Below you will find pages that utilize the taxonomy term “sysadmin”
19. April 2018
Linux: query remote ntp (and show time difference)
Sometimes you just want to query a remote ntp server (and maybe see the difference between the two clocks). In this case you can use the tool sntp.
From the sntp man page:
The default is to write the estimated correct local date and time (i.e. not UTC) to the standard output….
use something like:
$ sntp at.pool.ntp.org 2018-04-19 11:36:26.538479 (-0100) -0.004752 +/- 0.023788 at.pool.ntp.org 86.59.28.10 s2 no-leap
24. January 2018
OpenSSL Cheat Sheat
I know I know, there are plenty of openssl cheat sheets out there already (1 or 2). But as I keep using googling it again and again to find the most useful openssl commands I decided to do my own – the first version of the blog entries is already 3 years old actually. Another reason for creating the list is that I remember things better when I am writing the down.
7. December 2017
Howto: Disable persistent Network Interface Names (Debian Stretch)
How to disable persistent network interface names in Debian 9 (Stretch)
edit /etc/default/grub and change the following line
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" afterwards run
update-grub
7. December 2017
View “raw” diff on Github
Viewing a “raw” diff in Github is easy – if you know how.
If you are viewing a commit on github the URL looks something like this:
https://github.com/voxpupuli/puppet-php/commit/50e1c1733a931dd3d9d21db8a4f584c9984100d1
Adding “.diff” to the URL will generate the raw diff for you which you can pipe to patch etc. The full URL is:
https://github.com/voxpupuli/puppet-php/commit/50e1c1733a931dd3d9d21db8a4f584c9984100d1.diff
8. September 2016
Quickly create a (swap)file on linux
The traditional way for creating a linux swapfile would be using dd to create an empty file e.g.
dd if=/dev/zero of=/swapfile1 bs=1M count=2048 A faster way is to use “fallocate” e.g. (( http://www.cyberciti.biz/faq/ubuntu-linux-create-add-swap-file/ ))
fallocate -l 2G /swapfile1 Don’t forget the usually procedure for swapfiles:
chmod 0600 /swapfile1 chown root:root /swapfile1 mkswap /swapfile1 swapon /swapfile1 # edit /etc/fstab to add the swapfile during boot
31. August 2016
Migration of OpenVZ Container to KVM Guest
This is a short tutorial how to migrate an OpenVZ container to a KVM Guest. Some ideas have been taken from other tutorials (1 and 2), the other half has been extracted from grml-debootstrap which can generate a KVM guest by using debootstrap.
# form where to where migrate # don't forget the trailing / on the source! export SOURCE=/srv/vz/private/xxxxxxx/ # an empty LVM volume! export DEST=/dev/mapper/vg0-myfirstvm # create some magic for grub/partion table echo 4 66 | /usr/share/grml-debootstrap/bootgrub.
19. August 2016
Moving to KVM
Since our beloved OpenVZ virutalisation technology is not moving in a direction we are comfortable with, we are currently evaluation several virtualisation technologies. One the the possible options is KVM. This is not a full tutorial about KVM, there are many good tutorials already, e.g. ((https://www.lisenet.com/2016/getting-started-with-kvm-on-debian-jessie/)) or ((http://linuxnewbieguide.org/?p=1993)) or ((http://xmodulo.com/use-kvm-command-line-debian-ubuntu.html)) or ((http://wiki.libvirt.org/page/UbuntuKVMWalkthrough)) or ((http://www.cyberciti.biz/faq/how-to-install-kvm-on-ubuntu-linux-14-04/)), this is just a collection of some notes which I collected during the evaluation.
General Documentation RedHat has some good KVM virtualisation documentation available at: https://access.
16. June 2016
Running “backticks” commands on remote servers
Sometimes it’s necessary to run a complex command on a remote server witch also includes some “backticks”. Usually these commands are interpreted by the local shell so you need to use a little trick to force execution on the remote server:
ssh this.is.my.beautiful.server '( echo `echo "This Command is run on the remote server" ` )' You need to use single quotes combined with brackets to use the backtick on the remote server.
10. June 2016
Resetting Supermicor IPMI system
In case the IPMI system on a Supermicro system is unresponsive, but you are still able to log into the main server, you can issue the following command(s) to reset the IPMI:
# load the necessary modules (optional) sudo modprobe ipmi_si sudo modprobe ipmi_devintf # reset the IPMI sudo ipmitool mc reset cold # remove all the modules sudo rmmod ipmi_devintf sudo rmmod ipmi_si
9. June 2016
MacOSX: Manually restoring TimeMaschine Backup
In case you are a CLI junkie as myself and want to restore some files from a time maschine backup manually with the CLI (or using the finder), you will notice that the restored files cannot be changed. The restored files are copied with an ACL on the time machine backup witch prevents changes to those files. You need to remove the ACL from the restored files:
chmod -R -N restored-files/
19. April 2016
Update for the Checklist on “mailout” servers
This is an update to the checklist to create a prefect mailout server:
Original Checklist
Setup DMARC DNS Record to receive mail delivery reports
https://www.unlocktheinbox.com/dmarcwizard/
btw: I Just started adding all those settings to my own domain too. Google DKIM signing is still waiting for DNS propagation.
10. February 2016
Cloudflare and Haproxy Lodbalancer
We are currently trying out the cloudflare service to protect one of our company service. In front of this service we are using haproxy as SSL endpoint and loadbalancer. Cloudflare adds a number of custom headers((http://www.linuxorz.com/2014/10/cloudflare-haproxy-get-real-ip/)):
_SERVER["HTTP_CF_IPCOUNTRY"] CN _SERVER["HTTP_CF_RAY"] 17da8155355b0520-SEA _SERVER["HTTP_CF_VISITOR"] {"scheme":"http"} _SERVER["HTTP_CF_CONNECTING_IP"] XX.YY.ZZ.00 In order to extract the original client IP in the X_FORWARDD_FOR header, you need to use the following configuration((http://permalink.gmane.org/gmane.comp.web.haproxy/12019)) in haproxy:
acl FROM_CLOUDFLARE src -f /etc/haproxy/cf-ips-v4 reqidel ^X-Forwarded-For:.
22. January 2016
Java SSL Certificate Verification Error
If you come across the situation, that your java programs are not able to connect to ssl encrypted services, it might be most likely that the java cacerts keystore is empty or not uptodate. This might also be due to a bug in the java (or ca-certificate-java) package ((https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1396760)). In order to fix the issue, you can run:
sudo /var/lib/dpkg/info/ca-certificates-java.postinst configure
4. January 2016
Cisco ASA Certificate Handling
If you are using Cisco ASA, you most likely will also have certificate(s) installed. This is what you need to pay attention to (Version 9.1, higher versions might behave differently):
21. September 2013
Syslog logging with Cisco ASA
In the last week I was tweaking the logging setup of our Cisco ASA firewalls at work and find out why it didn’t work in the first place and how to disable “unneeded” messages. Again this post is nothing you won’t somewhere on the Internet or in the Cisco Documentation or by cafefully looking the ASDM interface.
First you need to setup to which server you are want to log. The settings should be pretty straight forward.
9. August 2013
Learning something new every day…
One of the things I really like about working within a team in one location is the fact that are able to learn something new regularly. And of course you are also able to give some useful advice to others 🙂
Something I learned this week is how to turn on the UID light on a HP server without logging into the iLO webinterface. You can use the tool hpasmcli – which probably can do some more useful stuff too 🙂
25. July 2013
“I solved it” – Java with MacOSX
Many of you have probably noticed during the last months. Java is somewhat broken with MacOSX since Oracle started shipping Java7 for MacOSX. Some of the things I recommend about using Java on MacOSX:
– Install the SDK even if you do not necessary need it as it might fix some problems
– If you upgrade Java7 and you need Java6 for some applications (e.g. in my case it was Cisco ASDM configuration for Cisco ASA), you might need to reinstall Java6 (latest version as of July 2013 is here: https://support.