https://lifeandshell.com/tags/code/ Recent content in Code on Life and Shell Hugo -- gohugo.io en-us Mattias Hemmingssion mattias@lifeandshell.com Sun, 13 Apr 2025 09:32:36 +0000 https://lifeandshell.com/posts/wazuh-digest-any-source/ Sun, 13 Apr 2025 09:32:36 +0000 https://lifeandshell.com/posts/wazuh-digest-any-source/ How I Built a Custom Wazuh Log Ingest Pipeline (And Ditched the Wodle) If you’ve ever tried to push custom logs into Wazuh, you’ve probably stumbled across something called a Wodle. Wazuh uses these built-in scripts to collect and parse data—especially useful for integrations like AWS. So… Wodle for AWS? Sure, Wodle can collect AWS logs. But when I tried using it for my AWS environment, things didn’t exactly go as planned. https://lifeandshell.com/posts/k3s-cluster-on-setup-master-and-node/ Sat, 07 Jan 2023 11:31:43 +0000 https://lifeandshell.com/posts/k3s-cluster-on-setup-master-and-node/ For some IoT setups a need a k3s cluster running. To make it spread and to add more nodes a installed the k3s Master on my firewall running a small atom processor. But wanted to run the nodes on raspberry or rock nodes to handle the load. Then by using labels on nodes I want to apply different workloads on the nodes. Pre So before installing k3s master. I had my pihole running on port 80 and that did not work that well. https://lifeandshell.com/posts/device-tracker-using-dhpcd-server-and-bash/ Wed, 21 Dec 2022 14:07:01 +0000 https://lifeandshell.com/posts/device-tracker-using-dhpcd-server-and-bash/ I have used Home Assistance for some time. And have always used the device tracker to set different actions based if I’m home or not. But when my pfsense died and a install a clean Linux box as my fw and DHCP server I lost all my tracking for devices. But I did found out that the dhcpd server can run a command every time it hands out a dhcpds leese. https://lifeandshell.com/posts/migrate-elasticsearch-helm-to-elasticsearch-operator/ Thu, 01 Dec 2022 13:17:35 +0000 https://lifeandshell.com/posts/migrate-elasticsearch-helm-to-elasticsearch-operator/ Migrate elasticsearch helm to elasticsearch operator and from version 7 to version 8. So in the start, I used the helm chart for elasticsearch, and everything worked fine. Then elasticsearch 8 comes and the Elasticsearch operator. This broke by helm chart and kind of left me in a stalled state. But now I have to migrate my current elasticsearch that uses a helm chart to start using the operator. https://lifeandshell.com/posts/openstreat-map-docker-och-docker-compose/ Thu, 17 Nov 2022 16:53:00 +0000 https://lifeandshell.com/posts/openstreat-map-docker-och-docker-compose/ Split up in separate containers ! Running openstreetmap map in docker was hard. And the docs all wanted to run it bounded with postgress and not in separate containers. I setup so we can run osm I different containers for you to scale https://github.com/mattiashem/osm Clone this GitHub repo and then start it with docker compose build then to start it, run docker compose up What is happening First we are building a custom Postgres docker image. https://lifeandshell.com/posts/kubernetes-update-1-22-1-23-helm-error/ Thu, 15 Sep 2022 16:02:06 +0000 https://lifeandshell.com/posts/kubernetes-update-1-22-1-23-helm-error/ I was in the progress of updating my cluster and in version 1.23 we have breaking changes. What I did not know was that helm saves the latest deployed version in secret. So I updated the cluster to version 1.23 and started getting helm errors. And it does not matter if I delete the resources in the cluster. The issue is that helm has saved the last deployment with a API version that with the new k8s version is no longer supported. https://lifeandshell.com/posts/elasticsearch-controller/ Fri, 06 Nov 2015 15:23:27 +0000 https://lifeandshell.com/posts/elasticsearch-controller/ So we uses alot of easticsearch. And here is i small script to get status and do some simple task with es server. You can get cluster status and cron for index deletions.   import urllib2 # # # Clean up elastich search index by removing old stuff. #The defult ip to es server dhost='10.101.1.31' #The index name you are using index_name='logstash-syslog' #Drop index back in time drop_index_back=90 def date_back_in_time(days_back): ''' Get the date back in time the days you send in ''' import datetime as DT today = DT. https://lifeandshell.com/posts/python-dos-protection-iptablesdos/ Fri, 06 Nov 2015 15:18:51 +0000 https://lifeandshell.com/posts/python-dos-protection-iptablesdos/ here are a small script I use to have some sort of dos protection on my webservers.   import subprocess whitelist=['192.168.1.2'] blockvalue=2 alertvalue=1 proc = subprocess.Popen("netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n", shell=True,stdout=subprocess.PIPE) running = proc.stdout.read() runing_sorted = running.split('\n') for r in runing_sorted: con =r.split() if len(con) ==2: #If ip has more conenctions then block value ip block if con[0] <= blockvalue: print " https://lifeandshell.com/posts/raspberry-pi-and-tellusd/ Mon, 20 Apr 2015 09:24:02 +0000 https://lifeandshell.com/posts/raspberry-pi-and-tellusd/ Im using tellus to get info from my sensors like huminity and temp. And to get to work am using my rasp pi to recive and send siganls. Here is a quick guide to install and setup tellusd on you raspberry.   1. Verify that tellus is there pi@raspberrypi ~ $ lsusb Bus 001 Device 002: ID 0424:9512 Standard Microsystems Corp. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. https://lifeandshell.com/posts/setup-spi-on-raspberry-pi-mcp3008-adafruit/ Sun, 19 Apr 2015 20:25:33 +0000 https://lifeandshell.com/posts/setup-spi-on-raspberry-pi-mcp3008-adafruit/ Im building my own watering system and to that I will have some sensores.. They are connected to my pi over SFI and a mcp3008 from Adafruit.   The gear http://www.adafruit.com/products/1989 http://www.adafruit.com/products/856 http://www.kjell.com/sortiment/el/elektronik/elektroniklab/kopplingsplatta-lodfri-p87886 http://www.elecfreaks.com/store/octopus-soil-moisture-sensor-brick-p-422.html   Setup the cables Use this guide and se how the you should connect the mcp3008 and the sensore. http://www.raspberrypi-spy.co.uk/2013/10/analogue-sensors-on-the-raspberry-pi-using-an-mcp3008/   Get the Pi ready   1. First enable SFI on the board here http://www.raspberrypi-spy.co.uk/2014/08/enabling-the-spi-interface-on-the-raspberry-pi/ I uses the raspi-config and enabled the SFI https://lifeandshell.com/posts/installing-go-build-server-on-centos-7/ Wed, 11 Feb 2015 21:39:35 +0000 https://lifeandshell.com/posts/installing-go-build-server-on-centos-7/ Installing the go build server in centos 7 with some easy step     1. First head over to the go page and have a look around http://www.go.cd/ 2. Download go server to you centos box   wget http://download.go.cd/gocd-rpm/go-server-14.4.0-1356.noarch.rpm wget http://download.go.cd/gocd-rpm/go-agent-14.4.0-1356.noarch.rpm 3. Install it First start by adding the go user (something broken in install) useradd go Now run yum localinstall to install local packages yum install java-1.7.0-openjdk -y yum localinstall go-server-14. https://lifeandshell.com/posts/getting-django-docker-prod-ready-with-jenkins-part-1-the-build/ Sun, 18 Jan 2015 21:25:59 +0000 https://lifeandshell.com/posts/getting-django-docker-prod-ready-with-jenkins-part-1-the-build/ So i have some django webb projects and now its time to get my django apps prod ready with docker. My plan is to with jenkins build my django apps (soon start a docker of the app and run some test but that will be later) make a docker image and send that to the docker cloud. Then a can download the docker image on my prod server and start the app. https://lifeandshell.com/posts/vmware-to-kvm-owasp-broken-webb-app-on-kvm/ Tue, 09 Sep 2014 10:38:29 +0000 https://lifeandshell.com/posts/vmware-to-kvm-owasp-broken-webb-app-on-kvm/ So I uses kvm for my virtual server. But i got OWASP broken webb app in vmware format and its not ok. But with the help from google i found some help to get the OWASP Broken Webb App on my kvm hosts. I follewed the info from this page   http://blog.bodhizazen.net/linux/convert-vmware-vmdk-to-kvm-qcow2-or-virtualbox-vdi/     1. Download and unzip Owasp Broken Webb app to you folder (It uses 7zip for some reason) https://www. https://lifeandshell.com/posts/oauth2-server-on-python-with-flask-on-centos/ Fri, 30 May 2014 20:04:05 +0000 https://lifeandshell.com/posts/oauth2-server-on-python-with-flask-on-centos/ So at work we have started to look at OAuth2 for our web apps. So on our creativ friday today i started looking at putting together an OAuth2 server using python and flask. I followed the guide from this page http://lepture.com/en/2013/create-oauth-server And after some work I got an working server and client running on my Centos server. The code only uses an sqlite db and are only testing the OAuth functions so for a working solutions there are some more work. https://lifeandshell.com/posts/starting-with-go-on-ubuntu/ Sat, 24 May 2014 20:56:02 +0000 https://lifeandshell.com/posts/starting-with-go-on-ubuntu/ So I starting to test to use the go language for some projects. Here is how i set up go on my ubuntu laptop.   1. Installing go language sudo apt-get install python-software-properties sudo add-apt-repository ppa:duh/golang sudo apt-get update sudo apt-get install golang verify go version 2. Getting an good IDE I uses sublime text find if here and install it http://www.sublimetext.com/ 3. Write you first line of code in GO Start up an new file in sublime and past this in the file (I call the file main. https://lifeandshell.com/posts/build-you-first-syco-module/ Tue, 18 Feb 2014 22:12:56 +0000 https://lifeandshell.com/posts/build-you-first-syco-module/ SO from the last post you can install syco but you also need to build and update your own plugins in syco. Here is a small guide how to build you first plugin. Here om building some syco commands for controlling apache and glassfish server. the commands are run from our syco-chuck release commands center so for adding them to syco i can controll the script from sudo and do some extra test before starting and stopping the service. https://lifeandshell.com/posts/setup-syco-on-you-centos-box/ Tue, 18 Feb 2014 15:27:04 +0000 https://lifeandshell.com/posts/setup-syco-on-you-centos-box/ So if you care about security and stability you must have syco installed on your server. Read more about syco on the github project https://github.com/systemconsole Im staring to use syco not only production but also on my “Own” server. So more of you should really start using it and here is i guide for you to start using syco 1. Installing and setting up centos yum install git   Gettings syco https://lifeandshell.com/posts/installing-asylguiden-on-centos-server/ Mon, 17 Feb 2014 21:21:20 +0000 https://lifeandshell.com/posts/installing-asylguiden-on-centos-server/ One of my own prodjects are Asylguiden. Its A python publish system build with django, Mysql and mongodb. You can find the code here on github https://github.com/mattiashem/asylguiden Asylguiden also works with wsgi for python and apache for displaying content here is my own how to for downloadning and setting up asylguiden on a production server. 1. Setting up server for hosing Centos yum install httpd mod_ssl git wget python-setuptools mod_wsgi   https://lifeandshell.com/posts/ejabber-users-from-postfixadmin-pythonmysqlmd5crypt/ Fri, 10 Jan 2014 21:28:51 +0000 https://lifeandshell.com/posts/ejabber-users-from-postfixadmin-pythonmysqlmd5crypt/ So Im running my emails with postfix and have postfix admin to manager my users and domains. But now it should be nice to have i jabber server running and to have the same user and password for both email and jabber. Ejabber support custom auth plugins and with some python i now have a working plugin.   First install python packages yum install MySQL-python yum install python-passlib   Add this script to you ejabber folder https://lifeandshell.com/posts/install-and-setup-haystack-search-for-django/ Sun, 05 Jan 2014 22:28:01 +0000 https://lifeandshell.com/posts/install-and-setup-haystack-search-for-django/ So Mysql is crap at doing full text search. So in one of my projects i use Haystack so i can do full text searches. I have a running Django project up and this is how I setup haystack for my project.   Install and config sudo pip install django-haystack   in settings.py under INSTALLED_APPS add haystack 'haystack',   And also in settings.py file add some haystack settings import os HAYSTACK_CONNECTIONS = { 'default': { 'ENGINE': 'haystack. https://lifeandshell.com/posts/custom-nagios-plugins-in-python/ Tue, 05 Nov 2013 15:20:51 +0000 https://lifeandshell.com/posts/custom-nagios-plugins-in-python/ For monitoring different service and function you may need to build some custom monitoring plugins. I have some build for nrpe and will work with both nagios and icinga. This script will do and mysql check and then send the data back and also start graphing the data back if you use pnp4nagios 🙂 Every plugin must have two things. 1. an exit code thet will say the state of the plugin (OK. https://lifeandshell.com/posts/install-bitsync-on-raspberry-pi/ Fri, 13 Sep 2013 19:50:03 +0000 https://lifeandshell.com/posts/install-bitsync-on-raspberry-pi/ So today im using dropbox to sync all my stuff between devices. But now there are so much there so my free space is almost full. So now its time for me to move to bitsync an then sync all my devices. Install bitsync Go to folder /opt cd /opt Download bitsync wget "http://btsync.s3-website-us-east-1.amazonaws.com/btsync_arm.tar.gz" unpack it chmod 700 btsync_arm.tar.gz tarr zxvf btsync_arm.tar.gz Start it cd bitsync ./bitsync go to the webbpage https://lifeandshell.com/posts/python-configparser-using-you-own-config-files-in-python/ Wed, 07 Aug 2013 11:26:42 +0000 https://lifeandshell.com/posts/python-configparser-using-you-own-config-files-in-python/ Storing settings in config files and then let python read the configfiles and to good stuff .   Read the file #Reading config file config = ConfigParser.ConfigParser() config.read('setting.cfg') print all items and values in an section for name, value in config.items("monitor"): print ' %s = %s' % (name, value) Print all items in configfile for section_name in parser.sections(): print 'Section:', section_name print ' Options:', parser.options(section_name) for name, value in parser.items(section_name): print ' %s = %s' % (name, value) My settings. https://lifeandshell.com/posts/how-the-hell-is-oncall-the-oncall-reminder-script/ Mon, 05 Aug 2013 21:59:17 +0000 https://lifeandshell.com/posts/how-the-hell-is-oncall-the-oncall-reminder-script/ When you have oncall often sometimes is easy to forget hows oncall and when you are not. So for the last time wonder how is oncall and ask some python for some help,   The script #!/usr/bin/env python # # Mattias Hemmingsson # matte@elino.se # # Script for reminder friend when to bet # Uses and csv file and send email to remind when its time to bet. # # import csv import smtplib from datetime import datetime, timedelta, date #Get users and send email to users sender = 'noreply@elino. https://lifeandshell.com/posts/extracting-hp-switch-running-config/ Mon, 10 Jun 2013 15:29:02 +0000 https://lifeandshell.com/posts/extracting-hp-switch-running-config/ Every so othen I have to extract my running-config from my hp switches. And put them under OSSEC file monitoring. And to verify so that no changes has bean done to the original running-config. So here is an small script for extracting my running-config and mf5 check that they are the same as my standard config.   Make you own changes to the script to work in you system 🙂 https://lifeandshell.com/posts/django-sending-email/ Tue, 04 Jun 2013 21:35:24 +0000 https://lifeandshell.com/posts/django-sending-email/ building and small webpage and in that page I want an small contact field. So my visitors (if any ) can contact me with an form input. So I made an small html template that has a very small form (No validation ) and then post the email and massages back to the view that send the email. small and simple and today work in front of the tv. django template my template extends my index as you see called contact. https://lifeandshell.com/posts/testing-ossec-syslog-auth/ Mon, 03 Jun 2013 20:38:35 +0000 https://lifeandshell.com/posts/testing-ossec-syslog-auth/ Im runing and PCI DSS Level 1 system. And during our PCI Audit i have to provide evidence that our monitoring system (OSSEC) can log logins that fails. So or testing this and to provide evidence for our audit I made a small python script. the Scripts tries to login to th host specified in and text field and tries to run an command on them. (You can alter this to the correct username / password and then run commands on all server)