !!! – Password set on each node should match for nodes to be able to authenticate !
  • virtual_ipaddress – defines the IP addresses (there can be multiple) that VRRP is responsible for.
  • notification_email – the notification email to which Alerts will be send in case if keepalived on 1 node is stopped (e.g. the MASTER node switches from host 1 to 2)
  • notification_email_from – email address sender from where email will originte
    ! NB ! In order for notification_email to be working you need to have configured MTA or Mail Relay (set to local MTA) to another SMTP – e.g. have configured something like Postfix, Qmail or Postfix

b. Configure keepalived to serve as a SLAVE Node

[root@server1:~]vim /etc/keepalived/keepalived.conf
 

#Slave keepalived
global_defs {
  router_id server2-fqdn # The hostname of this host!

  enable_script_security
  # Synchro of the state of the connections between the LBs on the eth0 interface
  lvs_sync_daemon eth0
 
notification_email {
        linuxadmin@notify-host.com     # Email address for notifications
    }
 notification_email_from keepalived@server2-fqdn        # The from address for the notifications
    smtp_server 127.0.0.1                       # SMTP server address
    smtp_connect_timeout 15
}

vrrp_script haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 2
  user root
}

vrrp_instance LB_VIP_QA {
  virtual_router_id 50
  advert_int 1
  priority 50

  state BACKUP
  interface eth0
  smtp_alert          # Enable Notifications Via Email

authentication {
              auth_type PASS
              auth_pass testp141
}
### Commented because running on VM on VMWare    
##    unicast_src_ip 10.10.192.135 # Private IP address of master
##    unicast_peer {
##        10.10.192.134         # Private IP address of the backup haproxy
##   }

###  priority 50
###  state BACKUP
###  interface eth0
  virtual_ipaddress {
     10.10.10.1 dev eth0 # The virtual IP address that will be shared betwee MASTER and BACKUP.
  }
  track_script {
    haproxy
  }
}

 

Download the keepalived.conf slave config here

 

c. Set required sysctl parameters for haproxy to work as expected
 

[root@server1:~]vim /etc/sysctl.conf
#Haproxy config
# haproxy
net.core.somaxconn=65535
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_syn_backlog = 10240
net.ipv4.tcp_max_tw_buckets = 400000
net.ipv4.tcp_max_orphans = 60000
net.ipv4.tcp_synack_retries = 3

4. Test Keepalived keepalived.conf configuration syntax is OK

 

[root@server1:~]keepalived –config-test
(/etc/keepalived/keepalived.conf: Line 7) Unknown keyword 'lvs_sync_daemon_interface'
(/etc/keepalived/keepalived.conf: Line 21) Unable to set default user for vrrp script haproxy – removing
(/etc/keepalived/keepalived.conf: Line 31) (LB_VIP_QA) Specifying lvs_sync_daemon_interface against a vrrp is deprecated.
(/etc/keepalived/keepalived.conf: Line 31)              Please use global lvs_sync_daemon
(/etc/keepalived/keepalived.conf: Line 35) Truncating auth_pass to 8 characters
(/etc/keepalived/keepalived.conf: Line 50) (LB_VIP_QA) track script haproxy not found, ignoring…

I've experienced this error because first time I've configured keepalived, I did not mention the user with which the vrrp script haproxy should run,
in prior versions of keepalived, leaving the field empty did automatically assumed you have the user with which the vrrp script runs to be set to root
as of RHELs keepalived-2.1.5-6.el8.x86_64, i've been using however this is no longer so and thus in prior configuration as you can see I've
set the user in respective section to root.
The error Unknown keyword 'lvs_sync_daemon_interface'
is also easily fixable by just substituting the lvs_sync_daemon_interface and lvs_sync_daemon and reloading
keepalived etc.

Once keepalived is started and you can see the process on both machines running in process list.

[root@server1:~]ps -ef |grep -i keepalived
root     1190884       1  0 18:50 ?        00:00:00 /usr/sbin/keepalived -D
root     1190885 1190884  0 18:50 ?        00:00:00 /usr/sbin/keepalived -D

Next step is to check the keepalived statuses as well as /var/log/keepalived.log

If everything is configured as expected on both keepalived on first node you should see one is master and one is slave either in the status or the log

[root@server1:~]#systemctl restart keepalived

 

[root@server1:~]systemctl status keepalived|grep -i state
Mar 14 18:59:02 server1-fqdn Keepalived_vrrp[1192003]: (LB_VIP_QA) Entering MASTER STATE

[root@server1:~]systemctl status keepalived

● keepalived.service – LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Mon 2022-03-14 18:15:51 CET; 32min ago
  Process: 1187587 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 1187589 (code=exited, status=0/SUCCESS)

Mar 14 18:15:04 server1lb-fqdn Keepalived_vrrp[1187590]: Sending gratuitous ARP on eth0 for 10.44.192.142
Mar 14 18:15:50 server1lb-fqdn systemd[1]: Stopping LVS and VRRP High Availability Monitor…
Mar 14 18:15:50 server1lb-fqdn Keepalived[1187589]: Stopping
Mar 14 18:15:50 server1lb-fqdn Keepalived_vrrp[1187590]: (LB_VIP_QA) sent 0 priority
Mar 14 18:15:50 server1lb-fqdn Keepalived_vrrp[1187590]: (LB_VIP_QA) removing VIPs.
Mar 14 18:15:51 server1lb-fqdn Keepalived_vrrp[1187590]: Stopped – used 0.002007 user time, 0.016303 system time
Mar 14 18:15:51 server1lb-fqdn Keepalived[1187589]: CPU usage (self/children) user: 0.000000/0.038715 system: 0.001061/0.166434
Mar 14 18:15:51 server1lb-fqdn Keepalived[1187589]: Stopped Keepalived v2.1.5 (07/13,2020)
Mar 14 18:15:51 server1lb-fqdn systemd[1]: keepalived.service: Succeeded.
Mar 14 18:15:51 server1lb-fqdn systemd[1]: Stopped LVS and VRRP High Availability Monitor

[root@server2:~]systemctl status keepalived|grep -i state
Mar 14 18:59:02 server2-fqdn Keepalived_vrrp[297368]: (LB_VIP_QA) Entering BACKUP STATE

[root@server1:~]# grep -i state /var/log/keepalived.log
Mar 14 18:59:02 server1lb-fqdn Keepalived_vrrp[297368]: (LB_VIP_QA) Entering MASTER STATE
 

a. Fix Keepalived SECURITY VIOLATION – scripts are being executed but script_security not enabled.
 

When configurating keepalived for a first time we have faced the following strange error inside keepalived status inside keepalived.log 
 

Feb 23 14:28:41 server1 Keepalived_vrrp[945478]: SECURITY VIOLATION – scripts are being executed but script_security not enabled.

 

To fix keepalived SECURITY VIOLATION error:

Add to /etc/keepalived/keepalived.conf on the keepalived node hosts
inside 

global_defs {}

After chunk
 

enable_script_security

include

# Synchro of the state of the connections between the LBs on the eth0 interface
  lvs_sync_daemon_interface eth0

 

5. Prepare rsyslog configuration and Inlcude additional keepalived options
to force keepalived log into /var/log/keepalived.log

To force keepalived log into /var/log/keepalived.log on RHEL 8 / CentOS and other Redhat Package Manager (RPM) Linux distributions

[root@server1:~]# vim /etc/rsyslog.d/48_keepalived.conf

#2022/02/02: HAProxy logs to local6, save the messages
local7.*                                                /var/log/keepalived.log
if ($programname == 'Keepalived') then -/var/log/keepalived.log
if ($programname == 'Keepalived_vrrp') then -/var/log/keepalived.log
& stop

[root@server:~]# touch /var/log/keepalived.log

Reload rsyslog to load new config
 

[root@server:~]# systemctl restart rsyslog
[root@server:~]# systemctl status rsyslog

 

rsyslog.service – System Logging Service
   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/rsyslog.service.d
           └─rsyslog-service.conf
   Active: active (running) since Mon 2022-03-07 13:34:38 CET; 1 weeks 0 days ago
     Docs: man:rsyslogd(8)

           https://www.rsyslog.com/doc/
 Main PID: 269574 (rsyslogd)
    Tasks: 6 (limit: 100914)
   Memory: 5.1M
   CGroup: /system.slice/rsyslog.service
           └─269574 /usr/sbin/rsyslogd -n

Mar 15 08:15:16 server1lb-fqdn rsyslogd[269574]: — MARK —
Mar 15 08:35:16 server1lb-fqdn rsyslogd[269574]: — MARK —
Mar 15 08:55:16 server1lb-fqdn rsyslogd[269574]: — MARK —

 

If once keepalived is loaded but you still have no log written inside /var/log/keepalived.log

[root@server1:~]# vim /etc/sysconfig/keepalived
 KEEPALIVED_OPTIONS="-D -S 7"

[root@server2:~]# vim /etc/sysconfig/keepalived
 KEEPALIVED_OPTIONS="-D -S 7"

[root@server1:~]# systemctl restart keepalived.service
[root@server1:~]#  systemctl status keepalived

● keepalived.service – LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2022-02-24 12:12:20 CET; 2 weeks 4 days ago
 Main PID: 1030501 (keepalived)
    Tasks: 2 (limit: 100914)
   Memory: 1.8M
   CGroup: /system.slice/keepalived.service
           ├─1030501 /usr/sbin/keepalived -D
           └─1030502 /usr/sbin/keepalived -D

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

[root@server2:~]# systemctl restart keepalived.service
[root@server2:~]# systemctl status keepalived

6. Monitoring VRRP traffic of the two keepaliveds with tcpdump
 

Once both keepalived are up and running a good thing is to check the VRRP protocol traffic keeps fluently on both machines.
Keepalived VRRP keeps communicating over the TCP / IP Port 112 thus you can simply snoop TCP tracffic on its protocol.
 

[root@server1:~]# tcpdump proto 112

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:08:07.356187 IP server1lb-fqdn > vrrp.mcast.net: VRRPv2, Advertisement, vrid 50, prio 53, authtype simple, intvl 1s, length 20
11:08:08.356297 IP server1lb-fqdn > vrrp.mcast.net: VRRPv2, Advertisement, vrid 50, prio 53, authtype simple, intvl 1s, length 20
11:08:09.356408 IP server1lb-fqdn > vrrp.mcast.net: VRRPv2, Advertisement, vrid 50, prio 53, authtype simple, intvl 1s, length 20
11:08:10.356511 IP server1lb-fqdn > vrrp.mcast.net: VRRPv2, Advertisement, vrid 50, prio 53, authtype simple, intvl 1s, length 20
11:08:11.356655 IP server1lb-fqdn > vrrp.mcast.net: VRRPv2, Advertisement, vrid 50, prio 53, authtype simple, intvl 1s, length 20

[root@server2:~]# tcpdump proto 112

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
​listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:08:07.356187 IP server1lb-fqdn > vrrp.mcast.net: VRRPv2, Advertisement, vrid 50, prio 53, authtype simple, intvl 1s, length 20
11:08:08.356297 IP server1lb-fqdn > vrrp.mcast.net: VRRPv2, Advertisement, vrid 50, prio 53, authtype simple, intvl 1s, length 20
11:08:09.356408 IP server1lb-fqdn > vrrp.mcast.net: VRRPv2, Advertisement, vrid 50, prio 53, authtype simple, intvl 1s, length 20
11:08:10.356511 IP server1lb-fqdn > vrrp.mcast.net: VRRPv2, Advertisement, vrid 50, prio 53, authtype simple, intvl 1s, length 20
11:08:11.356655 IP server1lb-fqdn > vrrp.mcast.net: VRRPv2, Advertisement, vrid 50, prio 53, authtype simple, intvl 1s, length 20

As you can see the VRRP traffic on the network is originating only from server1lb-fqdn, this is so because host server1lb-fqdn is the keepalived configured master node.

It is possible to spoof the password configured to authenticate between two nodes, thus if you're bringing up keepalived service cluster make sure your security is tight at best the machines should be in a special local LAN DMZ, do not configure DMZ on the internet !!! 🙂 Or if you eventually decide to configure keepalived in between remote hosts, make sure you somehow use encrypted VPN or SSH tunnels to tunnel the VRRP traffic.

[root@server1:~]tcpdump proto 112 -vv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:36:25.530772 IP (tos 0xc0, ttl 255, id 59838, offset 0, flags [none], proto VRRP (112), length 40)
    server1lb-fqdn > vrrp.mcast.net: vrrp server1lb-fqdn > vrrp.mcast.net: VRRPv2, Advertisement, vrid 50, prio 53, authtype simple, intvl 1s, length 20, addrs: VIPIP_QA auth "testp431"
11:36:26.530874 IP (tos 0xc0, ttl 255, id 59839, offset 0, flags [none], proto VRRP (112), length 40)
    server1lb-fqdn > vrrp.mcast.net: vrrp server1lb-fqdn > vrrp.mcast.net: VRRPv2, Advertisement, vrid 50, prio 53, authtype simple, intvl 1s, length 20, addrs: VIPIP_QA auth "testp431"

Lets also check what floating IP is configured on the machines:

[root@server1:~]# ip -brief address show
lo               UNKNOWN        127.0.0.1/8 
eth0             UP             10.10.10.5/26 10.10.10.1/32 

The 10.10.10.5 IP is the main IP set on LAN interface eth0, 10.10.10.1 is the floating IP which as you can see is currently set by keepalived to listen on first node.

[root@server2:~]# ip -brief address show |grep -i 10.10.10.1

An empty output is returned as floating IP is currently configured on server1

To double assure ourselves the IP is assigned on correct machine, lets ping it and check the IP assigned MAC  currently belongs to which machine.
 

[root@server2:~]# ping 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=0.526 ms
^C
— 10.10.10.1 ping statistics —
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.526/0.526/0.526/0.000 ms

[root@server2:~]# arp -an |grep -i 10.44.192.142
? (10.10.10.1) at 00:48:54:91:83:7d [ether] on eth0
[root@server2:~]# ip a s|grep -i 00:48:54:91:83:7d
[root@server2:~]# 

As you can see from below output MAC is not found in configured IPs on server2.
 

[root@server1-fqdn:~]# /sbin/ip a s|grep -i 00:48:54:91:83:7d -B1 -A1
 eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:48:54:91:83:7d brd ff:ff:ff:ff:ff:ff
inet 10.10.10.1/26 brd 10.10.1.191 scope global noprefixroute eth0

Pretty much expected MAC is on keepalived node server1.

 

7. Testing keepalived on server1 and server2 maachines VIP floating IP really works
 

To test the overall configuration just created, you should stop keeaplived on the Master node and in meantime keep an eye on Slave node (server2), whether it can figure out the Master node is gone and switch its
state BACKUP to save MASTER. By changing the secondary (Slave) keepalived to master the floating IP: 10.10.10.1 will be brought up by the scripts on server2.

Lets assume that something went wrong with server1 VM host, for example the machine crashed due to service overload, DDoS or simply a kernel bug or whatever reason.
To simulate that we simply have to stop keepalived, then the broadcasted information on VRRP TCP/IP proto port 112 will be no longer available and keepalived on node server2, once
unable to communicate to server1 should chnage itself to state MASTER.

[root@server1:~]# systemctl stop keepalived
[root@server1:~]# systemctl status keepalived

● keepalived.service – LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Tue 2022-03-15 12:11:33 CET; 3s ago
  Process: 1192001 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 1192002 (code=exited, status=0/SUCCESS)

Mar 14 18:59:07 server1lb-fqdn Keepalived_vrrp[1192003]: Sending gratuitous ARP on eth0 for 10.10.10.1
Mar 15 12:11:32 server1lb-fqdn systemd[1]: Stopping LVS and VRRP High Availability Monitor…
Mar 15 12:11:32 server1lb-fqdn Keepalived[1192002]: Stopping
Mar 15 12:11:32 server1lb-fqdn Keepalived_vrrp[1192003]: (LB_VIP_QA) sent 0 priority
Mar 15 12:11:32 server1lb-fqdn Keepalived_vrrp[1192003]: (LB_VIP_QA) removing VIPs.
Mar 15 12:11:33 server1lb-fqdn Keepalived_vrrp[1192003]: Stopped – used 2.145252 user time, 15.513454 system time
Mar 15 12:11:33 server1lb-fqdn Keepalived[1192002]: CPU usage (self/children) user: 0.000000/44.555362 system: 0.001151/170.118126
Mar 15 12:11:33 server1lb-fqdn Keepalived[1192002]: Stopped Keepalived v2.1.5 (07/13,2020)
Mar 15 12:11:33 server1lb-fqdn systemd[1]: keepalived.service: Succeeded.
Mar 15 12:11:33 server1lb-fqdn systemd[1]: Stopped LVS and VRRP High Availability Monitor.

 

On keepalived off, you will get also a notification Email on the Receipt Email configured from keepalived.conf from the working keepalived node with a simple message like:

=> VRRP Instance is no longer owning VRRP VIPs <=

Once keepalived is back up you will get another notification like:

=> VRRP Instance is now owning VRRP VIPs <=

[root@server2:~]# systemctl status keepalived
● keepalived.service – LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2022-03-14 18:13:52 CET; 17h ago
  Process: 297366 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 297367 (keepalived)
    Tasks: 2 (limit: 100914)
   Memory: 2.1M
   CGroup: /system.slice/keepalived.service
           ├─297367 /usr/sbin/keepalived -D -S 7
           └─297368 /usr/sbin/keepalived -D -S 7

Mar 15 12:11:33 server2lb-fqdn Keepalived_vrrp[297368]: Sending gratuitous ARP on eth0 for 10.10.10.1
Mar 15 12:11:33 server2lb-fqdn Keepalived_vrrp[297368]: Sending gratuitous ARP on eth0 for 10.10.10.1
Mar 15 12:11:33 server2lb-fqdn Keepalived_vrrp[297368]: Remote SMTP server [127.0.0.1]:25 connected.
Mar 15 12:11:33 server2lb-fqdn Keepalived_vrrp[297368]: SMTP alert successfully sent.
Mar 15 12:11:38 server2lb-fqdn Keepalived_vrrp[297368]: (LB_VIP_QA) Sending/queueing gratuitous ARPs on eth0 for 10.10.10.1
Mar 15 12:11:38 server2lb-fqdn Keepalived_vrrp[297368]: Sending gratuitous ARP on eth0 for 10.10.10.1
Mar 15 12:11:38 server2lb-fqdn Keepalived_vrrp[297368]: Sending gratuitous ARP on eth0 for 10.10.10.1
Mar 15 12:11:38 server2lb-fqdn Keepalived_vrrp[297368]: Sending gratuitous ARP on eth0 for 10.10.10.1
Mar 15 12:11:38 server2lb-fqdn Keepalived_vrrp[297368]: Sending gratuitous ARP on eth0 for 10.10.10.1
Mar 15 12:11:38 server2lb-fqdn Keepalived_vrrp[297368]: Sending gratuitous ARP on eth0 for 10.10.10.1

[root@server2:~]#  ip addr show|grep -i 10.10.10.1
    inet 10.10.10.1/32 scope global eth0
    

As you see the VIP is now set on server2, just like expected – that's OK, everything works as expected. If the IP did not move double check the keepalived.conf on both nodes for errors or misconfigurations.

To recover the initial order of things so server1 is MASTER and server2 SLAVE host, we just have to switch on the keepalived on server1 machine.

[root@server1:~]# systemctl start keepalived

The automatic change of server1 to MASTER node and respective move of the VIP IP is done because of the higher priority (of importance we previously configured on server1 in keepalived.conf).
 

What we learned?
 

So what we learned in  this article?
We have seen how to easily install and configure a High Availability Load balancer with Keepalived with single floating VIP IP address with 1 MASTER and 1 SLAVE host and a Haproxy example config with few frontends / App backends. We have seen how the config can be tested for potential errors and how we can monitor whether the VRRP2 network traffic flows between nodes and how to potentially debug it further if necessery.
Further on rawly explained some of the keepalived configurations but as keepalived can do pretty much more,for anyone seriously willing to deal with keepalived on a daily basis or just fine tune some already existing ones, you better read closely its manual page "man keepalived.conf" as well as the official Redhat Linux documentation page on setting up a Linux cluster with Keepalived (Be prepare for a small nightmare as the documentation of it seems to be a bit chaotic, and even I would say partly missing or opening questions on what does the developers did meant – not strange considering the havoc that is pretty much as everywhere these days.)

Finally once keepalived hosts are prepared, it was shown how to test the keepalived application cluster and Floating IP does move between nodes in case if one of the 2 keepalived nodes is inaccessible.

The same logic can be repeated multiple times and if necessery you can set multiple VIPs to expand the HA reachable IPs solution.

high-availability-with-two-vips-example-diagram

The presented idea is with haproxy forward Proxy server to proxy requests towards Application backend (servince machines), however if you need to set another set of server on the flow to  process HTML / XHTML / PHP / Perl / Python  programming code, with some common Webserver setup ( Nginx / Apache / Tomcat / JBOSS) and enable SSL Secure certificate with lets say Letsencrypt, this can be relatively easily done. If you want to implement letsencrypt and a webserver check this redundant SSL Load Balancing with haproxy & keepalived article.

That's all folks, hope you enjoyed.
If you need to configure keepalived Cluster or a consultancy write your query here 🙂

Saint Prophor Pchinski Saint Jochichim of Osogovo and Saint Gabriel of Lesnovo the three little known Bulgarian spritual followers of Saint John of Rila

Saturday, January 15th, 2022

Biography of St. Prohor Pshinski

Saint_Prohor_Pchinski-face-icon

St. Prohor Pshinski. Mural from the 15th century in the church "St. Archangel Michael" in Saparevo near Kyustendil. Source: bartol, bartol.blog.bg

 St. Prohor Pshinski. Mural from the 15th century in the church "St. Archangel Michael" in Saparevo near Kyustendil. Source: bartol, bartol.blog.bg The Rev.

Prohor Pshinski was a Bulgarian by birth from pious parents in the Ovce Pole region of northern Macedonia. It was given by God to childless parents for their prayers and sucked in along with his mother's milk and her high piety. When he grew up, his parents insisted on marrying him. But he once heard in the temple the words of the Savior: "He that loveth father or mother more than me is not worthy of me," (Matt. 10:37). the town of Vranje in Yugoslavia. He lived in a cave where water springs for 32 years. Once a frightened deer ran to him, chased by a hunter who soon appeared.

Saint_Prohor_Pchinski_Fresco-Byzantine-Empire-icon
Prophor Pchinski (Pshinksi) Byzantine Empire Icon

At his first meeting, the monk called the hunter by name and predicted that he would soon become a Byzantine emperor. At that time Bulgaria was under Byzantine slavery (1018 – 1186). And indeed, after some time this man reigned under the name of Roman Diogenes (1067-1071). Astonished by the fulfillment of this prophecy, he discovered the incorruptible relics of the late Prohor Pshinski and built a large temple in the name of the saint on the site of his asceticism. His holy relics were laid there and a monastic fraternity gathered.

This monastery still exists. The Venerable Prohor Pshinski died on September 14, but due to the great feast of the Exaltation of the Holy Cross, the celebration of his memory was postponed to January 15. His monastery celebrates his memory on September 19.

© Lives of the Saints. Synodal Publishing House, Sofia, 1991, edited by Parthenius, Bishop of Lefkada (Levkijski) and Archimandrite Dr. Athanasius (Bonchev).

Saint_Prohor_Pshinski-XV-century-wall-painting-icon-Kyustendil-Bulgaria

Saint Prohor Pchinski (Pshinski) Wall Painting icon XV century Kyustendil Bulgaria

The prologue biography of St. Prohor Pshinski is an original ancient Bulgarian writting, known in a single transcript in the New Prologue from the beginning of the 14th century (GIM, Uvar. 70). Under the date of October 19, the Venerable Hermit Saint is mentioned next to St. Ivan Rilski. Both texts are published by Kl. Ivanova (1977). D. Chesmedjiev (2009) points out that the cult of St. Prohor Pshinski is poorly fixed in the written tradition. All the details about the saint are known from his prologue. St. Prohor lived in the 11th century, working in the Kozyak mountain (near the village of Staro Nagorichino). After his death, his relics were transferred to the church he founded, called Pshinya, where he was healed.

Saint Prophor Pchinski in Modern Theology

His cult probably originated during the Byzantine rule. His memory is celebrated on September 13 and October 19. In the New Prologue, in addition to biographies of St. Ivan Rilski and St. Prohor Pshinski, there are also biographies of St. Achilles of Larissa, St. Simeon of Serbia and others. 30 years ago Kl. Ivanova (Ivanova 1977: 59) has suggested that the manuscript was compiled in the Pshin Monastery itself, but the spelling and language features of the collection are Serbian. According to the latest research by the same researcher, Nora's prologue originates from Jerusalem and was created in the Serbian monastery "St. Archangel Michael ”(Ivanova 2008: 68–70).

 

Biography of Saint Joachim of Osogovo

Images of St. Ivan Rilski and St. Joachim of Sarandapor from the Poganovo Monastery, end of the 15th century. It is not known where he came from, from his life it is known that he came from the west, according to Ivan Snegarov, perhaps from Zeta, in the Osogovo Mountains, where he sought monastic asylum.

An unknown boyar from the village of Gradets, not far from Kriva Palanka, today in northern Macedonia, shows him the place he was looking for monastic solitude – a cave by the Sarandapor River, today's Kriva River. Here St. Joachim spends his life as a hermit, in fasting and prayer, and the local Bulgarians revere him as a holy man. 

Osogovo Monastery.

Kutugenski-Manastir-Sveti-Joachim-Ioakim-Osogovski
Osogovo Monastery Saint Joachim Icon

Joachim Osogowski died on August 16, 1105.On this date the Bulgarian Orthodox Church commemorates him.

Years later, the widowed priest Theodore of the Sheep Field settled in the place of Joachim's hermitage, adopting the monastic name Theophanes. After his saint appears, he discovers his miraculous relics, which are laid in the church built in his memory. In the 12th century, the cult of St. Joachim became so popular in northwestern Macedonia that a monastery of the same name was built around the temple. 

Joachim-of-Osogovo-known-also-as-Sarandopolski-Poganovo_Ivan_Rilski

Images of St. Ivan Rilski and St. Joachim of Sarandapor from the Poganovo Monastery, end of the XV-th century ( the three most famous spiritual pupils of Saint John of Rila )

In the monastery, similar to the life of St. Ivan Rilski, a life of St. Joachim was created, known from later transcripts, as well as a service of the saint. Around the middle of the 14th century the cult of St. Joachim spread to the eastern Bulgarian lands, and at the end of the 14th century it was transferred to Russia.

Biography of Saint Gavriil (Gabriel) Lesnovski

Saint-Gabriel-of-Lesnovo-320px-Archangels_Chapel_in_Rila_Monastery_Gabriel_of_Lesnovo_-_year-1845

Saint Gabriel of Lesnovo fresco from Archangels Chapel Rila Monastery, Bulgaria

Saint_Gabriel-of-Lesnovo-icon-St-Alexander-Nevski
St. Gavriil Lesnowski.
Detail of a mosaic on one of the doors of the Patriarchal Cathedral "St. Alexander Nevsky" in Sofia St. Gavriil Lesnowski. Detail of a mosaic on one of the doors of the Patriarchal Cathedral "St. Alexander Nevsky" in Sofia

Reverend Gavriil Lesnovski is one of the three great followers of the Rila desert dweller St. Ivan Rilski. He lived in the XI – XII century. He was born in the village of Osiche, Palaneshko (Macedonia). He came from rich Bulgarian parents and received a good education. When he was old, his parents betrothed him to a good-looking bride. Soon, however, his fiancée died. Then he entered a monastery and became a monk. With the inheritance he received from his parents, Gabriel built a monastery with a church named after St. Archangel Michael in the Lesnovo Mountains, northern Macedonia, near the present town of Kratovo.

The Venerable Father gathered monks, appointed an abbot, and he himself secluded himself in the mountains of desert life and silence, doing so for 30 years. He then returned to his monastery and died on January 15. Thirty years after the death of the Venerable Gabriel, a Russian monk named Joseph in the town of Sredets (Sofia) – at the suggestion of the saint – went to the place where the Venerable struggled, found his grave, found his incorruptible relics, laid them in a coffin and provided for prayer worship to believers.

For many years the holy relics of the Reverend Gabriel rested in the Lesnovo Monastery and performed many miracles. Probably in the thirteenth century one of the Bulgarian kings of the Assen dynasty brought them to his capital Tarnovo and laid them in the church "Holy Apostles" in Trapezitsa. According to the Reverend's prologue of 1330, "they have lain there until now and give healing." After the Ottoman invasion of Bulgaria, traces of the holy relics of the Venerable Gavriil Lesnovski are lost. The monastery he founded was later named after him and became an important literary center. © Lives of the Saints. Synodal Publishing House, Sofia, 1991, edited by Parthenius, Bishop of Lefkada (Levkijski) and Archimandrite Dr. Athanasius (Bonchev).

Saint-Gabriel_Lesnovski-Saint-_Joachom_Osogovski_and-saint_Prohor-Pchinski-Saint_Alexander_Cathedral_SofiaSaint Gabriel of Lesnovo, Saint Joachim of Osogovo and Saint Prohor Pchinski mosaic saint Alexander Nevski Cathedral Church, Sofia, Bulgaria

The Saints Prohor Pchinski, Joachim of Osogovo together with Saint Gabriel of Lesnovo according to Bulgarian Orthodox Church tradition are considered to be 3 of the many pupil monks of Saint John of Rila who spread the light of Holy Eastern Orthodox Christian faith in whole Bulgarian lands and from there towards Russia and far west Serbia, Croatia, Hungary who historically has been orthodox and later converted to Roman Catholicism.

Install and configure rkhunter for improved security on a PCI DSS Linux / BSD servers with no access to Internet

Wednesday, November 10th, 2021

install-and-configure-rkhunter-with-tightened-security-variables-rkhunter-logo

rkhunter or Rootkit Hunter scans systems for known and unknown rootkits. The tool is not new and most system administrators that has to mantain some good security servers perhaps already use it in their daily sysadmin tasks.

It does this by comparing SHA-1 Hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, commmon backdoors, sniffers and exploits as well as other special tests mostly for Linux and FreeBSD though a ports for other UNIX operating systems like Solaris etc. are perhaps available. rkhunter is notable due to its inclusion in popular mainstream FOSS operating systems (CentOS, Fedora,Debian, Ubuntu etc.).

Even though rkhunter is not rapidly improved over the last 3 years (its last Official version release was on 20th of Febuary 2018), it is a good tool that helps to strengthen even further security and it is often a requirement for Unix servers systems that should follow the PCI DSS Standards (Payment Card Industry Data Security Standards).

Configuring rkhunter is a pretty straight forward if you don't have too much requirements but I decided to write this article for the reason there are fwe interesting options that you might want to adopt in configuration to whitelist any files that are reported as Warnings, as well as how to set a configuration that sets a stricter security checks than the installation defaults. 

1. Install rkhunter .deb / .rpm package depending on the Linux distro or BSD

  • If you have to place it on a Redhat based distro CentOS / Redhat / Fedora

[root@Centos ~]# yum install -y rkhunter

 

  • On Debian distros the package name is equevallent to install there exec usual:

root@debian:~# apt install –yes rkhunter

  • On FreeBSD / NetBSD or other BSD forks you can install it from the BSD "World" ports system or install it from a precompiled binary.

freebsd# pkg install rkhunter

One important note to make here is to have a fully functional Alarming from rkhunter, you will have to have a fully functional configured postfix / exim / qmail whatever mail server to relay via official SMTP so you the Warning Alarm emails be able to reach your preferred Alarm email address. If you haven't installed postfix for example and configure it you might do.

– On Deb based distros 

[root@Centos ~]#yum install postfix


– On RPM based distros

root@debian:~# apt-get install –yes postfix


and as minimum, further on configure some functional Email Relay server within /etc/postfix/main.cf
 

# vi /etc/postfix/main.cf
relayhost = [relay.smtp-server.com]

2. Prepare rkhunter.conf initial configuration


Depending on what kind of files are present on the filesystem it could be for some reasons some standard package binaries has to be excluded for verification, because they possess unusual permissions because of manual sys admin monification this is done with the rkhunter variable PKGMGR_NO_VRFY.

If remote logging is configured on the system via something like rsyslog you will want to specificly tell it to rkhunter so this check as a possible security issue is skipped via ALLOW_SYSLOG_REMOTE_LOGGING=1. 

In case if remote root login via SSH protocol is disabled via /etc/ssh/sshd_config
PermitRootLogin no variable, the variable to include is ALLOW_SSH_ROOT_USER=no

It is useful to also increase the hashing check algorithm for security default one SHA256 you might want to change to SHA512, this is done via rkhunter.conf var HASH_CMD=SHA512

Triggering new email Warnings has to be configured so you receive, new mails at a preconfigured mailbox of your choice via variable
MAIL-ON-WARNING=SetMailAddress

 

# vi /etc/rkhunter.conf

PKGMGR_NO_VRFY=/usr/bin/su

PKGMGR_NO_VRFY=/usr/bin/passwd

ALLOW_SYSLOG_REMOTE_LOGGING=1

# Needed for corosync/pacemaker since update 19.11.2020

ALLOWDEVFILE=/dev/shm/qb-*/qb-*

# enabled ssh root access skip

ALLOW_SSH_ROOT_USER=no

HASH_CMD=SHA512

# Email address to sent alert in case of Warnings

MAIL-ON-WARNING=Your-Customer@Your-Email-Server-Destination-Address.com

MAIL-ON-WARNING=Your-Second-Peronsl-Email-Address@SMTP-Server.com

DISABLE_TESTS=os_specific


Optionally if you're using something specific such as corosync / pacemaker High Availability cluster or some specific software that is creating /dev/ files identified as potential Risks you might want to add more rkhunter.conf options like:
 

# Allow PCS/Pacemaker/Corosync
ALLOWDEVFILE=/dev/shm/qb-attrd-*
ALLOWDEVFILE=/dev/shm/qb-cfg-*
ALLOWDEVFILE=/dev/shm/qb-cib_rw-*
ALLOWDEVFILE=/dev/shm/qb-cib_shm-*
ALLOWDEVFILE=/dev/shm/qb-corosync-*
ALLOWDEVFILE=/dev/shm/qb-cpg-*
ALLOWDEVFILE=/dev/shm/qb-lrmd-*
ALLOWDEVFILE=/dev/shm/qb-pengine-*
ALLOWDEVFILE=/dev/shm/qb-quorum-*
ALLOWDEVFILE=/dev/shm/qb-stonith-*
ALLOWDEVFILE=/dev/shm/pulse-shm-*
ALLOWDEVFILE=/dev/md/md-device-map
# Needed for corosync/pacemaker since update 19.11.2020
ALLOWDEVFILE=/dev/shm/qb-*/qb-*

# tomboy creates this one
ALLOWDEVFILE="/dev/shm/mono.*"
# created by libv4l
ALLOWDEVFILE="/dev/shm/libv4l-*"
# created by spice video
ALLOWDEVFILE="/dev/shm/spice.*"
# created by mdadm
ALLOWDEVFILE="/dev/md/autorebuild.pid"
# 389 Directory Server
ALLOWDEVFILE=/dev/shm/sem.slapd-*.stats
# squid proxy
ALLOWDEVFILE=/dev/shm/squid-cf*
# squid ssl cache
ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm
# Allow podman
ALLOWDEVFILE=/dev/shm/libpod*lock*

 

3. Set the proper mirror database URL location to internal network repository

 

Usually  file /var/lib/rkhunter/db/mirrors.dat does contain Internet server address where latest version of mirrors.dat could be fetched, below is how it looks by default on Debian 10 Linux.

root@debian:/var/lib/rkhunter/db# cat mirrors.dat 
Version:2007060601
mirror=http://rkhunter.sourceforge.net
mirror=http://rkhunter.sourceforge.net

As you can guess a machine that doesn't have access to the Internet neither directly, neither via some kind of secure proxy because it is in a Paranoic Demilitarized Zone (DMZ) Network with many firewalls. What you can do then is setup another Mirror server (Apache / Nginx) within the local PCI secured LAN that gets regularly the database from official database on http://rkhunter.sourceforge.net/ (by installing and running rkhunter –update command on the Mirror WebServer and copying data under some directory structure on the remote local LAN accessible server, to keep the DB uptodate you might want to setup a cron to periodically copy latest available rkhunter database towards the http://mirror-url/path-folder/)

# vi /var/lib/rkhunter/db/mirrors.dat

local=http://rkhunter-url-mirror-server-url.com/rkhunter/1.4/


A mirror copy of entire db files from Debian 10.8 ( Buster ) ready for download are here.

Update entire file property db and check for rkhunter db updates

 

# rkhunter –update && rkhunter –propupdate

[ Rootkit Hunter version 1.4.6 ]

Checking rkhunter data files…
  Checking file mirrors.dat                                  [ Skipped ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/tr                                      [ No update ]
  Checking file i18n/tr.utf8                                 [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]
  Checking file i18n/ja                                      [ No update ]

 

rkhunter-update-propupdate-screenshot-centos-linux


4. Initiate a first time check and see whether something is not triggering Warnings

# rkhunter –check

rkhunter-checking-for-rootkits-linux-screenshot

As you might have to run the rkhunter multiple times, there is annoying Press Enter prompt, between checks. The idea of it is that you're able to inspect what went on but since usually, inspecting /var/log/rkhunter/rkhunter.log is much more easier, I prefer to skip this with –skip-keypress option.

# rkhunter –check  –skip-keypress


5. Whitelist additional files and dev triggering false warnings alerts


You have to keep in mind many files which are considered to not be officially PCI compatible and potentially dangerous such as lynx browser curl, telnet etc. might trigger Warning, after checking them thoroughfully with some AntiVirus software such as Clamav and checking the MD5 checksum compared to a clean installed .deb / .rpm package on another RootKit, Virus, Spyware etc. Clean system (be it virtual machine or a Testing / Staging) machine you might want to simply whitelist the files which are incorrectly detected as dangerous for the system security.

Again this can be achieved with

PKGMGR_NO_VRFY=

Some Cluster softwares that are preparing their own /dev/ temporary files such as Pacemaker / Corosync might also trigger alarms, so you might want to suppress this as well with ALLOWDEVFILE

ALLOWDEVFILE=/dev/shm/qb-*/qb-*


If Warnings are found check what is the issue and if necessery white list files due to incorrect permissions in /etc/rkhunter.conf .

rkhunter-warnings-found-screenshot

Re-run the check until all appears clean as in below screenshot.

rkhunter-clean-report-linux-screenshot

Fixing Checking for a system logging configuration file [ Warning ]

If you happen to get some message like, message appears when rkhunter -C is done on legacy CentOS release 6.10 (Final) servers:

[13:45:29] Checking for a system logging configuration file [ Warning ]
[13:45:29] Warning: The 'systemd-journald' daemon is running, but no configuration file can be found.
[13:45:29] Checking if syslog remote logging is allowed [ Allowed ]

To fix it, you will have to disable SYSLOG_CONFIG_FILE at all.
 

SYSLOG_CONFIG_FILE=NONE

Saint protector of the Family and The receipt of Saint Petka Tarnovska by King Asen II story

Thursday, October 14th, 2021

Chapel-Trun-Sveta-Petka-Ikona-ot-16-17-vek-na-Sveta-Petka-v-skalniq-paraklis-na-Trun-231x300

In these hazy and confused times where the family as institution is failing and it is becoming more and more modern for people to live together without official Civil marriages count are steadily declining not to mention that the Church marriages no matter whether it is a Protestant, Roman Catholic is very rare thing. The attack against families is multi-vector one, it is descredited and being pranked on the TV in movies and serials, in the press. Many of the bad sides of marriage are exposed as well as the incapabilities of any traditional marriage to respond to the modern challenges of the world and hence many choose to not marry. But originally God created man to live in a family Adam and Eve were the first marital couple (even though they did not officially binded it on paper) in the municipality or the Church. Of course there situation was slightly different than today as they were the only couple in the beginning when God created man one would say. But even after that through the Ages Marriage and fidelity that stems out of it has been considered normal. However today normality is being pranked and abnormality is being enforced from all sides. 
As the topic of family does directly concern me as I have a family I thought therefore it is useful to mention again today about the feast of Saint Petka Epivatska (Epivates) famous as Saint Petka of Tarnovo who is considered in our Eastern Orthodox Christian countries as a protectress of family.

The reason why we venerate saint Petka here in Bulgaria is because here holy relics has stayed in Tarnovo for almost 2 Centuries and being in Bulgaria, they have worked many miracles, many of which were done over a family husbands and wifes who had their usual trials, like infertility, problems in family, quarrels etc.
For being famous for that miracles she has been invoked for centuries worldwide by believing Christians for help on their family trials.

Below is shortly the history of how St. Petka Epivatska, holy relics were transferred to Tarnovo and the multiple transfers of her relics until she finally choose to reside in Iash Romania.
 

+++

Posreshhane_na_moshhite_na_sv-petka_v_Trnovo-Bylgariq
The reception of Holy Relics of Saint Petka Paraskeva in medieval Capital of Bulgaia Tarnovo

In 1230 King Ivan Asen II the most powerful South-eastern European ruler demanded from the the Knights of the Crusaders to submit him her holy relics who are found still in Tracian city Kaliakratea ruled at that time by the Holy Latin Empire. King Ivan Asen II together with the patriach Joachim the first receives her holy relics with honor and settles her incorruptabilities into the newly creates Church in honour of herself St. Petka behind Tsarevets FortressSaint Petka became from that point considered as a protectress of the city, the throne and the country.
Her holy relics arrived from Kallikrateia in Tarnovo, the Capital of Second Bulgarian Empire in year 1230 AD, she has been thus called Paraskeva of Tarnovo and has been venerated as a protectress of the Tarnovo city the Bulgarian nation and the country. The attitude towards Saint Petka Tarnovska as a protectress of Bulgarian nation and contry is been clearly seen by the mention in the Bulgarian and International acts (documents) and manuscripts of that XII – XII century.

To learn more about Saint Petka  Parskeva Epivates of Thrakia feast day today 14 of October check my previous article here.

Let by the Holy Prayers of Saint Petka the Families be granted grace to endure the hardships of life! Saint Petka pray Christ for us!

How to create SD Card DATA dump image to .ISO with dd and mount it with imdisk from command line on Windows CygWin with MobaXterm

Saturday, September 18th, 2021

dd-command-logo
I'm forced to use Windows every now and then and do some ordinary things which I do usually on Linux such as dumping the content of my Android phone SD Card SanDisk, Kingston etc. to .ISO image etc.

On Linux creating and mounting a data copy of a whole SD Card is a relatively simple thing and there are plenty of ways to do it such as using the dd ( command-line utility for Unix and Unix-like operating systems whose primary purpose is to convert and copy files as said in the command manual .- e.g. ''man dd'. ). On Microsoft Windows environment perhaps one of easiest ways is to use WinCDEmu (which is relatively free under LGPL License).
WinCDEmu is capable of doing plenty of things such as:
 

  • One-click mounting of ISO, CUE, NRG, MDS/MDF, CCD, IMG images.

  • Supports unlimited amount of virtual drives.

  • Runs on 32-bit and 64-bit Windows versions from XP to Windows 10.

  • Allows creating ISO images through a context menu in Explorer.

  • Small installer size – less than 2MB!

  • Have a portable version

WinCDEmu is a nice piece of software that perhaps every Win poweruser can enjoy, plus it has a nice Graphical frontend:

wincdemu-graphical-create-iso-and-mount-so-ms-windows-software

But what if you're a console geek, like me and you end up forced to be using Windows on your Work PC and you still need to create .iso dump of your Mobile SD Card or external attached Hard Drive, without the graphical mambo jumbo in the old fashioned way with dd?

Luckily Windows advanced command lined users could massively benefit from Cygwin + Mobaxterm (if you don't know or used MobaXterm and you still use things like Putty / SuperPutty or SecureCRT – perhaps you can reconsider and make your sysadmin life easier with MobaXerm gnome-terminal like SSH tabbed Windows alternative.

Once having mobaxterm + cygwin you have dd installed on the Windows host as it is part of the busybox minimal environment and you can use it in the same manner as your used in Linux environment.

sdcard-sandisk-drive-my-computer-windows-screenshot
 

1. Using dd to copy files on Linux / UNIX OS with a dialog status bar

To use dd the usual syntax on Linux / BSD / Unix is:
 

dd if=/dev/dev-name_ID of=/path/to/directory/dump/location.iso bs=2048

 

As 2048 BS (Bytes) per second is quite a low value usually on Modern operating systems, this bytesize is usually increased to some MBs  ( Megabytes).

For example if the reading from carrier  is Solid State Drive Disk (SSD) supporting 100 MBs per second and the output SD Card is a 32 Bit Kingston Plus+ drive with whose write speed is up to 50 ~ 100 MBs, you can use cmd as:

dd if=/dev/dev-name_ID of=/path/to/directory/dump/location.iso bs=100M


If you need to have a progress on the dd copy (in case if you copy some large SD Card 128 GB or 256GB or a full copy of a hard drive partition that is really big lets say 8 Terabytes of data, dialog and pv comes quite handy.

To use them install them first:

# apt-get install –yes pv dialog


Next to have a beautiful ncurses dialog box with the status (very useful if you're shell scripting), use:
 

(pv -n /dev/sda | dd of=/dev/sdb bs=128M conv=notrunc,noerror) 2>&1 | dialog –gauge "Running dd command (cloning), please wait…" 10 70 0

pv-dialog-dd-command-ncurses-status-screenshot-gnu-linux
 

2. Listing the avaialble copy drives /dev/sda /dev/sdb1 … etc. disk locations on Windows 7 / 10 / 11 OS

[User.T420-89] ➤ for F in /dev/s* ; do echo "$F    $(cygpath -w $F)" ; done

check-drives-loop-on-cygwin-to-be-used-later-with-dd-copy-iso-creating-imageCheck drives device naming on WIndows PC – Screenshot extract from Mobaxterm

As you can see the drive location we've seen in Windows Explorer is located at drive E: above bash for loop reveals us this is located and readable from CygWin / MobaxTerm at /dev/sdb1


3. Create .iso image file on WIndows OS with dd command
 

To create a full data copy dump of to .iso (image file) with dd on Windows , I had to run:

[User.T420-89] ➤ dd if=/dev/sdb1 of=sdcard-blu-r1-hd-sdcard-backup_10092021a.img bs=100M

75+1 records in
75+1 records out
7944011776 bytes (7.4GB) copied, 391.794316 seconds, 19.3MB/s


dd-copy-drive-data-screenshot-100mb-bitesize-windows-mobaxterm


4. Mount the newly create dd Image with imdisk

In order to test the image is properly created, you can attempt to mount it from command line on Linux, mounting it is quite easy and is up to mounting the just created .img file as a loopback (loop) device, like so: 

# mount -o loop file.iso /mnt/dir

Unfortunately cygwin and mobaxterm's embedded mount command on Win OS does not support the loopback device so to have it you have to install and use some additional program  such as the upmentioned WinCDEmu or if you prefer to do it fully from command line and further on automate the process of creating a dump of images of attached drives out of a multiple computers (lets say belonging to a Windows Active Directory domain). You might install and use something like:


imdisk 

imdisk-gui-interface-ms-windows-screenshot

imdisk handy tool is  created by Olof Lagerkvist. It is free and open-source software, which  will let you mount image files of hard drive, cd-rom or floppy, and create one or several ramdisks with various parameters either from a command line or via its Graphical interface.

To use imdisk download it from its home page on sourceforge extract and install it, pretty much as any other software it has both 32 bit version as a legacy for old computers as well as 64 bit exe installer.
The general command line use of it follows a cmd syntax like:

  • Mounting .iso image files from command line on WIndows host with imdisk


[User.T420-89] ➤ ImDisk.exe -a -f "sdcard-blu-r1-hd-sdcard-backup_10092021.img" -m #:

Where:
 

  • #: – is the actual drive you would like to mount to.
     
  • -a option stands for attach to, it will configure and attach a virtual disk with the parameters specified and attach it to the system.
     
  • -f – is self explanatory, provides the iso image file naming 

If you want to attach the newly created image to lets say  L:\ windows new mapped drive

ImDisk.exe -a -f "sdcard-blu-r1-hd-sdcard-backup_10092021.img" -m l:

  • Unmount mounted .img image with imdisk from cmd line

[User.T420-89] ➤ imdisk.exe -l
\Device\ImDisk0
                                                                                                                              ✘

[User.T420-89] ➤ imdisk.exe -D -m l:
Notifying applications…
Flushing file buffers…
Locking volume…
Failed, forcing dismount…
Removing device…
Removing mountpoint…
Done.

imdisk-detach-attached-drive-mobaxterm-windows-screenshot

 

What we learned ?

What we have learned in this article is how to use Mobaxterm embedded dd Data Convert and Copy command to prepare full image backups of SD card or external drives on Windows OS. Also few alternative ways were entions such as using WinCDEmu free  open source alternative to DaemonTools program to create / mount or convert the image for the GUI lovers. Also for hard core sysadmins as me was shown how to list drives devices attached to the Win PC {/dev/sda,/dev/sdb} etc. and how to copy partition data with dd just like one would do on Linux OS. Finally to test the created image, I've shown you how to use the imdisk free software tool to attach and detach image to a mapped local Windows drive.

Hope this article learned you something new.

7th of July The Feast of Saint Nedelya Kyriakia one of the most honored woman saints in Bulgarian Orthodox Church and few words of the history of Sofia Second biggest Cathedral Church St. Nedelya

Thursday, July 8th, 2021

Saint_nedelja_(kyriaki)_bulgarian_icon_19th-century

Saint Nedelya is a major Cathedral in Sofia Bulgaria dedicated to an early Christian saint Kyriaki (martyred year 289 AD). It is is a second biggest Cathedral Church in Bulgaria and a place where they serve the Holy Liturgy daily. The Patriarch and most notable spiritual leaders of the Bulgarian orthodox church do hold services there regularly.

Coffin_with_holy-relics_of-saint-Stefan_Uros_II_Milutin

Coffin with Holy Relics of Saint Stephan Urosh II Milutin in the St Nedelya Sofia Church right corner near alter wall

Saint Nedelya Church  is a beautiful peace of Christian art the Church is also known in XX-th century as Holy King (because the incorruptable Holy Relics of Sebian King Saint Stephan Urosh II ( Milutin ) are found in the Church).

Sveta_Nedelia_ikona-arapovski-manastir.
Saint Nedelya Icon Arapovski Monastery Bulgaria

The fact that Saint Nedelya is the second Church by spiritual importance for Bulgaria is not a coincidence and this is related to the high veneration of saint martyr Nedelya (Kyriakia) Bulgarians had for the saint through the years especially in the Second Bulgarian kingdom during the reigh of King Asen's Dynasty (12-th 13-th century). The incorruptable Holy relics of the saint Kyriakia has been transferred to Trnovo (Tarnovo) the capital of Bulgaria at that time by saint Patriarch Euthymius (Evtimij) of Tarnovo (who was the last patriarch head of Bulgarian Orthodox Church during the Second Bulgarian Kingdom, right  before the fall of Bulgaria under the Turkish slavery (Yoke).
 

Saint Martyr Nedelya ( Kyriakia) died in July 7th 289 A.D.

Saint_Nedela_Kyriaki_Icon_by_Dicho_Zograf_in_Saint_Kyriaki_Church_in_Debrene_1844

Saint Nedelya Debrene Church iconographer Dicho Zograph from year 1844

Inspired by the great deed and the great grace received by receiving the incorruptable relics of the saint, saint Euthymius wrote a glorofication called "Praise to the Holy Great Martyr (Nedelya)". The Nedelya word meaning in Bulgarian Language is Sunday and is a literal translation from Greek's Kyriaky.

St_Kyriaki_Church_-Constantinople-crop

Saint Kyriaky dedicated Church, Istanbul Turkey

The veneration for saint Kyriaky has been quite common in medieval times one of the major Churches in Constantinople (today Istanbul) is dedicated also to saint Kyriaki.

According to Church tradition described by patriarch Evtimij, we know saint Nedelya has been born in Asia Minor and has been a child who has been long awaited kid that was gifted by God. Saint Kyriaki's was born in responce to her parents Dorotheus and Eusebia many fervent beseach prayers begging for a kid that will help Christ's salvation plan for the mankind.

 She was brought up in the truths of Christ from an early age.

At a very young age, she decided to dedicate her life to God. She happened to live at the time before Saint Constantine The Great when still the ligth of Christianity did not yet overcome the false believes of paganism in the time of the peresuction by emperor Diocletian. This was the time of persecution against Christian confessors and brutal violence against Christians – they were persecuted, imprisoned, exiled or forced to renounce their faith. Nedelya was thrown into prison and tortured, and her parents were exiled to the town of Miletin. The miraculous healing of her wounds, as well as her refusal to worship pagan idols, led the authorities to sentence her to death as they believed she is doing her wonderful healing by some strange whichcraft.

Kyriaki was tortured again by Apollonius, the successor of Hilarion. She was thrown into a fire, but the flames were extinguished, and then to wild beasts, but they became tame and gentle. Apollonius then sentenced her to death by the sword. As she was given a little time to pray, she asked God to receive her soul and to remember those who honoured her martyrdom. Upon completing her prayer, she rendered her soul to God before the sword was lowered on her head. Pious Christians took her relics and buried them. At the time of her death, she was 21 years old.[

At her place of death, after prayer, Sunday surrendered her spirit to God before the sentence is carried out exactly on her feast date (July 7, 289). For early Christians the day of death or martyrdom was considered the date of the real birthday for eternal life in heve. Nedelya died at the age of 22, as saint Patriarch Euthymius of Trnovo writes, "Dying in a short time, she fulfilled long years, because her Lord's soul was satisfied, purity – great enough, feats enough …"

The Second Biggest Bulgarian Cathedral is dedicated to saint Nedelya

Sveta-Nedelia-Monolithic-second-biggest-Cathedral-in-Bulgaria

Saint Nedelya Church, Sofia – Capital of Bulgaria

As many of the Churches in Bulgaria the history of Saint Nedelya's Church in Capital of Bulgaria, Sofia  goes back to distant X-th century and as many of the Churches of the time was most lilely laying on a stones and built of wood as Churches used to be built of that time. Today's architecture of the Church is of the XIX century.

St_Nedela_Cathedral_Old_Church_in_Sofia_Bulgaria_September_2005-pic

The church became famous during the assassination attempt by Bulgarian Communist Party (BCP / BKP) on April 16, 1925 during the funeral of General Konstantin Georgiev, when it was destroyed. Then on this sad date for the Bulgarian history, 193 people mainly from the country's political and military elite were killed and about 500  bystander believers, who attended the liturgy were injured. The assault was perhaps the worst terrorist act in the history of Bulgaria, and at that time in the world. The aim of the temple blowing assault was to kill King Boris III, who was not in the Church at the time because he was slightly late for the service by the providence.

After this bloody terrorist act of the Bulgarian Communist Party, the church board of trustees assigned the architectural bureau "Vasilyov – Tsolov" (architect Ivan Vasilyov and architect Dimitar Tsolov) the restoration of the church. Renovation began in June 1927. By the spring of 1933, an almost new, huge central-domed temple was built with a length of 30 meters, a width of 15.50 meters and a height of the dome of 31 meters. The surviving two-row gilded iconostasis has been returned to the temple.

The church was solemnly consecrated again on April 7, 1933. The fresco decoration was made from 1971 to 1973 by an artistic team led by Nikolai Rostovtsev. Around 2015, the Church iconography has been fully restored and is amazingly beautiful worthy to see, if you happen to visit Bulgaria.