Tag Cloud

389-directoryserver 3 ansible 7 apache 15 aws 3 azure 1 bash 12 bind 6 centos 25 chef 1 cloud 3 cockpit 1 comptia 1 database 1 devops 4 docker 3 drupal 2 fedora 1 freebsd 7 ganglia 2 git 4 github 3 gitlab 1 glusterfs 1 go 2 google 5 gparted 1 gpg 1 iptables 4 jekyll 2 jenkins 5 kerberos 2 kernel 1 kubernetes 5 kustomize 1 kvm 5 ldap 2 logstash 1 lvm 1 macos 4 memcached 1 metasploit 2 monitoring 8 mysql 6 nagios 17 networking 13 nginx 7 ntp 1 opensuse 1 perl 10 pf 3 php 16 postfix 1 prometheus 2 python 6 rancher 1 regex 2 rhce 5 rhel 6 ruby 8 security 17 sendmail 1 smtp 1 solaris 7 svn 1 systemd 1 terraform 1 testing 3 ubuntu 21 vagrant 3 varnish 9 vim 1 virtualbox 4 web-development 2 wordpress 7 zfs 6

Currently Reading

MCA Microsoft Certified Associate Azure Administrator Study Guide: Exam AZ-104

308 / 435 Pages

Latest Book Reviews

• Rancher Deep Dive Posted on March 31, 2023
• Leveraging Kustomize for Kubernetes Manifests Posted on March 24, 2023
• Automating Workflows with GitHub Actions Posted on October 13, 2022
• Deep-Dive Terraform on Azure Posted on August 30, 2022
• Effective DevOps Posted on January 5, 2022
All Book Reviews

Latest Posts

• Automated SSL certificate expiration check Posted on June 4, 2015
• Restoring access to Fedora after Ubuntu upgrade Posted on May 3, 2015
• Spell check from the command line Posted on April 25, 2015
• Installing system-config-kickstart on Ubuntu Posted on April 25, 2015
• Ah Shit - check_http string Posted on April 13, 2015

---

June 4, 2015

Automated SSL certificate expiration check

by Alpha01

It is quite simple to automate checking for near expiring SSL certificates in CentOS. This is accomplished using the certwatch tool. This tool is part of the crypto-utils package.

yum install crypto-utils
``

Installing `crypto-utils`, will create the following cron job, `/etc/cron.daily/certwatch`. By default the `/etc/cron.daily/certwatch` script only checks for SSL certificates loaded by Apache (`httpd -t -DDUMP_CERTS`). So Apache users don't have to do any additional config changes to in order to  automate the check of near expiring SSL certificates.

Since in https://www.rubysecurity.org I use Nginx as a SSL termination proxy for an Apache backend webapp on a different machine. I had to manually update the `/etc/cron.daily/certwatch` script to point to my SSL certificates directly.

```bash
#certs=`${httpd} ${OPTIONS} -t -DDUMP_CERTS 2>/dev/null | /bin/sort -u`
INCLUDE_CERTS='/etc/nginx/certs/*.crt'
certs=`ls $INCLUDE_CERTS 2>/dev/null`

Here is an example of an expired SSL certificate alert

[root@rubyninja certs]# certwatch /etc/nginx/certs/www.rubysecurity.org_2014/www.rubysecurity.org.crt
To: root
Subject: The certificate for www.rubysecurity.org has expired

 ################# SSL Certificate Warning ################

  Certificate for hostname 'www.rubysecurity.org', in file (or by nickname):
     /etc/nginx/certs/www.rubysecurity.org_2014/www.rubysecurity.org.crt

  The certificate needs to be renewed; this can be done
  using the 'genkey' program.

  Browsers will not be able to correctly connect to this
  web site using SSL until the certificate is renewed.

 ##########################################################
                                  Generated by certwatch(1)

certwatch is far from perfect. It doesn’t have any verbose output when doing a check, it solely relies on its exit status to verify if the check was successful. Excerpt from the man page is somewthat appalling.

DIAGNOSTICS
       The exit code indicates the state of the certificate:

       0
           The certificate is outside its validity period, or approaching expiry

       1
           The certificate is inside its validity period, or could not be parsed

Tags: [ centos monitoring ]

---

May 3, 2015

Restoring access to Fedora after Ubuntu upgrade

by Alpha01

I have a quadroboot OS installation environment on my Dell XPS laptop.

• Ubuntu (primary OS)
• Kali
• Fedora
• Windows 7

I decided to upgrade my Ubuntu installing to the latest 15.04. As soon the upgrade completed and rebooted, I noticed the GRUB menu was no longer displaying my Fedora 21 environment. The problem was because I had installed Fedora under an LVM partition, while the others weren’t.

Restoring boot access to Fedora was fairly simple.

First, I had install lvm2 package in Ubuntu so it’s able to view and configure the LVM

tony@alpha05:~$ sudo apt-get install lvm2

Then I had to activate the Volume Group.

tony@alpha05:~$ sudo vgchange -a y

After updating the Volume Group, using the os-prober tool, I was able to verify that Ubuntu was able to see my Fedora 21 install.

tony@alpha05:~$ sudo os-prober
/dev/sda1:Windows 7 (loader):Windows:chain
/dev/sda6:Debian GNU/Linux (Kali Linux 1.0):Debian:linux
/dev/mapper/fedora-root:Fedora release 21 (Twenty One):Fedora:linux

So the last step was to generate a new grub config.

tony@alpha05:~$ sudo grub-mkconfig > /boot/grub/grub.cfg 

Tags: [ ubuntu fedora lvm ]

---

April 25, 2015

Spell check from the command line

by Alpha01

I was pleasantly surprise to learn about a utility which lets you spell check text files or any string passed as standard input, directly from the command line. The name of this genius tool is spell.

Examples

Example 1

tony@alpha05:~$ echo "What the fuc or what the fuck" | spell
fuc

Example 2

tony@alpha05:~$ cat test.txt 
Fuck thi shit.
tony@alpha05:~$ spell test.txt 
thi

Tags: [ bash ]

---

April 25, 2015

Installing system-config-kickstart on Ubuntu

by Alpha01

system-config-kickstart fails to start after the initial install.

Error

tony@alpha05:~$ system-config-kickstart 
Traceback (most recent call last):
  File "/usr/share/system-config-kickstart/system-config-kickstart.py", line 92, in <module>
    kickstartGui.kickstartGui(file)
  File "/usr/share/system-config-kickstart/kickstartGui.py", line 131, in __init__
    self.X_class = xconfig.xconfig(xml, self.kickstartData)
  File "/usr/share/system-config-kickstart/xconfig.py", line 80, in __init__
    self.fill_driver_list()
  File "/usr/share/system-config-kickstart/xconfig.py", line 115, in fill_driver_list
    raise RuntimeError, (_("Could not read video driver database"))
RuntimeError: Could not read video driver database

Fix

Downgrade the hwdata package.

apt-get remove hwdata
wget ftp://mirror.ovh.net/mirrors/ftp.debian.org/debian/pool/main/h/hwdata/hwdata_0.234-1_all.deb
dpkg -i hwdata_0.234-1_all.deb
apt-mark hold hwdata
apt-get install system-config-kickstart

This is a known bug in Ubuntu that is yet to be fixed…

Resources

• https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1260107
• https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1236315

Tags: [ ubuntu ]

---

April 13, 2015

Ah Shit - check_http string

by Alpha01

After updating the themes of www.alpha01.org, www.rubysecurity.org, www.rubyninja.org I completely forgot to also update the header template files to include once again their respective Google Analytics tracking code. This resulting in almost three months of no stats. When I originally setup the Nagios check_http ‘s on my sites, I didn’t set them to also search for the custom Google Analytics string, which I always use this configuration at work on all http checks.

This can easily be accomplish using the -s

--string option of the check_http plugin.

/usr/local/nagios/libexec/check_http -I www.rubysecurity.org -S -t 10 --string UA-12912270-3

So the lesson learned, you should always configure your check_http Nagios service checks to also search for a custom string as part of the check!

Tags: [ nagios ]

---