Life and Shell

Github

Sat, 15 Feb 2025 00:00:00 +0000

Life and shell by Mattias Hemmingsson

Sat, 15 Feb 2025 00:00:00 +0000

Mattias Hemmingsson DevOps Engineer | SRE | IT Security Specialist | Hacker | Podcast Host Professional Summary Experienced IT professional with over 20 years of expertise in managing and optimizing IT infrastructures. Specialized in cloud computing, server management, and DevOps practices, with a proven track record of successfully implementing large-scale, high-availability systems. Adept at leveraging Kubernetes, Docker, and CI/CD tools to enhance developer productivity and operational efficiency. Experienced in migrating services across cloud and on-premises environments while maintaining service continuity and performance.

Podcast

Sat, 15 Feb 2025 00:00:00 +0000

k3s Cluster on setup master and node

Sat, 07 Jan 2023 11:31:43 +0000

For some IoT setups a need a k3s cluster running. To make it spread and to add more nodes a installed the k3s Master on my firewall running a small atom processor. But wanted to run the nodes on raspberry or rock nodes to handle the load. Then by using labels on nodes I want to apply different workloads on the nodes. Pre So before installing k3s master. I had my pihole running on port 80 and that did not work that well.

Device Tracker using Dhpcd server and bash

Wed, 21 Dec 2022 14:07:01 +0000

I have used Home Assistance for some time. And have always used the device tracker to set different actions based if I’m home or not. But when my pfsense died and a install a clean Linux box as my fw and DHCP server I lost all my tracking for devices. But I did found out that the dhcpd server can run a command every time it hands out a dhcpds leese.

Migrate Elasticsearch helm to Elasticsearch Operator

Thu, 01 Dec 2022 13:17:35 +0000

Migrate elasticsearch helm to elasticsearch operator and from version 7 to version 8. So in the start, I used the helm chart for elasticsearch, and everything worked fine. Then elasticsearch 8 comes and the Elasticsearch operator. This broke by helm chart and kind of left me in a stalled state. But now I have to migrate my current elasticsearch that uses a helm chart to start using the operator.

Openstreat map Docker och docker compose

Thu, 17 Nov 2022 16:53:00 +0000

Split up in separate containers ! Running openstreetmap map in docker was hard. And the docs all wanted to run it bounded with postgress and not in separate containers. I setup so we can run osm I different containers for you to scale https://github.com/mattiashem/osm Clone this GitHub repo and then start it with docker compose build then to start it, run docker compose up What is happening First we are building a custom Postgres docker image.

kubernetes update 1.22 ->1.23 Helm Error

Thu, 15 Sep 2022 16:02:06 +0000

I was in the progress of updating my cluster and in version 1.23 we have breaking changes. What I did not know was that helm saves the latest deployed version in secret. So I updated the cluster to version 1.23 and started getting helm errors. And it does not matter if I delete the resources in the cluster. The issue is that helm has saved the last deployment with a API version that with the new k8s version is no longer supported.

Boundery on Kubernetes with Keycloak

Sat, 22 Jan 2022 11:43:24 +0000

We have 3 clusters running 2 on AWS and 1 on-prem. And to sort out connections for developers and admin the goal is to implement boundary as an access point. To verify the user we use Keycloak and 2FA, Then based on roles we give the different users access to different services inside the cluster. Service The user should be able to connect to an ssh server inside the network but also to service running inside Kubernetes like elasticsearch ore MySQL,

K8s Logs to Elastic with Dynamic ILM from annotations

Thu, 18 Feb 2021 23:34:48 +0000

#fluentd #fluent-bit #kubernetes #elasticsearch #ILM #logpain The time a spent fixing logs problems … From cleaning out logs that eats disk setting up log-rotate and now Elasticsearch ….. I want a easy log system that setups a Elasticsearch ILM with different life time on the logs depending on a annotation that I set on the pod. If no annotations well then I want the logs for 30 days. And then a can set different annotations and store logs for 90 days, send to s3 ore what ever comes up.

Gitlab runners in K8s Helm (Working DockerInDocker)

Fri, 11 Dec 2020 13:24:35 +0000

So… I spent alot of time trying to get gitlab runners working in kubernetes. using the helm from gitlab. This is the setup i use now that works for me aand that you dont need to put to mutch inte the build job. Replace so you have your domain and key name the file runners1-values.yaml ## The GitLab Server URL (with protocol) that want to register the runner against

Vault EKS / AWS to pod The complete guide

Thu, 29 Oct 2020 09:17:42 +0000

I have bean working some time with vault and to deploy it to our EKS cluster and then to get the secrets into our pods. After many hours of searching i have found out that using kube-vault and vault-env. This gude uses tarraform to setup the resources you need in AWS. Then deploy the kubevault with ui into to cluster that will use a s3 bucket and backend and autoseal it self during boot

Running Counter-strike 1.6 and CSGO in kubernetes !

Wed, 29 Apr 2020 14:09:45 +0000

Yee so it was a long time ago when I spend days playing counter strike 1.6. And now when i got some more power full servers and some time I was thinking of setting up a some counter-strike server for me and some friends so we can play. I have a nice kubernetes cluster in my garage and a run all my stuff inside kubernetes so it was natural to make them into a kubernetes deploy.

Modsecurity 3 dos / scaraping protection Working !

Mon, 16 Mar 2020 17:46:47 +0000

Yess this is a brute force that work for modsecurity 3 and its not that many. Spent days searching the net and trying to find out how to get them working. First setup a devoloper box Start by cloning this repo i have https://github.com/Ollebo/modsecurity3 it using the OWASP Modsecurity docker that i run is box WARNING: i started with the first docker that installed modsec with apt but with that box i could not get block to work.

Filebeat => logstash => Elasticsearch and working modules

Mon, 16 Mar 2020 14:39:23 +0000

Setting up filbeat modules to work when you are uisng logstash to send logs over to elastic. So i started setting up filbeat to ship my mysql-slow.log and planned to use the filbeat module. The logs started flowing and after some time i got the logs into the correct index. But to my surprise the logs where not correct parsed. ? The problem is that filebeat want to connect direct to elastic and ad a pipline script (grokparser in elastic )

WordPress + Gatsby = Love

Mon, 24 Feb 2020 15:03:30 +0000

I like the ide of using wordpress as a backend service and then use a static file genertor to fetch the data from wordpress and then generate static files. Its how this blog is now woring with firebase and google cloud. But before i started using firebase a build a small demo project to use gatsby to extract data from wordpress. I use i gatsby to connect to a wordpress and then generate html from it.

Openvas results to json and Elasticsearch and kibana

Mon, 24 Feb 2020 14:59:57 +0000

I have some openvas scanners running but to use the scanners a need the results as json files. Then i can use my ELK stack to visualize and have dashboards over the results from the scan. Before I used vulwisperer to export the result from openvas and to get them into elk. But from the latest release of openvas the support from vulwipspere is gone. So i have created my own pyton script that reads the results from openvas scannings.

Send Openvas result to Kibana with vulwisperer

Mon, 24 Feb 2020 14:55:26 +0000

Vulwisperer is a tool to read the finding from a openvas scanner and to send them to a other tools. Here i want them to be sent to a elasticsearch and kibana. To do this i first need to start a openvas scan and get some results. –Then use vulwisperer to get the results from openvas and store the results in json files.From the json files a then uses logstash to send the finding to elastic.

Nikto webbscanner for kubernetes (samma.io)

Mon, 24 Feb 2020 14:50:20 +0000

I hope that you have already test my nmap scanners for kubernetes. Now its time for some more OWASP and webb scanner. Nikto is a webb application scanners and run against a target to verify its security. I have created a nikto docker and a helm job that deploys the nikto scanner into your kubernetes cluster. The nikto scanner will then on regular basic scan you webbapps for security issues.

Nmap security scanner for kubernetes (samma.io)

Mon, 24 Feb 2020 14:45:56 +0000

I have worked with many of the diffent scanners around i i have a hard time liking them. What a miss is a scanner that can be run fast and simple and that send it outut in JSON so I can load the data into my own kibana. For this i have created the project samma.io and the first scanner was the nmap scanner. You can simply deploy the scanner with helm as a cronob.

WordPress static hosting with firebase and google cloud

Mon, 24 Feb 2020 14:07:35 +0000

Some time ago i started looking to move this wordpress blog into a static file blog system. So to find the best tool a started to test the different blog tools like jekyll and hugo. They all worked good but a found it hard to edit my blogs in static files and also to generate and then deploy the site. Its hard to move away from wordpress when you have started.

Move Bind DNS config to Route53 CloudFormations

Wed, 16 Oct 2019 13:18:26 +0000

I have started migrate our bind server into AWS and Route53. We have all our config as code so to migrate over our DNS I needed to convert our bind Zone files into Route53 Cloudformations. I found that one of our ZONE files was big so i wrote a small Python script in docker that converts zone files into route53 Cloudformations. After the convert is done a did some manual check to verify i looks good and add any TXT record.

Local Developing for Google Cloud

Fri, 27 Apr 2018 20:06:00 +0000

I have now starting to move all my hosting and code to the Google cloud platform. But when i developing new things i want to use the power and flexibility that the platform gives me but i want to develop local. So for my new project with using Datastore and the python app engine. I have set up a docker-compose for me. Now i can spin up my compose and build my app and then when don deploy to the cloud platform.

Recover SQL innodb Database

Sun, 04 Feb 2018 21:20:20 +0000

How to recover an SQL innodb db with docker. When I moved this wordpress to it new hosting a did not have any good backup of the db. And i only got the mysql files from /var/lib/mysql. So to get the site back without to much work I want to see if I could get the sql files mounted into a mysql docker and recverd to the export a .

Alexa and Jenkins (Docker)

Sat, 26 Nov 2016 22:05:28 +0000

So I have an Alexa echo dot at home. Use it to control stuff but I wanted it to do more like release and deploy the stuff I build. This is how you can integrate Alexa voice service with Jenkins. First setup the server For receiving commands from Alexa and sending them to Jenkins we need a server and some code. First start with the server i use docker and a docker-compose to set it up.

ddclient for loopia in Docker

Mon, 27 Jun 2016 20:43:23 +0000

So i uses loopia.se as my dns provider. And a also have some dns for my home but it always change ip (have dynamic ip home ) So for fixing this i build a docker images that updates my loopia server from the docker images. So i if you are using loopia i but this is the best way of updating you dns records Run with docker run -e "

Nginx with TLS (Handel certs in Docker)

Thu, 26 May 2016 12:56:45 +0000

I use alot of nginx with tls. And almost ll of my docker are public. So how do i solve the tls issues. Well i have done it like so in my docker file i generate ssl cert for nginx in a folder i called /etc/nginx/tls Then when i use my ngix in dev i get the generated certs. But in prod then i mount the volum from the host with the correct certs into my ngix in /etc/nginx/tls and now my nginx pick up the prod certs and use them.

Autodeploy you docker images to AWS (git push = deploy)

Thu, 26 May 2016 12:56:19 +0000

So I have a lot of small project and some large. To buil in quality into my code i need to run test in my code. And my code in a prod like env. I always uses docker so my dev env are verly like my prod. One key thing that i do is that when i push code to my master branch i do a release do server. This is so that i can verify that everything is working and i can run test on it.

WordPress multisite to wordpress singelsite (Easy linux)

Fri, 15 Apr 2016 22:15:11 +0000

So i hade to slip up my wordpress multisite to singel sites and it was not that hard when i found out how. First start with setting up the new wordpress and then we migrate over the old wordpress site into the new. 1. Setup the new wordpress site Install and setup the new wordpress site. You can run the instalation we will clean out the instalaltion later. 2. In the old multisite find the site id.

Roll you own Docker Registry with nginx (In Docker)

Sat, 19 Mar 2016 23:25:36 +0000

When yor private numbers of docker images grow is time to setup you own private repo. Do have you own docker repo you need 1. the docker registry 2. nginx to handel users 3. tls so that all conenctions are encrypted. So here is what yu do to have you own docker repo running. Install docker-compsoe and setup the followin docker-compose file storage: image: busybox volumes: - /backup/docker/registry:/var/lib/docker/registry cache: image: redis registry: image: registry ports: - 127.

Maxscale Sql scaling with mariadb Cluster on Centos in Docker

Thu, 28 Jan 2016 22:31:46 +0000

So scaling sql server has now bean easy with mariadb maxscale. Here i uses it to connect to my mariadb cluster and setup two new servers. One is a loadbalanser and onw is a read/write splitter 1.First prep your mariadb servers with som users for you maxscale CREATE user 'maxscale'@'%' identified by 'maxscaleW222'; GRANT SELECT ON mysql.user TO 'maxscale'@'%'; GRANT SELECT ON mysql.db TO 'maxscale'@'%'; GRANT SHOW DATABASES ON *.* TO 'maxscale'@'%';

MariaDB cluster with Dynamic Nodes on Centos 7 in Docker

Wed, 27 Jan 2016 13:45:55 +0000

So running sql in docker is a big qestion now. To make some test i have setup two mariadb cluster docker containers. The first one is the mariadb cluster master. This will setup a master mariadb sql node running. The second one is the MariaDB cluster slave. This docker will connect to the master and rsync the database over to the slave. Then en database is rsynced over it will start the sql and can process sql data.

Openldap with SQL Backend (Mariadb Centos 7 ) in Docker

Thu, 21 Jan 2016 15:59:14 +0000

We use Ldap for handling our users and I have spent time setting up Openldap and tryng to configur it. But now i have given up my ldap skills and setup my openldap to use a sql backend and then i config my user with SQL that i like more. I have also build i Dockerfile for docker that you can use. So what you need is one sql databserver to hold that database, One odbc connection from the ldap server to that sql server.

Mesos cluster with Marathon running Docker

Fri, 11 Dec 2015 21:47:19 +0000

Hi So for hosting docker in large scale i have tested mesos cluster. Here is a guide for setting up 3 nodes in mesos running Centos 7. And the adding Marathon to controll the dockers running. The network mesos-master 172.0.0.10 mesos-slave1 172.0.0.11 mesos-slave2 172.0.0.12 The node also have on nic connect to the network with internet access. Security For this guide stop iptables and turn selinux off setenforce 0 systemect stop firewalld

Elasticsearch controller

Fri, 06 Nov 2015 15:23:27 +0000

So we uses alot of easticsearch. And here is i small script to get status and do some simple task with es server. You can get cluster status and cron for index deletions. import urllib2 # # # Clean up elastich search index by removing old stuff. #The defult ip to es server dhost='10.101.1.31' #The index name you are using index_name='logstash-syslog' #Drop index back in time drop_index_back=90 def date_back_in_time(days_back): ''' Get the date back in time the days you send in ''' import datetime as DT today = DT.

Python DOS protection (iptables,dos)

Fri, 06 Nov 2015 15:18:51 +0000

here are a small script I use to have some sort of dos protection on my webservers. import subprocess whitelist=['192.168.1.2'] blockvalue=2 alertvalue=1 proc = subprocess.Popen("netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n", shell=True,stdout=subprocess.PIPE) running = proc.stdout.read() runing_sorted = running.split('\n') for r in runing_sorted: con =r.split() if len(con) ==2: #If ip has more conenctions then block value ip block if con[0] <= blockvalue: print "

Move an Megento site to new url

Wed, 07 Oct 2015 09:19:38 +0000

So I hade to move en megent site from topunder.se to test.topunder.se this is so that you can test and try new stuff on a site that is not you primary site. Moving magneto was some hazzel it not as easy as other site is take som sql to make it work. First setup you webbserver (This is only the basic) <VirtualHost *:80> ServerAdmin webmaster@test.topunder.se ServerName test.

Foreman provision to bare and libvirtd (Centos7, foreman, libvirtd, KVM)

Sun, 05 Jul 2015 21:26:46 +0000

So I have started to play around with foreman and to get it to provision my diffrent servers. I started by starting up some local virtual servers on my laptop and played around with them. The flow is i started installing foreman as a virtual server. Then i provisin a new virtual server as bare matal (I created a virtual server in virsh) ater that virtual server is prevision i installed it as a virtual host(kvm on kvm) and connected it to foreman so foreman kan provision kvm host.

Build Openvpn centos 7

Wed, 17 Jun 2015 22:33:25 +0000

Here is how i build and setup openvpn on my centos 7 box. 1. Download and install openvpn latest Some yum packages yum install openssl-devel lzo-devel pam-devel https://openvpn.net/index.php/open-source/downloads.html wget https://swupdate.openvpn.org/community/releases/openvpn-2.3.7.tar.gz tar zxvf openvpn-2.3.7.tar.gz cd openvpn-2.3.7 ./configure make make install # /usr/local/sbin/openvpn --version So now we have the latest version setup and lets create some cert that we can use for the server ans clients.

Python3 and rabbitmq

Tue, 21 Apr 2015 22:38:05 +0000

Im using rabbitmq in some of my python apps. Here is a small guide to get pyton3 to send and recive data from rabbitmq I uses the code from https://code.google.com/p/py-amqplib/ And read some guide from http://blogs.digitar.com/jjww/2009/01/rabbits-and-warrens/ from 2009 !!!! Get the pip you need to connect sudo pip3 install amqp My python code for sending and reciving #!/usr/bin/env python from amqplib import client_0_8 as amqp import time conn = amqp.

Raspberry pi And Tellusd

Mon, 20 Apr 2015 09:24:02 +0000

Im using tellus to get info from my sensors like huminity and temp. And to get to work am using my rasp pi to recive and send siganls. Here is a quick guide to install and setup tellusd on you raspberry. 1. Verify that tellus is there pi@raspberrypi ~ $ lsusb Bus 001 Device 002: ID 0424:9512 Standard Microsystems Corp. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp.

Setup SPI on Raspberry pi (mcp3008, Adafruit)

Sun, 19 Apr 2015 20:25:33 +0000

Im building my own watering system and to that I will have some sensores.. They are connected to my pi over SFI and a mcp3008 from Adafruit. The gear http://www.adafruit.com/products/1989 http://www.adafruit.com/products/856 http://www.kjell.com/sortiment/el/elektronik/elektroniklab/kopplingsplatta-lodfri-p87886 http://www.elecfreaks.com/store/octopus-soil-moisture-sensor-brick-p-422.html Setup the cables Use this guide and se how the you should connect the mcp3008 and the sensore. http://www.raspberrypi-spy.co.uk/2013/10/analogue-sensors-on-the-raspberry-pi-using-an-mcp3008/ Get the Pi ready 1. First enable SFI on the board here http://www.raspberrypi-spy.co.uk/2014/08/enabling-the-spi-interface-on-the-raspberry-pi/ I uses the raspi-config and enabled the SFI

Php HHVM (aka the HipHop Virtual Machine) on Centos 7

Fri, 20 Feb 2015 21:49:47 +0000

To get my php projects running as fast as possible om trying to use hhvm. And here is my small guide how to install it on centos 7 I used the docs from https://github.com/facebook/hhvm/wiki/Building-and-installing-hhvm-on-CentOS-7.x 1. First setup you centos linux host yum localinstall http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm yum localinstall http://rpms.famillecollet.com/enterprise/remi-release-7.rpm yum install cpp gcc-c++ cmake git psmisc {binutils,boost,jemalloc}-devel \ {sqlite,tbb,bzip2,openldap,readline,elfutils-libelf,gmp,lz4,pcre}-devel \ lib{xslt,event,yaml,vpx,png,zip,icu,mcrypt,memcached,cap,dwarf}-devel \ {unixODBC,expat,mariadb}-devel lib{edit,curl,xml2,xslt}-devel \ glog-devel oniguruma-devel inotify-tools-devel ocaml yum install ImageMagick-last\* --enablerepo=remi My box is a clean centos 7.

Installing Go build server on centos 7

Wed, 11 Feb 2015 21:39:35 +0000

Installing the go build server in centos 7 with some easy step 1. First head over to the go page and have a look around http://www.go.cd/ 2. Download go server to you centos box wget http://download.go.cd/gocd-rpm/go-server-14.4.0-1356.noarch.rpm wget http://download.go.cd/gocd-rpm/go-agent-14.4.0-1356.noarch.rpm 3. Install it First start by adding the go user (something broken in install) useradd go Now run yum localinstall to install local packages yum install java-1.7.0-openjdk -y yum localinstall go-server-14.

Hosting you private docker repo

Wed, 11 Feb 2015 16:41:19 +0000

We are staring using docker in our developing process. and in that we need to have our own docker repo for hosting our private docker. The path is [public docker cloud(centos img)] –public docker image- > [jenkins build our code and docker img] —> our docker images —> [private docker repo]–our docker image->[Servers [int,qa,prod] 1. Setting up the docker imaged for the docker repo make a folder that will hold you data

Getting django docker prod ready with jenkins (part 1 the build)

Sun, 18 Jan 2015 21:25:59 +0000

So i have some django webb projects and now its time to get my django apps prod ready with docker. My plan is to with jenkins build my django apps (soon start a docker of the app and run some test but that will be later) make a docker image and send that to the docker cloud. Then a can download the docker image on my prod server and start the app.

Installing Openstack Centos 7

Fri, 03 Oct 2014 14:45:31 +0000

Time to install Openstack on an Centos 7 server. This was my first meeting with Openstack and it took some time for gettings things up. This would be a beginners guide to get you first server up and running. I followed this page in my installation https://openstack.redhat.com/Neutron_with_existing_external_network My Openstack server has one NIC connect to my DMZ network and then routed out. First install a Centos 7 minimal server and setup network

Installing Jenkins on Centos 7

Fri, 03 Oct 2014 14:43:32 +0000

So guide how to get jenkins up and running on centos 7 1. First install it ! yum install -y wget sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo sudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key sudo yum install jenkins 2. Install java sudo yum install java-1.7.0-openjdk 3. Open firewall firewall-cmd --zone=public --add-port=8080/tcp --permanent firewall-cmd --reload systemctl enable firewalld systemctl start firewalld systemctl status firewalld 4. start it ! sudo /etc/init.d/jenkins restart systemctl restart jenkins.

vmware to kvm (OWASP broken webb app on KVM)

Tue, 09 Sep 2014 10:38:29 +0000

So I uses kvm for my virtual server. But i got OWASP broken webb app in vmware format and its not ok. But with the help from google i found some help to get the OWASP Broken Webb App on my kvm hosts. I follewed the info from this page http://blog.bodhizazen.net/linux/convert-vmware-vmdk-to-kvm-qcow2-or-virtualbox-vdi/ 1. Download and unzip Owasp Broken Webb app to you folder (It uses 7zip for some reason) https://www.

Dyndns to loopia.se to update you domain dynamic

Sun, 06 Jul 2014 21:37:17 +0000

So many of my dominas I have registered on loopia.se. And they have dyndns support so I can create a subdomain to my domian. And have it updated when my laptop ore home ip changes. This make the task of connecting back to my home server easy. First install the dyndns clinet on you host here I’m installing it on my Centos 6 server with EPEL REPO installed yum install ddclient

OAuth2 Server on Python (with flask on Centos)

Fri, 30 May 2014 20:04:05 +0000

So at work we have started to look at OAuth2 for our web apps. So on our creativ friday today i started looking at putting together an OAuth2 server using python and flask. I followed the guide from this page http://lepture.com/en/2013/create-oauth-server And after some work I got an working server and client running on my Centos server. The code only uses an sqlite db and are only testing the OAuth functions so for a working solutions there are some more work.

Starting with Go on Ubuntu

Sat, 24 May 2014 20:56:02 +0000

So I starting to test to use the go language for some projects. Here is how i set up go on my ubuntu laptop. 1. Installing go language sudo apt-get install python-software-properties sudo add-apt-repository ppa:duh/golang sudo apt-get update sudo apt-get install golang verify go version 2. Getting an good IDE I uses sublime text find if here and install it http://www.sublimetext.com/ 3. Write you first line of code in GO Start up an new file in sublime and past this in the file (I call the file main.

Recover you python files from rm -rf *

Thu, 03 Apr 2014 14:49:50 +0000

So after cleaning up my work i run rm -rf * in the woring folder. Deleting all my work!. After fighting holding back some tears I set down and start see if i could recover my lost work. First recover you file from the filesystem and my laptop is an ubuntu desktop sudo apt-get install extundelete Then its time to recover the files i run this command to get my lost folder back

Install Pandora fms monitoring system on Centos

Sat, 22 Mar 2014 13:10:54 +0000

So for many years i use nagios to monitor my server and now im would say i can handle nagios config files good. But I fund pandora fms monitoring and this i must try. From the pandora console its mutch easy to from the webbrowser setup new task and tweek task so you alarms realy are correct. Doing this in nagios then i had to change config files and restart nagios and nrpe.

Pimcore Opensource online marketers dream install on Centos 6

Sun, 16 Mar 2014 20:18:00 +0000

For my elinodrift project I was searching for a online tool for handle online marketers. So I ended up with Pimcore for my service. Here is a small guide to install Pimcore on my Centos 6 server. First have install apache, Php and mysql on the server. I installed it on my webbserver so the server was pretty well configured. 1. PHP But for pimcore to run you must upgrade you php to version 5.

Open Webbmail RainLoop installation and setup

Sat, 15 Mar 2014 11:00:59 +0000

So I have testet so many differnt webbbased email programs. And have not been 100% happy with any of them. some are to big other look really bad. (Rainloop is open for non profit companies 🙂 ) But now i found one that I hope i can like some boor Rainloop http://rainloop.net/ It looks nice and are realy easy to install and setup. Here is how I installe if for my domain.

Protecting you web with ModSecurity On Centos

Tue, 04 Mar 2014 22:00:40 +0000

So it you worry about you webb then modsecurity is rely nice to have on your webbserver. I have it installed on my apache server with the regular rules from OWAS and also some rules for my own sites. But here is also how to install it. 1. Download and build modsec on your server Add some packages yum install gcc make yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel Go to http://www.

Install Elasticsearch, Kibana 4 , fluentd (Opensource splunk) with syslog clients

Sat, 22 Feb 2014 21:48:54 +0000

So used splunk some times but it has its limit (money) so now Im testing 1. Java first install java on your server. Get java from here http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html yum localinstall jdk-8u25-linux-x64.rpm And install it on your server. 2. Elasticsearch Get it from here http://www.elasticsearch.org/download I installed the rpm and run https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.0.Beta1.noarch.rpm yum localinstall elasticsearch-1.4.0.Beta1.noarch.rpm I hade to make some settings in this file my vps only hade 512m vi /etc/sysconfig/elasticsearch /etc/init.

Installing and configure Munin Monitoring (Centos 6)

Sat, 22 Feb 2014 21:40:44 +0000

to get some performance data from my server i use Munin monitroing system. And here is i samm guide how to install and set up munin on the munin serer and on the munin client. First up is to setup the munin server yum install munin munin-node <-- on server yum install munin-node <-- on clients i install both the munin server and node on the same host so i can monitor the host that the munin server is on.

Centos syncing VPS (Moving between VPS)

Wed, 19 Feb 2014 21:17:36 +0000

So I have one vps on a company not that good so now I want to move my centos server to A new VPS server. But I dont want to install eveything from the start again. So here is how I move my service between the two hosts. 1. Syncing yum Copy over you repo files I hade rpm forge and epel on my servers. scp rpm* root@eu1.elinodrift.se:/etc/yum.repos.d/ scp epel* root@eu1.

Build you first syco Module

Tue, 18 Feb 2014 22:12:56 +0000

SO from the last post you can install syco but you also need to build and update your own plugins in syco. Here is a small guide how to build you first plugin. Here om building some syco commands for controlling apache and glassfish server. the commands are run from our syco-chuck release commands center so for adding them to syco i can controll the script from sudo and do some extra test before starting and stopping the service.

Setup SYCO on you centos box

Tue, 18 Feb 2014 15:27:04 +0000

So if you care about security and stability you must have syco installed on your server. Read more about syco on the github project https://github.com/systemconsole Im staring to use syco not only production but also on my “Own” server. So more of you should really start using it and here is i guide for you to start using syco 1. Installing and setting up centos yum install git Gettings syco

Installing Asylguiden on centos Server

Mon, 17 Feb 2014 21:21:20 +0000

One of my own prodjects are Asylguiden. Its A python publish system build with django, Mysql and mongodb. You can find the code here on github https://github.com/mattiashem/asylguiden Asylguiden also works with wsgi for python and apache for displaying content here is my own how to for downloadning and setting up asylguiden on a production server. 1. Setting up server for hosing Centos yum install httpd mod_ssl git wget python-setuptools mod_wsgi

Installing Plex Mediaserver Centos 6

Sun, 16 Feb 2014 11:34:53 +0000

So I use plex for my media and i have a small server running with my plex server on it. and here is how I install plex server on my home centos server. This guide will work on several Linux dist 1. Grab latest plex server go to https://plex.tv/downloads and choose the one best match for you system I got wget http://downloads.plexapp.com/plex-media-server/0.9.8.18.290-11b7fdd/plexmediaserver-0.9.8.18.290-11b7fdd.x86_64.rpm Install the package rpm -i plexmediaserver-0.9.8.18.290-11b7fdd.x86_64.rpm Start the plex server

Blocking unwanted traffic (ddos,scrapers) Apache, Iptables

Tue, 11 Feb 2014 23:16:22 +0000

So spent last evning blocking ip comming from packetflip to our server. Looks in our Apache access log that there was some evil scraping going on so we started blocking. But its not that funny to block many ip manually so time for some scripts. First some info to use Packetflip user agent was Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.

Apache Strong SSL config

Sun, 19 Jan 2014 22:46:53 +0000

So only enable SSL on Apache is not good enough there are some config to add to apache to make it stronger. This are the setting i use in my apache ssl configs. SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem SSLCertificateKeyFile /etc/apache2/ssl/apache.key Header add Strict-Transport-Security "max-age=15768000" SSLCompression off SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000) SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4 And for generating you cert I use openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.

ejabber users from postfixadmin (python,mysql,md5crypt)

Fri, 10 Jan 2014 21:28:51 +0000

So Im running my emails with postfix and have postfix admin to manager my users and domains. But now it should be nice to have i jabber server running and to have the same user and password for both email and jabber. Ejabber support custom auth plugins and with some python i now have a working plugin. First install python packages yum install MySQL-python yum install python-passlib Add this script to you ejabber folder

Install and setup Haystack search for Django

Sun, 05 Jan 2014 22:28:01 +0000

So Mysql is crap at doing full text search. So in one of my projects i use Haystack so i can do full text searches. I have a running Django project up and this is how I setup haystack for my project. Install and config sudo pip install django-haystack in settings.py under INSTALLED_APPS add haystack 'haystack', And also in settings.py file add some haystack settings import os HAYSTACK_CONNECTIONS = { 'default': { 'ENGINE': 'haystack.

Install Elgg social network on Centos

Thu, 26 Dec 2013 16:26:57 +0000

Elgg is a social network web application that could e nice as intranet for companies. Well Its a PHP application so its easy to install First some yum packages yum install mysql mysql-server httpd php php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring wget unzip Setup an apache config <VirtualHost *:80> DocumentRoot /var/www/html/elinodrift.se ServerName domain.se ServerAlias www.yourdomain.se ServerAdmin webmaster@domain.se ErrorLog /var/log/httpd/elgg.log <Directory /var/www/html/elgg> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> Setup mysql

No more spam (Centos and postfix)

Wed, 25 Dec 2013 23:11:32 +0000

So i HATE spam and now to get rid of as so many as possible i go for 3 step. 1. Postfix Get postfix to restrict witch is to allow to send email to me. No strange name and use spam block lists. Also restrict time in how many connections you can do. 2. Greylisting So the first time some server tries to send email greylist says no resend that email.

Mailsystem Centos 6 (Postfix,Mysql,Dovecot) with TLS and SSL Part 2

Wed, 25 Dec 2013 22:49:09 +0000

So now I have en working Postfix that receive email i need something so that I can read me emails. So we will setup dovecot to use our mysql for users. and use SSL on all our connections. Setup Mysql Create a file called dovecot-sql.conf.ext in /etc/dovecot (Ore where you want to have it) Add the following settings to the config file driver = mysql connect = host=localhost dbname=virtual_mail user=postfix password=some_pass default_pass_scheme = MD5-CRYPT user_query = SELECT '/home/vmail/%n@%d/' as home, 5000 AS uid, 5000 AS gid FROM mailbox WHERE username = '%u' password_query = SELECT password FROM mailbox WHERE username = '%u' Update so it match you config.

Mailsystem Centos 6 (Postfix,Mysql,Dovecot) with TLS and SSL

Wed, 25 Dec 2013 22:28:37 +0000

So for my virtual machines I have set up an mail system with Postfix that will look up users and domain in a Mysql server. Then store the emails in one mailbox. For users to get there mail it uses Dovecot IMAP and Squrrelmail for displaying email. This setup can be deployed all on one machine as I do. Or If you have allot of mail u can use cluster function for postfix.

Mysql InnoDB- Error- checksum mismatch

Mon, 23 Dec 2013 12:25:18 +0000

So efter I had publish mw post i got some mysql error. The checksum did was not correct. So for solving this i had to. Control the checksum ibdata is you innodb data file innochecksum ibdata1 -d So i have not all writen to database. so lets write then with force mysqld_safe --innodb_force_recovery 4 Then when it done kill the mysql and restart it normaly and you data mysql should be up and running again.

Mining Litecoins and Feathercoin

Mon, 23 Dec 2013 11:05:37 +0000

Start mining some coins right now. First you need to sign up to some mining pools. I use for Litecoins http://pool-x.eu and for Feathercoin https://ftc.d2.cc. You can have differnt mining task running on you GPU ore on you CPU. I at the moment only using my CPU but it i get the GPU runing as well i will update the blog. This is and great blog on how to get started with minerd

Apache performance config

Mon, 16 Dec 2013 21:02:29 +0000

Now on all my Apache i always load this Apache config. It enabled some apache standard performance config for Apache as a good standard. KeepAlive. Gzip all transfer and local disk cache my /etc/httpd/cond.f/01.conf NameVirtualHost *:80 NameVirtualHost *:443 #Speedning upp webres Apache config # 2 HOURS <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$"> Header set Cache-Control "max-age=7200, public" </FilesMatch> # 1 HOUR <FilesMatch "\.(xml|txt)$"> Header set Cache-Control "max-age=3600, public, must-revalidate" </FilesMatch> # 2 HOURS <FilesMatch "

Fail2Ban on Centos

Mon, 16 Dec 2013 20:58:10 +0000

Fail2Ban is a small service to block unwanted traffic to you server. I use it to block ssh,and postfix loggins in to my virtual hosts. Fail2Ban scans the service loggfiles and if it find any strange traffik like ssh bruteforce. That ip will be blocket for some time. All settings are done in /etc/fail2ban/ folder. Install Have epel repo aktivated on server tha run yum install fail2ban Then do your local config in

Install Diaspora one Centos 6.4 with Apache

Sun, 24 Nov 2013 21:25:42 +0000

So Im going to test diaspora on one of my virtual server with run centos 6.4. Setup Centos Setup Repos wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm" Install packages yum install tar make automake gcc gcc-c++ git net-tools libcurl-devel libxml2-devel libffi-devel libxslt-devel tcl redis ImageMagick npm mysql-server mysql-devel httpd mod_ssl libyaml libyaml-devel patch readline-devel libtool bison Start services chkconfig --level 3 httpd on chkconfig --level 3 mysqld on chkconfig --level 3 redis on

Custom nagios plugins in python

Tue, 05 Nov 2013 15:20:51 +0000

For monitoring different service and function you may need to build some custom monitoring plugins. I have some build for nrpe and will work with both nagios and icinga. This script will do and mysql check and then send the data back and also start graphing the data back if you use pnp4nagios 🙂 Every plugin must have two things. 1. an exit code thet will say the state of the plugin (OK.

Rolling back Andrioid on your Nexus 4 after Ubuntu

Mon, 04 Nov 2013 16:58:16 +0000

So i had to roll back to andriod. ubunut is not realy ready for my phone. So this is how you do. 1. download you andriod images from here https://developers.google.com/android/nexus/images#nakasi Download and untar in nice folder. 2. Connect with USB to phone and power it on (Booting to ubuntu is ok) run adb reboot-bootloader This will make the phone go into boot image. 3. Install andriod in the folder that the downloadin andriod image is in run

Ubuntu Phone First Week

Sat, 26 Oct 2013 19:47:46 +0000

So my first week has gone since i rooted my Nexus 4 and installed the new Ubuntu phone. It was realy easy to root and install the phone the hole process was done in 30 min including backup. It has bean I hard week but now at the end life with the phone is better. So the ONLY things that really work in the phone is. Make and receives calls Send and receives SMS With i browser surf (Only from wifi ) That about it so my connections to the world when Im on the road is dead.

Private GIT server on centos 6

Tue, 15 Oct 2013 14:40:50 +0000

So i need to have an private git server. The plan is to fill the git server with my backups so I can see changes done to my git server. Set up the local GIT server Users adduser git passwd git Become the git user and go to home folder su git cd ~ Create the repo mkdir myrepo.git cd myrepo.git/ git --bare init So now the repo is done lets connect to it and start using it.

Owncloud 5 on Centos 6.4 apache-mysql

Thu, 10 Oct 2013 13:33:35 +0000

How to install owncloud 5 on you centos 6.4 server with mysql and apache to serve it. First install packages and service needed. yum -y install mysql-server httpd php php-mysql unzip wget php-json php-xml php-mbstring php-zip php-gd curl php-curl php-pdo mod_ssl Set apache and mysql to start at boot chkconfig httpd on chkconfig mysqld on Start them up /etc/init.d/httpd start /etc/init.d/mysqld start Make a new file called /tmp/setup_owncloud.sql and put this in the file (Ore past it in the mysql shell)

Securing Apache – TRACE TRACK XSS

Mon, 07 Oct 2013 15:12:50 +0000

So i will tryi to updated with some tips on securing apache as I stumbel over them. This will be the first one in not so many I hope (Apache will be secure ) I always scan my servers every month with Openvas as one of my PCI-DSS task. And this week I locking down my Apache servers. Add this in you vhost file ore in the welcome.conf file and rerun you scan.

Glassfish Monitoring with VisualVM

Wed, 25 Sep 2013 14:45:28 +0000

For monitoring Glassfish performance i use VisualVM. I have visual installed on my laptop and the connects using jmx to my glassfish servers to get server stats. This is only to get the current data and to se how mutch memory my apps are using and so on. 1. Download and start VisualVM Go here and download VisualVM http://visualvm.java.net/ Install visual on you local computer. 2. Set up Glassfish for reciving JMX connections from external ip On your glassfish you need to add som jvm values so in your server-config –> jvm-settings –> JVM options add the following.

Glassfish Asadmin commandon to remeber

Tue, 17 Sep 2013 19:39:08 +0000

here are som glassfish 4 asadmin commandon to remeber asadmin --host 127.0.0.1 --port 4848 enable-secure-admin Enabel so that you can use 4848 from external computer asadmin change-master-password --savemasterpassword=true Change you master password (keystore access) asadmin change-admin-password Change you glassfish admin password to use asadmin and admin gui. asadmin login Store you password on disk so you can login without password asadmin create-jvm-options asadmin delete-jvm-options Create and delete server jvm options

Set Glassfish4 to production state

Tue, 17 Sep 2013 19:19:09 +0000

Ot work we are using Glassfish 4 for our applications. And to set glassfish for production there are some setting you need to set. We are scripting our installation so our changes are done with the asadmin tool. This is my reminder of the asadmin commands I run when setting glassfish4 into production state. First lets delete some values that are default asadmin delete-jvm-options -client asadmin delete-jvm-options '-XX:MaxPermSize=192m asadmin delete-jvm-options -Xmx512m First setup that we are using an server and some memory values

Install Crashplan on Raspberry Pi

Fri, 13 Sep 2013 20:36:06 +0000

For syncing my data to my raspberry i use bitsync but its even better to have the data on two locations as well. So for having my stuff safer i will try using crashplan Installing java for crashplan sudo apt-get install openjdk-6-jre libjna-java Download crashplan wget http://download.crashplan.com/installs/linux/install/CrashPlan/CrashPlan_3.5.3_Linux.tgz Run the installer cd CrashPlan-install/ ./install.sh Follow the installar and press enter to install crashplan in with its defult settings. Fixing so crasplan will start (OPTIONAL TEST TO START CRASHPLAN NOW TO SE IF IT WORKS IF NOT MAKE THE CHANGES)

Install Bitsync on Raspberry Pi

Fri, 13 Sep 2013 19:50:03 +0000

So today im using dropbox to sync all my stuff between devices. But now there are so much there so my free space is almost full. So now its time for me to move to bitsync an then sync all my devices. Install bitsync Go to folder /opt cd /opt Download bitsync wget "http://btsync.s3-website-us-east-1.amazonaws.com/btsync_arm.tar.gz" unpack it chmod 700 btsync_arm.tar.gz tarr zxvf btsync_arm.tar.gz Start it cd bitsync ./bitsync go to the webbpage

Centos What files are open to that PID

Thu, 29 Aug 2013 09:06:39 +0000

Find out what files are open by that pid file. 1. Find the pid for you service ps aux | grep httpd apache 24179 0.0 0.0 251316 15528 ? S 08:58 0:00 /usr/sbin/httpd Here this pid is 8582 now list all files open by that pid. 2. List files beloning to that file lsof -p 24179 OR ls -l /proc/24179/fd l-wx------ 1 root root 64 Aug 29 09:04 113 -> /var/log/httpd/access_log_sycochuck l-wx------ 1 root root 64 Aug 29 09:04 114 -> /var/log/httpd/_apache_access_log l-wx------ 1 root root 64 Aug 29 09:04 115 -> /var/log/httpd/_apache_access_log l-wx------ 1 root root 64 Aug 29 09:04 116 -> /var/log/httpd/_apache_access_log

Mysql Commands to Remember

Thu, 29 Aug 2013 08:45:06 +0000

This is an reminder for mw some mysql commands that i use often and my mind not always bring with me. Optimize table When i table that has many writes and delets get fregmant this will speed up the database. optimize table Sys Creating users CREATE USER 'dbuser'@'localhost' IDENTIFIED BY 'some_pass'; GRANT ALL PRIVILEGES ON *.* TO 'dbuser'@'localhost' FLUSH PRIVILEGES; Adding Mysql Monitoring User GRANT SELECT, REPLICATION CLIENT, SHOW DATABASES, SUPER, PROCESS ON *.

Kernel updated don´t update grub on Centos 6.4

Thu, 15 Aug 2013 15:02:42 +0000

So you have updated the kernel on you centos but you server is still running on the old kernel. Whenan kernel is updated yum updates the file /etc/grub.conf and that is an synlink to /boot/grub/grub.conf but if the link is broken then you will have two grub.conf. One /etc/grub.conf and one /boot/grub/grub.conf and then when you update en kernel the server will still not run on the new kernel.

Remove old kernel in Centos

Thu, 15 Aug 2013 13:47:45 +0000

So you try to update you server and it says that you /boot pertision is full and cant update kernel. Will this is how you remove some old kernels so you can keep your system up to date. 1. First what kernel is running now (We dont want to remove that kernel) uname -a Linux install 2.6.32-279.19.1.el6.x86_64 #1 SMP Tue Nov 6 23:43:09 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux Ok kernel 2.

Python ConfigParser using you own config files in python

Wed, 07 Aug 2013 11:26:42 +0000

Storing settings in config files and then let python read the configfiles and to good stuff . Read the file #Reading config file config = ConfigParser.ConfigParser() config.read('setting.cfg') print all items and values in an section for name, value in config.items("monitor"): print ' %s = %s' % (name, value) Print all items in configfile for section_name in parser.sections(): print 'Section:', section_name print ' Options:', parser.options(section_name) for name, value in parser.items(section_name): print ' %s = %s' % (name, value) My settings.

How the HELL is oncall ? (the oncall reminder script)

Mon, 05 Aug 2013 21:59:17 +0000

When you have oncall often sometimes is easy to forget hows oncall and when you are not. So for the last time wonder how is oncall and ask some python for some help, The script #!/usr/bin/env python # # Mattias Hemmingsson # matte@elino.se # # Script for reminder friend when to bet # Uses and csv file and send email to remind when its time to bet. # # import csv import smtplib from datetime import datetime, timedelta, date #Get users and send email to users sender = 'noreply@elino.

restrict sms in nagios / icinga

Mon, 05 Aug 2013 16:13:58 +0000

Im using nagios as primary monitoring tool. And to get alerts we use an sms gateway. The problem is that sometimes when we work we bring down and server and we get so many sms from icinga that you trow away you phone. So for bringing the sms cost down and to have not so many sms to you phone i build a small email blocking script. This will take the address of the sms and only send one sms / email every 5 min (can be set to anything).

NTP Server and client setup

Sun, 04 Aug 2013 22:23:12 +0000

Time is critical when having many server and using different clusters. So i made this guide to save all my notes when working with time. Setting local time I make an link to /etc/timezone ln -sf /usr/share/zoneinfo/Etc/GMT /etc/timezone To check if i use the correct time zone date Install ntpd Ubuntu apt-get install ntp Centos yum install ntp Set up my ntp server for my other server. My ntp server is and ubuntu server

LVS cluster for Centos

Thu, 01 Aug 2013 14:08:13 +0000

An other cluster solution for Linux is LVS. I im testing to use LVS cluster for some cloud server. My cloudserver has one external ip and i want all traffic to come to that ip and after that be redirected to my web nodes. Witch LVS i will redirect all traffic to that ip and load balance it between my nodes. When i set up HAProxy i only loadbalanse webb traffic.

Install HA-Proxy for load-balansing on Centos

Tue, 30 Jul 2013 20:25:36 +0000

For load balasing my weebtraffic im setting up HA-proxy. The proxy recives reqest on one ip and then even loads the reqest between my web server nodes. First install and enable Epel repo yum install haproxy open the configfile /etc/haproxy/haproxt.cfg and ad to the buttom of the file listen http_web 192.168.44.20:80 mode http balance roundrobin # Load Balancing algorithm option httpchk option forwardfor server server1 192.168.44.21:80 weight 1 maxconn 512 check server server2 192.

Install Heartbeat HA cluster on Centos

Tue, 30 Jul 2013 19:40:01 +0000

So the backbone of my webcluster i use Heartbeat to monitor the server performance. Heartbeat is setup to monitor the servers and to take actions if anything happens with some of the nodes. This guide is for migraing and ip addres from one node to the secondary of the first node goes down. Then i configure the other servers like apache ore mysql ontop. First begin to enabling EPEL repos.

Install puppet clinet on Centos 6

Wed, 24 Jul 2013 21:55:16 +0000

Setting up my puppet clinet in centos and then connect it to my puppetmaster. Enbling the puppet lab repository rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm Enabling EPEL repos rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm Install puppet client yum install puppet make shore that you hostfile is ok /etc/hosts 10.30.0.1 puppetmaster.xxx.xx puppetmaster Openup the file /etc/sysconfig/puppet and set # The puppetmaster server PUPPET_SERVER=puppetmaster Now its time to start the puppet client /etc/init.d/puppet start chkconfig puppet on

Openvpn Fixed static ip for clients

Wed, 24 Jul 2013 20:46:54 +0000

When my cloud server connect to my openvpn server i need them to have the same ip addres. All the time this is so I can set up monitoring and alerts system. Internal DNS and puppet controll. On the openvpn server ad this in you server.conf client-config-dir /etc/openvpn/ccd then create the folder /etc/openvpn/ccd In that folder create an file and give it the file name as you user ore keys are called.

Openvpn generate clinet config and keys

Wed, 24 Jul 2013 20:36:29 +0000

On my openvpn server i have built an small script so i can create new clients certs easy. My server is and Ubuntu server and my openvpn server is set up from this guide. https://help.ubuntu.com/community/OpenVPN In the folder /etc/openvpn/easy-rsa i created he folder TEMP Then i used this script to create the clients #!/bin/bash echo "Enter name of server" read NAME #Making Certs source ./vars KEY_CN=$NAME ./pkitool $NAME #Copy keys and files cp keys/$NAME.

Set up Openvpn client on Centos 6.4

Sun, 21 Jul 2013 22:39:45 +0000

I often use Openvpn to connect my servers toghter over several cloud servers provider. This is my small how to for setting up the openvpn client. Install the openvpn server yum install wget wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm rpm -Uvh epel-release-6-8.noarch.rpm yum install openvpn Set up the Vpn client In /etc/openvpn extract you vpn config Save you openvpn config file as client.conf Test you vpn openvpn --config client.conf Now when its working restart you openvpn with

Install Glassfish4 and Java7 on Centos

Mon, 17 Jun 2013 14:41:41 +0000

An easy guide to get glassfish4 and java7 running on you centos 6 server. First install the java7 and get java working on your server. Then we download and setup glassfish4. Installing Java 7 Go to the java download page and get an version of java 7 jdk version. You must first download to you desktop and then copy the jdk over to you server. Oracel don’ t support direct download of java to you server :-(.

Openvpn on Raspberry Pi

Mon, 17 Jun 2013 08:12:52 +0000

So sommar is comming and I planning to be away as mutch as possible. But I need an door in to my server at home for some work. When Im of i only will have an 3g/4g connections so its mutch nicer to work against my server home at a stabel 100 line. So for making this possibel I install en openvpn server on my PI sitting in my closet.

Installing PfSense on Clavister

Sat, 15 Jun 2013 12:17:54 +0000

After we change our server location and install some new servers and firewalls (Firewall now in centos with iptables) we got one Clavister over. We needed a new firewall in our office but did not want to use the Clavister firewall software so we decided to see if we could get PfSense running on the hardware. We open the Clvister up and made some hardware changes to it. Incresning the memeory from 512mb to 2g.

Extracting HP-Switch running config

Mon, 10 Jun 2013 15:29:02 +0000

Every so othen I have to extract my running-config from my hp switches. And put them under OSSEC file monitoring. And to verify so that no changes has bean done to the original running-config. So here is an small script for extracting my running-config and mf5 check that they are the same as my standard config. Make you own changes to the script to work in you system 🙂

SE Linux allowing Mysql Socket

Wed, 05 Jun 2013 10:55:53 +0000

So this morning my mysql server did not start properly. But when I disabled selinux the mysql server come back up. After some digging i found that we have linked the mysql folder /var/lib/mysql from the /var/log disk (its my syslog server and /var/log has all the disk) So for starting my mysql I hade to do some small changers. First setting my socket to the right path i my.cnf

Django sending email

Tue, 04 Jun 2013 21:35:24 +0000

building and small webpage and in that page I want an small contact field. So my visitors (if any ) can contact me with an form input. So I made an small html template that has a very small form (No validation ) and then post the email and massages back to the view that send the email. small and simple and today work in front of the tv. django template my template extends my index as you see called contact.

Testing OSSEC / Syslog auth

Mon, 03 Jun 2013 20:38:35 +0000

Im runing and PCI DSS Level 1 system. And during our PCI Audit i have to provide evidence that our monitoring system (OSSEC) can log logins that fails. So or testing this and to provide evidence for our audit I made a small python script. the Scripts tries to login to th host specified in and text field and tries to run an command on them. (You can alter this to the correct username / password and then run commands on all server)

DNS Verify new ns servers

Sun, 02 Jun 2013 17:06:10 +0000

The dns tester scripot lets you check so that you dns name are correct checking first used names today and then verify the names with you new DNS server. You will need an file of you doman names first to run in the script. #!/usr/bin/env python import socket import dns.resolver #v=”yes” g_dns=”88.80.170.189″ o_dns=”81.201.209.55″ def test_dns(name,typ,v): print “===================================================================” try: answers = dns.resolver.query(name,typ ) for rdata in answers: if v ==”yes”: print “Your DNS = ” + str(rdata) except dns.

Send logs to localsyslog (Apache,Mysql,Glassfish)

Thu, 30 May 2013 15:04:34 +0000

Adding you logfiles to an syslog server is an easy way to get all logs collected in one place. I Use to set all my service (apache,mysqlmmm) to log there logs to the local syslog server. Then I config the local syslog to send al its log to an central logserver. This way I get all my logs collected and displayd at one place. Apache In the file httpd.con fins the line ErrorLogs and replace the line with ErrorLog syslog:local1 Mysql

SELINUX Allow rules

Wed, 29 May 2013 11:46:53 +0000

SELINUX Small guide to allow rules from the host in selinux. Look in you audit.log file to se what selinux is doing on you system. Allow rules from the log file. Install yum packages yum install policycoreutils-python Cat you audit log file into audit 2 allow to build rules. cat /var/log/audit/audit.log | audit2allow -M mailreplay Now audit2allow will show you want rules it wants to updates / install. Install them with semodule -i mailreplay.

Fredags kul

Fri, 30 Nov 2012 18:09:03 +0000

Fredags kul sätter upp sip telefoner åt en kund och kodar django.

Thinstataion PXE Ubuntu

Mon, 12 Nov 2012 18:48:30 +0000

Hämta thinstation: apt-get install git mkdir /opt/thinstation cd /opp git clone –depth 1 git://thinstation.git.sourceforge.net/gitroot/thinstation/thinstation Sätt upp chroot thinstation: cd /opt/thinstation ./setup-chroot Bygg din första thinstatin cd /ts/5.1 ./build Sätt upp thinstation med våra paket Öppna upp build.conf. I denna fil måste du lägga i de hårdvaru paket som körs. Vi vill hålla start avbilden så liten som möjligt det gör att för att den ska vara snabb så väljer vi bara de moduler som vi verkligen behöva.

Ubuntu tftp Server

Mon, 12 Nov 2012 18:42:57 +0000

Installera paketen: sudo apt-get install xinetd tftpd tftp Skapa katalogen tftp jobbar med sudo mkdir /tftpboot sudo chown -R nobody.nogroup /tftpboot sudo chmod -R 777 /tftpboot Editera xinet konfigen: sudo nano /etc/xinetd.d/tftp service tftp { protocol = udp port = 69 socket_type = dgram wait = yes user = nobody server = /usr/sbin/in.tftpd server_args = /tftpboot disable = no } Starta om xinit: sudo /etc/init.d/xinetd restart Prova om det fungerar:

Ossec agent auto multi installation

Thu, 06 Sep 2012 09:31:32 +0000

Ossec är det övervakninsg system som jag använder mest. En sak som dock ställer till det lite att man hela tiden måste para ihop agneten med server. Det fungerar kalas om man bara har några få servrar. Men har man en massa blir det lite mekigare. Men nu så kan man scripta upp så man kan installera agenter automatist. Börja med att skapa nycklarna på ossec server Det första vi ska göra är att skapa upp nycklarna på ossec server.

Få Ossec att logga sina loggar till syslog

Wed, 05 Sep 2012 13:14:50 +0000

En bra sak är att samla alla sina loggar i syslog server. Och en av de loggar man vill ha är ju ossecs loggar. Det kan man göra lätt genom att låta ossec logga till syslog. Jag har nu satt upp min syslog med tls och ossec kan inte skicka loggar med tls. Så det jag gör är att jag lägger ossec server på min syslog server. Sedan låtar jag ossec servern logga på loopback nätet ner till min syslog server.

Rsyslog TLS mellan server och klient

Wed, 05 Sep 2012 12:53:33 +0000

Syslog är i vanligt fall en öppen stadard vilket gör att om man skulle kunna kolla i traffiken mellan klineten och server. Men från rsyslog version 3? så kan man kryptera traffiken mellan server och klient. Viktoig då man skapar nycklar och ca till de olika servrana är att man hålelr reda på dns namn och server namn. Anger man fel namn i certifikaten mot vad server heter komm det inte fungera.

centos6 rsyslog och mysql

Mon, 03 Sep 2012 14:38:56 +0000

För att få lite kontroll på alla loggar ska jag installera en central rsyslog server. Vi ska spara alla loggar i mysql så man lätt kan komma åt loggarna och även kunna se de i “live”. yum install rsyslog rsyslog-mysql mysql-server Sätt upp mysql för att kunna ta imot loggarna. Vi laddar in en sql fil från syslog som sätter upp en databas som heter Syslog och laddar den med tabeller.

clamav viruscan script

Tue, 24 Apr 2012 14:44:43 +0000

Clamav är det virus program som jag för det mesta kör på mina linux servrar. Den går lätt att installera coh sedan har jag ett litet bash script som scannar mina server en gång per dag /vecka. För att scriptet ska funka så måste du skapa katalogen /var/log/clamav #!/bin/bash # email subject SUBJECT="VIRUS DETECTED ON `hostname`!!!" # Email To ? EMAIL="sysoparenden@fareoffice.com" #Date for saving all scans DATE=`date +%y-%m-%d` # Log location LOG=/var/log/clamav/scan-$DATE.

Sätta upp vlan med dhcpd server med ubuntu

Sat, 21 Apr 2012 20:06:15 +0000

Vlan kan användas för att kunna prata med moderana switchar och nätverkutrustning. I de kan man tex sätta att en port eller trådlöst nätverk ska använa sig av tex “vlan1”. Då när jag sätter upp ett nytt lan på min ubuntu kommer jag ha en nätverks port som kan prata med de andra som också använder vlan1 och går genom den port eller trådlösa som är taggade som vlan1. På så sätt kan vi sepparera nät från varandra.

Zimbra nya cert

Thu, 19 Apr 2012 07:04:58 +0000

Man måste updatera certen till zimbran annars kommer den bara säga. “Nätverksfel då man försöker logga in” Och man kommer få fel i loggarna med SSL och så kan man inte starta om den. Har gjort ett litet script som man då kan köra ingång per år. för att förnya certen. Denna genererar bara ett nytt själv signat cert. Har du publica sigande cert kan du inte använda denna. Man jag brukar lägga dom publika certen på webbserver.

Installera nagios med Elino configen och Apache med LDAP Auth

Tue, 17 Apr 2012 07:42:29 +0000

Denna guden visar hur du s’tter upp nagios övervakning och sedna kopplar den till en openldap server med apache för att auth användarna. I guiden så tar jag INTE med hur du sätter upp nagios för att övervaka dina servrar. Det får bli en annan guide. Install nagios yum install nagios nagios-plugins-all Skapa och sätt upp elino configfiler Vi skapar en elino katalog. Sedan kopierar vi ner elino configiler i den.

Elino paket guide

Sun, 15 Apr 2012 18:59:33 +0000

h2. Skapa ett nytt paket Våra paket finns på på elino server i */opt/elino/paket* Börja med att skapa en katalog som även ska vara namnet på paketet *Namnet MÅSTE avslutas med -nummer tex-1 och bara vara i små bokstäver* mkdir elinoLTSP-1 Sedan är det daxs att sätta upp deb filerna som behövs dh_make -n På frågan svarar du ett du vill göra ett singel paket *s* Nu ska vi sätta upp de saker som vi behöver för att bygga paketet.

Sätt upp en egen repo

Sun, 15 Apr 2012 18:53:37 +0000

Sätt upp en egen repo underlättar ganska mycket för en. I denna guide så visar hur man sätter upp en repo. I nästa guide blir det hur man skapar och gör egna paket för att sedan lägga i sin repo. Börja med att installera reprepro på din ubuntu hoj sudo apt-get install reprepro mkdir /srv/reprepro cd /srv/reprepro mkdir conf dists incoming indices logs pool project tmp files Sedan behöver vi vi lite filer till våran repo.

Syco pyton kodning. Lite små script för att testa last minne och anslutningar

Tue, 13 Mar 2012 15:49:22 +0000

Dagens kodning är avslutet. Idga har jag byggt en del funktioner för att testa lite olika saker. Hare n funktion som testar om en tjänst svarar på en port kan vara både udp eller tcp. Sedan så plockar jag ut last och minnes använing på server så jag kan se hur mycket minne apache drar. Och så för att kunna kontrollera så att mina webbsidor är uppe så ett liten function för att kolla om en text sträng finns på en webbsida.

Thinstation.org på Ubbe 12.04

Tue, 13 Mar 2012 09:26:00 +0000

Thinstation är en grym palltfrom för att bota tunna klienter mopt en server. Den klarar tror fan alla olika protokoll vilket gör att det är underbar att ha som bas. Jag ska sätta upp den för att boota mot en nx server som finns på en ubuntu desktop. Men man kan lika lätt sätt upp den mot att köra bara en firefix eller chrome webbläsare. Eller att bara boota up den mot en windows eller ssh.

koha bibliotek till OpenLDAP

Mon, 12 Mar 2012 21:08:43 +0000

Hur man kopplar ihop koha bibliotek med din openldap server. För att få det att fungera fick jag trixa till lite i koden. 1 Börja med att editera koha configfilen. Min fanns under den bibliotek jag gjort på växthuset vi /etc/koha/sites/vaxthuset/koha-conf.xml börja med att aktivera ldap genom att ändra o tille n 1och läggs sedan in följande under taggen OBS fick ta bort lite < så man kan visa taggarna i wordpress useldapserver>1/useldapserver> ldapserver id=”ldapserver” listenref=”ldapserver”> hostname>10.

mail till script Zimbra tex zimbra till redmine

Mon, 12 Mar 2012 16:20:58 +0000

Så Äntligen Efter en dags hårdargenade har jag äntligen hittat hur man gör för att köra ett script då man mailar till en använare i zimbra. Jag använder det till så man kan maila till tex arenden@fareoffice.com så kommer det som ett ärende in till redmine. 1. Fixa till din transport i zimbra. Öpna filen vi /opt/zimbra/postfix/conf/transport ######REDMINE adding arenden@fareoffice.com local: arenden@fareonline.net local: issues@fareoffice.com local: Sedan så fixar vi till transport databasen

Fått ett träd på jobbet

Wed, 29 Feb 2012 14:34:33 +0000

Har ett litet träd nu på jobbet. Står tryckt på två tack servrar.

Dra upp TLS på openldap server ubuntu 12.04

Fri, 17 Feb 2012 20:41:05 +0000

Daxs att sätta upp openldap server och lägga på TLS på den. Första steget fixa till så det finns certifikat till server. installera lite paket som behövs sudo apt-get install gnutls-bin ssl-cert Fixa en ca nyckel som kommer vara som en bas sudo sh -c "certtool --generate-privkey > /etc/ssl/private/cakey.pem" skapa en fil som heter /etc/ssl/ca.info och lägg följande i den cn = Example Company ca cert_signing_key Daxs att göra en nyckel till server och signa den med våran ca nyckel

Openldap Server ubuntu 12.04

Thu, 16 Feb 2012 20:22:07 +0000

hur man installerar Openldap server på en ubuntu 12.04. Obs se datumen ubuntu 12.04 är inte ute än så denna är lite innan kan man säga. När man installerat oepnldap server har dom kommit på den supersmarta iden att man ska ta den domän som finns i hostfilen och bygga ett ldap träd av det. så /etc/hosts för mig ser ut så här. 127.0.0.1 localhost 127.0.1.1 vh-hv-bas2.elinofied.se vh-hv-bas2 vilket gör att nu då jag installerar slapd så kommer den fixa et träd från början som heter

Jfokus 2012

Tue, 14 Feb 2012 14:56:55 +0000

Sitter på jfokus 2012 och väntar på sista föreläsningen för dagen om säkerhet i ria.

Backtrack hack wep

Sat, 11 Feb 2012 15:11:44 +0000

Att hacka wep är en ganska lätt sak. WEP har nämligen ett fel i sig som gör att samlar man på sig tillräckligt många paket så kan man från paketen läsa ut vad wep nyckeln är. För att gör adet så behöver man först lyssna på en bassation som använder sig av WEP. Efter det är det bara att hitta så många paket som man behöver runt 20 000 stycken.

backtrack mitt startup script

Sat, 11 Feb 2012 15:07:03 +0000

När man startar upp backtrack så startar den alltid i sin live miljö. Och tyckte det var lute jobbigt att varje gång hålla på att ställa in alla saker som ska göras. Så jag har gjort ett litet script som jag har liggande på min kryptade del på usb minnet. Den fixar till tangetbordet så det blir till svenska. Sätter upp mina två trådlösa kort Ändrar macaddress på mina två trådlösa kort

Backtrack uppe

Sat, 11 Feb 2012 14:59:38 +0000

För att hålla mig lite uppdaterad brukar jag försöka köra lite Backtrack. På securitytube finns en jävlit bra video kurs i trådlöst att gå och för att kunna labba ordentligt har jag fixat ett bra trådlöst kort och flera bra antenner så man kan få in många nätverk. Jag startar min bärbara på en usb sticka med Backtrack på och som också har en kryptad del där jag kan spara lite info på.

syca Zimbra med Zimbra

Wed, 01 Feb 2012 14:34:41 +0000

Sätter upp en del zimbra servrar. Och åker alltid på att synca mailkonton från den gamla till den nya. Har testat tror alla olika sätt som föreslås med att synca men igentligen bara hittat ett som fungerar bra. Kör nu mera alltid imapsync som kör kör mellan de båda zimbra servrarna. Sedan får mina användare att komma förbi och skriva in sin uppgifter så kör jag igång scriptet som syncar

Zimbra på centos 6

Mon, 30 Jan 2012 13:37:11 +0000

Installation av Zimbra server¶ Dokumnet tagna från http://www.zimbra.com/docs/os/latest/multi_server_install/wwhelp/wwhimpl/js/html/wwhelp.htm Ladda ner zimbra från http://www.zimbra.com/downloads/os-downloads.html Börjar installationen Installerar beronden yum install nptl sudo libidn gmp sysstat libstdc++.so.6 yum remove sendmail Fixa sudoers Avmarkera följande rad i sudoers. vi /etc/sudoers #Defaults requiretty Laddar ner zimbra mkdir /var/zimbra cd /var/zimbra wget http://files2.zimbra.com/downloads/7.1.4_GA/zcs-7.1.4_GA_2555.RHEL6_64.20120105094542.tgz tar zxvf zcs-7.1.4_GA_2555.RHEL6_64.20120105094542.tgz Zimbra vill installera sig själv i /opt så fixar en synlänk till det ln -s /var/zimbra /opt/zimbra Fixar till katalog namnet

Snyggat till Skolsystemet

Thu, 26 Jan 2012 20:57:20 +0000

Yo Suttit nu på kvällen och snyggat till skolsystemet jag bygger på med boostrap Är ett css mall som är samma som twitter använder. Det gör livet lätt för mig jag bara slänger in css bland mina andra css och sedan är det fritt fram att lägga till de olika komonenterna hur lätt som hälst. Så det känns som den blir snyggare och snyggare. Nu är det daxs för annat

Två dagars för en one liner

Wed, 25 Jan 2012 14:40:21 +0000

Jobbat nu i två dagar att få till en modrerwrite som gör om alla våra stökiga url till finare url. Det ska göra att alla sökmotor ska gilla våran sida mycket mer. fick en excel från SEo folket och nu två dagar senare har jag hittat en online som fixar till det åt oss. Var lite mek då det händer mycket bak i php systemet, RewriteRule ^matte/([^/]+)/([^/]+)$ main.php?destination=Spw/740/uk/${statemap:${upper2lower:$1}|}/${locationmap:${upper2lower:$2}|} [NC,L] The post is brought to you by lekhonee v0.

Ny nas till växthuset

Wed, 25 Jan 2012 13:52:27 +0000

Fick en fet nas idag som jag ska trycka in freenas på och sedan dra ur till växthuset.

Där jag sitter och jobbat

Wed, 25 Jan 2012 13:47:56 +0000

Här sitter jag och jobbat för fullt. Då jag inte är pappa ledig. Två bärbara en med ubbe och en med win7. Måste tyvärr ha en för att komma åt vissa saker. Är min chefs feta Mac som skuggar mitt fina skrivbord.