net Archives - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ

Posts Tagged ‘net’

How to Harden a Linux Server in 2025 – Practical Steps for Sysadmins to protect against hackers and bots

Thursday, December 11th, 2025

Securing a Linux server has never been more importan than ever these days..
With automated attacks, AI-driven exploits, and increasingly complex infrastructure, even a small misconfiguration can lead to a serious breach.
But wait, you don't have to wait to get bumped by a random script kiddie. Good news is you can mitigate a bit attacks with just a few practical and pretty much standard steps, that can can drastically increase your server’s security.

Below is a straightforward, battle-tested hardening guide suitable for Debian, Ubuntu, CentOS, AlmaLinux, and most modern distributions.

1. Keep the System Updated (But Safely)

Outdated packages remain the #1 cause of server compromises.
On Debian/Ubuntu:

# apt update && apt upgrade -y

# apt install unattended-upgrades

On RHEL-based systems:

# dnf update -y

# dnf install dnf-automatic

Enable security-only auto-updates where possible. Full auto-updates may break production apps, so use them carefully.

2. Create a Non-Root User and Disable Direct Root Login

Attackers constantly brute-force “root”. Avoid letting them.

# adduser sysadmin

# usermod -aG sudo sysadmin

Then edit SSH:

# vim /etc/ssh/sshd_config

Set:

PermitRootLogin no

PasswordAuthentication no

And restart:

# systemctl restart sshd

Use SSH keys only.

3. Install a Firewall and Block Everything by Default

UFW (Debian/Ubuntu):

# ufw default deny incoming

# ufw default allow outgoing

#ufw allow ssh

# ufw enable

Firewalld (RHEL/AlmaLinux):

# systemctl enable firewalld –now

# firewall-cmd –permanent –add-service=ssh

# firewall-cmd –reload

Turn off any unneeded ports immediately.

4. Protect SSH with Fail2Ban

Fail2Ban watches log files for suspicious authentication attempts and blocks offenders.

# apt install fail2ban -y

# dnf install fail2ban -y

Enable:

# systemctl enable –now fail2ban

To harden SSH jail:

[sshd]

enabled = true

maxretry = 5

bantime = 1h

findtime = 10m

5. Enable Kernel Hardening

Install sysctl rules that protect against common attacks:

Create /etc/sysctl.d/99-hardening.conf:

kernel.kptr_restrict = 2

kernel.sysrq = 0

net.ipv4.conf.all.rp_filter = 1

net.ipv4.tcp_synack_retries = 2

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.all.send_redirects = 0

net.ipv4.conf.all.log_martians = 1

Apply:

# sysctl –system

6. Install and Configure AppArmor or SELinux

Mandatory Access Control significantly limits damage if a service gets compromised.

Ubuntu / Debian uses AppArmor by default — ensure it's enabled.
RHEL, AlmaLinux, Rocky use SELinux — keep it in enforcing mode unless absolutely necessary.

Check SELinux:

# getenforce

You want:

Enforcing but hopefully you will have to configure all your machine services to venerate and work correctly with selinux enabled.

7. Scan the System with Lynis

Lynis is the best open-source Linux security auditing tool.

# apt install lynis

# lynis audit system

It provides a security score and actionable suggestions.

8. Use 2FA for SSH (Optional but Highly Recommended)

Use Two Factor Authentication:

a. Freely with Oath toolkit – you can read how in my previous article how to set up 2fa free software authentication on Linux

b. Install Google Authenticator:

# apt install libpam-google-authenticator

# google-authenticator

Enable in /etc/pam.d/sshd:

auth required pam_google_authenticator.so

And in SSH config:

ChallengeResponseAuthentication yes

Restart SSH.

9. Separate Services Using Containers or Systemd Isolation

Even simple servers can benefit from isolation.

Systemd sandbox options:

ProtectSystem=full

ProtectHome=true

ProtectKernelTunables=true

PrivateTmp=true

Add these inside a service file under:

/etc/systemd/system/yourservice.service

It prevents processes from touching parts of the system they shouldn’t.

10. Regular Backups Are Part of Security

A secure server with no backups is a disaster waiting to happen.

Use:

rsync
borgbackup
restic
Cloud object storage with versioning

Always encrypt backups and test restore procedures.

Conclusion

Hardening a Linux server in 2025 requires vigilance, good practices, and layered security. No single tool will protect your system — but when you combine SSH security, firewalls, Fail2Ban, kernel hardening, and backups, you eliminate the majority of attack vectors.

Tags: backups, cause, conf, configure, hackers, Install, Install Google Authenticator, ipv4, linux?, net, options, Securing, security, selinux, servers, systemctl, systemd
Posted in Computer Security, Linux, System Administration, System Optimization | No Comments »

Windows 10 install local Proxy server to Save bandwidth on a slow and limited Mobile Phone HotSpot network Shared connections

Wednesday, August 20th, 2025

If you're running on Internet ISP that is providing via a Internet / Wifi Router device with a 3G / 4G / 5G etc. but your receiving point location is situated somewhere very far in a places like High mountains lets say Rila Mountain or Alps on a very distant places where Internet coverate of Inetner Service Provider is low or very low but you need still to Work / Play / Entertain on the Net frequently.
Hence you will cenrtainly be looking for a ways to Speed Up / Optimize the Internet connectivity somehow.
You cannot do miracles but certainly the daily operations and a pack up of repeating traffic can be achieved by using installing and using simple local proxy server.

The advantages of using a proxy are even more besides the speed up of Internet connection lines, here is the Pros you get by using the proxy:

Using Caches frequently accessed content (e.g., images, scripts, web pages).
Blocks ads and trackers (reduces bandwidth).
Compresses data (if needed)
Can serve multiple local devices if needed.

To save bandwidth on a slow and limited connectivity Internet router or mobile phone hotspot using Windows 10, you can install a local proxy server that:

Here’s a step-by-step guide to set this up:

Install a local caching proxy server on Windows 10 to reduce bandwidth usage over a mobile hotspot.

1. Install Squid (Caching Proxy Server)

Squid is a powerful and widely used open-source caching proxy.

Download Squid for Windows

Download Squid for Windows from:

https://squid.acmeconsulting.it/download (Unofficial, stable build)

or compile it manually (if you're having an own Linux or BSD router that is passing on the traffic)

2. Install Squid Proxy sever on Windows

2.1. Extract or install the downloaded Squid package.

…

2.2. Install it as a Windows Service

Open Command Prompt (Admin) and run:

C:\\Users\\hipo\\Downloads> squid -i

Initialize cache directories:

C:\\Users\\hipo\\Downloads> squid -z

3. Configure Squid Proxy via squid.conf

3.1. Open squid.conf

usually in

C:\\Squid\\etc\\squid\\squid.conf

3.2. Edit key lines:

http_port 3128
cache_dir ufs c:/squid/var/cache 100 16 256
access_log c:/squid/var/logs/access.log
cache_log c:/squid/var/logs/cache.log
maximum_object_size 4096 KB
cache_mem 64 MB

3.3. Allow local access:

acl localnet src 192.168.0.0/16
http_access allow localnet

(Adjust IP ranges according to your network.)

Here's a ready-to-use Squid configuration file optimized for Running on Windows 10:

Caching web content to save bandwidth
Blocking ads and trackers
Allowing local device connections

Location for the squid Config File

The Windows squid installer should have setup the Squid proxy by default inside C:\Squid so the full path to squid.conf should be:
Place this as

squid.conf

in:

C:\\Squid\\etc\\squid\\squid.conf

# BASIC CONFIGURATION
http_port 3128
visible_hostname localhost

# CACHE SETTINGS
cache_mem 128 MB
maximum_object_size 4096 KB
maximum_object_size_in_memory 512 KB
cache_dir ufs c:/squid/var/cache 100 16 256
cache_log c:/squid/var/logs/cache.log
access_log c:/squid/var/logs/access.log

# DNS
dns_nameservers 8.8.8.8 1.1.1.1

# ACLs (Access Control Lists)
acl localhost src 127.0.0.1/32
acl localnet src 192.168.0.0/16
acl Safe_ports port 80 # HTTP
acl Safe_ports port 443 # HTTPS
acl Safe_ports port 21 # FTP
acl CONNECT method CONNECT

# BLOCKED DOMAINS (Ad/Tracking)
acl ads dstdomain .doubleclick.net .googlesyndication.com .googleadservices.com
acl ads dstdomain .ads.yahoo.com .adnxs.com .track.adform.net
http_access deny ads

# SECURITY & ACCESS CONTROL
http_access allow localhost
http_access allow localnet
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all

# REFRESH PATTERNS (Cache aggressively)
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.jpg$ 10080 90% 43200
refresh_pattern -i \.png$ 10080 90% 43200
refresh_pattern -i \.gif$ 10080 90% 43200
refresh_pattern -i \.css$ 10080 90% 43200
refresh_pattern -i \.js$ 10080 90% 43200
refresh_pattern -i \.html$ 1440 90% 10080
refresh_pattern . 0 20% 4320

# LOGGING
logfile_rotate 10

4. Start the Squid Win Service from Admin command prompt

C:\Users\hipo> net start squid

5. Test the Proxy

Set the proxy server in your Windows proxy settings:

Go to Settings > Network & Internet > Proxy
Enable Manual proxy setup:

Address: 127.0.0.1

Port: 3128

Browse the web — Squid will now cache content locally.

Make sure

C:\Squid\var\cache

and

C:\Squid\var\logs

exist.

You can expand the ad block list by importing public blocklists. Let me know if you want help with that.

To share this proxy with other local devices, ensure they’re on the same network and allowed via ACL.

6. Block Ads and Save More Bandwidth with the Proxy

You can modify Squid to:

Block ad domains (using

acl

rules or a blacklist)

Limit download sizes

Restrict background updates or telemetry

Example rule to block a domain:

acl ads dstdomain .doubleclick.net .ads.google.com http_access deny ads

7. Use Aternative lightweight Proxy Privoxy (Lightweight filtering proxy)

What is Privoxy?

Privoxy is a lightweight, highly customizable proxy server focused on privacy protection, content filtering, and web page optimization.

Unlike caching proxies (like Squid), Privoxy doesn’t store data locally—but it filters and blocks unnecessary traffic before it even reaches your browser.

7.1. Why Use Privoxy to Speed Up Internet?

Here's how Privoxy helps:

Feature	Benefit
Blocks Ads & Banners	*Reduces page load size and clutter*
Stops Trackers	Prevents background data requests
Filters Pop-ups	Improves usability and safety
Speeds Up Web Browsing	By stripping unwanted content
Low Resource Usage	Works on older or low-spec systems

Privoxy is easier to set up than Squid and usually much more simple and fits well if you want something simpler and more light weight and is also great for ad/tracker blocking.
To install and use it it comes to 4 simple steps

Download from: https://www.privoxy.org/
Install and run it.
Configure browser/system to use proxy lets say on:

127.0.0.1:8118
Customize

config.txt

to add block rules.

7.2. Configure Your Web Browser or System Proxy

Set your browser/system to use the local Privoxy proxy:

Proxy address:

127.0.0.1

Port:

8118

On Windows:

Go to Settings > Network & Internet > Proxy

Enable Manual Proxy Setup

Enter:

Address:

127.0.0.1

Port:

8118

Save

7.3: Enable Privoxy Filtering and Blocking Rules

Privoxy comes with built-in rules for:

Ad blocking
Tracker blocking
Cookie management
Script filtering

You can customize filters in the configuration files via following configs:

Main config:

C:\\Program Files (x86)\\Privoxy\\config

Action files:

C:\\Program Files (x86)\\Privoxy\\default.action

Filter files:

C:\\Program Files (x86)\\Privoxy\\default.filter

7.4. Example to Block All Ads with Privoxy

Look in

default.action

and ensure these are uncommented:

{ +block }

Or add specific ad server domains:

{ +block{Ad Servers} }
.com.doubleclick.net
.ads.google.com
.adnxs.com

You can further use community-maintained blocklists for stronger Ads filtering.

Privoxy does not compress traffic, so to speed up even further with privoxy you might Compress traffic to do so use ziproxy (the http traffic compressor).

Now all your HTTP traffic is routed through Privoxy and you will notice search engines and repeatingly accessed websites pictures and Internet resources such as css / javscript / htmls etc. will give a boost !

Tags: Blocks, Blocks Ads Banners, com, configured, connections, domain, Edit, filtering, Install Squid Proxy, logs, miracles, net, Open Command Prompt Admin, Proxy Privoxy Lightweight, proxy server, requests, Restart, Settings Network Internet Proxy, sourceforge, squid, Use Aternative, var, web content, Windows, Windows Service, www, youtube
Posted in Computer Security, Curious Facts, Windows | No Comments »

Fix Update KB5060999 Not Installing On Windows 11 Version 23H2/22H2 / Fix windows Update failed

Thursday, July 24th, 2025

fix-Update-KB5060999-Not_Installing_On_Windows_11_Version_23H2_22H2-howto-update-screenshot

Recently I've stumbled across a very annoying issue on my work Laptop. Suddenly windows stopped being upadted it took me really long time of hours of researching to find out how to resolve the error:

Fix Update KB5060999 Not Installing On Windows 11 Version 23H2/22H2 / Fix windows Update failed

After a lot of catch / tries I can manage to Find a fix Thanks God!

Here are the few steps I took to resolve it, first I've taken all the steps pointed at the Complete Guide Windows Problems it took really long time but even thouigh I did not manage to resolve the issue it give a lot of understanding on different ways of how windows components stick together and how to debug and solve errors if such ones occurs. Thus I warmly recommend it to anyone working as HelpDesk support admin within corporation or if you are a Windows specialist who makes a living from resolving weird unexpected Windows errors for some little money.

Once I went through a lot of underwater stones and nothing word finally I managed to solve it by following these concrete steps:

1. Check logs and find error message / problems in CBS.log

C:\> notepad c:\windows\Logs\CBS\CBS.log

The root of the issue I found there as a repeating error messages is:

"InternalOpenPackage failed for Package_for_KB3025096~31bf3856ad364e35~amd64~~6.4.1.0 [HRESULT = 0x800f0805 – CBS_E_INVALID_PACKAGE]"

2. Download from Windows catalog the Update

windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7.msu to C:\User\myuser\Downloads

3. Use Winrar or 7Zip to extract the msu in local Directory

E.g.open Administrator command line cmd.exe extract in lets say in \Users\Username\Downloads\
windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7

C:\Users/a768839/Downloads/windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7 > dir
WSUSSCAN.cab

4. Remove old package existing on the Windows 11 OS with the same name using DISM tool with /online /remove-package options

C:\Users\myuser\Downloads\windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7>DISM /online /remove-package /packagepath:C:\Users\a768839\Downloads\windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7\Windows11.0-KB5049624-x64-NDP481.cab Deployment Image Servicing and Management tool Version: 10.0.22621.2792 Image Version: 10.0.22631.5335 Processing 1 of 1 – Removing package Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9294.1 [==========================100.0%================]
The operation completed successfully.

5. Use DISM /online /add-package to manually insatall windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7\Windows11.0-KB5049624-x64-NDP481.cab

Assuming you have already downloaded previously and exctracted the .msu file and you have the .cab file at hand run again as cmd.exe Admin

C:\Users\myuser\Downloads\windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7>DISM /online /add-package /packagepath:C:\Users\a768839\Downloads\windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7\Windows11.0-KB5049624-x64-NDP481.cab Deployment Image Servicing and Management tool Version: 10.0.22621.2792 Image Version: 10.0.22631.5335 Processing 1 of 1 – Adding package Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9294.1 [==========================100.0%==========================] The operation completed successfully.

The idea to remove and install the failing package found in the CBS.log was initially found on
http://datadump.ru/windows-update-error-800f0831/

6. Force a Windows chkdsk (Check disk on next restart) to make sure no physical hard drive or some other inode Windows Filesystem errors are there

Within same Admin cmd.exe

C:\Users\myuser\> chkdsk /f C:\

Once command executes reboot the PC and wait for the chkdsk scan to complete and PC to Boot as usual

7. Stop / start wuauserv and do sfc /scannow to refresh some Windows update components

Run following set of commands within Admin cmd

C:\> net stop wuauserv
C:\> command prompt in admin mode
C:\> dism /online /cleanup-image /startcomponentcleanup
C:\> sfc /scannow
C:\> restart
C:\> sfc /scannow
C:\> net start wuauserv

8. Download Manually failing update from Windows catalog download site:

As of time of writting this article the URL to download is https://catalog.update.microsoft.com/Search.aspx?q=KB5049624%20%20

C:\Users\myuser\Downloads> dir *.msu
windows11.0-kb5060999-x64_99e39c1cf8a8976d9b3313efb38069876c417f70.msu

9. Run Manually again failing Update from command line

Run cmd as Administrator and exec the file:

C:\Users\myuser\Downloads\windows11.0-kb5060999-x64_99e39c1cf8a8976d9b3313efb38069876c417f70.msu

Wait for the install to complete The computer will need to restart

10. Resync the device to the Computer Domain (mandatory step) only if your PC is part of large organizational Domain

Open Microsoft Store / Company Portal and Sync the device (if necessery)

Settings -> Sync

11. Force the PC to sync itself with remote Global Domain policies (mandatory only if PC is part of Domain)

C:\Users\myuser> gpupdate /force
C:\Users\myuser> repadmin /showrepl

Wait for Synchronization and wait for some time for computer compliancy to get back to normal (Computer compliancy might not be an issue if this is a Personal Windows installation) but for computers part of Larger Windows Domains, where a Domain policy requires a compliancy to set of rules)

To come up with this guide and better understand what is going on to resolve it I have to thank my colleague Eduard for assisting me to read the CBS.log and analyze it and also the following forum thread reading explaining what causes the mysterious windows update Update KB5060999 Not Installing On Windows 11 Version 23H2/22H2 to fail.

Tags: amd64, aspx, cmd, command, command prompt, download, exec, forum thread, hard drive, issue, log, logs, long time, lot, make, Management, net, online, OS, Pc, refresh, resolve, run, sync, update, Users Username Downloads, wait, Windows
Posted in Everyday Life, Hacks, System Administration, Windows | No Comments »

How to Fix Windows Update Problems: A Complete Guide

Friday, July 11th, 2025

Windows Update is essential for keeping your Windows system secure, stable, and up to date to be on track with latest security patches and (for those working in large corporations) for the PC to be compliant to Company / Corporation / Domain security defined policies and standards. However, users often encounter issues like updates failing to install, being stuck at a certain percentage, or causing error messages. Whether you're using Windows 10 or Windows 11, this guide walks you through proven steps to fix Windows Update problems.

Common Symptoms of Windows Update Issues

Before diving into the solutions, it helps to identify typical signs of update problems:

Updates stuck at 0%, 35%, or 100%
Update error codes like 0x80070002, 0x800f081f, or 0x8024a105
"Windows Update Failed" or "There were problems installing updates"
PC crashes or slowdowns after an update
Restart loops or repeated update attempts

Step-by-Step Guide to Fix Windows Update Problems

1. Restart Your PC and rerun updates

Sometimes (very rarely) a simple reboot clears temporary glitches in the update process.

Steps:

Click Start > Power > Restart
Try running Windows Update again

2. Run the Windows Update Troubleshooter

Windows includes a built-in tool that can automatically detect and fix common update problems.

Steps:

Open Settings > System > Troubleshoot > Other troubleshooters
Find Windows Update and click Run
Follow the prompts and apply any fixes it suggests

3. Check Your Internet Connection

A slow or intermittent connection can prevent updates from downloading or installing.

Tips:

Ensure a stable connection
Avoid using mobile hotspots during large updates
Try a wired Ethernet connection if possible

4. Free Up Disk Space

Windows Update needs adequate space to download and install updates.

To free space:

Open Settings > System > Storage
Use Storage Sense or manually delete:
- Temporary files
- Old downloads
- Unused programs

5. Manually Restart Windows Update Services

Windows Update relies on several background services. Restarting them can resolve stuck updates.

Steps:

Press

Windows + R

, type

services.msc

and press Enter
Find and restart the following:
- Windows Update
- Background Intelligent Transfer Service (BITS)
- Cryptographic Services
Right-click each > Restart

6. Clear the Windows Update Cache (SoftwareDistribution Folder)

Corrupted update files in the SoftwareDistribution folder can cause problems.

Steps:

Press

Windows + R (key)

type

Right-click > Run as Administrator
Stop update services:

net stop wuauserv
net stop bits
Delete the update cache:

Cmd line

del /f /s /q %windir%\SoftwareDistribution\
Restart services:

net start wuauserv net start bits
Try updating again

7. Use the System File Checker (SFC) and DISM Tools

Corrupt system files can interfere with updates.

Steps:

Open Command Prompt as Administrator
Run SFC from cmd line:

sfc /scannow
After it completes, run DISM:

DISM /Online /Cleanup-Image /RestoreHealth

These commands check for system corruption and repair it.

8. Install Updates Manually via Microsoft Update Catalog

If a specific update keeps failing, download and install it manually.

Steps:

Go to: https://www.catalog.update.microsoft.com/
Search the KB number of the failed update
Download the correct version for your system
Run the installer

9. Pause and Resume Updates

This can force Windows to reattempt updates cleanly.

Steps:

Open Settings > Windows Update
Click Pause updates for 1 week
Restart your PC
Go back and click Resume updates

10. Perform an In-Place Upgrade (Repair Install)

If nothing else works, a repair install reinstalls Windows while keeping your files and apps.

Steps:

Download the Media Creation Tool from Microsoft
Choose Upgrade this PC now
Follow prompts and select Keep personal files and apps

This replaces system files and refreshes Windows Update components.

11. Use WuFix.bat script that refreshes services

wufix.bat

SC config trustedinstaller start=auto
net stop bits
net stop wuauserv
net stop msiserver
net stop cryptsvc
net stop appidsvc
Ren %Systemroot%\SoftwareDistribution SoftwareDistribution.old
Ren %Systemroot%\System32\catroot2 catroot2.old
regsvr32.exe /s atl.dll
regsvr32.exe /s urlmon.dll
regsvr32.exe /s mshtml.dll
netsh winsock reset
netsh winsock reset proxy
rundll32.exe pnpclean.dll,RunDLL_PnpClean /DRIVERS /MAXCLEAN
dism /Online /Cleanup-image /ScanHealth
dism /Online /Cleanup-image /CheckHealth
dism /Online /Cleanup-image /RestoreHealth
dism /Online /Cleanup-image /StartComponentCleanup
Sfc /ScanNow
net start bits
net start wuauserv
net start msiserver
net start cryptsvc
net start appidsvc

12. Contact Microsoft or other tech guru Help

If problems persist even after trying the above methods, consider:

Contacting Microsoft Support
Consulting with a local technician
Performing a clean install (as a last resort)

13. Few Final Tips for Smooth Windows Updates

Always back up important data before major updates
Keep drivers and antivirus software up to date
Avoid interrupting the PC during updates
Check for known issues on Microsoft’s support site before installing major feature updates

14. Advanced Commands and Additional Ways to Fix Windows Update Problems

These methods go deeper into system-level repairs and are ideal when the basic fixes fail.

14.1. Reset Windows Update Components Manually (Full Command Script)

Instead of just clearing the cache, reset all update-related services and components.

Steps:

Open Command Prompt as Administrator, and run these commands one at a time:

net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver

Rename update-related folders:

ren C:/\Windows/\SoftwareDistribution SoftwareDistribution.old ren C:/\Windows/\System32/\catroot2 catroot2.old

Restart the services:

net start wuauserv
net start cryptSvc
net start bits
net start msiserver

This fully resets the update components.

14.2. Use PowerShell to Re-register Update DLLs

Sometimes DLLs (Dynamic Link Libraries) related to updates become unregistered.

Run this in PowerShell (Admin):

regsvr32 wuaueng.dll regsvr32 wups.dll regsvr32 wups2.dll regsvr32 wuwebv.dll regsvr32 wucltui.dll

14.3. Use PowerShell to Force Update Scan and Install

Open PowerShell as Administrator, and run:

Install-Module PSWindowsUpdate -Force Import-Module PSWindowsUpdate Get-WindowsUpdate Install-WindowsUpdate -AcceptAll -AutoReboot

You may be prompted to install NuGet or trust the repository—accept these prompts.

14.4. Enable Update Services via Registry Editor (Caution)

If your update services are being disabled by group policy or a third-party app, you can reset the registry settings.

Steps:

Press

Win + R

→ type

regedit

→ Enter
Navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Delete values like NoAutoUpdate, AUOptions, etc.
Also check:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
- Ensure Start is set to 2 (automatic)

Always back up your registry before editing!

14.5. Check Group Policy Settings (Windows Pro or Enterprise)

Group Policy can block updates.

Steps:

Press

Win + R

→ type

gpedit.msc

→ Enter
Navigate to:

Computer Configuration > Administrative Templates > Windows Components > Windows Update
Check and disable any restrictive settings like:
- No auto-restart with logged on users
- Configure Automatic Updates
- Do not connect to any Windows Update Internet locations

14.6. Use the Windows Update Assistant

Download the latest Windows Update Assistant from the Microsoft website or Windows 11 equivalent.

This tool bypasses built-in update problems
It can force the latest feature update or build version

14.7. Delete Windows Update Pending.xml File

Sometimes updates fail due to a corrupted

Pending.xml

file.

Steps:

Open Command Prompt as Administrator
Run:

del %windir%\winsxs\pending.xml

This is advanced; use only if you're stuck with a failed update loop.

14.8. Use Event Viewer to Identify Update Errors

Event Viewer can show exactly which update or process is failing.

Steps:

Press

Win + X

→ Event Viewer
Navigate to:

Windows Logs > System
Filter by Error and Warning
Look for sources like:
- WindowsUpdateClient
- CBS (Component-Based Servicing)
- WUSA

Note any error codes or update KB numbers.

14.9. Use Deployment Image Servicing and Management (DISM) from ISO

DISM can be more powerful when pointed to a known good source like an ISO image.

Steps:

Mount a Windows ISO (right-click > Mount)
Note the drive letter (e.g., D:)
Run in CMD (Admin):

cmd.exe

DISM /Online /Cleanup-Image /RestoreHealth /Source:D:\Sources\install.wim /LimitAccess

Replace

D:\

with the correct drive.

14.10. Revert Problematic Updates Using Recovery or Uninstall

If an update caused system problems:

Option A: Uninstall via Settings

Go to Settings > Windows Update > Update History > Uninstall updates

Option B: From Advanced Startup

Hold

while clicking Restart
Go to Troubleshoot > Advanced Options > Uninstall Updates

15.How to install Windows 11 without losing files (Re-install windows with keeping All stored files)

15.1. Download and Use the Media Creation Tool:

Download the Media Creation Tool from Microsoft's website.

a) Go to this website:
www.microsoft.com/en-us/software-download/windows11

b) Click Download Now.

c) Open the file you downloaded.
Double-click it.

d) Accept everything.
Click Accept and Install.

e) Important:
When it asks about keeping files, select:

f) Keep personal files and apps

Wait until it finishes.

Your PC will restart many times.

g) After install:
Your files and programs will still be there.
Run the tool and choose to create installation media for another PC.
Select your language, architecture, and edition of Windows.
Choose to create either a USB flash drive or an ISO file.
Follow the on-screen instructions to complete the process.

15.2 Perform a Clean Install or In-place Upgrade:

Clean Install: This will erase all your personal files, apps, and settings, so be sure to back up your data if you choose this option.
In-place Upgrade: This will keep your files, apps, and settings while reinstalling Windows. This is a good option if you want to try and preserve your existing setup.
To perform an in-place upgrade, boot from the installation media and choose the "Upgrade" option, according to Microsoft Support.

1️⃣ Go to this website:
https://www.microsoft.com/en-us/software-download/windows11

2️⃣ Download “Installation Assistant.”
Click Download Now.

3️⃣ Open the file you downloaded.
Double-click it.

4️⃣ Accept everything.
Click Accept and Install.

5️⃣ Important:
When it asks about keeping files, select:
✅ Keep personal files and apps

6️⃣ Wait until it finishes.

Your PC will restart many times.

It can take 1–2 hours.

After install, Your files and programs will still be there. But anyways just in case don't forget to create a full backup of everything important before you started.

Summary of Useful Commands

Purpose	Command or Tool
Stop Update Services	`net stop wuauserv etc.`
Delete Update Cache	*`del %windir%\SoftwareDistribution\.* /s /q`**
Run SFC	`sfc /scannow`
Run DISM	`DISM /Online /Cleanup-Image /RestoreHealth`
PowerShell Update Module	`Install-Module PSWindowsUpdate`
Force Install Updates	`Install-WindowsUpdate -AcceptAll`
Reset Update Components (Full)	See above command sequence
Manual Update via Catalog

Conclusion

Windows Update problems can be frustrating, but they’re usually fixable with a methodical approach. From restarting services to clearing cache and running built-in tools, this guide covers all essential fixes. Staying updated ensures your PC remains secure, efficient, and compatible with the latest software.

Tags: apps, cause, cmd, cmd line, code, Configure Automatic Updates, copy, Cryptographic Services, Delete Windows Update Pending, Download Installation Assistant, downloads, exe, How to, Install Updates Manually, Manually Restart Windows Update Services, Media Creation Tool, Microsoft Update Catalog, Navigate, net, Open Settings System Storage, Pc, Rename, running, Settings Windows Update Update History Uninstall, times, type, Useful Commands, Warning, Windows Update Internet, WUSA
Posted in Everyday Life, Windows | No Comments »

Deploying a Puppet Server and Patching multiple Debian Linux Servers

Tuesday, June 17th, 2025

Puppet Overview

Puppet is a powerful automation tool used to manage configurations and automate administrative tasks across multiple systems. This guide walks you through installing a Puppet server (master) and configuring 10 Debian-based client servers (agents) to automatically install system updates (patches) using Puppet.

Prerequisites
Step 1: Install Puppet Server on Debian
Step 2: Configure the Puppet Server
Step 3: Install Puppet Agent on 10 Debian Clients
Step 4: Sign Agent Certificates
Step 5: Create a Puppet Module for Patching
Step 6: Assign the Module and Trigger Updates
Conclusion

1. Prerequisites

Debian server to act as the Puppet master (e.g., Debian 11)
Debian servers as Puppet agents (clients)
Root or sudo access on all systems
Static IPs or properly configured hostnames
Network connectivity between master and agents

2. Install Puppet Server on Debian

a. Add the Puppet APT repository

# wget https://apt.puppet.com/puppet7-release-bullseye.deb
# dpkg -i puppet7-release-bullseye.deb
# apt update

b. Install Puppet Server

# apt install puppetserver -y

c. Configure JVM memory (optional but recommended)

Edit /etc/default/puppetserver:

JAVA_ARGS="-Xms512m -Xmx1g"

d. Enable and start the Puppet Server

# systemctl enable puppetserver
# systemctl start puppetserver

3. Configure the Puppet Server

a. Set the hostname

# hostnamectl set-hostname puppet.example.com

Update /etc/hosts with your server’s IP and FQDN if DNS is not configured:

192.168.1.10 puppet.pc-freak.net puppet

b. Configure Puppet

Edit /etc/puppetlabs/puppet/puppet.conf:

[main] certname = puppet.pc-freak.net
server = puppet.pc-freak.net
environment = production
runinterval = 1h

Restart Puppet server:

# systemctl restart puppetserver

4. Install Puppet Agent on 10 Debian Clients

Repeat this section on each client server (Debian 10/11).

a. Add the Puppet repository

# wget https://apt.puppet.com/puppet7-release-bullseye.deb
# dpkg -i puppet7-release-bullseye.deb
# apt update

b. Install the Puppet agent

# apt install puppet-agent -y

c. Configure the agent to point to the master

# /opt/puppetlabs/bin/puppet config set server puppet.example.com –section main

d. Start the agent to request a certificate

# /opt/puppetlabs/bin/puppet agent –test

5. Sign Agent Certificates on the Puppet Server

Run on the Puppet master below 2 cmds:

# /usr/bin/puppetserver ca list –all

Sign all pending requests:

# /usr/bin/puppetserver ca sign –all

Verify connection to puppet server is fine:

# /opt/puppetlabs/bin/puppet node find haproxy2.pc-freak.net

6. Create a Puppet Module for Patching

a. Create the patching module

# mkdir -p /etc/puppetlabs/code/environments/production/modules/patching/manifests

b. Add a manifest file
/etc/puppetlabs/code/environments/production/modules/patching/manifests/init.pp:

class patching {

exec { 'apt_update':
command => '/usr/bin/apt update',
path => [‘/usr/bin’, ‘/usr/sbin’],
unless => '/usr/bin/test $(find /var/lib/apt/lists/ -type f -mmin -60 | wc -l) -gt 0',
}

exec { 'apt_upgrade':
command => '/usr/bin/apt upgrade -y',
path => [‘/usr/bin’, ‘/usr/sbin’],
require => Exec[‘apt_update’],
unless => '/usr/bin/test $(/usr/bin/apt list –upgradable 2>/dev/null | wc -l) -le 1',
}

}

This class updates the package list and applies all available security and feature updates.

7. Assign the Module and Trigger Updates

a. Edit site.pp on the Puppet master:

# vim /etc/puppetlabs/code/environments/production/manifests/site.pp

node default {
include patching
}

node 'agent1.example.com' {
include patching
}

b. Run Puppet manually on each agent to test:

# /opt/puppetlabs/bin/puppet agent –test

Once confirmed working, Puppet agents will run this patching class automatically every hour (default runinterval).

8. Check the status of puppetserver and puppet agent on hosts is fine

root@puppetserver:/etc/puppet# systemctl status puppetserver
● puppetserver.service – Puppet Server
Loaded: loaded (/lib/systemd/system/puppetserver.service; enabled; preset: enabled)
Active: active (running) since Mon 2025-06-16 23:44:42 EEST; 37min ago
Docs: https://puppet.com/docs/puppet/latest/server/about_server.html
Process: 2166 ExecStartPre=sh -c echo -n 0 > ${RUNTIME_DIRECTORY}/restart (code=exited, status=0/SUCCESS)
Process: 2168 ExecStartPost=sh -c while ! head -c1 ${RUNTIME_DIRECTORY}/restart | grep -q '^1'; do kill -0 $MAINPID && sleep 1 || exit 1; done (code=exited, status=0/SUCCESS)
Main PID: 2167 (java)
Tasks: 64 (limit: 6999)
Memory: 847.0M
CPU: 1min 28.704s
CGroup: /system.slice/puppetserver.service
└─2167 /usr/bin/java -Xms512m -Xmx1g -Djruby.lib=/usr/share/jruby/lib -XX:+CrashOnOutOfMemoryError -XX:ErrorFile=/var/log/puppetserver/puppetserver_err_pid%p.log -jar /usr/share/pup>

юни 16 23:44:06 haproxy2 systemd[1]: Starting puppetserver.service – Puppet Server…
юни 16 23:44:30 haproxy2 java[2167]: 2025-06-16T23:44:30.516+03:00 [clojure-agent-send-pool-0] WARN FilenoUtil : Native subprocess control requires open access to the JDK IO subsystem
юни 16 23:44:30 haproxy2 java[2167]: Pass '–add-opens java.base/sun.nio.ch=ALL-UNNAMED –add-opens java.base/java.io=ALL-UNNAMED' to enable.
юни 16 23:44:42 haproxy2 systemd[1]: Started puppetserver.service – Puppet Server.

root@grafana:/etc/puppet# systemctl status puppet
* puppet.service – Puppet agent
Loaded: loaded (/lib/systemd/system/puppet.service; enabled; preset: enabled)
Active: active (running) since Mon 2025-06-16 21:22:17 UTC; 18s ago
Docs: man:puppet-agent(8)
Main PID: 1660157 (puppet)
Tasks: 6 (limit: 2307)
Memory: 135.6M
CPU: 5.303s
CGroup: /system.slice/puppet.service
|-1660157 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent –no-daemonize
`-1660164 "puppet agent: applying configuration"

Jun 16 21:22:17 grafana systemd[1]: Started puppet.service – Puppet agent.
Jun 16 21:22:28 grafana puppet-agent[1660157]: Starting Puppet client version 7.34.0
Jun 16 21:22:33 grafana puppet-agent[1660164]: Requesting catalog from puppet.pc-freak.net:8140 (192.168.1.58)

9. Use Puppet facter to extract interesting information from the Puppet running OS

facter is a powerful command-line tool Puppet agents use to gather system information (called facts). You can also run it manually on any machine to quickly inspect system details.

Here are some interesting examples to get useful info from a machine using facter:

a) Get all facts about Linux OS

$ facter
…

b) get OS name / version

$ facter os.name os.release.full
os.name => Debian
os.release.full => 12.10

c) check the machine hostname and IP address

$ facter hostname ipaddress

hostname => puppet-client1
ipaddress => 192.168.0.220

d) Get amount of RAM on the machine

$ facter memorysize
16384 MB

e) Get CPU (Processor information)

$ facter processors

{
count => 4,
models => [“Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz”],
physicalcount => 1,
speed => "1.60 GHz"
}

10. Conclusion

You've successfully set up a Puppet server and configured a sample Debian client systems to automatically install security patches using a custom module.
To apply this on the rest of systems where puppet agent is installed repeat the process on each of the left 9 nodes.
This approach provides centralized control, consistent configuration, and peace of mind for you as system administrator if you have the task to manage multiple Debian servers
with an easy.
Of course the given configuration is very sample and to guarantee proper functiononing of your infrastrcutreu you'll have to read and experiment with puppet, however I hope article is a good
standpoint to have puppet server / agent running relatively easy.

Tags: bash, class, code, command, Configure Puppet, Debian Clients, default, example, Install Puppet Server, linux?, manage multiple servers easily, net, network, node, pc-freak, production, Puppet Overview, Restart Puppet, Set, Sign Agent Certificates, status, sudo, system administrators, systemctl, test, update automation, usr bin
Posted in Automation, Linux, System Administration, Various | No Comments »

DNS Monitoring: Check and Alert if DNS nameserver resolver of Linux machine is not properly resolving shell script. Monitor if /etc/resolv.conf DNS runs Okay

Thursday, March 14th, 2024

If you happen to have issues occasionally with DNS resolvers and you want to keep up an eye on it and alert if DNS is not properly resolving Domains, because sometimes you seem to have issues due to network disconnects, disturbances (modifications), whatever and you want to have another mean to see whether a DNS was reachable or unreachable for a time, here is a little bash shell script that does the "trick".

Script work mechacnism is pretty straight forward as you can see we check what are the configured nameservers if they properly resolve and if they're properly resolving we write to log everything is okay, otherwise we write to the log DNS is not properly resolvable and send an ALERT email to preconfigured Email address.

Below is the check_dns_resolver.sh script:

#!/bin/bash
# Simple script to Monitor DNS set resolvers hosts for availability and trigger alarm via preset email if any of the nameservers on the host cannot resolve
# Use a configured RESOLVE_HOST to try to resolve it via available configured nameservers in /etc/resolv.conf
# if machines are not reachable send notification email to a preconfigured email
# script returns OK 1 if working correctly or 0 if there is issue with resolving $RESOLVE_HOST on $SELF_HOSTNAME and mail on $ALERT_EMAIL
# output of script is to be kept inside DNS_status.log

ALERT_EMAIL='your.email.address@email-fqdn.com';
log=/var/log/dns_status.log;
TIMEOUT=3; DNS=($(grep -R nameserver /etc/resolv.conf | cut -d ' ' -f2));

SELF_HOSTNAME=$(hostname –fqdn);
RESOLVE_HOST=$(hostname –fqdn);

for i in ${DNS[@]}; do dns_status=$(timeout $TIMEOUT nslookup $RESOLVE_HOST $i);

if [[ “$?” == ‘0’ ]]; then echo "$(date "+%y.%m.%d %T") $RESOLVE_HOST $i on host $SELF_HOST OK 1" | tee -a $log;
else
echo "$(date "+%y.%m.%d %T")$RESOLVE_HOST $i on host $SELF_HOST NOT_OK 0" | tee -a $log;

echo "$(date "+%y.%m.%d %T") $RESOLVE_HOST $i DNS on host $SELF_HOST resolve ERROR" | mail -s "$RESOLVE_HOST /etc/resolv.conf $i DNS on host $SELF_HOST resolve ERROR";

fi

done

Download check_dns_resolver.sh here set the script to run via a cron job every lets say 5 minutes, for example you can set a cronjob like this:

# crontab -u root -e
*/5 * * * * check_dns_resolver.sh 2>&1 >/dev/null

Then Voila, check the log /var/log/dns_status.log if you happen to run inside a service downtime and check its output with the rest of infrastructure componets, network switch equipment, other connected services etc, that should keep you in-line to proof during eventual RCA (Root Cause Analysis) if complete high availability system gets down to proof your managed Linux servers was not the reason for the occuring service unavailability.

A simplified variant of the check_dns_resolver.sh can be easily integrated to do Monitoring with Zabbix userparameter script and DNS Check Template containing few Triggers, Items and Action if I have time some time in the future perhaps, I'll blog a short article on how to configure such DNS zabbix monitoring, the script zabbix variant of the DNS monitor script is like this:

[root@linux-server bin]# cat check_dns_resolver.sh
#!/bin/bash
TIMEOUT=3; DNS=($(grep -R nameserver /etc/resolv.conf | cut -d ' ' -f2)); for i in ${DNS[@]}; do dns_status=$(timeout $TIMEOUT nslookup $(hostname –fqdn) $i); if [[ “$?” == ‘0’ ]]; then echo "$i OK 1"; else echo "$i NOT OK 0"; fi; done
[root@linux-server bin]#

Hope this article, will help someone to improve his Unix server Infrastucture monitoring.

Enjoy and Cheers !

Tags: /etc/resolv.conf, address, alert, bash, bin, blog, catching dns issues, check dns, crontab, DNS, download, echo, email, Enjoy, linux?, monitor dns, monitoring dns, net, properly, resolv.conf, resolver, script, Timeout, unix, var, www, Zabbix Userparameter
Posted in Bash Scripting, DNS, Linux, Monitoring, System Administration | No Comments »

How to Install and Play old Arcade Multiple Arcade Machine Emulator Games on Linux in 2021 with xmame and GXMame GUI Frontend

Friday, May 14th, 2021

mame-multiple-arcade-machine-emulator
I've earlier blogged on how to install and play old arcade games with xmame compiled from source on the now old Debian 7 Linux under the article Install xmame from source on Debian Linux 7.0 (Wheezy) to play for better MAME (Arcade Games Emulation)
as well article on using the newer version of MAME emulator instead of xmame under the article Playing Arcade old school games on Debian Linux as well as how to make the MAME emulator work with a joystick see my previous How to configure Joystick ( Gamepad ) on Debian, Ubuntu, Mint GNU / Linux easily.

Since I have preinstalled my notebook with fresh Debian 10 Buster, for a long time I did not have the time as well as desire to play my favourite games of the youth to name a few this is Xain'd Sleena / Cadillacs and Dinosaurs (1993) / the Punisher (1993) / Captain Commando (1991) / Super Mario / Contra / Final Fight etc. and rest of the the SEGA Mega Drive / GameBoy / Nintendo / Terminator game (fake clone of nintendo) and other killing Arcade Classics of the late 90s and early year 2000, which we played on a public houses on a game cabinets with a joysticks.
Hence I tried to reproduce some of my articles just as of 2021 to see whether still we can get a nice playable MAME emulator on Linux with a Graphical GUI for Mate or GNOME. And it seems using a straight mame out of Debian standard repositories did not work with some of the more sophisticated ROM .zip files from the nices such as Punisher or XSLEENA.zip, this is how this article got born in an attempt to give a way for such old school game freaks as me to be able to play there favorite games of the youth.

Below is the few steps adapted mostly from above articles with some head banging and loosing multiple hours wondering until I finally got a working XMAME ROM emulator with the simple but working GXMAME graphical frontend for M.A.M.E..

To compile xmame with joystick support be it analog or whatever joystick you have to use a Makefile like below

https://www.pc-freak.net/files/xmame-0.103-Makefile-for-joystick

Copy it on your PC and remove it to Makefile in the xmame-0.103 source dir:

# cd /usr/local/src/xmame-0.103

I have to install all the necessery package dependencies development header files, some of which are mentioned in the beginning of post articles and some of which I had to install manually, such as the preset Debian meta-package build-essentials Things to install on newly installed GNU / Linux (My favourite must have Linux text and GUI programs missing in fresh Linux installs), just to mention a few I remember had to install based on some compilation errors:

# apt-get install build-essential
# apt-get install –yes zlib1g-dev
# apt-get install –yes libexpat1-dev
# apt-get install –yes libghc-x11-dev
# apt-get install –yes x11proto-video-dev
# apt-get install –yes libxv-dev
# apt-get install libxext6
# apt-get install libxext6-dev
# apt-get install libxext-dev
# apt-get install libjpeg62-turbo-dev
# apt-get install libxinerama-dev
# apt-get install libgtk-3-dev
# apt-get install syslog-ng-dev
# apt-get install libgtk2.0-dev

If I'm missing some package necessery here you will have to find it yourself based on the *.h file produced as error during compile you should look it up with a cmd like:

# apt-file search glib2.h

And install it further.

You will need to edit Makefile or take and straight use or if necessery adapt an already prepared Makefile for my purpose:

# wget https://www.pc-freak.net/files/xmame-0.103-Makefile-for-joystick;
# mv https://www.pc-freak.net/files/xmame-0.103-Makefile-for-joystick Makefile
# make && make install

Some .zip roms does not properly work with the newer mame you need to instead use xmame ..

Below is the version I use on Debian 10 as of May 2021 year.

hipo@jeremiah:/usr/local/src$ xmame –version
GLINFO: loaded OpenGL library libGL.so!
GLINFO: loaded GLU library libGLU.so!
xmame (x11) version 0.103 (May 13 2021)

To make the joystick work in xmame you will need to have a preset of modules loaded on the Linux for my old Genius joystick this is what works.

hipo@jeremiah:~/Games$ cat /etc/modules
# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
snd-seq
3c59x
snd-emu10k1
snd-pcm-oss
snd-mixer-oss
snd-seq-oss
joydev
ns558
sidewinder
gameport
analog
adi
pcigame
iforce
evdev
usbhid

Fill in your joystick module there and make sure you manually load each one of the modules with modprobe command.
Next calibrate the joystick with some tool like jktest-gtk

If you need a good frontend for MATE / GNOME for xmame try gxmame. It is a real pain in the ass to configure, note that the only working version of xmame with good configuration as well as gxmame with a game list that is prebuild.
If you need xmame-0.103.tar.bz2 exact xmame version I'm using thethe archive is on:

https://www.pc-freak.net/files/xmame-0.103.tar.bz2
An old bundle of both gxmame and xmamerc configs is here

https://www.pc-freak.net/files/xmame.tar.gz

https://www.pc-freak.net/files/xmame-config-for-joystick-hipo.tar.gz
For example my old working version of xmame ~/.xmame is here https://www.pc-freak.net/files/xmame-config-for-joystick-hipo.tar.gz

Configuration of gxmame (even though it has has a GUI for configuring is below:

https://www.pc-freak.net/files/gxmame.tar.gz

xmamerc sample working file is here

https://www.pc-freak.net/files/xmamerc

My newest current version as of Debian 10 Squeeze of xmame and gxmame is below:

https://www.pc-freak.net/files/gxmame-config-newest_may_2021.tar.gz

https://www.pc-freak.net/files/xmame-config-newest_may_2021.tar.gz

Note that my rom files and stuff is located and configured in neewst configs to be under /home/hipo/Games/roms/ if your location is others grep it in .xmame/* and .gxmame/* files and set the correct PATH locations.

A VERY IMPORTANT NOTE is not to use the stable version of GXMAME even though it worked in 2003 fine as the project is abandoned and unsupported as of 2021 the latest downloadable stable gxmame file on Sourceforge gxmame-0.34b website is not working correctly (even though it compiles fine).
You have to compile and use instead the newer version gxmame-0.35beta1.

If you want to use gxmame with a joystick you need to compile it with the respective option:

root@jeremiah:/usr/local/src/gxmame-0.35beta1# ./configure –enable-joystick
…

gxmame 0.35beta1

Print debugging messages…… : no
Joystick support………….. : yes

GXMame will be installed in /usr/local/bin.
Warning: You have an old copy of gxmame at /usr/local/bin/gxmame.

configure complete, now type 'make'

To install compiled binaries do the usual:

# make && make install

gxmame binary should be installed under /usr/local/bin/gxmame once launched you should get the shiny gxmame GUI.

gxmame-screenshot-debian-10-gnu-linux-mate-desktop

Perhaps there was other stuff I've done in the process I forgot to document here, so if you try to follow my guide and something does not work please tell me what I'm missing and you can't handle it either contact me.

The guide is for Debian Linux but should work on other .Deb based Linux distros such as Ubuntu / Linux Mint etc.

To enjoy my 4GB present of ROM files containing many of best well known M.A.M.E. ARCADE GAMES check archive here. Note that this collection was downloaded on the Internet and I do not hold any responsibility of the archive. If it contains files with any copyright infringment this is to be on your own.

Tags: ALL, amp, analog, and, ANY, apt-get, arcade, Arcade Games Linux, Below, debian linux, errors, gxmame, How to, linux?, net, old arcade games, pc-freak, purpose, tar, xmame
Posted in Arcade Games, Everyday Life, Games, Games Linux | 1 Comment »

Add Zabbix time synchronization ntp userparameter check script to Monitor Linux servers

Tuesday, December 8th, 2020

How to add Zabbix time synchronization ntp userparameter check script to Monitor Linux servers?

We needed to set on some servers at my work an elementary check with Zabbix monitoring to check whether servers time is correctly synchronized with ntpd time service as well report if the ntp daemon is correctly running on the machine. For that a userparameter script was developed called userparameter_ntp.conf the script is simplistic and few a lines of bash shell scripting
stuff is based on gresping information required from ntpq and ntpstat common ntp client commands to get information about the status of time synchronization on the servers.

[root@linuxserver ]# ntpstat
synchronised to NTP server (10.80.200.30) at stratum 3
time correct to within 47 ms
polling server every 1024 s

[root@linuxserver ]# ntpq -c peers
     remote           refid      st t when poll reach   delay   offset jitter
==============================================================================
+timeserver1 10.26.239.41     2 u 319 1024 377   15.864    1.270   0.262
+timeserver2 10.82.239.41     2 u 591 1024 377   16.287   -0.334   1.748
*timeserver3 10.82.239.43     2 u   47 1024 377   15.613   -0.553   0.251
timeserver4 .INIT.          16 u    – 1024    0    0.000    0.000   0.000

Below is Zabbix UserParameter script that does report us 3 important values we monitor to make sure time server synchronization works as expected the zabbix keys we set are ntp.offset, ntp.sync, ntp.exact in attempt to describe what we're fetching from ntp client:

[root@linuxserver ]# cat /etc/zabbix/zabbix-agent.d/userparameter_ntp.conf

UserParameter=ntp.offset,(/usr/sbin/ntpq -pn | /usr/bin/awk 'BEGIN { offset=1000 } $1 ~ /\*/ { offset=$9 } END { print offset }')
#UserParameter=ntp.offset,(/usr/sbin/ntpq -pn | /usr/bin/awk 'FNR==4{print $9}')
UserParameter=ntp.sync,(/usr/bin/ntpstat | cut -f 1 -d " " | tr -d ' \t\n\r\f')
UserParameter=ntp.exact,(/usr/bin/ntpstat | /usr/bin/awk 'FNR==2{print $5,$6}')

In Zabbix the monitored ntpd parameters set-upped looks like this:

ntp_time_synchronization_check-zabbix-screenshot.

!Note that in above userparameter example, the commented userparameter script is a just another way to do an ntpd offset returned value which was developed before the more sophisticated with more regular expression checks from the /usr/sbin/ntpd via ntpq, perhaps if you want to extend it you can also use another script to report more verbose information to Zabbix if that is required like ouput from ntpq -c peers command:

UserParameter=ntp.verbose,(/usr/sbin/ntpq -c peers)

Of course to make the Zabbix fetch necessery data from monitored hosts, we need to set-up further new Zabbix Template with the respective Trigger and Items.

Below are few screenshots including the triggers used.

ntpd_server-time_synchronization_check-zabbix-screenshot-triggers

ntpd.trigger

{NTP:net.udp.service[ntp].last(0)}<1

NTP Synchronization trigger

{NTP:ntp.sync.iregexp(unsynchronised)}=1

As you can see from history we have setup our items to Store history of reported data to Zabbix from parameter script for 90 days and update our monitor check, every 30 seconds from the monitored hosts to which Tempate is applied.

Well that's all folks, time synchronization issues we'll be promptly triggering a new Alarm in Zabbix !

Tags: Add Zabbix, checks, command, How to, net, ntpd, sbin, script, servers, time server
Posted in Linux, Monitoring, System Administration, Zabbix | No Comments »

Start Stop Restart Microsoft IIS Webserver from command line and GUI

Thursday, April 17th, 2014

For a decomissioning project just recently I had the task to stop Microsoft IIS on Windows Server system.
If you have been into security for a while you know well how many vulnerabilities Microsoft (Internet Information Server) Webserver used to be. Nowadays things with IIS are better but anyways it is better not to use it if possible …

Nomatter what the rason if you need to make IIS stop serving web pages here is how to do it via command line:

At Windows Command Prompt, type:

net stop WAS

If the command returns error message to stop it type:

net stop W3SVC

Just in case you have to start it again run:

net start W3SVC

For those who prefer to do it from GUI interface, launch services.msc command from Windows Run:

> services.msc

In list of services lookup for
IIS Admin Service and HTTP SSL
a) (Click over it with right mouse button -> Properties)
b) Set Startup type to Manual
c) Click Stop Button

You're done now IIS is stopped to make sure it is stopped you can run from cmd.exe:

telnet localhost 80

when not working you should get 'Could not open connection to the host. on port 80: Connection failed' like shown up in screenshot.

Tags: Click Stop Button, cmd, command, connection, exe, GUI, host, IIS, launch, line, localhost, lookup, make, Microsoft Internet Information Server Webserver, need, net, nomatter, run, task, web, Windows Run
Posted in IIS, System Administration, Web and CMS | No Comments »

Elder (Starets) Tadej Vitovishki explaining on the perpetual Grace of the Lord Jesus Christ and the Lord’s prayer importance for daily Christian living

Wednesday, March 18th, 2015

Elder (Starets) Tadej Vitovishki explaining on the perpetual Grace of the Lord Jesus Christ and the Lord's prayer importance for daily Christian living – http://s.www.pc-freak.net/url/323 Tateij Vitovnishki is among the few true spiritual enlightened people of our time who had achieved the gift of never ending prayer Lord Jesus Christ have mercy on me the sinner. It is interesting that the Elder advises us to not worry about events in our life or what will happen as God will order averything in our life for our best. So the standard way of thinking we have that we need to work hard to buy apartments and cars and the never ending lust for money is something that will never give us rest or drive us closer to God, that's why the Elder says he doesn't worry about anything but just concentrates on prayer and believes God will provide him with everything needed. Amazing Elder, let him pray for us the sinners!

Tags: cars, life, lord jesus christ, money, net, prayer, sinner, standard, starets Tadeji on Jesus Prayer with russian subtitles, Tateij Vitovnishki, worry
Posted in Christianity | No Comments »

Posts Tagged ‘net’

1. Keep the System Updated (But Safely)

2. Create a Non-Root User and Disable Direct Root Login

3. Install a Firewall and Block Everything by Default

4. Protect SSH with Fail2Ban

5. Enable Kernel Hardening

6. Install and Configure AppArmor or SELinux

7. Scan the System with Lynis

8. Use 2FA for SSH (Optional but Highly Recommended)

9. Separate Services Using Containers or Systemd Isolation

10. Regular Backups Are Part of Security

Conclusion

1. Install Squid (Caching Proxy Server)

Download Squid for Windows

2. Install Squid Proxy sever on Windows

2.1. Extract or install the downloaded Squid package.

…

3. Configure Squid Proxy via squid.conf

3.1. Open squid.conf

3.2. Edit key lines:

3.3. Allow local access:

Location for the squid Config File

4. Start the Squid Win Service from Admin command prompt

5. Test the Proxy

6. Block Ads and Save More Bandwidth with the Proxy

7. Use Aternative lightweight Proxy Privoxy (Lightweight filtering proxy)

What is Privoxy?

7.1. Why Use Privoxy to Speed Up Internet?

7.2. Configure Your Web Browser or System Proxy

On Windows:

7.3: Enable Privoxy Filtering and Blocking Rules

7.4. Example to Block All Ads with Privoxy

1. Check logs and find error message / problems in CBS.log

2. Download from Windows catalog the Update

3. Use Winrar or 7Zip to extract the msu in local Directory

4. Remove old package existing on the Windows 11 OS with the same name using DISM tool with /online /remove-package options

5. Use DISM /online /add-package to manually insatall windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7\Windows11.0-KB5049624-x64-NDP481.cab

6. Force a Windows chkdsk (Check disk on next restart) to make sure no physical hard drive or some other inode Windows Filesystem errors are there

7. Stop / start wuauserv and do sfc /scannow to refresh some Windows update components

8. Download Manually failing update from Windows catalog download site:

9. Run Manually again failing Update from command line

10. Resync the device to the Computer Domain (mandatory step) only if your PC is part of large organizational Domain

11. Force the PC to sync itself with remote Global Domain policies (mandatory only if PC is part of Domain)

Common Symptoms of Windows Update Issues

Step-by-Step Guide to Fix Windows Update Problems

1. Restart Your PC and rerun updates

2. Run the Windows Update Troubleshooter

3. Check Your Internet Connection

4. Free Up Disk Space

5. Manually Restart Windows Update Services

6. Clear the Windows Update Cache (SoftwareDistribution Folder)

7. Use the System File Checker (SFC) and DISM Tools

8. Install Updates Manually via Microsoft Update Catalog

9. Pause and Resume Updates

10. Perform an In-Place Upgrade (Repair Install)

12. Contact Microsoft or other tech guru Help

13. Few Final Tips for Smooth Windows Updates

14. Advanced Commands and Additional Ways to Fix Windows Update Problems

14.1. Reset Windows Update Components Manually (Full Command Script)

14.2. Use PowerShell to Re-register Update DLLs

14.3. Use PowerShell to Force Update Scan and Install

14.4. Enable Update Services via Registry Editor (Caution)

14.5. Check Group Policy Settings (Windows Pro or Enterprise)

14.6. Use the Windows Update Assistant

14.7. Delete Windows Update Pending.xml File

14.8. Use Event Viewer to Identify Update Errors

14.9. Use Deployment Image Servicing and Management (DISM) from ISO

14.10. Revert Problematic Updates Using Recovery or Uninstall

Conclusion

Table of Contents

1. Prerequisites

2. Install Puppet Server on Debian

a. Add the Puppet APT repository

b. Install Puppet Server

# apt install puppetserver -y

c. Configure JVM memory (optional but recommended)

d. Enable and start the Puppet Server

3. Configure the Puppet Server

a. Set the hostname

b. Configure Puppet

# wget https://apt.puppet.com/puppet7-release-bullseye.deb
# dpkg -i puppet7-release-bullseye.deb
# apt update

b. Add a manifest file
/etc/puppetlabs/code/environments/production/modules/patching/manifests/init.pp: