Changing the Gateway IP in Rocky Linux

 

Step 1: Find the Real Connection Name

Before you change anything, ask NetworkManager what the connection is actually called. Do not guess.

Run this command:

Bash

nmcli connection show

What to look for:

Focus on the NAME column on the far left.

NAME	UUID	TYPE	DEVICE
enp1s0	5fb06bd0...	ethernet	enp1s0
Wired connection 1	2ad18c...	ethernet	enp1s0

• In the first row, the connection name matches the device name (enp1s0).

• In the second row, the connection is named Wired connection 1.

Copy the text from the NAME column exactly.

Step 2: Set the New Gateway

Now that you have the correct name, use nmcli to modify the configuration.

Syntax:

sudo nmcli connection modify "<CONNECTION_NAME>" ipv4.gateway <NEW_IP>

Example (If your name is "enp1s0"):

Bash

sudo nmcli connection modify "enp1s0" ipv4.gateway 192.168.0.70

Example (If your name is "Wired connection 1"):

Bash

sudo nmcli connection modify "Wired connection 1" ipv4.gateway 192.168.0.70

Step 3: Apply the Changes

Modifying the connection only updates the config file on the disk. To make it live, you must reload the interface.

Bash

sudo nmcli connection up "enp1s0"

(Replace enp1s0 with your actual connection name found in Step 1).

Step 4: Verify

Check the kernel routing table to confirm the default route has updated.

Bash

ip route show

You are looking for the line starting with default:

default via 192.168.0.70 dev enp1s0 proto static metric 100

---

Common Gotcha: DHCP Overrides

If you followed the steps above but ip route still shows the old gateway, your server is likely getting its IP via DHCP.

By default, DHCP provides an IP address and a gateway. The DHCP gateway will override your manual setting every time the interface comes up.

The Fix:

You need to tell NetworkManager to keep the DHCP IP address but ignore the DHCP gateway.

Bash

# 1. Ignore the automatic gateway from DHCP
sudo nmcli connection modify "enp1s0" ipv4.ignore-auto-routes yes

# 2. Enforce your manual gateway
sudo nmcli connection modify "enp1s0" ipv4.gateway 192.168.0.70

# 3. Apply changes
sudo nmcli connection up "enp1s0"

---

Summary

• Don't assume the connection name is "System enp1s0".

• Always check nmcli connection show first.

• Remember to reload with nmcli connection up after making changes.

Fix "Failed to Mount /sysroot" on Rocky Linux

 There are few things more heart-stopping for a System Administrator than watching a server boot, only to see it hang and drop into the dreaded Dracut Emergency Shell.

If you are seeing the error Failed to mount /sysroot followed by a prompt that looks like dracut:/#, your system has failed to load the root filesystem. On Rocky Linux (and RHEL/AlmaLinux), this is almost always caused by XFS filesystem corruption following a hard shutdown, power loss, or hypervisor crash.

---

Prerequisite: Understand the Environment

You are currently in the initramfs environment. This is a small, temporary filesystem loaded into memory before the real disk is mounted. Because the real disk is corrupted, the OS cannot transition to it.

Note: Rocky Linux uses XFS as its default filesystem. Unlike EXT4 (which uses fsck), XFS has its own set of tools, specifically xfs_repair.

---

Step 1: Identify Your Root Partition

First, you need to find the specific device name of your root partition. Since you are in a limited shell, standard commands like lsblk might not show what you expect.

Run the block ID command:

Bash

blkid

You are looking for a device labeled root or an LVM path.

• Standard Partition: /dev/sda2 or /dev/nvme0n1p2

• LVM (Most Common): /dev/mapper/rl-root or /dev/mapper/rocky-root

Can't see the /dev/mapper entries? If you use LVM (Logical Volume Manager) and don't see your volumes, they are likely inactive. Activate them manually:

Bash

lvm vgchange -ay

Run blkid again. You should now see your root volume.

---

Step 2: The Repair Process

Crucial Rule: Never run a filesystem repair on a mounted partition. Since the boot failed, your partition is likely unmounted, which is exactly what we want.

Attempt 1: Standard Repair

Run the repair command against your specific root device (replace the path below with the one you found in Step 1):

Bash

xfs_repair /dev/mapper/rl-root

Scenario A: Success If the command runs, shows a flurry of text, and ends with done, you are safe. Proceed to Step 3.

Scenario B: "Filesystem has a dirty log" If xfs_repair fails and says the log is dirty, it means there is pending metadata in the journal. It will suggest you mount and unmount the filesystem to replay the log.

Try to mount it manually to let the journal replay:

1. mount /dev/mapper/rl-root /sysroot

2. umount /sysroot

3. Run xfs_repair /dev/mapper/rl-root again.

Attempt 2: Force Log Zeroing (The "Nuclear" Option)

If the mount fails, or if xfs_repair refuses to run because the log is too corrupt, you must use the -L flag.

Warning: The -L flag forces the filesystem to zero out the log. This means you may lose the metadata for the most recent file operations that were occurring exactly when the server crashed. However, this is often the only way to make the disk mountable again.

Bash

xfs_repair -L /dev/mapper/rl-root

You should see output indicating that the log is being destroyed and the filesystem is being rebuilt.

---

Step 3: Verify and Reboot

Once the repair returns cleanly, verify that the filesystem is mountable.

1. Test Mount:

   Bash

   mount /dev/mapper/rl-root /sysroot
   

   If this command returns no output, it worked.

2. Reboot: You can now exit the Dracut shell. The system will detect the exit and attempt to resume the boot process.

   Bash

   exit
   

   (Alternatively, type reboot to restart the machine entirely).

---

Troubleshooting: "It still won't boot!"

If xfs_repair says the disk is clean but you still get boot errors, the issue might be in your /etc/fstab file (e.g., a secondary drive is failing, and the OS refuses to boot without it).

To check this from the Dracut shell:

1. Mount the system: mount /dev/mapper/rl-root /sysroot

2. Change root: chroot /sysroot

3. Edit fstab: vi /etc/fstab

Comment out any non-essential drives (like data drives or swap) to see if the system will boot with just the root drive.

---

Summary

The "Failed to mount /sysroot" error is intimidating, but xfs_repair is a robust tool.

1. Use blkid to find your device.

2. Use lvm vgchange -ay if using LVM.

3. Run xfs_repair /dev/device-name.

4. Use -L only if absolutely necessary.

Enable Hibernation in Fedora 42 (With Power Menu Integration)

Fedora 42 is a leading-edge Linux distribution, but hibernation isn’t enabled out of the box. Here’s a step-by-step guide to enable hibernation, resolve common SELinux issues, and add a Hibernate button to the GNOME power menu.

Why Hibernation?

Hibernation saves your entire session by writing RAM to disk and powering off. Next time you boot, everything resumes exactly where you left off—perfect for laptops and desktop users who want to save battery or avoid losing work during shutdowns.​

Prerequisites

1. UEFI System: Hibernation setup is simpler on UEFI. Run bootctl to confirm; if you see “Not booted with EFI,” a more manual approach is needed.​
2. Adequate Disk Space: You’ll need a swap file at least as large as your RAM.
3. SELinux Consideration: SELinux can block hibernation; check the troubleshooting below.

Step 1: Create and Enable Swap

Open your terminal and enter:

SWAPSIZE=$(free | awk '/Mem/ {x=$2/1024/1024; printf "%.0fG", (x<2 ? 2*x : x<8 ? 1.5*x : x) }')
sudo btrfs subvolume create /var/swap
sudo chattr +C /var/swap
sudo restorecon /var/swap
sudo mkswap --file -L SWAPFILE --size $SWAPSIZE /var/swap/swapfile
sudo bash -c 'echo /var/swap/swapfile none swap defaults 0 0 >>/etc/fstab'
sudo swapon -av

This ensures a reliable swap setup compatible with Btrfs and systemd.​

Step 2: Configure Dracut for Hibernation

To make systemd aware of your new swap location:

echo 'add_dracutmodules+=" resume "' | sudo tee /etc/dracut.conf.d/resume.conf
sudo dracut -f

Test it with:

systemctl hibernate

After reboot, your session should restore automatically.​

Step 3: Fix “Access Denied” (SELinux)

If you get Call to Hibernate failed: Access denied, fix permissions:

sudo semanage fcontext -a -t swapfile_t '/var/swap(/.*)?'
sudo restorecon -RF /var/swap

If issues persist, generate and install a SELinux policy:

sudo setenforce 0      # Temporarily disable enforcement for testing
sudo systemctl hibernate
sudo setenforce 1      # Return to enforcing mode

# If hibernate works, make it permanent

sudo audit2allow -b -M systemd_hibernate
sudo semodule -i systemd_hibernate.pp

This sets the required access permissions for hibernation and keeps SELinux enabled for security.​

Step 4: Add Hibernate Button to Power Menu (GNOME)

Fedora’s GNOME desktop doesn’t show Hibernate by default. Here’s how to add it:

Install the GNOME browser connector:

sudo dnf install gnome-browser-connector

Visit Hibernate Status Button Extension in your browser and toggle ON.

Enable the extension in the Extensions app, or via CLI:

gnome-extensions enable hibernate-status@dromi

Restart GNOME Shell (Alt+F2, type r, press Enter).

You’ll now see Hibernate in the top-right Power menu, making it easy to hibernate from the GUI.​

Step 5: Configure Power Button for Hibernate

Want the physical power button to hibernate? Edit /etc/systemd/logind.conf:

HandlePowerKey=hibernate

Restart logind to apply:

sudo systemctl restart systemd-logind

Troubleshooting

Swap too small? Use at least as much as your RAM, possibly up to 1.5x for systems under 8 GB.
Button won’t appear? Ensure systemctl hibernate works, and GNOME Shell extension is compatible.
SSD concerns: Hibernation writes the entire RAM to disk—great for convenience, but means more SSD writes over time. If worried, use suspend instead.​

Configure NGinx to serve static files and Apache for dynamic

In CentOS 6.x
Follow the following steps for installation. 
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Now that the repo is installed, we need to install NGinx

yum install nginx

Configuring NGinx

Now that NGinx is installed we need to create a VirtualHost (actually NGinx calls them Server Blocks) for each site we are hosting.

nano /etc/nginx/conf.d/virtual.conf
#Insert one of these for each of the virtualhosts you have configured in Apache

server {

 listen 80;

root /path/to/site/root; 

 index index.php index.html index.htm;

server_name www.yourdomain.com yourdomain.com;

location / {

 try_files $uri $uri/ /index.php;

 }

location ~ \.php$ {

 proxy_set_header X-Real-IP $remote_addr;

 proxy_set_header X-Forwarded-For $remote_addr;

 proxy_set_header Host $host;

 proxy_pass http://127.0.0.1:8080;

}

location ~ /\.ht {
 deny all;
 }
}

This configuration tells NGinx to try and serve the requested file, but to pass the request onto Apache if it's unable to do so. Requests for PHP files should be forwarded automatically. Apache will be told who requested the file in the 'X-Forwarded-For' header.

The final section tells NGinx not to check requests for .htaccess files as no one want anyone to see the contents of these.


Configuring Apache

We want users to hit our NGinx installation (otherwise this effort is wasted) but Apache is currently sat on port 80. So we're going to move it to 8080 (given that's the port we specified in the NGinx configuration we created).

nano /etc/httpd/conf/httpd.conf
# Find the following
Listen (someIP) 80
# Change the port to
Listen 127.0.0.1 8080

# Now at the bottom of the file, you'll find your virtualhost directives,
# Change all port definitions of 80 to 8080
# Don't forget the Default virtualhost definition
# <virtualhost *:80> becomes <virtualhost *:8080>

We change the Listen address as we don't want external hosts to access Apache directly, everything should go through NGinx. Ideally, we also want to forbid outside access to port 8080 at the firewall to ensure that the point of entry to our system is restricted to the authorised route - through NGinx.

Start the Services
We've now configured Apache to listen on a different port, so all we need to do know is restart Apache (so that it moves to port 8080) and start NGinx so that it can start handling requests.

• service httpd restart
• service nginx start

Now if you browse to your site, nothing should have changed visibly. However, if you check the HTTP headers you should see NGinx instead of Apache, checking a phpinfo file should still show Apache as having called the PHP parser though.

 

Installation FFmpeg on Linux RHEL/CentOS 6.X

FFmpeg :

FFmpeg is simply a tool that implements a decoder and then an encoder. It is a complete, cross-platform solution to record, convert, and stream audio and video. This allows users to convert files from one format to another.

Features :

• FFmpeg is free software licensed under the LGPL or GPL depending on your choice of configuration options.


• FFmpeg Hosting can convert any video format to the web-optimized .flv format so that they can get streamed on the website.


• FFmpeg provide command line tool to convert multimedia files between formats.

Steps to Installation FFmpeg on Linux RHEL/CentOS 6.X

  

Step 1 : Create FFmpeg Repository

Open repository Directory

[root@bsrtech ~]# cd /etc/yum.repos.d/

Create name with ffmpeg(any name) repositorty& open with vi command

[root@bsrtech yum.repos.d]# vim ffmpeg.repo

Step 2 : Write the following data on that file

     [ffmpeg]
name=FFmpeg RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el6/en/x86_64/dag/  (64 Bit OS)
#baseurl=http://apt.sw.be/redhat/el6/en/i386/dag/   (32 Bit OS)
gpgcheck=1
enabled=1

Save&Quit the file(:wq)

Stewp 3 : Copy the conf file in lib directory

 Copy /etc/ld.so.conf file in /usr/local/lib/ directory

[root@bsrtech ~]# cp -r /etc/ld.so.conf  /usr/local/lib/

Then After Run This Command

[root@bsrtech ~]# ldconfig -v  (Enter)

Step 4 : Install rpmforge Repository

For 32 Bit OS

[root@bsrtech ~]#rmp -Uvh http://apt.sw.be/redhat/el6/en/i386/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.i686.rpm

For 64 Bit OS

[root@bsrtech ~]# rpm -Uvh http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

Once Update installed Packages using yum update command

[root@bsrtech ~]# yum update

Step 5 : Now Install ffmpeg & ffmpeg-devel

   [root@bsrtech ~]# yum -y install ffmpeg ffmpeg-devel
( or )
   [root@bsrtech ~]# yum -y install ffmpeg*

After Completion use ffmpeg command to see the Full Details of FFmpeg.

[root@bsrtech ~]# ffmpeg

Simplest rules to Redirect using .htaccess

Simplest rules to Redirect using .htaccess

How to write rewrite rule (URL rewriting, mod_rewrite)
(1) Redirect site from http to https :
Add the below in .htaccess file in public_html
===================================================
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
===================================================

(2) Redirecting a domain to another domain via .htaccess
Example :- redirect shaz.com to google.com
===================================================
RewriteEngine on
RewriteCond %{HTTP_HOST} ^shaz\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.shaz\.com$
RewriteRule ^/?$ “http\:\/\/www\.google\.com\/” [R=301,L]
===================================================
(3) Redirect users to access the site with WWW
example :- redirect shaz.com to www.shaz.com
Add the below in .htaccess file
===================================================
RewriteEngine on
RewriteCond %{HTTP_HOST} ^shaz\.com$ [NC]
RewriteRule ^(.*)$ http://www.shaz.com/$1 [L,R=301]
===================================================

(4) Redirect page to another page within public_html
example :- to redirect home.html to index.php
===================================================
RewriteEngine on
RewriteRule ^home.html$ index.php
===================================================

example2 :- rewrite site shaz.com/kb/index.php to shaz.com/blog/index.html
go to kb directory and create a .htaccess file
+++++++++++++++++++++++++++++++++++++++++++++++++++
#cd public_html/kb
#touch .htaccess
#vi .htaccess
+++++++++++++++++++++++++++++++++++++++++++++++++++
===================================================
RewriteEngine on
RewriteRule ^index.php$ /blog/index.html
===================================================

How to Block Emails Containing Specific Words Using Exim System Filter

Spam and unwanted commercial messages are a major headache. While many server-level spam filters exist, sometimes you need a quick, custom way to block messages based on specific keywords in the email body. This is especially useful for filtering out recurring spam topics.

This guide explains how to use the built-in Exim System Filter in cPanel/WHM to immediately reject emails (both inbound and outbound) that contain a word you specify, like "Viagra."

---

STEP 1: ENABLE THE SYSTEM FILTER

The first step is to tell your server's mail transfer agent (Exim) to check a special system-wide filter file before processing any email.

1. Log in to WHM (WebHost Manager).

2. Navigate to the Exim Configuration Manager. (Usually found under "Service Configuration" or by searching for "Exim" in the search bar.)

3. Find the System Filter setting. (It may be in the "Advanced Editor" or a specific tab.)

4. Enable /etc/cpanel_exim_system_filter. You must select the option that tells Exim to use this specific file path for its system-wide filtering rules.

5. Save your changes and allow Exim to restart.

---

STEP 2: EDIT THE SYSTEM FILTER FILE

Next, you need to add the actual rule to the filter file. This rule checks the email body for your chosen keyword and stops processing the message if a match is found.

1. Access your server's command line via SSH as the root user.

2. Open the filter file for editing: nano /etc/cpanel_exim_system_filter (or use your preferred text editor like vi/vim).

3. Add the following code block to the file:

if $message_body: contains "TEXT" and not error_message
then
  seen finish
endif

4. REPLACE "TEXT" with the word you want to block. This is case-sensitive, so blocking "Viagra" will not block "viagra." For example, to block the word "Viagra":

if $message_body: contains "Viagra" and not error_message
then
  seen finish
endif

---

HOW THE CODE WORKS

This small snippet performs a powerful action:

• if $message_body: contains "Viagra": This is the condition. It checks if the entire body of the email contains the exact text "Viagra."

• and not error_message: This is a safety measure. It ensures the rule doesn't accidentally block automated delivery failure notifications (bounce messages).

• then seen finish: If the condition is met (the word is found), this action tells Exim to immediately stop processing the message. For incoming email, it will be rejected; for outgoing email, it will be discarded before sending.

---

CONCLUSION

By completing these two steps—enabling the filter and adding the rule—you have successfully implemented a server-level block. Your server will now automatically reject or discard any email that contains your specified keyword in the body, providing a simple yet highly effective defense against targeted spam.

Linux tune the VM subsystem.

Tuning the memory subsystem in Linux is a powerful but delicate task. The right settings can boost your system’s performance, but incorrect changes may cause instability or slowdowns. Always adjust one parameter at a time and monitor your system before making further changes.

Exploring /proc/sys/vm

The /proc/sys/vm directory contains files that represent kernel parameters for the virtual memory subsystem. You can read and write to these files to tune system behavior.

To view the files, use:
cd /proc/sys/vm
ls -l

Sample output:
-rw-r--r-- 1 root root 0 Oct 16 04:21 block_dump
-rw-r--r-- 1 root root 0 Oct 16 04:21 dirty_background_ratio
-rw-r--r-- 1 root root 0 Oct 16 04:21 dirty_expire_centisecs
-rw-r--r-- 1 root root 0 Oct 16 04:21 dirty_ratio
-rw-r--r-- 1 root root 0 Oct 16 04:21 dirty_writeback_centisecs
-rw-r--r-- 1 root root 0 Oct 16 04:21 drop_caches
-rw-r--r-- 1 root root 0 Oct 16 04:21 swappiness
-rw-r--r-- 1 root root 0 Oct 16 04:21 vfs_cache_pressure
...

Key Parameters and Their Effects

1. dirty_background_ratio
   Purpose: Sets the percentage of system memory filled with “dirty” pages (pages to be written to disk) before the background writeback daemon (pdflush) starts writing them out.

Check current value:
sysctl vm.dirty_background_ratio

Default example:
vm.dirty_background_ratio = 10

Tuning:
Increasing this value (for example, to 20) means less frequent flushes, which may benefit systems with fast disks but can cause larger flushes at once.
sysctl -w vm.dirty_background_ratio=20

2. swappiness
   Purpose: Controls how aggressively the kernel swaps memory pages to disk.

Check current value:
sysctl vm.swappiness

Default example:
vm.swappiness = 60

Tuning:
Lower values reduce swapping (good for desktops), higher values increase swapping (can benefit workloads with long-sleeping processes).
sysctl -w vm.swappiness=100

3. dirty_ratio
   Purpose: Sets the percentage of system memory that can be filled with dirty pages before processes generating writes must themselves start writing data to disk.

Check current value:
sysctl vm.dirty_ratio

Default example:
vm.dirty_ratio = 40

Tuning:
Lowering this value (for example, to 25) causes data to be written to disk more frequently, reducing the risk of large data loss but possibly impacting performance.
sysctl -w vm.dirty_ratio=25

Best Practices for VM Tuning

• Change one setting at a time.

• Monitor system performance after each change using tools like vmstat, top, or free.

• If performance improves, keep the new setting. If not, revert to the previous value.

• Document your changes for future reference and troubleshooting.