Alastair Irvine's questions

I have multiple Fargate clusters in a single AWS account. I wish to ensure that a given service account (used by the build pipeline) can only update Services within a given Fargate clusters.

The IAM policy editor prompt for the ecs:UpdateService action's resource is arn:aws:ecs::<aws_account_id>:service/ which doesn't make sense given that different clusters can have Services that share a name. aws ecs describe-tasks shows both a "clusterArn" and "serviceArn" for each task. aws ecs list-services and aws ecs describe-services only apply to Services for a given cluster.

I'm running an HP system with CentOS 7.

The SNMP info about the HDD health was not available. For example, the check_hp Nagios/Icinga plugin by Guenther Mair reports Compaq/HP Agent Check: no cpq/hp component found. (Test by running /usr/local/lib/nagios/plugins/check_hp.)

/var/log/hp-snmp-agents/cma.log showed that several daemons had aborted. It turns out cmahealthd not running and this was why the SNMP MIB for HDDs was missing.

Restarting the systemd service didn't help.

In my Apache virtual host config file, I am using AllowOverrideList. I am using the default of AllowOverride None because I only want to enable specific directives in .htaccess, not groups of directives.

However, I am getting an HTTP 500 error code, with this in the error log:

[Tue May 09 10:16:03.271831 2017] [core:alert] [pid 16415] [client 196.52.43.51:42111] /var/www/xyz/.htaccess: <Files not allowed here

The first thing in the .htaccess file is a properly-formed <Files> section. This shouldn't be causing a problem, because it's more of a "meta directive" that's used to contain other directives.

I have multiple sites hosted on a server running Nginx. I don't want to use separate log files for all my vhosts, but I do want to be able to tell from the logs which Nginx vhost each request belonged to. This is not possible with the default NCSA "combined" format used by /var/log/nginx/access.log .

Apache under Debian/Ubuntu logs to /var/log/apache2/other_vhosts_access.log by default, which does include the vhost name. How do I replicate this for Nginx?

I have Postfix listening on several ports for incoming mail. E.g. ports 25 and 587. I'd like to see in the logs the destination port of each incoming connection.

When installed from DVD, a new Debian installation has a lot of packages. I've become used to having mutt, vim, etc. installed by default.

However, AWS AMIs and debootstrap installations have only a minimal set of packages installed (less than 300) which is not a bad thing if you're setting up a server to only do a few things, but if you actually want to log into the host regularly and use it, having to install basic packages all the time is a pain.

How do I tell Debian to install all packages of "Priority: standard" from the repository?

In the Changed files section of /var/log/aide/aide.log there are prefixes on each line starting with f or d. These signify what aspects of the file has changed, but I can't seem to track down what they mean. (Obviously I could look at the detailed data for the file further down the log file, but a definitive reference for the summary lines is important for grepping.)

Here are some examples:

f >.p.. mci.CA. .: /etc/passwd-
d =.... mc.. .. .: /bin
f =.... mci.C.. .: /bin/ip
d =.... mc.n A. .: /u1/home

For a SATA/PATA HDD, this would be the normal procedure: http://www.sjvs.nl/?p=12

But a customer of mine has an old server with actual SCSI drives. I have tried re-writing the sector with dd to no avail; I keep getting the I/O error as per this quote from the above article: "I have a case were using dd to overwrite the sector produces an IO error and no reallocation. But using hpdparm works and forces the reallocation. Amazing."

How do I skip the kernel's block layer and force the drive to rewrite a specific sector? Lots of Googling hasn't found an answer.

PS -- SMART on SCSI HDDs works differently and doesn't show the reallocated sector count.