Rootkit Hunter (rkhunter) is a security monitoring tool. It scans for root kits and other basic vulnerabilities. To be effective it needs to be run on a system initially known to be in a good state, and then have ts properties updated after every system update.
Steps to disable core dumps on Linux
For a while now I have been wanting to set up a certificate authority (CA) to address the certificate needs of users and services internal to our home network. Today seems to be as good as nay other to take a first pass at doing this.
Notes on installation and configuration of Grafana via Saltstack for future me. This a companion for a previous post, I covered how I istalled Prometheus and node_exporter on my machines via Salt. Grafana povides convienient dashboards through which to visualize data collected by Prometheus (and other tools).
I currently use Jekyll to generate my blog posts that you see hosted here. One thing I have wanted was to add a commenting system. Inspired by this recent toot by @email@example.com, and as I am a proponent of the Fediverse and a Mastodon user, I took a first stab at setting up comments collected the notes below.
This post will collect information on how I have configured Prometheus in case there is a need to rebuild or make changes in the future.
New public key for email encrytping and signing. This will be my primary key for the next 5 years.
Just a couple of notes on a couple of Raspberry Pi related things I don’t use often enough to remember and I am getting tired of having to look up every time I want to use one of them.
After a few years of neglect, I decided to go back through my networked devices and make sure
net-snmpis installed consistetnly and more minimaly. Doing this let me return to using Cacti and provide a check against what Prometheus and Grafana are telling me.
Just some sample fio benchmark job results graphs generated using
fio2gnuplottool. I did some minor editing of the generated
gnuplotfiles to better match the autogenerated graphs to meet my needs.
This post just shows how I broke the
fiojob profile I’ve been using into smaller individual files and modified them to take device to test as an environment variable from the command line. There really is not much more to say, and my attention has turned to recovering an array damaged by an unintended power outage that was my own fault while tracing cables.
Recently I picked up some new, though end of life, 3.5” Seagate 2TB (Exos 7E8 ST2000NM0045) hard drives and a refurbished HPE H240 controller to go with them. Over the past weekend I got around to installing the controller and drives into my computer and began set things up for the first time. Below are notes on what I did and discovered along the way, as setting up this hardware is new to me in practice if not theory.
Whilst reviewing my Mastodon feed this morning, I came across a post from SK at OSTechNix which suggested it was possible to change directories in Linux without using the
cdcommand. This was sufficient to catch my attention. I read the full article, made the adjustment to my
.bashrcfile and like the result so I decided to post as a reminder to future me, and create a
saltstate file to push out the change to all machines if I still like it in a week.
This morning after updating my Gentoo systems, I received the following message which was mysterious to me. Whilst I understand the overall concept of rebuilding the Boost-dependent ecosystem I did not know offhand the commands I would use to do the rebuild. This post documents my quest to identifiy the steps I will follow should I ever encounter an error message similar that in the message.
At the moment I have 13 Arch Linux ARM SOC devices. Today I learned pacman, as of version 6, supports parallel downloads for updates. By default this option is disabled. Since I uses Open Salt to manage configurations among other things, I decided to write a pair of Salt state files to enable the parallel download feature and to disable it if the need arises. Having the state files will also allow adjustment of how many parallel downloads will be allowed.
This post documents the steps I took to share the Portage instance one Gentoo machine across the other Gentoo machines I have using NFSv4. One machine syncs portage, all the other machines benefit. For purposes of this post, server will refer to the machine which holds and automatically sync portage for the local network, and client will refer to all of the other local Gentoo machines which will look to the server for Portage.
Notes on how I set up Portage to sync on a daily basis, so that when I am ready to apply updates to Gentoo I can get right to it. The set up described below is specific to my own setup, but should be easily modified to suit the needs of other Gentoo configurations.
As a follow up to my post on installing Gentoo on a “new” system, below are notes on the things I did after booting the server up for the first time. All of which are pretty basic things fore a headless systemd console machine.
🔴IMPORTANT❗🔴 - Following the steps below could result in the non recoverable loss of data on a drive which is not your intent. Check, Check and Check again before hitting enter after any dd command.
I never thought I would have much use for enabling nested virtualization, but I came across this how to post, by Senthil Kumar, at the top of my Mastodon feed this morning and thought that I would give it a shot and try to address an issue on a Windows 10 VM where WSL2 would not start because nested virtualization was not enabled. TL;DR, the steps below resolved the issue.
I recently purchased a used, Arm based, Buffalo TeraStation from ebay. The purchasing experience went well and the device arrive five days earlier than ebay predicted. This post covers my initial impressions and some early configuration modifications.
This post covers the steps I followed to get the Network UPS Tools project software, referred to as NUT for the rest of this post, running on one of my Gentoo machines in support of a CyberPower Systems OR1500LCDRT2U UPS. I am hoping the tasks below are repeatable for other UPS devices as I need to repeat the tasks below on a MintBox Mini 2 which is using another model of UPS.
After some reflection I have decided to again renew my support of the Free Software Foundation. I support free software, and I invite you to consider doing the same by visiting the FSF website.
I came across this one-liner to get geographic location information for the IP address being used from the Linux command line, and wanted to make a note of it for future use.
The Code and Results
Requires curl or wget as presented below, obviously with modification would work with other tools as well.
I’ve been using Gentoo for almost 17 years now, and noticed today that there is a new preferred method for removing packges. As old habits die hard, I thought I’d make a quick post with the steps so I can embrace change.
Notes on how to extend LVM partitions. I do this so infrequently that I forget how and have to look up the steps all the time. These are my own notes so that next time I will at least follow the same steps.
Simple X Mobile (SXmo) Notes
Sxmo, or Simple X Mobile, is a collection of simple and suckless X programs and scripts used together to create a fully functional mobile UI adhering to the Unix philosophy for the Pinephone. You control the UI largely through using the Pinephone buttons (press different numbers of times quickly for different actions) and swipe gestures.1
I recently received my Pine64 Pinephone PostmarketOS Community Edition phone. And while Phosh environment was nice, I wanted to explore other possibilities, and perhaps change to something a bit more lightweight and customizable. Alpine Linux is the foundation of PostmarketOS and is not something I am experienced with, but the Pinephone will boot from a Micro-SD card, so it is easy to try things out and decide what I like before committing it to the eMMC card in the device.
How to add a new nginx site
I have set up my own gopher hole, running on pygopherd. This post goes over how I got started and what I have learned so far. In the early 1990s I was a fairly heavy consumer of gopher based content, but I never hosted my own site or created my own content, until now.
Happy May Day Y’all
This is the fifth post in a serireis focussed on efforat to turn six Odroid-MC1 Solos into a PXE booted computer cluster on which to engage in further FOSS hijinks. The focus of the previous post was setting up a Docker Swarm. In this post we will look at setting up Portainer to provide a web browser based portal for managing the Docker Swarm.
This is the fourth post in the continued effort to turn six Odroid-MC1 Solos into a PXE booted computer cluster on which to engage in further FOSS hijinks. The focus of this post will be getting a Docker Swarm set up.
This is the third in the continued effort to turn six Odroid-MC1 Solos into a PXE booted computer cluster on which to engage in further FOSS hijinks. Previous post covered the steps involved in setting up the MicroSD cards to PXE boot the cluster nodes and mount root file system over NFS.
The continued effort to turn six Odroid-MC1 Solos into a PXE booted computer cluster on which to engage in further FOSS hijinks. The last post documented the physical set up of the devices as well as the creation and basic configuration of an image on a MicroSD card that was capable of booting the device into a state which allowed remote connection to an MC1 node via ssh.
How to turn six Odroid-MC1 Solos I found on sale for 9 dollars into a PXE booted computer cluster on which to engage in further FOSS hijinks.
Making a post based on old notes on setting up backups, in the hopes of ensuring current validity, updating as needed and perhaps even monitoring. The inspiration for and original source of much of the information listed here can be found at MadHacking Backup System.
Since getting OpenLDAP was a bit of a struggle I thought I would take the time to document the process I went through to make things smoother should I need to do this again. This post draws heavily on some existing documents listed here:
At this point I have what seems to be a working KDC running on
setbackhost, so it is not time to start configuring client on the KDC and on other Linux devices about the network.
My attempt to follow the steps here HOWTO: Kerberos for small networks, without LDAP or AD. Hopefully I will have a working Key Distribution Center solution for the farm when I am done, as the steps I am following are about twelve years old at this point.
Some handy tips for identifying the boot process of systemd based init devices. Specifically how to use systemd-analyze to identify slowest stating services and all of the dependencies of the system and user login processes.
Systemd-analyze command is used to determine system boot-up performance statistics and other state and tracing information from the system and service manager, and to verify the correctness of unit files.
With spring, an influx of predators have been taking their toll on our existing chicken flock. With the looming introduction of new chicks to the exist flock, it has become evident we need a more secure roost and outdoor run for the chickens. This is the initial shopping list which will track costs and will be updated as additional items are identified.
I tend to start most of my Virtual Box guests from the command line of console with detachable (–type separate) GUI, or with no GUI at all (–type headless). Today I found the need to do some work on a running virtual machine guest through a GUI and wanted to do this from the command line without restarting the guests and realized I didn’t know how.
For sometime now I have been maintaining Gnu/Linux machines using Saltstack, however I continued to apply updates to our Apple computers manually. Having finally grown tired of this tedious and time consuming manual task I decided to figure out how to update using Salt.
- Jen has a new shed for our chickens.
- Taxes have been completed and filed.
- Jen celebrated another birthday.
- Lent is more than half over.
- We have a lot of new chicks.
- I still very much enjoy writing with a fountain pen.
- Carmen’s soccer team is not undefeated this season, but at least their uniforms are red.
- Michael wants to take another semester to graduate in order to get a B.S. degree rather than a B.A.
- Elizabeth may come home in May.
- Justin and Shawna may be coming to Nashville.
- First Communion for Carmen in May.
- We need a new wireless router, the one providing the bridge in my office likes to disconnect clients until rebooted.
- Sent beer to Shane for fixing gov’t. services server that others including Microsoft failed to fix.
I wanted to bring all my salt minions up to the current release. Upgrading minions is not something I do frequently so I tend to forget the process, and this post is to collect my notes so the next time is easier or something I take the time to automate.
Why and How
Setting up a personal configuration firle for URLView
Command Line Web Browsing
URL Handling in Terminals
I’ve made an effort to shift to Vim as my one text editor for all occasions. One of the features I should make more use of is the spell-checker, but the commands and controls often slip my memory. I thought I would take a little time to write them all out in hope of improving my muscle memory.
From time to time while working on Linux machines remotely I have need to silence their audio output and not disturb or startle those near by who may be asleep or otherwise engaged. All the machines I work on rely on PulseAudio on top of Advanced Linux Sound Architecture ( ALSA ) for their audio output. While there are many GUI based solutions for controlling PulseAudio output, I am generally connected to the machines via ssh without X forwarding enabled, making use of local GUI based tools at best inconvenient.
Not Enough Time
There are a lot of websites out there I like to visit and catch up on, but frankly it takes a lot of time each one. As I find the time visiting multiple sites on a regular basis not well spent and prone to my own distraction and forgetfulness, the obvious solution seems RSS feed reader which bring the updates to me. I am going to forgo the use of a GUI tool for this and have decided to give Newsboat. Online documentation.
I have bee using Graphviz - Graph Visualization Software more both at home and work in the hope of becoming more proficient in its use. As an exercise I have converted the Vagrant ordered list from /tech/todo/2014/11/11/thatwhichisgoingonnow.html post into the diagram below.
While I mostly remember president Bush as a disappointment after the presidency of Ronald Reagan, today, five days after his death, the United States is observing a day of mourning for its 41st president.
Since last time…
On Prickle-Prickle, The Aftermath 42, 3162 YOLD, under the sign of Sagittarius, during the reign of US President Bill Clinton, in the northen New York town of Potsdam, one Jennifer Bonner did give her consent before God, family and friends to become my lawfully wedded wife at St. Mary’s Catholic Church, makring the happiest day of my life, and the beginning of a long journey up to today.
Welcome to the all new Yidhra Farm website v2.0. For now it will remain a static site generated using Jekyll. I don’t really care much about Ruby, but Jekyll seems a poppular solution with a vibrant community, and it never hurts to learn something new. My first focus will be carrying over blog posts from the old site and then I will work on enhancing the look of the site.
The A.V. Club is the first to report that creator Joel Hodgson and stars Jonah Ray and Felicia Day are set to roll out a Thanksgiving parade of classic MST3K on Thursday, November 23. Beginning at noon ET/9 a.m. PT, the marathon will stream at shoutfactory and on the Shout Factory TV app, featuring six episodes never before seen during Shout!’s now-annual celebration of the quest to find (and, ultimately, improve) the worst movies ever made.
After downloading and flashing a new Ubuntu image from Odroid, complete the following steps:
Slightly more than basic script, with important guards against attacks.
```bash #Minimal Iptables Rules
Another command I never can seem to remember and find myself searching for:
Goal: Create cloudshell.service Managed by Systemd
A nice collection of tutorials and other information for learning scripting using BASH (Bourne-Again SHell). Learning bash
Probably not for the new user. Tips & Tricks
That I always forget
Recently, I applied About OS X bash Update 1.0 to address CVE-2014-6271 and CVE-2014-7169, more commonly known as Shellshock. After applying, I ran Hanno Böck’s bashcheck script and was dismayed to discover my shell was still vulnerable to the exploit.
Essential CLI Software For Linux
Curing and smoking your own bacon requires some effort and time, but results in a product far superior to the typical conveniently prepared bacon in most grocery stores.
subscribe via RSS