HOWTO

Sometimes deployment process or other heavy task may cause some Nagios checks to rise below normal levels and bother admin1. If this is expected and you want to add downtime on host/service during this task you may use this script: #!/bin/bash function die { echo $1; exit 1; } if [[ $# -eq 0 ]] ; then die "Give hostname and time in minutes as parameter!" fi if [[ $# -eq 1 ]] ; then MINUTES=15 else MINUTES=$2 fi HOST=$1 NAGURL=http://nagios.example.com/nagios/cgi-bin/cmd.cgi USER=nagiosuser PASS=nagiospassword SERVICENAME=someservice COMMENT="Deploying new code" export MINUTES echo "Scheduling downtime on $HOST for $MINUTES minutes..." # The following is urlencoded already STARTDATE=`date "+%d-%m-%Y %H:%M:%S"` # This gives us the date/time X minutes from now ENDDATE=`date "+%d-%m-%Y %H:%M:%S" -d "$MINUTES min"` curl --silent --show-error \ --data cmd_typ=56 \ --data cmd_mod=2 \ --data host=$HOST \ --data-urlencode "service=$SERVICENAME" \ --data-urlencode "com_data=$COMMENT" \ --data trigger=0 \ --data-urlencode "start_time=$STARTDATE" \ --data-urlencode "end_time=$ENDDATE" \ --data fixed=1 \ --data hours=2 \ --data minutes=0 \ --data btnSubmit=Commit \ --insecure \ $NAGURL -u "$USER:$PASS"| grep -q "Your command request was successfully submitted to Nagios for processing." || die "Failed to con tact nagios"; echo Scheduled downtime on nagios from $STARTDATE to $ENDDATE Threat this script as template with some tips: ...

Now when you have CollectD and InfluxDB installed you may configure Grafana 😃 First configure repo with current Grafana version (select your distro): curl https://packagecloud.io/gpg.key | sudo apt-key add - deb https://packagecloud.io/grafana/testing/debian/ wheezy main Now install package (on wheezy I needed to install apt-transport-https to allow installation of packages from repo via HTTPS): apt-get update apt-get install -y apt-transport-https apt-get install -y grafana By default Grafana will use sqlite database to keep information about users, etc: ...

I wanted/needed some statistics on few my machines. I saw earlier grafana and was impressed so this was starting point. Then I started reading about graphite, carbon and whisper, and then… I found InfluxDB. Project is young but looks promising. Let’s start! On project page there is no info about repo but it’s available, configure it: curl -sL https://repos.influxdata.com/influxdb.key | apt-key add - echo "deb https://repos.influxdata.com/debian wheezy stable" > /etc/apt.sources.list.d/influxdb.conf for Ubuntu use url like (of course selecting your version): ...

I wanted/needed some statistics on few my machines. I saw earlier grafana and was impressed so this was starting point. Then I started reading about graphite, carbon and whisper, and then… I found InfluxDB. Project is young but looks promising1. Installation of collectd is easy on Debian because packages are in default repo. One problem is that packages may be old, ex. on wheezy it version 5.1. But in backports/backports-sloppy2 you may find current 5.5, so enable backports first: ...

Lately I had a lot of brute force attacks on my WordPress blog. I used basic auth to /wp-admin part in nginx configuration to block this and as a better solution I wan’t to block source IPs at all on firewall. To do this, place this filter code in /etc/fail2ban/filter.d/wp-login.conf: # WordPress brute force wp-login.php filter: # # Block IPs trying to authenticate in WordPress blog # # Matches e.g. # 178.218.54.109 - - [31/Dec/2015:10:39:34 +0100] "POST /wp-login.php HTTP/1.1" 401 188 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0" # [Definition] failregex = ^<HOST> .* "POST /wp-login.php ignoreregex = Then edit your /etc/fail2ban/jail.local and add: ...

Normally you want dynamic content to be fresh and not cacheable. But sometimes it may be useful to cache it, like when you have website behind reverse proxy1. To do this try something like this: Add new Apache conf file <filesmatch "\.(php|cgi|pl)$"> Header unset Pragma Header unset Expires Header set Cache-Control "max-age=3600, public" </filesmatch> http://www.askapache.com/htaccess/speed-up-your-site-with-caching-and-cache-control.html  external link  ↩︎ ...

It will happen from time to time, that you’re on alien machine and have to brutally update things in db without knowing credentials. Example is for root (quite secure candidate to change because it shouldn’t be used in app 😃 ) but will work for any user. shutdown db service mysql stop create text file with command like this (update user accordingly) ex. in /tmp/pwchange.txt SET PASSWORD FOR "root"@"localhost" = PASSWORD("HereYourNewPassword"); start mysqld with --init-file param mysqld_safe --init-file=/tmp/pwchange.txt sometimes you may require to point configuration file ex. --defaults-file=/etc/mysql/my.cnf ...

I hate movies recorded on phone in vertical position. This just short tip how I dealt with with it last time: for m in *.mp4 do avconv -i $m -vf "transpose=1" -codec:a copy -codec:v libx264 -preset slow -crf 23 rotated-$m done Other examples: http://stackoverflow.com/questions/3937387/rotating-videos-with-ffmpeg  external link http://superuser.com/questions/578321/how-to-flip-a-video-180  external link °-vertical-upside-down-with-ffmpeg

I had some passwords saved in remmina but like it always happen, I wasn’t been able to remember them when needed. Trying to restore them I found that they’re encrypted in .remmina directory. Then I used this script to decrypt them 1: Extract script import base64 from Crypto.Cipher import DES3 secret = base64.decodestring("<STRING FROM remmina.prefs>") password = base64.decodestring("<STRING FROM XXXXXXX.remmina>") print DES3.new(secret[:24], DES3.MODE_CBC, secret[24:]).decrypt(password) http://askubuntu.com/questions/290824/how-to-extract-saved-password-from-remmina  external link  ↩︎ ...

Allow from IP without password prompt, and also allow from any address with password prompt Order deny,allow Deny from all AuthName "htaccess password prompt" AuthUserFile /web/askapache.com/.htpasswd AuthType Basic Require valid-user Allow from 172.17.10.1 Satisfy Any Sources http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html  external link