As per CVE-2014-6271, a flaw in bash that permits malicious shell code injection was found.

Logtop is an handy log analyzer that can show realtime statistics from any given text file. Common usage example is redirecting the output of your log files to it, in order to get the top visitors of your webpages, or the top hosts requesting pages through your proxy server… all of this in a realtime top list.

This is just another way to do it: an adware/spyware free /etc/hosts for your laptop or home network.

We are going to locally build on a linux machine the Heartbleed checker wrote by https://github.com/FiloSottile (thank you!) in order to check for OpenSSL Heartbleed Bug CVE-2014-0160. Fire up your shell terminal and install golang package via aptitude or yum.

Lately I was asked to develop and integrate a realtime server disk usage graph to the dashboard of our monitoring application (OpenNMS). The bar graph color should also change when disk usage exceeds a defined  percentage threshold.

… or “confine untrusted users to their home directory (and give them no shell access as well)”

…or “Where is inittab gone?”

I wrote down some notes about configuring Nagios to check the health status of a few VMware vSphere ESXi 5.1.0 servers. First of all, install the required packages on the Nagios server:

NagVis (http://www.nagvis.org/) is a visualization addon for Nagios/Icinga that permits to visualize the monitored information as objects placed on maps.  I decided to use mk-livestatus (see: http://mathias-kettner.com) as backend because it is reported to offer better performances than ndo.

Latest Debian major release, Wheezy, ships by default with Ruby Sinatra 1.3.2 and you know what? Foreman will not play well with it! As an example, I couldn’t provision new hosts (a generic error code 400 was thrown, plus lot of ruby complaints on the foreman-proxy log).

With pathogen.vim you can install plugins and runtime files for vim in a flash. It will be as simple as downloading them in the ~/.vim/bundle directory. Create directory tree:

Since creating an OpenPGP key requires some randomness (eg. move mouse, reading or writing from/to File System), the process of creating it on a remote connected host (via ssh) may take a lot of time or even get stuck.

I have several virtual linux guests running on VirtualBox: a bunch of test machines to which I connect exclusively via ssh from my host terminal.

No dvd at home, only a 4GB usb stick but in need to install Fedora on a laptop..

Install PostgreSQL on Debian using APT: # aptitude install postgresql postgresql-client [ after install service is already started and scheduled for automatic start on reboot] Install PostgreSQL on CentOS using YUM: # yum install postgresql-server postgresql

Don’t bother configuring postfix or sendmail, openssl related stuff and so on when you are in the need of a quick way to send e-mail from CLI ie. for your administrative scripts.

I have to admit that Python bewitched me: I’m in that phase when you simply can’t stop coding, testing, playing with rules and essentially having lot of fun.

I stumbled upon the problem of fail2ban not banning after I had moved my ssh server to non standard port (let’s say 22022).

..And that’s why I use to hide the most server signatures I can on production servers.

In the unlikely event of receiving a phone call while editing from remote an important config file with vi, you surely have experienced that PUFF! your connection to the server is stuck, your file is stuck as well, and all your editings are lost.

You already know that it is not so smart to leave SSH running on your servers on default port and accessible from every internet address (ie. no firewall restrictions, no host allow/deny).. but in real world it happens to do so since, let’s say, you have no static IP, you have no access to firewall rules and so on.

First of all we install postfix package (if not already installed):

One of our faxservers running hylafax stopped working and the following error message popped up on logs:

Here’s, for future reference, my quick and dirt one liner to test Sendmail:

One of our Zimbra Collaboration Suite deployments stopped working all in a sudden: unable to login with given credentials. My first thought: “oh my, they hacked us!”.

Setup Zimbra Collaboration Suite on a cloud server without public interface (read: behind NAT) may waste you an afternoon trying to figure out why local emails (same domain) are not delivered, while sending/receiving mail from/to the internet works flawless.

Here’s how you can wake up (turn on) a remote pc using the Wake-On-LAN function of its network card: you just have to issue a command against the remote machine MAC Address.

Today we’ll take a look on how to setup SSH to take advantage of the one-time passcode support provided by Google Authenticator package.

Today I was in such an hurry to remotely connect via Remote Desktop Protocol to a Windows host in my network. For things like that, I used to stick with Remmina (GTK+ remote desktop client).

Mar 2 14:42:47 polpot sshd[1794]: Authentication refused: bad ownership or modes for file /home/muhammar/.ssh/authorized_keys

One day or the other it will happen again, and again you will forget how to fix it. Fact.

I experienced problems running winetricks (a wine helper script) on my Fedora 16 x86_64 desktop.

It’s very kind of Skype to provide a linux version of their (closed source) client.

One of the first thing I do after installing Linux on a server is setting up the bash history to show the timestamp along with the command issued.

Today I’d like to put into my notes the config I use in order to customize the bash shell prompt. This is with no doubt an extra, probably you’ll never need this.. until the day you realize that working on several remote systems at the same time can be confusing, and confusion leads to mistakes.

You have that server you can’t reboot but need to patch the kernel NOW (eg. #kernel flaw found#).. well, you can try this out.