Iptables rules loaded every time after a reboot

November 7th, 2019

Even if it has been disabled firewalld and iptables, some iptables rules could be activated after a reboot. It’s due to libvirtd .

I’ve just read a good post here where it’s fully explained why even though iptables is turned OFF, after every boot the command iptables -L -n still displays some rules to be activated.

Execute Windows Commands from Linux using winexe

September 10th, 2019

I’ve just found a good tutorial to compile winexe.
My host was a CentOS 7 box and I followed the instruction of this link:

Execute Windows Commands from Linux using winexe. Connect from Linux to Windows without SSH

In order to have git working, I opened the outgoing connection of 9418 TCP port on my firewall.

openssl and digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:536 error

January 8th, 2019

If You used an old openssl to encrypt a file, e.g. openssl 1.0.x with some command line such as:

$ openssl enc -in <plain input file> -out <crypted output file> -e -des-ede3-cbc

decrypting it using a newer openssl release You will find a similar error:

$ openssl enc -in <plain input file> -out <crypted output file> -d -des-ede3-cbc

bad decrypt
140109197936000:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:536:

despite this mismatch error, it’s possible to obtain the original plain file adding the -md md5  option in the decrypt command:

$ openssl enc -in <plain input file>  -md md5   -out <crypted output file> -d -des-ede3-cbc

running more than a single telegram desktop client

August 2nd, 2016

I installed the Telegram Desktop client, and next I created a new folder named “C:\Users\myname\AppData\Roaming\Telegram Desktop\tdata_another”.

Then I added  telegram.exe path in the PATH environment variable. This step is not mandatory but I’d rather to write “telegram” instead of “C:\Users\myname\AppData\Roaming\Telegram Desktop\telegram” in the next step.

Finally, to run two telegram instances, from the DOS prompt I wrote

C:\Users\myname>Telegram -many -workdir “C:\Users\myname\AppData\Roaming\Telegram Desktop\tdata”

followed by

C:\Users\myname>Telegram -many -workdir “C:\Users\myname\AppData\Roaming\Telegram Desktop\tdata_another”

a nagios check to remind me the SSL certificate expiration

March 3rd, 2014

I wrote a quite unuseful check for nagios to remind me to renew my SSL certificate. This is the definition in commands.cfg file

define command{
        command_name check_ssl_expiration
        command_line /usr/lib/nagios/plugins/check_ssl_expiration.sh $ARG1$ $ARG2$ $ARG3$ $ARG4$
}

and this the check_ssl_expiration.sh script

#!/bin/bash
# input parameters
MYSRV=$1
MYPORT=$2
DAYWARN=$3
DAYCRIT=$4
# return values
RET_OK=”0″
RET_WARN=”1″
RET_CRIT=”2″
RET_UNKN=”3″
TEMPFILE=/tmp/.$$certtest.pem

# check data input
checkdata () {
        VAL=`echo $2 | wc | awk ‘{print $2}’`
        if [ $VAL -eq 0 ]; then
                echo $1 is not set
                exit $RET_UNKN
        fi
}

checkdata “HTTPS server name” $MYSRV
checkdata “HTTPS PORT” $MYPORT
checkdata “warning threshold” $DAYWARN
checkdata “critical error threshold” $DAYCRIT

echo | openssl s_client -connect $MYSRV:$MYPORT  2> /dev/null | sed -ne ‘/-BEGIN CERT/,/-END CERT/p’ > $TEMPFILE 2>/dev/null
EXPDATE=`openssl x509 -noout -in $TEMPFILE -dates|grep notAfter|sed -e “s/.*notAfter=//”`
rm $TEMPFILE

EXPSEC=`date “+%s” –date=”$EXPDATE”`
NOWSEC=`date “+%s”`
DAYLEFT=`expr \( $EXPSEC – $NOWSEC \) / 86400`

# $DAYLEFT days left to SSL certificate expiration

if [ $DAYLEFT -le $DAYCRIT ]; then
        echo “ERROR – $DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
        exit $RET_CRIT
fi

if [ $DAYLEFT -le $DAYWARN ]; then
        echo “WARNING – $DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
        exit $RET_WARN
fi

echo “$DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
exit $RET_OK

Off course I scheduled this check once a day.

How to remove the NameVirtualHost *:80 has no VirtualHosts warning

February 17th, 2014

I had a debian squeeze webserver showing me this strange warning at statrup

root@web:/etc/apache2# /etc/init.d/apache2 restart
Restarting web server: apache2[Mon Feb 17 10:27:43 2014] [warn] NameVirtualHost *:443 has no VirtualHosts
[Mon Feb 17 10:27:43 2014] [warn] NameVirtualHost *:80 has no VirtualHosts
 … waiting [Mon Feb 17 10:27:44 2014] [warn] NameVirtualHost *:443 has no VirtualHosts
[Mon Feb 17 10:27:44 2014] [warn] NameVirtualHost *:80 has no VirtualHosts

This was due to a duplicated couple of lines in configuration.

NameVirtualHost *:80
NameVirtualHost *:443

in the /etc/apache2/port.conf and in /etc/apache2/conf.d/virtual.conf too. Commenting out the last file I removed the warning.

Don’t ask me, I don’t know why…

February 7th, 2014

I’m telling You about a Centos 5.10 server joined to an Active Directory environment.
Once I was able to open a ssh session on this server with my A.D. username/password, but some day ago I noticed it was possible only to log in this server using local root account.
I discovered that the wbinfo -i myusername  command retuned a WBC_ERR_WINBIND_NOT_AVAILABLE error.

To fix this problem I issued the following commands:

  # service winbind stop
  # service smb stop
  # net cache flush
  # rm -f /var/lib/samba/*tdb
  # service smb start
  # service winbind start

A nagios plugin to check Tomcat Apps

February 5th, 2014

I wrote a simple nagios plugin to check the status of tomcat webapps.
Instead of looking pages like this one…
click to enlarge
I’d better to use some script like this.
To put the plugin in the nagios environment, add these lines

define command{
command_name check_tomcat_app
command_line /bin/bash /usr/lib/nagios/plugins/check_tomcat_app $ARG1$ $ARG2$ $ARG3$
}

to the commands.cfg file definitions.Then add some line like theese

define service{
use generic-service
host_name myhostname
service_description Examples Web Service
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 15
retry_check_interval 1
contact_groups admins
notification_interval 240
notification_period 24×7
notification_options c,r
check_command check_tomcat_app!”http://tomcatserver.my.lan:8080/manager/html/list”!Examples!admin:passw
}

into the services.cfg file.
Off corse username and password has to be set up in tomcat-users.xml file

$ cat /usr/local/apache-tomcat/conf/tomcat-users.xml
<?xml version=’1.0′ encoding=’utf-8′?>
<tomcat-users>
<role rolename=”manager”/>
<role rolename=”admin-gui”/>
<role rolename=”manager-gui”/>
<role rolename=”manager-status”/>
<user username=”admin” password=”passw” roles=”manager,manager-gui,manager-status,admin-gui”/>
</tomcat-users>