Systemd unit for Monyog

15 11 2017

Systemd unit for Monyog. Create a new file in “/etc/systemd/system/monyog.service” with the following content:

[Unit]
Description=Webyog MONyog Service
After=network.target
[Service]
SyslogIdentifier=monyog
LimitNOFILE=262144
ExecStart=/usr/local/bin/MONyog-bin
Restart=on-failure
[Install]
WantedBy=multi-user.target

Advertisements




A note about a ftp service

9 11 2017

From the reasons in Debian about shutting down public FTP services:

  • FTP servers have no support for caching or acceleration.
  • Most software implementations have stagnated and are awkward to use and configure.
  • Usage of the FTP servers is pretty low.
  • The protocol is inefficient and requires adding awkward kludges to firewalls and load-balancing daemons.

More info: https://www.debian.org/News/2017/20170425





SSL and TLS notes

24 10 2017

List all ciphers:
# openssl ciphers -v 'ALL:COMPLEMENTOFALL'

List some ciphers:
# openssl ciphers -v 'AES256:kEECDH+ECDSA:kEECDH:kEDH:RSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!PSK:!SRP:!kECDH:!CAMELLIA:!IDEA:!SEED:!RC4'

Benchmark:
# openssl speed rc4 aes rsa ecdh sha

Benchmark with 2 cpus:
# openssl speed -multi 2 rc4 aes rsa ecdh sha

Test ssl cert in a website:
# openssl s_client -connect http://www.google.com:443

Test ssl cert with a specific version:
# openssl s_client -connect http://www.google.com:443 -no_ssl2
# openssl s_client -connect http://www.google.com:443 -servername http://www.google.com

Extract cert from a website:
# echo | openssl s_client -connect http://www.google.com:443 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

Test cert with a particular cipher:
# openssl s_client -connect http://www.google.com:443 -cipher RC4-SHA

Test SNI usage:
# openssl s_client -connect http://www.google.com:443 -servername http://www.google.com

Test sesssion reuse:
# echo | openssl s_client -connect http://www.google.com:443 -reconnect





Add multiarch Debian 9

18 08 2017

dpkg --add-architecture i386
apt-get update
apt-get install libc6:i386





Convert RAID superblock from 0.9 to 1.0

1 08 2017

The kernel wiki have a section with some documentation about this process, but it’s a bit outdated. If you have mdadm-3.3 or newer (usually yes), is it possible to change the superblock in two steps. First get the devices information:

mdadm --detail /dev/md0

And do it:

mdadm --stop /dev/md0
mdadm --assemble /dev/md0 --update=metadata ...list.of.devices...

http://www.spinics.net/lists/raid/msg48367.html
https://raid.wiki.kernel.org/index.php/RAID_superblock_formats





Install Prometheus and Grafana

31 07 2017

These are the steps to install Prometheus and Grafana in a standalone Linux Debian box for monitor their system with a nice dashboard.

Install the package server and exporter from the repo:

apt-get install prometheus prometheus-node-exporter

Change Prometheus to listen only in localhost and the sync strategy (if you want to save battery) /etc/default/prometheus:

ARGS="-web.listen-address=localhost:9090 -storage.local.series-sync-strategy 'never'"

Assure that there is a target in /etc/prometheus/prometheus.yml:

- job_name: node
# If prometheus-node-exporter is installed, grab stats about the local
# machine by default.
static_configs:
- targets: ['localhost:9100']

Restart it and enable in systemd:

systemctl restart prometheus
systemctl enable prometheus

Change the listen address too in the node exporter /etc/default/prometheus-node-exporter:

ARGS="-collector.diskstats.ignored-devices=^(ram|loop|fd)\d+$ \
-collector.filesystem.ignored-mount-points=^/(sys|proc|dev|run)($|/) \
-collector.textfile.directory=/var/lib/prometheus/node-exporter -web.listen-address=127.0.0.1:9100"

Restart it and enable in systemd:

systemctl restart prometheus-node-exporter
systemctl enable prometheus-node-exporter

Download Grafana from their website and install it:

mkdir /opt/grafana
cd /opt/grafana
wget https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana_4.4.1_amd64.deb
dpkg -i grafana_4.4.1_amd64.deb

Enable and start it in systemd:

systemctl daemon-reload
systemctl enable grafana-server
systemctl start grafana-server

Use the browser and enter this address (user/password: admin/admin):

http://localhost:3000

Add the Prometheus datasource as in the image:

Add a new dashboard following this path in the menu:

Type the id “1860” inside “Grafana.com Dashboard”. It automatically get it:

Confirm the import fetching the values from localhost:


Enjoy.





Change tab size in xfce 4

8 07 2017

If you use Debian 9 in a small screen with xfce 4, maybe you suffer the big tab size of some desktop elements.

For fix that, create a file under ~/.config/gtk-3.0/gtk.css with the following content:

/* reduce padding of tabs */
notebook tab {
min-height: 0;
padding-top: 1px;
padding-bottom: 2px;
}
/* reduce padding of buttons */
notebook tab button {
min-height: 0;
min-width: 0;
padding: 1px;
margin-top: 1px;
margin-bottom: 2px;
}