Sullen Server

Posted: 2016-09-12 20:54:42 by Alasdair Keyes

Direct Link | RSS feed


Sad Server is sad.

https://twitter.com/sadserver


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Up and atom

Posted: 2016-08-28 13:51:25 by Alasdair Keyes

Direct Link | RSS feed


Over the past week, I've been trying to move towards using an IDE for my personal projects. I use PHPStorm at work, however I would like to use Open Source at home. I like the power of VIM, but sometimes I feel like I'm being held back by not utilising the full functionality available on a dedicated IDE. I've been doing a bit of testing and I quite like Github's Atom IDE.

There's more than enough posts about what's good and bad with it, I won't rehash it. However I do like the extensibility of it, having installed a number of packages to provide extra functionality. In keeping with being able to set up my machines from a fresh install with Puppet.. The following puppet snippet will install atom and the required packages from the $apm_packages array.

Due to the use of the puppet "each" function you will need to run this with the future parser option puppet apply --parser=future puppet_file.pp

$apm_packages = [
  "file-watcher",
  "perltidy",
  "perldoc",
  "linter-perl",
  "linter-puppet",
  "language-puppet",
]

$my_system_user = "bill";

file { "personal_atom_package_folder":
  path      => "/home/$my_system_user/.atom/packages/",
  ensure    => "directory",
  require   => Package["atom"],
}

each($apm_packages) |$package_name| {

  exec { "apm_$package_name":
    path        => [ "/usr/bin", "/bin" ],
    command     => "apm install $package_name",
    creates     => "/home/$my_system_user/.atom/packages/$package_name",
    user        => $my_system_user,
    environment => ["HOME=/home/$my_system_user"],
    require     => Package["atom"],
  }
}


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Open Source Slack

Posted: 2016-08-27 14:43:02 by Alasdair Keyes

Direct Link | RSS feed


Slack has been gaining a lot of traction for collaboration in the IT world over the last few years and it's quite a good tool but the "Cloud" aspect of it and the potential lack of privacy that comes with it is a big concern. Slack is often used to transfer files with business data and transmit data passwords (a practice I'm very much against). Although it uses TLS to stop snoopers betweeon your client and Slack itself, having Slack hold on to all your conversations is a worrying proposal for a business.

Enter Mattermost, an open source alternative to Slack that you install into your own infrastructure. It has a free cut-down version and further more advanced versions for a fee, however the basic slack functionality you're used to is all available in the free version.

The interface is heavily influenced by Slack and everything is where you'd expect and includes apps for all major OSes including Linux.

The downside of Mattermost is the management of the stack on your infrastructure, backups, updates etc but if you have an existing IT team, this should be a very minimal workload addition for the security and peace of mind that all your shared files/conversations are all stored in-house.

For testing they also provide an easy to install docker image, well worth a test.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Auto claim Packtpub free learning ebook

Posted: 2016-06-12 21:10:55 by Alasdair Keyes

Direct Link | RSS feed


A while ago I posted about Packtpub Free Learning eBooks and wrote a little script to email you the free book of the day (without subscribing to their mailing lists).

After having missed a few good books because I was away from my computer, I decided to write a script that will auto claim these books everyday. It's up on https://gitlab.com/alasdairkeyes/claim_packtpub_free_learning_ebook. Simply download the script to a computer with Perl on it, add in your Packtpub email and password run it and it will login and claim the book and then output the title of the book and a link to view it. Add it to cron and you will never miss a book!


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Exim and gnutls - A TLS fatal alert has been received

Posted: 2016-06-03 23:52:16 by Alasdair Keyes

Direct Link | RSS feed


Whilst diagnosing why an email wasn't getting through to me, I noticed the following errors appearing occasionally in my Exim logs.

"2016-06-03 20:20:36 TLS error on connection from servername (servername) [1.2.3.4] (gnutls_handshake): A TLS fatal alert has been received.


Anything producing the words 'fatal' in logs are cause for alarm and it wasn't something I'd seen before so I did a bit of investigation and found that it was due to the TLS certificate I have for exim not having a common name set that matches the hostname that the remote server was connecting to.

My certificate had akeyes.co.uk and www.akeyes.co.uk however my MX records are mail.akeyes.co.uk, this doesn't really cause an error, mail is still accepted, however at some point in future (and some very strict mail servers) may refuse such connections so it's best to get it fixed.

To diagnose the issue, lets try connecting on a hostname that is not on the certificate, as I was on the server, 127.0.0.1 would do fine. As exim is compiled against gnutls we'll need to use the gnutls command line tools..
apt-get install gnutls-bin -y

Then connect using gnutls-cli bold red text is what I typed and bold blue text is the useful part of the response

# gnutls-cli -s -p 25 127.0.0.1
Processed 174 CA certificate(s).
Resolving '127.0.0.1'...
Connecting to '127.0.0.1:25'...
- Simple Client Mode:
220 vps2.akeyes.co.uk ESMTP Exim 4.84_2 Fri, 03 Jun 2016 20:40:55 +0100
ehlo me
250-vps2.akeyes.co.uk Hello localhost [127.0.0.1]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-STARTTLS
250 HELP
starttls
220 TLS go ahead
<CTRL-D>
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=akeyes.co.uk', issuer `C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3', RSA key 2048 bits, signed using RSA-SHA256, activated `2016-06-03 18:35:00 UTC', expires `2016-09-01 18:35:00 UTC', SHA-1 fingerprint `d0b48bf7056860c48ab204e246b5ec95dcac42f4'
Public Key ID:
4d601b2e453c98b68ac88addd946de73982b6cac
Public key's random art:
+--[ RSA 2048]----+
| =* |
| ++o+ |
| ...o.. |
| .. o |
|.. . . S . |
|... . . |
|o. . B . o |
|o . o O = . |
| E+ ..+ |
+-----------------+
- Certificate[1] info:
- subject `C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3', issuer `O=Digital Signature Trust Co.,CN=DST Root CA X3', RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', SHA-1 fingerprint `e6a3b45b062d509b3382282d196efe97d5956ccb'
- Status: The certificate is NOT trusted. The name in the certificate does not match the expected.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed


I then ran the same command but using a hostname I knew was on the certificate


# gnutls-cli -s -p 25 akeyes.co.uk
Processed 174 CA certificate(s).
Resolving 'akeyes.co.uk'...
Connecting to '178.62.80.10:25'...
- Simple Client Mode:
220 vps2.akeyes.co.uk ESMTP Exim 4.84_2 Sat, 04 Jun 2016 00:02:08 +0100
ehlo me
250-vps2.akeyes.co.uk Hello vps2.akeyes.co.uk [178.62.80.10]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-STARTTLS
250 HELP
starttls
220 TLS go ahead
<CTRL-D>
*** Starting TLS handshake
- Certificate type: X.509
...
...
- Status: The certificate is trusted.
...
...


So we can see why this error is occuring, the easy fix is to ensure that the certificate used by Exim has all required hostnames. I use letsencrypt so I just regenerated a certificate and added -d mail.akeyes.co.uk switch. Alternatively, change the MX records for all domains your server handles mail for, to a hostname which is included on the certificate.

Oh, and in case you were wondering, the cause of the mail getting through was misconfiguration of the sender's DNS. The hostname part of his email address was a subdomain which had no DNS record so sender verification failed.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Chrome APT update error

Posted: 2016-03-22 07:18:22 by Alasdair Keyes

Direct Link | RSS feed


For testing I have the Linux version of Google Chrome installed, recently I was seeing the following error in my Package manager

failed to fetch http //dl.google.com/linux/chrome/deb/dists/stable/release

The fix is fairly easy, update your /etc/apt/sources.list.d/google-chrome.list file in the following way

deb http://dl.google.com/linux/chrome/deb/ stable main

to

deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main

Then refresh your sources list. The file does warn that it'll be auto generated. So this might well occur again, but doesn't seem to be auto-generated often so should be good for a while.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

IT Russian Roulette

Posted: 2016-03-21 21:12:43 by Alasdair Keyes

Direct Link | RSS feed


Living dangerously... http://www.commitstrip.com/en/2014/05/16/russian-roulette/


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Return of the Gopher Server

Posted: 2016-03-17 19:07:01 by Alasdair Keyes

Direct Link | RSS feed


After being bombared with literally no requests as to where my Gopher server went after my server move, It's back!!

gopher://gopher.akeyes.co.uk

(You'll have to hunt out your own Gopher client, Firefox doesn't support the protocol anymore and I doubt any of the other browsers do either)


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Puppet Nagios Plugin

Posted: 2016-03-14 10:39:58 by Alasdair Keyes

Direct Link | RSS feed


Over the weekend I finished migrating all my servers to being managed by a PuppetMaster. Some of these servers were quite old (One is over 5 years old, so forcing it's management into Puppet when it has lots of customisation and idiosynchrocies was a little nerve-wracking... thankfully all went well!

Now that everything is all under control, I wanted to ensure that Puppet was working correctly and nothing was getting left behind an errors weren't silently going un-noticed. There are a number of Puppet-centric tools that do this, but I didn't really want the extra Puppet functionality. Since I already monitor my systems with Nagios, I thought a simple Plugin would be useful.

With that, I've just released the first version of nagios-plugin-check_puppet_run

The core functionality is just to report the last run, the number of resources and the number of changes and any errors generated on the last run.

OK: Successes:0 Failures:0 Last Run:Mon Mar 14 10:10:41 2016 Version:3.7.2 Changes:0 Resources:44
WARNING: Successes:0 Failures:1 Last Run:Mon Mar 14 10:10:41 2016 Version:3.7.2 Changes:0 Resources:44

The script checks the Puppet last run summary file /var/lib/puppet/state/last_run_summary.yaml rather than other plugins that check if the Puppet service is running, this way, you can execute puppet by Cron/Daemon and still get a valid result on your Puppet install.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Inbox Zero: Update

Posted: 2016-03-10 07:25:53 by Alasdair Keyes

Direct Link | RSS feed


It's been almost 6 months since I started using Inbox Zero (See original post) so I thought I would provide an update....

Overall it's been a success, at present my personal inbox has 1 item in it and my work has 3 outstanding items.

It's not easy to measure it's value as I've been using email pretty succesfully for the past 20 years, however by the following metrics, it has been a great success...

Overall, if you can start using it, I think you'll really feel the benefits


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

IT Consultancy Services

I'm now available for IT consultancy and software development services - Cloudee LTD.



Happy user of Digital Ocean (Affiliate link)


Version:master-862fb90399


Validate HTML 5