Category Archives: Linux

Ubuntu: configure general proxy usage

In order to let an Ubuntu system access the net via a proxy, edit two files and you're done.

/etc/environment:

http_proxy="http://:/"
https_proxy="http://:/"
ftp_proxy="http://:/"
no_proxy="localhost,127.0.0.1,::1

/etc/apt/apt.conf.d/90_proxy.conf:

Acquire {
  HTTP::proxy "http://:";
  HTTPS::proxy "http://:";
}

Update ’19: Make snmpd’s log more silently

This is an update to the article from 2009 regarding quieting down snmpd - this time in recent Ubuntu LTS 18.04. The issue at hand is the intense chattyness of snmpd to syslog.

Due to the complete shift to systemd, files in /etc/default are becoming disregarded. Therefore customisations have to be made to /etc/systemd/system. Two steps are neccessary:

Create a symlink for snmpd in /etc/systemd:

ln -s /lib/systemd/system/snmpd.service /etc/systemd/system

Edit that file and change:

ExecStart=/usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -f

to

ExecStart=/usr/sbin/snmpd -LS4d -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -f

Then run

systemctl daemon-reload && service snmpd restart

Now snmpd should be calmed down.

Ubuntu: enable MIBs in snmp tools

Lately I ran into some issues using snmp tools, e.g.:

snmpwalk -v2c -c public ${host} test

I received errors like:

Unknown Object Identifier (Sub-id not found: (top) -> test)

This is because MIBs are not installed in Ubuntu by default. To install them use the follwing line:

apt-get install snmp-mibs-downloader

Also comment line 4 of /etc/snmp/snmp.conf so it shows:

# mibs:

Hope that helps someone.

Resize KVM guest’s raw volumes

After running virtual machines in KVM for some time, it might come in handy to be able to resize a KVM guest's raw volumes. In order to do so you first have to shutdown your VM for a while:

virsh destroy <guestname>

In order to add an additional 2 gig to your respective machine, you do the following:</guestname>

qemu-img resize <diskname>.img +2G

Now restart the machine:</diskname>

virsh start <guestname>

Then use fdisk inside the guest to make use of the new space:

fdisk /dev/vda

There, you delete the respective partition and immediately recreate it - with more space. After a final resize you're able to make use of the sweet new space:

resize2fs /dev/vda1

Voila!

Cleanup Docker Containers

In order to cleanup docker containers from time to time just fire the following:

docker system prune -a 

Change Letsencrypt certificates

In case you find yourself that you added one to many host/domainnames to your letsencrypt certificate, it is possible to change that after the initial generation. The tool certbot is your friend in this case.

Imagine your initial cert was named test.domain.com and it contained the additonal domain test2.domain.com. Now you want to add test3.domain.com. You do that as follows:

certbot certonly --cert-name test.domain.com -d test.domain.com,test2.domain.com,test3.domain.com

Enable SMTP for PHP on Ubuntu

Many php-based web application are using php's smtp function. Unfortunately, Ubuntu's php default setup disregards the installation of packages necessary for using smtp. The following command line takes care of their installation:

aptitude install php-net-smtp

Squid 3.x config with NCSA Authentication in Ubuntu 16.04

Here comes an update to the old article on how to configure Squid. The new Squid 3.x which is available in Ubuntu 16.04 requires some different configuration.

Installation is easy. Just fire the following line:

apt install squid

The configuation file to edit is still located at /etc/squid/squid.conf. Make a backup of the original file and have to new one contain the following lines:

http_port 31280

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 1
auth_param basic credentialsttl 1 minute
auth_param basic casesensitive off

acl auth proxy_auth REQUIRED
acl localhost src 127.0.0.0/8

http_access allow auth
http_access allow localhost
http_access deny all

cache deny all

forwarded_for off

request_header_access Via deny all 

In order to have users show some identification a password file with according hashes has to be set:

htpasswd -c /etc/squid/passwd USERNAME
chmod 400 /etc/squid/passwd && chown proxy /etc/squid/passwd

That should do it. Squid 3 will ask users for ID and password and proxy your requests.

Asterisk: easily forward Sipgate-calls while keeping the caller-id

This article describes how to forward phone calls that are incoming on a Sipgate VoIP-based number to any given mobile or landline in an affordable way by using FreeVoipDeal. Prerequisites are accounts at Sipgate, FreeVoipDeal and of course your own PBX based on Asterisk.

Configuring an Asterisk PBX is rocket science in itself. To keep this article focused on the main issue I therefore assume you already have a running setup.

In order to forward calls you'll have to use the Windows client of FreeVoipDeal. There you can configure a general forward number which can be a landline or mobile number. Also, you'll have to allow access to the SIP-server of FreeVoipDeal - that is deactivated by default. Now you can use you FreeVoipDeal-account to receive incoming SIP-based calls on youraccountname@sip.freevoipdeal.com.

The tricky part is how to keep the caller's number intact while forwarding. In your extensions.conf you'll therefore have to add the following lines:

exten => s,1,Set(CALLERID(name)=${IF($[${CALLERID(number)} = anonymous] ?  anonymous : 49${CALLERID(number):1} )})
exten => s,n,Set(CALLERID(number)=${IF($[${CALLERID(number)} = anonymous] ?  anonymous : 49${CALLERID(number):1} )})
exten => s,n,Dial(SIP/youraccountname@sip.freevoipdeal.com,,tkw)

Now all your incoming calls are going to be forwarded to your designated number.

Shutdown your hardware on temperature threshold

Faulty temperature control in a datacenter can cause terrible damage. In case you can't influence air con's reliability, you have to set up some protection on your end - that is: your server.

Most modern hard drives provide temperature sensors which can be used to trigger actions when reaching a threshold. I'll describe how to do this with a too called hddtemp and cron in Ubuntu 16.04.

We need to intall the tool's package:

apt install hddtemp

Now we create a little shell script which later we will trigger by cron on a regular basis. In this scenario we save the script in /usr/local/bin and name it harddrive-watcher.sh:

#!/bin/bash
HOSTNAME=yourHostname
MAILTARGET=root
HDDS="/dev/sda /dev/sdb"
HDT=/usr/sbin/hddtemp
LOG=/usr/bin/logger
DOWN=/sbin/shutdown
ALERT_LEVEL_MAIL=35
ALERT_LEVEL_SHUTDOWN=50
for disk in $HDDS
do
  if [ -b $disk ]; then
        HDDTEMP=$($HDT $disk | awk '{ print $4}' | awk -F '°' '{ print $1}')
        if [ $HDDTEMP -ge $ALERT_LEVEL_MAIL ]; then
           $LOG "Warning: hard disk $disk temperature reached its warning limit of $HDDTEMP°C"
           echo "Warning: hard disk $disk temperature reached its warning limit of $HDDTEMP°C" | mail -s $HOSTNAME $MAILTARGET
        fi
        if [ $HDDTEMP -ge $ALERT_LEVEL_SHUTDOWN ]; then
           $LOG "Emergency shutown: system going down as hard disk $disk temperature reached its final limit of $HDDTEMP°C"
           sync;sync
           $DOWN -h 0
        fi
  fi
done

Lastly, we add the following line to root's cron file:

*/5 * * * * /usr/local/harddrive-watcher.sh

Now there will be a temperature check every 5 minutes with two thresholds: If the first one is reached you'll receive a mail. At the second threshold the system will shutdown to protect its data from thermal damage.