RSYSLOG: Check the configuration

If you want to verify the syntax of your rsyslog configuration before you restart the process use the following command.

rsyslog -N1

You will get some textual output as well an appropriate exit code.

Leave A Reply

Linux: write a network image to an SD card

If you have a fast network connection you can read an ISO directly from the Internet and write to a flash drive, or SD card. Just pipe curl to dd (requires root) and you're done.

curl ftp://mirror.web-ster.com/centos/7.2.1511/isos/x86_64/CentOS-7-x86_64-NetInstall-1511.iso | sudo dd of=/dev/sde bs=1M
Leave A Reply

OpenSSL: Generate self-signed certificates

OpenSSL can generate self-signed SSL certificates easily. Just run the following command:

openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout domain.key -out domain.crt
Leave A Reply

Postfix: relay local mail through a remote SMTP server

You can configure Postfix to deliver mail by relaying it through your ISPs mail server instead trying to handle it yourself. This can be helpful to work around IP blocks, reverse DNS limitations, spam blocks, etc. Simply add a relayhost directive to your /etc/postfix/main.cf config file like this:

relayhost = mail.domain.com

You can also setup SMTP authentication if you SMTP server requires it.

Leave A Reply

tcpdump: Capture IPv6 router advertisements

If you want to capture and display IPv6 router advertisements with tcpdump you can use this command:

tcpdump -v -i em1 icmp6 and 'ip6[40] = 134'
Leave A Reply

Cisco: Change IPV6 SLAAC lifetimes

The default IPV6 valid lifetime for a SLAAC configured address is 30 days, and preferred lifetime is 7 days. You can change these lifetimes with this command:

conf t
int vlan 568
ipv6 nd prefix default 86400 14400

This can be used to effectively "time-out" an auto-configured address.

Leave A Reply

Perl: regular expression to check for ANSI sequences

I needed to test if a given string contains ANSI color codes. Here is the regexp I settled on to check for that:

my $ansi_color_regex = qr/\e\[[0-9]{1,3}(?:;[0-9]{1,3}){0,3}[mK]/;
if ($str =~ /$ansi_color_regex/) {
    print "String has some ANSI in it\n";
}

Alternately you can capture the color numbers with this regex:

my $ansi_color_regex = qr/(\e\[([0-9]{1,3}(;[0-9]{1,3}){0,3})[mK])/;
Leave A Reply

PHP: Disable output buffering for the CLI

When writing a PHP application that's going to be run from the CLI often you will want to disable output buffering. With output buffering enabled you will not see any output until your terminal buffer (usually 1k or 4k) fills up . This is accomplished with the following PHP code at the beginning of your script:

ob_get_flush();
Leave A Reply

CentOS: Multiple static IPV6 addresses

I needed to apply multiple static IPV6 addresses to a single interface under Fedora/CentOS. To do this you'll need to add an IPV6ADDR_SECONDARIES line to your /etc/sysconfig/network-scripts/ifcfg-eth0 so that it looks like this:

IPV6_DEFAULTGW=2001:db8::1
IPV6_AUTOCONF=no
IPV6ADDR=2001:db8::50/64
IPV6ADDR_SECONDARIES="2001:db8::40/64 2001:db8::30/64"

Note: Addresses are added in reverse order. Outbound traffic will use the last secondary IP added.

Leave A Reply

PHP: IPV6 reverse DNS entries

Reverse DNS (PTR) entries in IPV6 are different than their IPV4 counterparts. To create an IPV6 reverse entry, you have to: fully expand the address, reverse it, and add a period between each character.

For example: 2001:db8::60 reverses to 0.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.

I wrote a simple PHP function to handle this for me:

function ipv6_ptr($ip_str) {
    $hex = unpack("H*hex", inet_pton($ip_str));
    $str = strrev($hex['hex']);
    $p   = str_split($str);
    $ret = join(".",$p);

    return $ret;
}
Leave A Reply

Books of 2016

List of books I read in 2016, also see the list of 2015. The date indicated denotes the date I started reading the book.

2016-01-08- Avenue of Mysteries - 460 pages
2016-01-22 - The Girl on the Train - 323 pages
2016-02-01 - Star Wars: The Force Awakens - 260 pages
2016-02-12 - Childhood's End - 237 pages
2016-02-22 - The Great Brain - 175 pages
2016-03-10 - Flowers in the Attic - 340 pages
2016-03-28 - Batman: Cataclysm - 320 pages
2016-04-07 - Miss Peregrine's Home for Peculiar Children - 348 pages
2016-04-20 - The Dark Tower: The Gunslinger - 224 pages
2016-05-02 - The Drawing of the Three - 399 pages
2016-05-18 - Crewel Lye - 309 pages

Leave A Reply

Raspberry Pi: SD Card comparison

Jeff Geerling posted a great speed comparison of SD cards. Good break down of what to buy next time you're buying SD cards for your Raspberry Pi.

Short version: buy either the Samsung EVO+ or SanDisk Extreme SD cards.

Leave A Reply

KVM: Passing a port from your public NATd IP to an internal VM host

If you're using KVM's "default" network to provide NAT to your VMs you may want to map certain inbound ports to a specific VM. Using these iptables commands and destination NAT you will be able to connect to your VMs using a single outward facing IP.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to 192.168.122.32:22
Leave A Reply

NFS: List exported filesystems

If you want to list what filesystems are exported via NFS on a remote host use this command:

showmount -e 192.168.1.12

You should get output like this:

Export list for 192.168.1.12:
/volume1/multimedia 192.168.1.0/24
/volume1/sales 192.168.1.0/24
/volume2/users 192.168.1.0/24
Leave A Reply

SSH: Batch mode for SSH/SCP scripting

SSH is great for scripting file transfers between two trusted hosts when you're using SSH keys. If you are using SSH keys to automate SSH commands you will want to make sure your SSH commands are using BatchMode. With BatchMode enabled, the SSH connection will fail immediately if the key is rejected, instead of failing back to a password prompt. This will prevent your scripts from "hanging" while it waits for you to type a password.

ssh -o BatchMode=true user@domain.com
scp -q -o BatchMode=true user@domain.com:/tmp/
Leave A Reply