Change 'mysql_native_password' authentication

 Plugin mysql_native_password reported: ''mysql_native_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'


You can identify the affected users by running the following query in your MySQL console

SELECT user, host, plugin FROM mysql.user WHERE plugin='mysql_native_password';

Once you identify the users, update their authentication plugin using this command
ALTER USER 'user'@'location' IDENTIFIED WITH caching_sha2_password BY 'password';
FLUSH PRIVILEGES;


If your application or framework (such as an older version of PHP, Node.js, or a specific driver)
 does not support caching_sha2_password, you can use sha256_password as an alternative

Oracle linux security updates

 

- List available security packages:
dnf updateinfo list security
 

- List installed security updates:
dnf updateinfo list --installed --security


- Count available security updates (by severity):
dnf updateinfo summary
 

- Apply all available security updates:
sudo dnf update --security


- Apply a specific security advisory:
sudo dnf update --advisory=ELSA-YYYY-XXXX
 

- Update only specific package
sudo dnf upgrade openssh openssh-server openssh-clients 

NGINX - To allow a specific User-Agent from one IP address only


Step 1: Define the Map BlocksAdd this configuration inside the http {} block of your /etc/nginx/nginx.conf file. This logic evaluates the incoming User-Agent and IP address to flag unauthorized requests


http {
    # ... your existing http config ...

    # 1. Check if the User-Agent matches the restricted one
    map $http_user_agent $is_restricted_ua {
        default         0;
        "~*YourCustomUserAgent" 1; # Replace with your target User-Agent (regex matching)
    }

    # 2. Check if the client IP is NOT the authorized one
    map $remote_addr $is_unauthorized_ip {
        default        1;
        "192.168.1.50" 0; # Replace with your ONLY allowed IP address
    }

    # 3. Combine both conditions: Flag if it's the target UA AND an unauthorized IP
    map "$is_restricted_ua$is_unauthorized_ip" $block_request {
        default   0;
        "11"      1; # 1 (Restricted UA) + 1 (Unauthorized IP) = Block
    }
}



Step 2: Apply the Block RuleOpen your website's specific server configuration file (e.g., inside /etc/nginx/sites-available/) and use the combined variable to reject requests with a 403 Forbidden error.

server {
    listen 80;
    server_name yourdomain.com;

    # Place this rule globally inside the server block or inside a specific location block
    if ($block_request) {
        return 403;
    }

    location / {
        # ... your standard site configuration ...
    }
}

TLS/SSL certificate CSR

 
# CSR
openssl req -new -newkey rsa:4096 -keyout domain.key -out domain.csr


# Remove key password
openssl rsa -in encrypted.key -out decrypted.key


chain = crt + intermediary

Certificate - PEM to PKCS12

 

Convert Lets encrypt PEM to tomcat PKCS12 

openssl pkcs12 -export \ -in fullchain.pem \ -inkey privkey.pem \ -out server.p12 \ -name my-domain-alias 

Add nginx repository Ubuntu

 Add nginx repository Ubuntu


# 1. Download the NGINX signing key
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null


# 2. Add the NGINX Repository
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list


echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900" | sudo tee /etc/apt/preferences.d/99nginx

 

Reiniciar VCenter

 

Opção 1: Pela Interface VAMI (Recomendado)
  1. Acesse o portal de gerenciamento pelo endereço: https://<IP_DO_VCENTER_OU_FQDN>:5480.
  2. Efetue login com as credenciais de root.
  3. No menu de navegação, clique em Actions (Ações).
  4. Selecione Reboot (Reiniciar). [1, 2]
Opção 2: Pelo Host ESXi
  1. Acesse o VMware Host Client diretamente no host ESXi onde o vCenter está alocado.
  2. Localize a máquina virtual do vCenter na lista e clique com o botão direito nela.
  3. Vá em Power e selecione Reboot Guest OS.

 

Ou por SSH e comando reboot 

Change 'mysql_native_password' authentication

 Plugin mysql_native_password reported: ''mysql_native_password' is deprecated and will be removed in a future release. Please u...

Mais vistos