How to solve the “changed its ‘Origin’ value from ‘Google, Inc.’ to ‘Google LLC'” APT error

If you are on Debian or Ubuntu and using Google official repositories for Google Chrome Remote Desktop, you might have received the following error while updating your system.

E: Repository 'http://dl.google.com/linux/chrome/deb stable Release' changed its 'Origin' value from 'Google, Inc.' to 'Google LLC'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

Just run

sudo apt update

And you will be prompted to accept the new Origin of the repository

Do you want to accept these changes and continue updating from this repository? [y/N] 

And that’s it.

Security & bug fix releases PHP 5.6.37, 7.0.31, 7.1.20, 7.2.8

The PHP development team announces the immediate availability of PHP 5.6.37. This is a security release. Several security bugs have been fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.0.31. This is a security release. Several security bugs have been fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.1.20. This is a security release. Several security bugs have been fixed in this release. All PHP 7.1 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.2.8. This is a security release which also contains several minor bug fixes.
All PHP 7.2 users are encouraged to upgrade to this version.

How to migrate from PHP 7.0 to PHP 7.2 – Ubuntu & Debian

How to migrate from PHP 7.0 to PHP 7.2 in five minutes.

1. Add PPA ondrej/php

We use Ondřej Surý’s awesome PHP PPA. It already has PHP 7.2, so we’ll add the PPA and update the package information.

Ubuntu

add-apt-repository ppa:ondrej/php
apt-get update

Debian

apt install apt-transport-https lsb-release ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
apt-get update

2. Current PHP packages

This only applies if you are upgrading from a previous version. Note down the current PHP packages you have, so we can reinstall them for PHP 7.2.

dpkg -l | grep php | tee packages.txt

This will save your current packages to packages.txt file in your working directory.

3. Install PHP 7.2

apt-get install php7.2 php7.2-common php7.2-cli php7.2-fpm

This will install the bare basic packages you’d need to get started with PHP 7.2. Note that php7.2-fpm package is used for your web server integration. If you are using Apache with prefork MPM (type apachectl -V to see the MPM used), you’d need to install libapache2-mod-php7.2 instead of php7.2-fpm.

4. Install additional modules

Take a look at the packages.txt file we created at step 2, and install the additional PHP packages. Your packages.txt file will show packages such as php7.0-mbstring, and you need to install their PHP 7.2 counterpart (php7.2-mbstring for example).

You can generate a command that can be run later using this line.

apt-get install $(cat packages.txt | awk '{ apt-get install gsub("7.0", "7.2", $2); print $2 }' | tr '\n' ' ' | sed 's/php7.2-mcrypt //g')

5. Web server configuration

Apache with php-fpm

Before we remove the old PHP packages, make sure that your web server correctly uses the PHP 7.2 sockets/modules. If you installed php7.2-fpm above, and using Apache, a2enconf php7.2 will make Apache use PHP 7.2 FPM. Type a2disconf php7.0-fpm to disable existing FPM configurations.

Apache with mod_php

You can disable the current PHP integration with a2dismod php7.0 (or your current version) and enable new PHP 7.2 module with a2enmod php7.2.

6. Remove old versions

If everything is working well (check your phpinfo() and php -i), you can remove the old packages:

apt-get purge php7.0*

Of course, change php7.0 with all old versions you no longer need.

Enjoy your shiny new PHP 7.2!

DirectAdmin: Adding a DMARC record to help lower your spam score

What is DMARC?

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

Who Can Use DMARC?

DMARC policies are published in the public Domain Name System (DNS), and available to everyone. Because the specification is available with no licensing or similar restriction, any interested party is free to implement it.

Continue reading “DirectAdmin: Adding a DMARC record to help lower your spam score”

Failed to start Apply Kernel Variables

Hello

I’m running Debian 8 (Jessie).

Last week I updated the server and got an error:

● systemd-sysctl.service - Apply Kernel Variables
   Loaded: loaded (/lib/systemd/system/systemd-sysctl.service; static)
   Active: failed (Result: exit-code) since Thu 2018-06-07 17:47:02 EEST; 2min 1s ago
     Docs: man:systemd-sysctl.service(8)
           man:sysctl.d(5)
  Process: 1907 ExecStart=/lib/systemd/systemd-sysctl (code=exited, status=1/FAILURE)
 Main PID: 1907 (code=exited, status=1/FAILURE)

Jun 07 17:47:02 kvm1.prado.lt systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE
Jun 07 17:47:02 kvm1.prado.lt systemd[1]: Failed to start Apply Kernel Variables.
Jun 07 17:47:02 kvm1.prado.lt systemd[1]: Unit systemd-sysctl.service entered failed state.

then, I checked that the journald daemon has collected by using the journalctl command

journalctl -xn
-- Logs begin at Thu 2018-04-19 01:13:40 EEST, end at Thu 2018-06-07 17:52:19 EEST. --
Jun 07 17:52:12 kvm1.prado.lt systemd-sysctl[2467]: Failed to write '262144' to '/proc/sys/vm/max_map_count': Permission denied
Jun 07 17:52:12 kvm1.prado.lt systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE
Jun 07 17:52:12 kvm1.prado.lt systemd[1]: Failed to start Apply Kernel Variables.
-- Subject: Unit systemd-sysctl.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit systemd-sysctl.service has failed.
-- 
-- The result is failed.
Jun 07 17:52:12 kvm1.prado.lt systemd[1]: Unit systemd-sysctl.service entered failed state.
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: Starting Apply Kernel Variables...
-- Subject: Unit systemd-sysctl.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit systemd-sysctl.service has begun starting up.
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: Failed to reset devices.list on /system.slice/systemd-sysctl.service: No such file or directory
Jun 07 17:52:19 kvm1.prado.lt systemd-sysctl[2506]: Failed to write '262144' to '/proc/sys/vm/max_map_count': Permission denied
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: Failed to start Apply Kernel Variables.
-- Subject: Unit systemd-sysctl.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit systemd-sysctl.service has failed.
-- 
-- The result is failed.
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: Unit systemd-sysctl.service entered failed state.

To load all configuration files manually, execute

sysctl --system

Once the command has been successfully executed, I found where the problem is.

* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /usr/lib/sysctl.d/elasticsearch.conf ...
sysctl: permission denied on key 'vm.max_map_count'
* Applying /etc/sysctl.conf ...

Now it’s time to open the file /usr/lib/sysctl.d/elasticsearch.conf where we will need to comment one line and problem should be solved.

We should change one line from

vm.max_map_count=262144

to

#vm.max_map_count=262144

Now we should to restart a service using the command

systemctl restart systemd-sysctl.service

And now we can make sure the service is up and running properly using the command

status systemd-sysctl.service
● systemd-sysctl.service - Apply Kernel Variables
   Loaded: loaded (/lib/systemd/system/systemd-sysctl.service; static)
   Active: active (exited) since Wed 2018-06-13 22:29:05 EEST; 5s ago
     Docs: man:systemd-sysctl.service(8)
           man:sysctl.d(5)
  Process: 31532 ExecStart=/lib/systemd/systemd-sysctl (code=exited, status=0/SUCCESS)
 Main PID: 31532 (code=exited, status=0/SUCCESS)

Enabling DNSSSEC on your DirectAdmin server

DNSSEC is a tool used to verify the validity of a dns lookup.
You can enable this feature in DirectAdmin 1.44.1 and newer by typing:

cd /usr/local/directadmin/scripts
./dnssec.sh install

After the command has been successfully executed. Please add the following to the ‘options { …. }’ section of your /etc/bind/named.conf.options:

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/bind/named.iscdlv.key";

which should confirm if your named.conf is set, and will enable the dnssec=1 in the directadmin.conf automatically. If the script thinks you’re missing anything from your named.conf, it will tell you what to add.

To enable DNSSEC on a domain, go to:
Admin Level -> DNS Admin -> prado.lt

1. Click “Generate Keys”
2. then click “Sign”

3. You should now see values at the bottom of the zone. Copy the 2 DS records, and paste them into your domain registrar’s website.

If you have any subdomains created as full domains, you’ll need to follow extra steps to continue the chain of trust up the line into the main domain’s zone. For normal subdomains created under a domain, no extra action is required, as they’re part of the domain’s normal zone.