The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,862 other subscribers

Archive for the ‘*nix’ Category

« Previous Entries
Next Entries »

Zabbix user groups and user type

Posted by jpluimers on 2018/11/12

Like any product documentation, Zabbix’ is shattered and terse.

So here is how I ensured a specific user could edit the items of hosts:

  1. Added new user group named Administer Configuration Host Items containing user Example having these read-write composing permissions:
    • Applicatie ontwikkel test
    • Applicatie productie Approve demo VPN
    • servers Dbases Kantoor applicaties
  2. Changed User type of user named Example from Zabbix User to Zabbix Admin so access to the Configuration tab is granted.

See 2 Permissions [Zabbix Documentation 3.0] for User type explanation; excerpt:

Zabbix Admin: The user has access to the Monitoring and Configuration menus. The user has no access to any host groups by default. Any permissions to host groups must be explicitly given.

 

–jeroen

Posted in *nix, Monitoring, Power User, Zabbix | Leave a Comment »

How to Setup Chroot SFTP in Linux (Allow Only SFTP, not SSH)

Posted by jpluimers on 2018/11/07

I need to script this one day: [WayBackHow to Setup Chroot SFTP in Linux (Allow Only SFTP, not SSH)

–jeroen

Posted in *nix, Awk, bash, Communications Development, Development, Internet protocol suite, Power User, Scripting, Software Development, SSH, TCP | Leave a Comment »

Some Computerphile videos starring Professor Brian Kernighan

Posted by jpluimers on 2018/11/06

Most you probably know [WayBackProfessor Brian Kernighan or the YouTube channel Computerphile (sister channel of Numberphile).

He stars in about half a dozen of their videos giving a nice insight in his contributions to the field and how well he can explain things.

Full videos are below; these are the titles:

BTW: If you like those youtube channels, check out [WayBackBrady Haran – Video Journalist who produces similar channels as well.

–jeroen

Read the rest of this entry »

Posted in *nix, Awk, C, Development, Power User, Scripting, Software Development | Leave a Comment »

PSBL: Passive Spam Block List powered by Spamikaze

Posted by jpluimers on 2018/11/01

On my research list: [WayBackPassive Spam Block List:

PSBL is an easy-on, easy-off blacklist that does not rely on testing and should reduce false positives because any user can remove their ISP’s mail server from the list.

The idea is that 99% of the hosts that send me spam never send me legitimate email, but that people whose mail server was used by spammers should still be able to send me email.

This results in a simple listing policy: an IP address gets added to the PSBL when it sends email to a spamtrap, that email is not identified as non-spam and the IP address is not a known mail server.

Via: Hans Wolters commenting at [WayBack] For my research list: Source: Bruteforce login prevention… – Jeroen Wiert Pluimers – Google+

References:

–jeroen

Posted in *nix, *nix-tools, Development, Perl, Power User, Scripting, Software Development | Leave a Comment »

Install on openSUSE / SLES – Zabbix.org

Posted by jpluimers on 2018/10/29

Interesting: [Archive.isInstall on openSUSE / SLES – Zabbix.org is possible and there are packages for this on the OpenSuSE site itself for the various kinds of distributions.

For instance, Tumbleweed is at http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Tumbleweed/

Good introductions on Zabbix are via [WayBackStephen Fritz on Systems Engineering: Installing and Configuring Basic Zabbix Functionality on Debian Wheezy who has a [Archive.is] zabbix tag.

Other links are at Welcome to workaround.org – tips around open source and Linux stuff.

And there is www.zabbix.com/documentation

–jeroen

Posted in *nix, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

GitHub – yandex/gixy: Nginx configuration static analyzer

Posted by jpluimers on 2018/10/26

[WayBack] GitHub – yandex/gixy: Nginx configuration static analyzer

Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.

Right now Gixy can find:

You can find things that Gixy is learning to detect at Issues labeled with “new plugin”

This helps you prevent an nginx configuration issue that can server too many static content by using ../ in the web request which got a lot of attention last week, but was in fact already found during 2016 HCTF by Aklis, and presented by Orange Tsai (twitter/github/blog) various times in 2018, including [WayBack] hack.lu 2018.

.

Related:

–jeroen

Read the rest of this entry »

Posted in *nix, DevOps, nginx, Power User, Security | Leave a Comment »

wget and curl: downloads that sometimes fail

Posted by jpluimers on 2018/10/19

For my archive somewhere between cURL 7.21.0 and 7.34.0 it does not like to be started from an RDP based tsclient share:

C:\Users\jeroen\Downloads>\\tsclient\bin\curl.7.21.0.exe --remote-name https://www.xs4all.nl/index.html
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 86465    0 86465    0     0  60805      0 --:--:--  0:00:01 --:--:-- 70012

C:\Users\jeroen\Downloads>\\tsclient\bin\curl.7.34.0.exe --remote-name https://www.xs4all.nl/index.html
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (6) Could not resolve host: web.archive.org

C:\Users\jeroen\Downloads>\\tsclient\bin\curl.7.61.0.exe --remote-name https://www.xs4all.nl/index.html
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (6) Could not resolve host: www.xs4all.nl

C:\Users\jeroen\Downloads>copy \\tsclient\bin\curl.7.61.0.exe
        1 file(s) copied.

C:\Users\jeroen\Downloads>curl.7.61.0.exe --remote-name https://www.xs4all.nl/index.html
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    13    0    13    0     0     10      0 --:--:--  0:00:01 --:--:--    10

It fails the same way after net use B: \\tsclient\bin, so that does not matter.

The best link I could find until I got to the real problem was [WayBack] curl: (6) Could not resolve host: application – Stack Overflow which shows a different problem: properly quoting.

In addition to remote-name, you can also grab the file name from the headers using --remote-header-name, and --remote-time use the remote file time. The --location follows 302-redirects. You can see that in the example below which I build based on

[WayBack] unix – Curl to grab remote filename after following location – Stack Overflow: The remote side sends the filename using the Content-Disposition header.curl 7.21.2 or newer does this automatically if you specify –remote-header-name / -J.curl -O -J -L $url

C:\Users\jeroen\Downloads>b:\curl.7.21.0.exe --location --remote-name --remote-time --remote-header-name "https://web.archive.org/web/20180712073755if_/https://www.danielwolf.eu/?wpdmdl=1965"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 86465    0 86465    0     0  45748      0 --:--:--  0:00:01 --:--:-- 50772
curl: Saved to filename 'pkgWuppdiWP_DX102T_1-1-2.zip'

wget failed big time:

C:\Users\jeroen\Downloads>B:\wget.exe --no-check-certificate -v -v -v --content-disposition --restrict-file-names=windows "https://web.archive.org/web/20180712073755if_/https://www.danielwolf.eu/?wpdmdl=1965"
wget: Cannot read b:/.wgetrc (No such file or directory).
--2018-07-12 09:55:23--  https://web.archive.org/web/20180712073755if_/https://www.danielwolf.eu/?wpdmdl=1965
Resolving web.archive.org... 207.241.225.186
Connecting to web.archive.org|207.241.225.186|:443... failed: Invalid argument.
Retrying.

...

--2018-07-12 09:55:23--  (try:20)  https://web.archive.org/web/20180712073755if_/https://www.danielwolf.eu/?wpdmdl=1965
Connecting to web.archive.org|207.241.225.186|:443... failed: Invalid argument.
Giving up.

This is not caused by the filename (Windows does not like the ? question mark in output file names, so  – like & ampersand in file URLs – you have to quote the full URL, but also provide the --restrict-file-names=windows parameter; see [WayBack] wget – I can’t download files with “?” – Super User).

–jeroen

Posted in *nix, *nix-tools, cURL, Power User, wget | Leave a Comment »

when btrfs-size shows a snapshot as 16777216.00TB or btrfs qgroup as 16.00EiB

Posted by jpluimers on 2018/10/19

A long time ago I wrote about the btrfs-size tool: [WayBackA bash script to btrfs snapshot details like disk sizes (requires btrfs quota to be enabled).

One day, it showed a ridiculously large size for /tmp:

# ./btrfs-size.sh 
=============================================================================================================================================================================================================================================================
Snapshot / Subvolume                                               ID   Total    Exclusive Data
=============================================================================================================================================================================================================================================================
257 gen 855182 top level 5 path .snapshots                         257  4.30MB   4.30MB   
258 gen 856438 top level 257 path .snapshots/1/snapshot            258  1.84GB   193.01MB 
...
262 gen 856438 top level 5 path srv                                262  1.83GB   1.83GB   
263 gen 856438 top level 5 path tmp                                263  16777216.00TB16777216.00TB
264 gen 856438 top level 5 path usr/local                          264  260.00KB 260.00KB 
...
990 gen 849192 top level 257 path .snapshots/583/snapshot          990  1.83GB   8.23MB   
991 gen 849224 top level 257 path .snapshots/584/snapshot          991  2.09GB   62.66MB  
=============================================================================================================================================================================================================================================================
                                                                Exclusive Total: 3.26GB

This tracks back to the output of this command, which I’ve shortened a bit:

# btrfs qgroup show /
qgroupid         rfer         excl
--------         ----         ----
0/5          16.00KiB     16.00KiB
0/257         4.30MiB      4.30MiB
...
0/262         1.83GiB      1.83GiB
0/263        16.00EiB     16.00EiB
0/264       260.00KiB    260.00KiB
...
255/274         0.00B        0.00B
255/797      16.00KiB     16.00KiB

This is a known issue as quotas in btrfs – though workable – aren’t fully stable yet: [WayBack] Linux BTRFS Storage: Re: During a btrfs balance nearly all quotas of the subvolumes became exceeded

It also provides this simple solution:

Read the rest of this entry »

Posted in *nix, *nix-tools, btrfs, File-Systems, Power User | Leave a Comment »

MotionEyeOS on Odroid C1+ with Logitech USB web cameras

Posted by jpluimers on 2018/10/11

Hopefully I get this to work after fixing

The first part of the fix was to

  1. re-image the SD card.
  2. boot
  3. wait 5 minutes (there is no output on HDMI apart from some flickering and no output on TTY using 115200 bits/second despite trying [WayBacken:c1_hardware_uart [ODROID Wiki])

The second part is getting the USB web cameras to work.

I’ve got two types, but the label on them doesn’t list their common name, only their P/N sometimes with M/N:

  1. P/N 860-000049 M/N V-UBC40 (really old USB cameras)
  2. P/N 860-000334 (new USB camera)

The MotionEyeOS web interface didn’t list any working cameras so I had to do some digging.

Luckily [WayBackWebcam software and driver support for Windows has a table of part and model numbers combined with product names, so they got revealed them as these:

  1. P/N 860-000334 = M/N V-U0028  with name HD Pro Webcam C920
  2. P/N 861225 = M/N V-UBC40 with name Quick Cam Messenger
    (which is funny as the P/N on the label is different)

Both are supported by motion according to [WayBackLogitech < Motion < Foswiki though the Quick Cam Messenger needs [WayBackQuickcam Messenger & Communicate driver for Linux which I should try to cross-compile one day.

The latter works fine. Below are some settings I used.

Read the rest of this entry »

Posted in *nix, Development, Hardware Development, Linux, Odroid, Power User | Leave a Comment »

linux – dmesg time vs system time time isnt correct – Server Fault

Posted by jpluimers on 2018/10/10

[WayBacklinux – dmesg time vs system time time isnt correct – Server Fault helped me solve this problem with an Odroid C1+ running busybox:

[root@meye-062016b9 ~]# hwclock --show
Wed Apr  3 20:25:47 2013  0.000000 seconds
[root@meye-062016b9 ~]# date
Wed May 31 09:48:18 UTC 2018
[root@meye-062016b9 ~]# hwclock --systohc --utc
[root@meye-062016b9 ~]# hwclock --show
Wed May 31 09:48:29 2018  0.000000 seconds
[root@meye-062016b9 ~]# date
Wed May 31 09:48:35 UTC 2018
[root@meye-062016b9 ~]#

Note: If your logging clock in /var/log/dmesg.log is wrong by an exact couple of hours, then try [WayBacksyslog time wrong – but date returns the correct time? and edit [WayBack] /etc/sysconfig/clock.

The above involves looking if I can get MotionEyeOS working Giving up on the official Ubuntu for Odroid C1 image.

So far not much luck: the Ubuntu got hosed, but before it was stable as in that didn’t reboot suddenly.

Now the MotionEyeOS (which is busybox based) reboots itself without notice about every 3 minutes, despite no other hardware connected and trying 3 different power supplies.

The Odroid C1+ only draws 0.34 Ampère at 5.13 Volt which is well within specs.

I’m puzzled:

[Wed May 31 09:49:51 2018] Booting Linux on physical CPU 0x200
[Wed May 31 09:52:20 2018] Booting Linux on physical CPU 0x200
[Wed May 31 09:54:50 2018] Booting Linux on physical CPU 0x200
[Wed May 31 09:57:19 2018] Booting Linux on physical CPU 0x200
[Wed May 31 09:59:49 2018] Booting Linux on physical CPU 0x200
[Wed May 31 10:02:22 2018] Booting Linux on physical CPU 0x200
[Wed May 31 10:04:56 2018] Booting Linux on physical CPU 0x200
[Wed May 31 10:07:26 2018] Booting Linux on physical CPU 0x200
[Wed May 31 10:09:59 2018] Booting Linux on physical CPU 0x200
[Wed May 31 10:12:29 2018] Booting Linux on physical CPU 0x200
[Wed May 31 10:14:58 2018] Booting Linux on physical CPU 0x200

jeroen

Posted in *nix, *nix-tools, Power User | Leave a Comment »

« Previous Entries
Next Entries »