Check if your system is vulnerable to Bash Code Injection (CVE-2014-6271)

As per CVE-2014-6271, a flaw in bash that permits malicious shell code injection was found.
Read more →

Install logtop on CentOS 7

Logtop is an handy log analyzer that can show realtime statistics from any given text file. Common usage example is redirecting the output of your log files to it, in order to get the top visitors of your webpages, or the top hosts requesting pages through your proxy server… all of this in a realtime top list.
Read more →

Shell script for an up-to-date Ad-Free /etc/hosts

This is just another way to do it: an adware/spyware free /etc/hosts for your laptop or home network.
Read more →

Scan your network for vulnerable https (OpenSSL TLS Heartbeat Extension Bug - CVE-2014-0160)

We are going to locally build on a linux machine the Heartbleed checker wrote by https://github.com/FiloSottile (thank you!) in order to check for OpenSSL Heartbleed Bug CVE-2014-0160. Fire up your shell terminal and install golang package via aptitude or yum.
Read more →

Serving Disk Usage Graphs with Bash and PHP

Lately I was asked to develop and integrate a realtime server disk usage graph to the dashboard of our monitoring application (OpenNMS). The bar graph color should also change when disk usage exceeds a defined  percentage threshold.
Read more →

Jail SSH users to SFTP only

… or “confine untrusted users to their home directory (and give them no shell access as well)”
Read more →

Change default runlevel in Fedora 19

…or “Where is inittab gone?”
Read more →

Monitor a VMware vSphere server with Nagios3 on Debian Wheezy

I wrote down some notes about configuring Nagios to check the health status of a few VMware vSphere ESXi 5.1.0 servers. First of all, install the required packages on the Nagios server:
Read more →

Visualize your Nagios/Icinga monitored IT infrastructure with NagVis

NagVis (http://www.nagvis.org/) is a visualization addon for Nagios/Icinga that permits to visualize the monitored information as objects placed on maps.  I decided to use mk-livestatus (see: http://mathias-kettner.com) as backend because it is reported to offer better performances than ndo.
Read more →

Debian Wheezy and Foreman friends again

Latest Debian major release, Wheezy, ships by default with Ruby Sinatra 1.3.2 and you know what? Foreman will not play well with it! As an example, I couldn’t provision new hosts (a generic error code 400 was thrown, plus lot of ruby complaints on the foreman-proxy log).
Read more →

Enhance vim editor with pathogen

With pathogen.vim you can install plugins and runtime files for vim in a flash. It will be as simple as downloading them in the ~/.vim/bundle directory. Create directory tree:
Read more →

Speed up OpenPGP key creation on remote server

Since creating an OpenPGP key requires some randomness (eg. move mouse, reading or writing from/to File System), the process of creating it on a remote connected host (via ssh) may take a lot of time or even get stuck.
Read more →

Show active network interface and current IP address at TTY console login prompt

I have several virtual linux guests running on VirtualBox: a bunch of test machines to which I connect exclusively via ssh from my host terminal.
Read more →

Install F18 x86_64 from USB: Reduce ISO size to fit 4GB usb stick

No dvd at home, only a 4GB usb stick but in need to install Fedora on a laptop..
Read more →

PostgreSQL Quick Administration Reference

Install PostgreSQL on Debian using APT: # aptitude install postgresql postgresql-client [ after install service is already started and scheduled for automatic start on reboot] Install PostgreSQL on CentOS using YUM: # yum install postgresql-server postgresql
Read more →

5 minutes how-to: Sending emails from CLI with Gmail (using mutt)

Don’t bother configuring postfix or sendmail, openssl related stuff and so on when you are in the need of a quick way to send e-mail from CLI ie. for your administrative scripts.
Read more →

python3 to python2 switcher (and fallback) for YUM + F18

I have to admit that Python bewitched me: I’m in that phase when you simply can’t stop coding, testing, playing with rules and essentially having lot of fun.
Read more →

Securing SSH on non standard port with Fail2ban

I stumbled upon the problem of fail2ban not banning after I had moved my ssh server to non standard port (let’s say 22022).
Read more →

We care about privacy..

..And that’s why I use to hide the most server signatures I can on production servers.
Read more →

No more ssh timeouts

In the unlikely event of receiving a phone call while editing from remote an important config file with vi, you surely have experienced that PUFF! your connection to the server is stuck, your file is stuck as well, and all your editings are lost.
Read more →

Securing SSH with Swatch

You already know that it is not so smart to leave SSH running on your servers on default port and accessible from every internet address (ie. no firewall restrictions, no host allow/deny).. but in real world it happens to do so since, let’s say, you have no static IP, you have no access to firewall rules and so on.
Read more →

Postfix Mail Relay in a few easy steps [CentOS 6 tested]

First of all we install postfix package (if not already installed):
Read more →

Hylafax No Local Dialtone [solved]

One of our faxservers running hylafax stopped working and the following error message popped up on logs:
Read more →

Sendmail One Liner

Here’s, for future reference, my quick and dirt one liner to test Sendmail:
Read more →

Zimbra stopped working, stuck on ldap service start

One of our Zimbra Collaboration Suite deployments stopped working all in a sudden: unable to login with given credentials. My first thought: “oh my, they hacked us!”.
Read more →

Common Zimbra outgoing mail issues behind NAT

Setup Zimbra Collaboration Suite on a cloud server without public interface (read: behind NAT) may waste you an afternoon trying to figure out why local emails (same domain) are not delivered, while sending/receiving mail from/to the internet works flawless.
Read more →

Turn on remote computer via Wake-On-LAN [CentOS 6]

Here’s how you can wake up (turn on) a remote pc using the Wake-On-LAN function of its network card: you just have to issue a command against the remote machine MAC Address.
Read more →

Setting up two-factor authentication SSH on Fedora 16 x86_64 (with Google Authenticator)

Today we’ll take a look on how to setup SSH to take advantage of the one-time passcode support provided by Google Authenticator package.
Read more →

RDP protocol not available in Remmina (Fedora 16 x86_64)

Today I was in such an hurry to remotely connect via Remote Desktop Protocol to a Windows host in my network. For things like that, I used to stick with Remmina (GTK+ remote desktop client).
Read more →

SSH with keys but keeps asking for passwords

Mar 2 14:42:47 polpot sshd[1794]: Authentication refused: bad ownership or modes for file /home/muhammar/.ssh/authorized_keys

One day or the other it will happen again, and again you will forget how to fix it. Fact.

Read more →

Make winetricks work on Fedora x86_64

I experienced problems running winetricks (a wine helper script) on my Fedora 16 x86_64 desktop.
Read more →

Installing Skype on Fedora 16 x86_64 [No such file or directory]

It’s very kind of Skype to provide a linux version of their (closed source) client.
Read more →

Quick History makeup

One of the first thing I do after installing Linux on a server is setting up the bash history to show the timestamp along with the command issued.
Read more →

Bash shell prompt with full path and colors

Today I’d like to put into my notes the config I use in order to customize the bash shell prompt. This is with no doubt an extra, probably you’ll never need this.. until the day you realize that working on several remote systems at the same time can be confusing, and confusion leads to mistakes.
Read more →

Running new linux kernel without rebooting [RHEL/CentOS]

You have that server you can’t reboot but need to patch the kernel NOW (eg. #kernel flaw found#).. well, you can try this out.
Read more →