Linux https://tech.feedyourhead.at/Linux en Now is a good time to backup our github-repos https://tech.feedyourhead.at/content/now-is-a-good-time-to-backup-our-github-repos <span class="field field--name-title field--type-string field--label-hidden">Now is a good time to backup our github-repos</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Many people are scared because <a href="https://news.microsoft.com/2018/06/04/microsoft-to-acquire-github-for-7-5-billion/">Microsoft bought GitHub</a>. I wonder why people are so shocked now. Github is just another cloud-thingy and cloud means: "it's just the computer of someone else". If "someone else" will shutdown or wipe his computer, then we better have backups. Having this in our minds I would say that it's time to make (auto)backups. I wrote this little ruby-script that clones all public repositories of a user into a directory. If the repositories already exist locally, then this script will just make a "git-pull".</p> <div class="geshifilter"><pre class="ruby geshifilter-ruby" style="font-family:monospace;"><span style="color:#008000; font-style:italic;">#!/usr/bin/env ruby</span> &nbsp; <span style="color:#CC0066; font-weight:bold;">require</span> <span style="color:#996600;">'net/http'</span> <span style="color:#CC0066; font-weight:bold;">require</span> <span style="color:#996600;">'json'</span> <span style="color:#CC0066; font-weight:bold;">require</span> <span style="color:#996600;">'fileutils'</span> &nbsp; directory = <span style="color:#996600;">&quot;./&quot;</span> &nbsp; <span style="color:#9966CC; font-weight:bold;">def</span> help warn <span style="color:#996600;">&quot;usage: #{$PROGRAM_NAME} &lt;github-user&gt; [ &lt;dst-directory&gt; ]&quot;</span> <span style="color:#CC0066; font-weight:bold;">exit</span> <span style="color:#006666;">1</span> <span style="color:#9966CC; font-weight:bold;">end</span> &nbsp; <span style="color:#008000; font-style:italic;"># got this function from stackoverflow.com: </span> <span style="color:#008000; font-style:italic;"># stackoverflow.com/questions/2108727/which-in-ruby-checking-if-program-exists-in-path-from-ruby</span> <span style="color:#9966CC; font-weight:bold;">def</span> which<span style="color:#006600; font-weight:bold;">&#40;</span>cmd<span style="color:#006600; font-weight:bold;">&#41;</span> exts = ENV<span style="color:#006600; font-weight:bold;">&#91;</span><span style="color:#996600;">'PATHEXT'</span><span style="color:#006600; font-weight:bold;">&#93;</span> ? ENV<span style="color:#006600; font-weight:bold;">&#91;</span><span style="color:#996600;">'PATHEXT'</span><span style="color:#006600; font-weight:bold;">&#93;</span>.<span style="color:#CC0066; font-weight:bold;">split</span><span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#996600;">';'</span><span style="color:#006600; font-weight:bold;">&#41;</span> : <span style="color:#006600; font-weight:bold;">&#91;</span><span style="color:#996600;">''</span><span style="color:#006600; font-weight:bold;">&#93;</span> ENV<span style="color:#006600; font-weight:bold;">&#91;</span><span style="color:#996600;">'PATH'</span><span style="color:#006600; font-weight:bold;">&#93;</span>.<span style="color:#CC0066; font-weight:bold;">split</span><span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#CC00FF; font-weight:bold;">File</span>::PATH_SEPARATOR<span style="color:#006600; font-weight:bold;">&#41;</span>.<span style="color:#9900CC;">each</span> <span style="color:#9966CC; font-weight:bold;">do</span> <span style="color:#006600; font-weight:bold;">|</span>path<span style="color:#006600; font-weight:bold;">|</span> exts.<span style="color:#9900CC;">each</span> <span style="color:#006600; font-weight:bold;">&#123;</span> <span style="color:#006600; font-weight:bold;">|</span>ext<span style="color:#006600; font-weight:bold;">|</span> exe = <span style="color:#CC00FF; font-weight:bold;">File</span>.<span style="color:#9900CC;">join</span><span style="color:#006600; font-weight:bold;">&#40;</span>path, <span style="color:#996600;">&quot;#{cmd}#{ext}&quot;</span><span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#0000FF; font-weight:bold;">return</span> exe <span style="color:#9966CC; font-weight:bold;">if</span> <span style="color:#CC00FF; font-weight:bold;">File</span>.<span style="color:#9900CC;">executable</span>?<span style="color:#006600; font-weight:bold;">&#40;</span>exe<span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#006600; font-weight:bold;">&amp;&amp;</span> !<span style="color:#CC00FF; font-weight:bold;">File</span>.<span style="color:#9900CC;">directory</span>?<span style="color:#006600; font-weight:bold;">&#40;</span>exe<span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#006600; font-weight:bold;">&#125;</span> <span style="color:#9966CC; font-weight:bold;">end</span> <span style="color:#0000FF; font-weight:bold;">return</span> <span style="color:#0000FF; font-weight:bold;">nil</span> <span style="color:#9966CC; font-weight:bold;">end</span> &nbsp; gitbin = which<span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#996600;">&quot;git&quot;</span><span style="color:#006600; font-weight:bold;">&#41;</span> &nbsp; <span style="color:#9966CC; font-weight:bold;">if</span> gitbin.<span style="color:#0000FF; font-weight:bold;">nil</span>? warn <span style="color:#996600;">&quot;git-binary not found&quot;</span> <span style="color:#CC0066; font-weight:bold;">exit</span> <span style="color:#006666;">1</span> <span style="color:#9966CC; font-weight:bold;">end</span> &nbsp; <span style="color:#9966CC; font-weight:bold;">if</span> ARGV.<span style="color:#9900CC;">length</span> <span style="color:#006600; font-weight:bold;">&lt;</span> <span style="color:#006666;">1</span> <span style="color:#006600; font-weight:bold;">||</span> ARGV.<span style="color:#9900CC;">length</span> <span style="color:#006600; font-weight:bold;">&gt;</span> <span style="color:#006666;">2</span> help <span style="color:#9966CC; font-weight:bold;">end</span> &nbsp; gituser = ARGV<span style="color:#006600; font-weight:bold;">&#91;</span><span style="color:#006666;">0</span><span style="color:#006600; font-weight:bold;">&#93;</span> directory = ARGV<span style="color:#006600; font-weight:bold;">&#91;</span><span style="color:#006666;">1</span><span style="color:#006600; font-weight:bold;">&#93;</span> <span style="color:#9966CC; font-weight:bold;">if</span> ARGV.<span style="color:#9900CC;">length</span> == <span style="color:#006666;">2</span> &nbsp; <span style="color:#9966CC; font-weight:bold;">unless</span> <span style="color:#CC00FF; font-weight:bold;">File</span>.<span style="color:#9900CC;">directory</span>?<span style="color:#006600; font-weight:bold;">&#40;</span>directory<span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#CC00FF; font-weight:bold;">FileUtils</span>::mkdir_p directory <span style="color:#9966CC; font-weight:bold;">end</span> &nbsp; uri = <span style="color:#CC00FF; font-weight:bold;">URI</span><span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#996600;">&quot;https://api.github.com/users/#{gituser}/repos&quot;</span><span style="color:#006600; font-weight:bold;">&#41;</span> &nbsp; resp = <span style="color:#6666ff; font-weight:bold;">Net::HTTP</span>.<span style="color:#9900CC;">get</span><span style="color:#006600; font-weight:bold;">&#40;</span>uri<span style="color:#006600; font-weight:bold;">&#41;</span> parsed = JSON.<span style="color:#9900CC;">parse</span><span style="color:#006600; font-weight:bold;">&#40;</span>resp<span style="color:#006600; font-weight:bold;">&#41;</span> &nbsp; parsed.<span style="color:#9900CC;">each</span> <span style="color:#9966CC; font-weight:bold;">do</span> <span style="color:#006600; font-weight:bold;">|</span><span style="color:#CC0066; font-weight:bold;">p</span><span style="color:#006600; font-weight:bold;">|</span> <span style="color:#9966CC; font-weight:bold;">if</span> <span style="color:#CC00FF; font-weight:bold;">File</span>.<span style="color:#9900CC;">directory</span>?<span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#996600;">&quot;#{directory}/#{p['name']}&quot;</span><span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#CC0066; font-weight:bold;">system</span><span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#996600;">&quot;cd #{directory}/#{p['name']} &amp;&amp; #{gitbin} pull&quot;</span><span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#9966CC; font-weight:bold;">else</span> <span style="color:#CC0066; font-weight:bold;">system</span><span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#996600;">&quot;#{gitbin} clone https://github.com/#{p['full_name']} #{directory}/#{p['name']}&quot;</span><span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#9966CC; font-weight:bold;">end</span> <span style="color:#9966CC; font-weight:bold;">end</span></pre></div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Jun 07 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/ruby" hreflang="en">Ruby</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/git" hreflang="en">git</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/taxonomy/term/103" hreflang="en">Open-Source</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/backup" hreflang="en">Backup</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/tricks" hreflang="en">Tricks</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/shell" hreflang="en">Shell</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=267&amp;2=comment&amp;3=comment" token="oPcbvqzYUcugBxbk0j0w2JLHdMWOfeGFn5WU98XCfbI"></drupal-render-placeholder> </section> Thu, 07 Jun 2018 10:41:24 +0000 Hoti 267 at https://tech.feedyourhead.at Postfix: verified TLS with DANE https://tech.feedyourhead.at/content/postfix-verified-tls-with-dane <span class="field field--name-title field--type-string field--label-hidden">Postfix: verified TLS with DANE</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>TLS via SMTP is <a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic</a> which makes connections vulnerable to man-in-the-middle-attacks. In order to prevent mitm-attacks, <a href="https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities">DANE</a> could be used. The sender-server will first check the domain-records if dnssec is in use(and valid) and if a TLSA-record is published(and valid). If a TLSA-record is valid and matches with the certificate of the recipient-server the connection could be encrypted and the encryption is verified. Postfix was one of the first smtp-servers that implemented DANE since the <a href="https://tools.ietf.org/id/draft-dukhovni-smtp-opportunistic-tls-00.html">author of the DANE protocol is a postfix-developer</a>. This article describes how to enable DANE in postfix.</p> <h3>Preconditions</h3> <p>It's very easy to enable DANE in postfix. First we have to ensure that postfix can resolve DNSsec queries. I recommend to install the dns-resolver "<a href="https://unbound.net/">unbound</a>" on the postfix-server. Unbound does DNSsec pretty well. It also automatically manages the trust-anchors for DNSsec. We can check if DNSsec works, if the "ad"-flag is set. So lets use dig to test it:</p> <pre> <code>&gt; DiG 9.9.5-9+deb8u15-Debian &lt;&lt;&gt;&gt; gov. +dnssec ;; global options: +cmd ;; Got answer: ;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 35764 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;gov. IN A </code></pre> <p>As we can see, the "ad"-flag was set. If we use a resolver without dnssec-support it would look like that:</p> <pre> <code> % dig gov. +dnssec ; &lt;&lt;&gt;&gt; DiG 9.8.4-rpz2+rl005.12-P1 &lt;&lt;&gt;&gt; gov. +dnssec ;; global options: +cmd ;; Got answer: ;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: SERVFAIL, id: 25074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4000 ;; QUESTION SECTION: ;gov. IN A </code></pre> <p>As you can see, there is no "ad"-flag in this example. That indicates that DNSsec is not supported by the resolver.</p> <h3>Postfix-config</h3> <p>As soon as we set up a resolver with dnssec-support, we can easily enable DANE in postfix:</p> <pre> <code> # DANE-Settings smtp_dns_support_level=dnssec smtp_host_lookup=dns smtp_tls_security_level = dane smtp_tls_loglevel=1 </code></pre> <p>Now postfix will always try to verify the TLS-connection using DANE. If you just want to enable DANE for specific domains, I'll recommend have a look at the <a href="http://www.postfix.org/TLS_README.html#client_tls">example in the postfix-documentation</a>.</p> <h3>Test</h3> <p>We can test DANE by sending Emails to a server that has TLSA-Records. There is a list of domains with TLSA-records at the end of <a href="https://static.ptbl.co/static/attachments/169319/1520904692.pdf?1520904692">this pdf</a>. I just tested DANE by sending an email to a gmx.net-address:</p> <pre> <code> May 12 21:26:59 mymailserver postfix/smtp[3064]: Verified TLS connection established to mx01.emig.gmx.net[212.227.17.5]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) </code></pre> <p>The keyword "Verified" indicates that the TLS-connection could be verified.</p> <p>&nbsp;</p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">May 14 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/security" hreflang="en">Security</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/crypto" hreflang="en">Crypto</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/email" hreflang="en">Email</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/mail" hreflang="en">Mail</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=265&amp;2=comment&amp;3=comment" token="oDTTj6SHpFvGYUI319oXvKTZNvcKlQalAHTJrUNU044"></drupal-render-placeholder> </section> Mon, 14 May 2018 12:11:10 +0000 Hoti 265 at https://tech.feedyourhead.at statx-fun got popular https://tech.feedyourhead.at/content/statx-fun-got-popular <span class="field field--name-title field--type-string field--label-hidden">statx-fun got popular</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>I am very surprised that <a href="https://tech.feedyourhead.at/content/using-the-new-statx-system-call">statx-fun</a> got one of my most popular <a href="https://github.com/whotwagner/statx-fun">git repositories</a>.  Arkadiusz Miśkiewicz even created a  <a href="https://git.pld-linux.org/gitweb.cgi?p=packages/statx-fun.git;a=summary">PLD-Linux-package</a> for it. I didn't expect that.</p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">May 06 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Programming" hreflang="en">Programming</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/c" hreflang="en">C</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=263&amp;2=comment&amp;3=comment" token="PbpWFLuU4ui5s5hKfouSBmi_2Kp88yfmwXrVzp8wz74"></drupal-render-placeholder> </section> Sun, 06 May 2018 11:24:36 +0000 Hoti 263 at https://tech.feedyourhead.at HackADay: Let's make a Nukestation https://tech.feedyourhead.at/content/hackaday-lets-make-a-nukestation <span class="field field--name-title field--type-string field--label-hidden">HackADay: Let&#039;s make a Nukestation</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Every time I replace an old hard disk by a newer or bigger one I think that I'll wipe it later. Now I have a big amount of hard disks to wipe. Since wiping takes ages, I don't want to use my personal computer for that. I would prefer a small device with low energy consumption just for wiping. That's why I am going to build a "Nukestation". Basically it's just a Raspberry Pi with nwipe on it and a udev-rule for automatically wipe attached hard disks. But some extras would be nice...</p> <h3>Hardware</h3> <p>My setup is quite basic: a Raspberry Pi 3b+, a Disk-Docking-Station(USB), and a LED for signalling that the drive can safely removed/attached. I know, It would be much better to use a red LED for signalling when the Nukestation is wiping disks, but I had just green LED's at home. That's why I am gonna do that the way around.</p> <p> <video controls="" height="360" width="480"><source src="/sites/default/files/DateiUploads/nukestation.mp4" type="video/mp4" /></video> </p> <p>This video shows my setup. As soon as I plugg in the harddisk, the green led turns dark for signalling that it is not safe to remove the disk now, and on the screen we can see that nwipe starts it's job.</p> <h3>Little Extras</h3> <p>I wrote a bash-script called "nukestation.sh". This script is a wrapper for nwipe and allows us to:</p> <ul> <li>Create Pre-run-hooks(like turn off the LED)</li> <li>Run nwipe with configurable settings</li> <li>Create Post-run-hoocks(like turn on the LED)</li> <li>Send a notification including the nwipe-log via email</li> </ul> <h3>Installation</h3> <p>I won't use this Raspberry Pi only for wiping disks. That's why I need a very easy to use installation routine for the nukestation. I used the configuration management sytem <a href="https://www.ansible.com/">ansible</a> for that. The sources of my nukestation ansible-role can be downloaded on <a href="https://github.com/whotwagner/ansible-role-nukestation">Github</a>&nbsp; and the role is available on ansible-galaxy too. On a freshly installed <a href="https://www.raspberrypi.org/downloads/raspbian/">Raspbian</a>&nbsp; the Nukestation can be installed using the follwing commands:</p> <pre> <code> $ sudo apt-get install ansible $ sudo ansible-galaxy install whotwagner.nukestation $ cat > playbook.yml << EOF --- - hosts: localhost roles: - whotwagner.nukestation EOF $ sudo ansible-playbook playbook.yml </code></pre> <p>The playbook above will just install Nukestation without mailsupport. If we want to install a mailsystem with a smarthost using authentication to automatically send notifications we can use another playbook:</p> <pre> <code> $ sudo apt-get install ansible $ sudo ansible-galaxy install whotwagner.nukestation $ cat > playbook.yml << EOF - hosts: localhost roles: - whotwagner.nukestation vars: nukestation_mailconf: server: mail.example.conf:587 user: username@example.conf pass: super-secret-password from: from@example.com to: to@example.com EOF $ sudo ansible-playbook playbook.yml </code></pre> <p>A detailed documentation about the playbook and the nukestation.sh-script can be found at <a href="https://github.com/whotwagner/ansible-role-nukestation">Github</a>.</p> <h3>Conclusio</h3> <p>Nukestation allows me to wipe disks easily and I'll recieve notifications as soon as the wipejob is finished. <em>"I love it when a plan comes together"</em></p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Apr 15 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/hackaday" hreflang="en">HackADay</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/hardware" hreflang="en">Hardware</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/raspberry" hreflang="en">Raspberry</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/tricks" hreflang="en">Tricks</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/ansible" hreflang="en">Ansible</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=262&amp;2=comment&amp;3=comment" token="mXNkYhJywlpehAmSRx0Jlb3KcW68vS026m820TmEpE8"></drupal-render-placeholder> </section> Sun, 15 Apr 2018 16:45:24 +0000 Hoti 262 at https://tech.feedyourhead.at Wipe a disk using nwipe https://tech.feedyourhead.at/content/wipe-a-disk-using-nwipe <span class="field field--name-title field--type-string field--label-hidden">Wipe a disk using nwipe</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><a href="https://en.wikipedia.org/wiki/Darik's_Boot_and_Nuke">Darkik's Boot and Nuke(DBAN)</a> is an open-source programm for securely wipe hard drives but reached it's end of life. There is a fork called <a href="https://github.com/martijnvanbrummelen/nwipe/">nwipe</a>.  On Debian it can be easily installed by calling "apt-get install nwipe" and works almost the same like dban.</p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Apr 14 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/tricks" hreflang="en">Tricks</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/shell" hreflang="en">Shell</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=261&amp;2=comment&amp;3=comment" token="BBVzI1_DdwGsOfVIFO4Ck_RgMSrlRGsNKFn9gAcASYc"></drupal-render-placeholder> </section> Sat, 14 Apr 2018 10:38:21 +0000 Hoti 261 at https://tech.feedyourhead.at What if dnsmasq and ubound marry? https://tech.feedyourhead.at/content/what-if-dnsmasq-and-unbound-marry <span class="field field--name-title field--type-string field--label-hidden">What if dnsmasq and ubound marry?</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><a href="http://www.thekelleys.org.uk/dnsmasq/doc.html">Dnsmasq</a> is a great piece of software. Described in few words I would say that it is a dns-forwarder, dhcp-server and tftp-server. I like the way dnsmasq can be configured. A-Records can be created by simply adding entries in /etc/hosts and I define <a href="https://tech.feedyourhead.at/content/static-arp-cache-on-dhcp-servers">dhcp-hosts by adding lines in&nbsp; /etc/ethers</a>. But we live in very strange times. Google-DNS, Cloudflare-DNS and QUAD9 are open dns servers, but might spy on us(if a service is free to use in the internet, then we might not be the customer but the product). All the DNS-resolvers of our ISP aren't trustworthy either since the <a href="https://www.law.berkeley.edu/files/Wang_Faye_Fangfei_IPSC_paper_2014.pdf">EU already decided to force ISP's to block sites</a>. But blocking sites might not be the only problem. The one who controlls your dns-requests, is also able to route your traffic which could be used for Man-in-the-middle-attacks to gain control. So I decided to install a dns-recursor in my network. Dnsmasq does its jobs satisfyingly but it needs another dns-recursor. That's why I want to add a recursor and use it together with dnsmasq. A very handy dns-recursor is <a href="https://unbound.net/">unbound</a>. It's easy to configure and does <a href="https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions">DNSsec</a>.</p> <h3>Preparing DNSmasq</h3> <p>In order to install DNSmasq and unbound on the same host I decided to bind the dns-port on 5353 instead of 53. Unbound will listen on port 53. DNSmasq is for custom DNS-Records only in this configuration.&nbsp; The following sample configuration will configure a dhcp-server that uses /etc/ethers and&nbsp; a dns-server that listens at port 5353 and resolves the domain "home.".</p> <p>/etc/dnsmasq.d/my.conf:</p> <pre> <code> port=5353 local=/home/ interface=br0 domain=home dhcp-range=br0,192.168.10.100,192.168.10.150,12h read-ethers dhcp-authoritative dhcp-option=6,192.168.10.1 </code></pre> <h3>Setting up unbound</h3> <p>If unbound is installed via Debian-packages, it is already configured for dnssec. So I just need to configure the forwarding of the "home."-domain:</p> <p>/etc/unbound/unbound.conf.d/my.conf:</p> <pre> <code> server: num-threads: 4 interface: 192.168.10.1 access-control: 192.168.10.0/24 allow private-domain: "home." domain-insecure: "home." local-zone: "home." nodefault forward-zone: name: "home." forward-addr: 192.168.10.1@5353 </code> </pre> <p>Restart dnsmasq and unbound and enjoy the recursor. With this setup, I can simply create home-dnsrecords by adding lines in /etc/hosts:</p> <pre> <code> 192.168.10.1 ns1.home 192.168.10.2 nas.home # ... </code></pre> <h3>Conclusio</h3> <p>Even if unbound could handle the home-domain by it's own, I prefer using /etc/hosts. Since a dhcp-server is needed anyway, I use dnsmasq for that. It's easy to setup and works perfectly.</p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Apr 11 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/network" hreflang="en">Network</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=260&amp;2=comment&amp;3=comment" token="vFb8-iICYIh8a85JGjeyiCAXzX6jcB28pun_d-IrwGw"></drupal-render-placeholder> </section> Wed, 11 Apr 2018 08:52:30 +0000 Hoti 260 at https://tech.feedyourhead.at Bash-Insulter: insults you after typing a wrong command https://tech.feedyourhead.at/content/bash-insulter-insults-you-after-typing-a-wrong-command <span class="field field--name-title field--type-string field--label-hidden">Bash-Insulter: insults you after typing a wrong command</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>If you type in a wrong command, <a href="https://github.com/hkbakke/bash-insulter">bash-insulter</a> will insult you badly.</p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Nov 17 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Fun" hreflang="en">Fun</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/shell" hreflang="en">Shell</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=246&amp;2=comment&amp;3=comment" token="Y4b0V6sSlAiC0eMXerG6va5Rv7tpAJXDMmW6lcZvJP0"></drupal-render-placeholder> </section> Fri, 17 Nov 2017 21:59:35 +0000 Hoti 246 at https://tech.feedyourhead.at Managing MaraDNS with Ansible https://tech.feedyourhead.at/content/managing-maradns-with-ansible <span class="field field--name-title field--type-string field--label-hidden">Managing MaraDNS with Ansible</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>I wrote a <a href="https://github.com/whotwagner/ansible-role-maradns">role for managing MaraDNS with Ansible</a>.</p> <h3>Requirements</h3> <ul> <li>Ansible 2.1+ (might ork with prior versions too)</li> <li>Debian-based Linux-distribution</li> </ul> <h3>Installation</h3> <p><code>ansible-galaxy install whotwagner.maradns</code></p> <h3>Configuration Example</h3> <pre><code> maradns_zones: - name: example.com email: support@example.com spf: - { val: 'v=spf1 ip4:212.41.224.0/24 -all' } txt: - { val: 'v=spf1 ip4:212.41.224.0/24 -all' } - { name: 'xmas', val: 'Merry Christmas' } ns: - { val: ns1.example.com. } - { val: ns2.example.com. } - { name: 'subdom.%', val: 'ns1.%' } mx: - { prio: 5, rec: mx.example.com. } - { prio: 10, rec: mx2.% } srv: - { name: "_sip._udp", val: "0 0 5060 sip.%" } fqdn4: - { domain: "mx", ip: "7.7.7.7" } ptr: - { domain: "www", ip: "8.8.8.8" } a: - { ip: 8.8.8.8 } - { domain: 'www', ip: 8.8.8.8 } - { domain: 'sip', ip: 6.6.6.6 } # the following zone is disabled: - name: alice.com enabled: False </pre><code></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Aug 28 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/ansible" hreflang="en">Ansible</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Programming" hreflang="en">Programming</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/downloads" hreflang="en">Downloads</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=243&amp;2=comment&amp;3=comment" token="zU_W2MAJyqckkwjlDcj7hoIYMTQfaajbt8qlMirMjXA"></drupal-render-placeholder> </section> Mon, 28 Aug 2017 18:28:00 +0000 Hoti 243 at https://tech.feedyourhead.at Irssi: New version 1.0.0 has been released https://tech.feedyourhead.at/content/Irssi-new-version-1.0.0-has-been-released <span class="field field--name-title field--type-string field--label-hidden">Irssi: New version 1.0.0 has been released</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><a href="https://irssi.org/2017/01/05/irssi-1.0.0-released/">Irssi 1.0.0 has been released in January 2017. This is a major release with lots of new features and security fixes.</a></p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Jan 06 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/irssi" hreflang="en">irssi</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/news" hreflang="en">News</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=223&amp;2=comment&amp;3=comment" token="lGhW9joBHVl6CKXSYXy401cYFK1c8SlyV_6tfTAIVbY"></drupal-render-placeholder> </section> Fri, 06 Jan 2017 19:55:53 +0000 Hoti 223 at https://tech.feedyourhead.at Debian Squidguard: update-squidguard does not work with tabs in config-file https://tech.feedyourhead.at/content/debian-squidguard-update-squidguard-does-not-work-with-tabs-in-config-file <span class="field field--name-title field--type-string field--label-hidden">Debian Squidguard: update-squidguard does not work with tabs in config-file</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>I experienced an interesting problem: on a Debian Jessie host with squidguard: update-squidguard threw the following error-message:</p> <pre> <code> root@34697f9f06a2:/# update-squidguard /usr/sbin/update-squidguard: 69: test: dbhome: unexpected operator Rebuild SquidGuard database - this can take a while. </code></pre> <p>On Debian Wheezy it returns with the following error:</p> <pre> <code> root@34697f9f06a2:/# update-squidguard /usr/sbin/update-squidguard: 95: /usr/sbin/update-squidguard: cannot create dbhome /var/lib/squidguard/db/../dbversion: Directory nonexistent </code></pre> <p>The admin configured tabs instead of whitespaces in the following line of his squidguard.conf:</p> <pre> <code> dbhome /var/lib/squidguard/db </code></pre> <p>Even if squidguard accepts tabs, update-squidguard does not and apt-get upgrade would not work if squidguard would be upgraded because it calls update-squidguard. The problem seems to be in /usr/sbin/update-squidguard at the following line:</p> <pre> <code> DATADIR=$(grep ^dbhome ${CONFDIR}/${CONFFILE} | cut -d' ' -f2) </code></pre> <p>This could be easily fixed by using the following code:</p> <pre> <code> DATADIR=$(grep ^dbhome ${CONFDIR}/${CONFFILE} | sed 's/\t/ /' | cut -d' ' -f2) </code></pre> <p>This would make update-squidguard more robust. I wrote the maintainer, but since it is recommended to use whitespaces he might not fix this.</p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Dec 18 2016</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/debian" hreflang="en">Debian</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=220&amp;2=comment&amp;3=comment" token="iv8iuytKpgPZZgxKJb8jICAQe2FsY8jLwR4dBwSdMa4"></drupal-render-placeholder> </section> Sun, 18 Dec 2016 15:24:23 +0000 Hoti 220 at https://tech.feedyourhead.at