Current OS = Linux Mint 13

INTRO

The aim of this blog. You know how something challenges you and you google away, find a fix with some 'trial and error' and then in the future someone asks about how you did it, or you need to alter/re-do it at a later date but you have forgotten what little trick you did to accomplish it ? Well my aim is to keep a track of what I am working on and methods I have used here. And now, I can access it easily, it can be google indexed for others and I will have a URL to send others for problems I cant recall off hand how I fixed them. I hope you find this site useful.

12-03-2014 17:51

AWS-CLI

I have been running all the different cli API tools for EC2 access at work. It is handy and needed for scripting purposes, but so slow, even the command line completion is slow. For example, doing an ec2-describe-instances was taking 1min and 14 seconds, with the new aws-cli tools it takes 1.87 seconds.. Well worth the hassle.


Posted by DaveQB | Permanent Link | Categories: IT

07-03-2014 11:25

Denyhosts ignores some whitelisting

I had issues at work with some IPs that fall into an IP wildcard range that was in my denyhots whitelist being blocked by denyhosts. It turns out they were Class B networks and denyhosts wildcard white listing only accepts Class C networks. Although written incorrectly here you undestand what it is saying. The examples do only show Class C networks, but it doesn't explicitly say it ONLY accepts Class C networks, hence why it was hard for me to troubleshoot this issue.


Posted by DaveQB | Permanent Link | Categories: IT

25-11-2013 18:34

Time calculations in shell

I have had needs where I needed to calculate the time something has taken to run. It can be hard when going over a date in the calendar. To add to that, some shells don't allow floating point calculation too. So I sat down and worked out a scrpt that when given a start second and a finish second (like seconds since epoch), it can show the difference in HOURS:MINUTES. Feel free to modify as you please, GPL3 of course.

#!/bin/bash

# Capture the epoch start and then finish time.
#SLEEPSTOP=1385183548
#SLEEPSTART=1385180248

# Or give it the absolute seconds.
SLEEPSTOP=0
SLEEPSTART=1440

SLEEP=$(($SLEEPSTOP-$SLEEPSTART))
HR=$(($SLEEP/60/60))
MINS=$(echo $(($SLEEP/60*100/60))|rev|cut -c-2|rev)
MINS=$((MINS*60/100))

echo ${HR}:${MINS}


Posted by DaveQB | Permanent Link | Categories: IT

25-10-2013 17:59

Allow root ssh from selected machines

Sometimes you need to allow root ssh access. But this is not a great idea; I disallow root ssh on all my systems, instead finding alternative (often much more difficult) solutions such as running two or more ssh daemons and their config files and control access to them with iptables. Convoluted.

Recently I found out how you can use the Match statement to selectively allow root ssh (and even limit it to PubkeyAuthentication only). It is rather simple and reading the sshd_config man page explains more. Below is a self explaining example. The without-password actually means PubkeyAuthentication only and password auth is disabled. It does look a bit scary if you didn't know that. I did find that only having the Address 127.0.0.1 didn't allow root ssh access to localhost.

Match Address 127.0.0.1,23.4.76.129,8.8.8.8
        PermitRootLogin without-password

Match Host localhost
        PermitRootLogin without-password

Posted by DaveQB | Permanent Link | Categories: IT

09-10-2013 15:14

FUDForum emails blocked by Hotmail and Gmail

I suddenly started having with issues where Gmail and Hotmail were blocking emails sent by my forum using my email server. Emails sent from this same email server by me using Thunderbird or anyone else, where not blocked. So somehow it was the way FUDforum was constructing the email headers. The reasons for blocking where RFC2822 (Gmail) and RFC5322 (Hotmsil). It turns out RFC2822 was superseded by RFC5322 (as RFC822 was superseded by RFC2822).

I found an online email header checker (here is one although not what I used http://mxtoolbox.com/public/tools/emailheaders.aspx). Comparing the headers Thunderbird would create verse FUDforum found that they both had errors in the checker but FUDforum headers had this: "WARNING: duplicate header 'From' at line 21". So I looked into the code for FUDforum and found where it was adding a From header and commented out. Recompiled the theme and voila! Fixed.

All of this is in thie thread: http://fudforum.org/forum/index.php?t=msg&goto=183103

PATCH:


--- include/theme/wsp04/iemail.inc-orig        2013-09-23 04:14:00.680024261 +0000
+++ include/theme/wsp04/iemail.inc     2013-09-23 04:13:43.409824908 +0000
@@ -63,7 +63,8 @@
        if (strpos($header, 'MIME-Version') === false) {
                $extra_header = "\nMIME-Version: 1.0\nContent-Type: text/plain; charset=utf-8\nContent-Transfer-Encoding: 8bit". $header;
        }
-       $header = 'From: '. $from ."\nErrors-To: ". $from ."\nReturn-Path: ". $from ."\nX-Mailer: FUDforum v". $GLOBALS['FORUM_VERSION']. $extra_header. $header;
+       //$header = 'From: '. $from ."\nErrors-To: ". $from ."\nReturn-Path: ". $from ."\nX-Mailer: FUDforum v". $GLOBALS['FORUM_VERSION']. $extra_header. $header;
+       $header = $extra_header. $header;
 
        $body = str_replace("\r", '', $body);
        if ($munge_newlines) {

UPDATE: I found the email header checker site I used:
Posted by DaveQB |
Permanent Link | Categories: IT

12-08-2013 14:09

x11vnc is repainting the entire screen way too often

I don't often need to, but sometimes I need to get access to the GUI of a computer. Mostly my desktop. I do a port forward over ssh and and then launch x11vnc, attaching to it over the tunnel with a VNC viewer. I have a nice x11vncrc file in my home that I use.

When I switched from PCLinuxOS to Linux Mint about 12 months ago I had an issue with this work flow. The screen would do a full screen repaint every few seconds. The result was the screen was in a constant state of black and slowly repainting and then repainting again. This meant it was unusable. This guy here as the same issue..

I tried what solved it for him, adding the -nodpms switch, doubting it would work as it is a not a screensaver issue for me. Well it fixed it. I have no idea why. If anyone does, please comment.


Posted by DaveQB | Permanent Link | Categories: IT

05-08-2013 20:58

Setting up LVM on a luks encrypted partition.

I have let this blog go a bit, ok a lot. Maybe because I have been lazy and not documented my recent findings or perhaps I am getting so good I am know all the answers. Yes, the answer is obvious.

Today I setup a laptop work gave me to use. We use Ubuntu 12.04 on the servers here, so I figured it would be smart to use Ubuntu 12.04 (or derived distro). I love KDE and I am using Mint 13 on my desktop, so made sense to go with that. What I quickly found is that the installer is lacking any options for encrypting your disk.

Off I went to find a tutorial on this. Three main pages I used was: https://www.martineve.com/2012/11/02/luks-encrypting-multiple-partitions-on-debianubuntu-with-a-single-passphrase, http://blog.lifebloodnetworks.com/?p=1348 and https://help.ubuntu.com/community/EncryptedFilesystemLVMHowto. The last link is close to what what I wanted (page may be deleted, it is saying!) but I also wanted to go with GPT because...why not, it is 2013. So I will cover the steps here.

STEP 1

Launch a terminal and install the needed software before starting the Mint installer.
sudo -i
apt-get install lvm2 cryptsetup gdisk
gdisk /dev/sda
Setup a GPT partition table. I can't remember the command, it wasn't hard. Now setup 3 partitions. 1 will be ef02 type and only needs to be 1M. This is for grub-bios. It stores the stage 2 files to allow booting on systems that don't support EFI and do a BIOS boot. GPT doesn't have an alloated space for these files, hence the partition. Then partition 2 will be the boot partition, type 8300. I set it to 500MB. Then last will be the LVM pv, type 8e00, using all remaining space.

STEP 2

Next we setup the disk and partitions.
cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 /dev/sda3
cryptsetup luksOpen /dev/sda3/ system
And now the LVM on top of the encrypted partition (/dev/sda3).
pvcreate /dev/mapper/system
vgcreate luks /dev/mapper/system
lvcreate -n swap -L 8G
lvcreate -n slash -L 12G
lvcreate -n home -l 100%FREE
Then I found the installer wouldn't recognise these logical volumes unless they were formated so...
mkfs.ext2 /dev/sda2
mkfs.ext4 /dev/luks/slash
mkfs.ext4 /dev/luks/home
mkswap /dev/luks/swap

STEP 3

Now we proceed with the installer. When it comes time to do the partitioning, select Manual. Be sure match the right paritions with the right mount points In my example:
/dev/luks/slash (/)
/dev/luks/home (/home)
/dev/sda2 (/boot)
/dev/luks/swap (swap)
Don't reboot once the install has completed.

STEP 4

Now we setup the new install to be aware of and use the new disks.
sudo -i
mkdir a
mount /dev/luks/slash a
mount /dev/sda2 a/boot
mount -B /dev a/dev
mount -B /dev/pts a/dev/pts
mount -B /sys a/sys
mount -B /proc a/proc
chroot a
apt-get update
apt-get install lvm2 cryptsetup

STEP 5

You can check your new /etc/fstab (/root/a/etc/fstab outside the chroot) but mine was fine and didn't need editing. The next file is /etc/crypttab that needs to be created. In our example here it would be:
system /dev/sda3 none luks
You can use a UUID="840311bc-9333-47f6-b64f-a9becf3c5b1e" style entry there in place of /dev/sda3 And the next step that got me was to tell grub about this setup. vim /etc/defaults/grub (/root/a/etc/defaults/grub outside the chroot)
Change:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

to

GRUB_CMDLINE_LINUX_DEFAULT="cryptopts=target=system,source=/dev/sda3,lvm=luks quiet splash"
Change as required. Then run update-grub.

Done!


Posted by DaveQB | Permanent Link | Categories: IT

24-02-2013 01:34

zfsonlinux and Debian kernel 3.2.0.38-generic

I found upgrading to the latest kernel on linux mint lead to my zfsonlinux modules not being rebuilt through dkms like it should and normally does. Found this thread on google groups.

As ypu can see, my succinct solution was:

dkms install -m spl/0.6.0.97 -k 3.2.0-38-generic/x86_64
dkms install -m zfs/0.6.0.97 -k 3.2.0-38-generic/x86_64
update-initramfs

27-09-2012 11:16

How to generate your own ca-certificates.crt file.

Looking into it, it seems that the /etc/ssl/certs/ca-certificates.crt file is just a concatentation of all the certs found in /etc/ssl/certs/. So to generate this file I simply ran as root:

cat /etc/ssl/certs/* >> /etc/ssl/certs/ca-certificates.crt

Easy as that. Now my Funambol connector for Thunderbird (using curl) doesn't complain and then fail to sync.


Posted by DaveQB | Permanent Link | Categories: IT

01-08-2012 17:37

ZFS on OpenSuSe 12.1

If anyone has tried building ZFS on Linux on Suse you will know that you end up at a deadend. Well at least I did. I then had the idea of searching on the OpenSuSe Build service. I found this page: http://software.opensuse.org/download?project=home:munix9:zfs&package=zfs-modules. I went with the manual approach. The commands were:

zypper addrepo http://download.opensuse.org/repositories/home:munix9:zfs/openSUSE_12.1/home:munix9:zfs.repo
zypper refresh
zypper install zfs-modules

But these commands are incorrect. What you actually need to do is:

zypper addrepo http://download.opensuse.org/repositories/home:munix9:zfs/openSUSE_12.1/home:munix9:zfs.repo
zypper refresh
zypper source-install zfs-modules
cd /usr/src/packages/SPECS/
rpmbuild -bb zfs-modules.spec
zypper in ../RPMS/x86_64/zfs-*
modprobe zfs

Initially on a file copy test I was getting 5MB/s. But ever since then all testing is proving adequate performance, about 50MB/s with some bursting up to 90MB/s. Tried working with some video files and although not like ext4, not far behind. The building of the RPM's from the spec files will probably be needed ever kernel update, by hand. Oh well, still a very happy boy.


Posted by DaveQB | Permanent Link | Categories: IT
HERE!
-->