Auto claim Packtpub free learning ebook
Posted: 2016-06-12 21:10:55 by Alasdair Keyes
A while ago I posted about Packtpub Free Learning eBooks and wrote a little script to email you the free book of the day (without subscribing to their mailing lists).
After having missed a few good books because I was away from my computer, I decided to write a script that will auto claim these books everyday. It's up on https://gitlab.com/alasdairkeyes/claim_packtpub_free_learning_ebook. Simply download the script to a computer with Perl on it, add in your Packtpub email and password run it and it will login and claim the book and then output the title of the book and a link to view it. Add it to cron and you will never miss a book!
If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz
Exim and gnutls - A TLS fatal alert has been received
Posted: 2016-06-03 23:52:16 by Alasdair Keyes
Whilst diagnosing why an email wasn't getting through to me, I noticed the following errors appearing occasionally in my Exim logs.
"2016-06-03 20:20:36 TLS error on connection from servername (servername) [1.2.3.4] (gnutls_handshake): A TLS fatal alert has been received.
Anything producing the words 'fatal' in logs are cause for alarm and it wasn't something I'd seen before so I did a bit of investigation and found that it was due to the TLS certificate I have for exim not having a common name set that matches the hostname that the remote server was connecting to.
My certificate had
akeyes.co.uk and www.akeyes.co.uk however my MX records are mail.akeyes.co.uk, this doesn't really cause an error, mail is still accepted, however at some point in future (and some very strict mail servers) may refuse such connections so it's best to get it fixed.To diagnose the issue, lets try connecting on a hostname that is not on the certificate, as I was on the server, 127.0.0.1 would do fine. As exim is compiled against gnutls we'll need to use the gnutls command line tools..
apt-get install gnutls-bin -y
Then connect using gnutls-cli bold red text is what I typed and bold blue text is the useful part of the response
# gnutls-cli -s -p 25 127.0.0.1
Processed 174 CA certificate(s).
Resolving '127.0.0.1'...
Connecting to '127.0.0.1:25'...
- Simple Client Mode:
220 vps2.akeyes.co.uk ESMTP Exim 4.84_2 Fri, 03 Jun 2016 20:40:55 +0100
ehlo me
250-vps2.akeyes.co.uk Hello localhost [127.0.0.1]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-STARTTLS
250 HELP
starttls
220 TLS go ahead
<CTRL-D>
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=akeyes.co.uk', issuer `C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3', RSA key 2048 bits, signed using RSA-SHA256, activated `2016-06-03 18:35:00 UTC', expires `2016-09-01 18:35:00 UTC', SHA-1 fingerprint `d0b48bf7056860c48ab204e246b5ec95dcac42f4'
Public Key ID:
4d601b2e453c98b68ac88addd946de73982b6cac
Public key's random art:
+--[ RSA 2048]----+
| =* |
| ++o+ |
| ...o.. |
| .. o |
|.. . . S . |
|... . . |
|o. . B . o |
|o . o O = . |
| E+ ..+ |
+-----------------+
- Certificate[1] info:
- subject `C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3', issuer `O=Digital Signature Trust Co.,CN=DST Root CA X3', RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', SHA-1 fingerprint `e6a3b45b062d509b3382282d196efe97d5956ccb'
- Status: The certificate is NOT trusted. The name in the certificate does not match the expected.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
I then ran the same command but using a hostname I knew was on the certificate
# gnutls-cli -s -p 25 akeyes.co.uk
Processed 174 CA certificate(s).
Resolving 'akeyes.co.uk'...
Connecting to '178.62.80.10:25'...
- Simple Client Mode:
220 vps2.akeyes.co.uk ESMTP Exim 4.84_2 Sat, 04 Jun 2016 00:02:08 +0100
ehlo me
250-vps2.akeyes.co.uk Hello vps2.akeyes.co.uk [178.62.80.10]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-STARTTLS
250 HELP
starttls
220 TLS go ahead
<CTRL-D>
*** Starting TLS handshake
- Certificate type: X.509
...
...
- Status: The certificate is trusted.
...
...
So we can see why this error is occuring, the easy fix is to ensure that the certificate used by Exim has all required hostnames. I use letsencrypt so I just regenerated a certificate and added
-d mail.akeyes.co.uk switch. Alternatively, change the MX records for all domains your server handles mail for, to a hostname which is included on the certificate.Oh, and in case you were wondering, the cause of the mail getting through was misconfiguration of the sender's DNS. The hostname part of his email address was a subdomain which had no DNS record so sender verification failed.
If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz
Chrome APT update error
Posted: 2016-03-22 07:18:22 by Alasdair Keyes
For testing I have the Linux version of Google Chrome installed, recently I was seeing the following error in my Package manager
failed to fetch http //dl.google.com/linux/chrome/deb/dists/stable/release
The fix is fairly easy, update your /etc/apt/sources.list.d/google-chrome.list file in the following way
deb http://dl.google.com/linux/chrome/deb/ stable main
to
deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
Then refresh your sources list. The file does warn that it'll be auto generated. So this might well occur again, but doesn't seem to be auto-generated often so should be good for a while.
If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz
IT Russian Roulette
Posted: 2016-03-21 21:12:43 by Alasdair Keyes
Living dangerously... http://www.commitstrip.com/en/2014/05/16/russian-roulette/
If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz
Return of the Gopher Server
Posted: 2016-03-17 19:07:01 by Alasdair Keyes
After being bombared with literally no requests as to where my Gopher server went after my server move, It's back!!
(You'll have to hunt out your own Gopher client, Firefox doesn't support the protocol anymore and I doubt any of the other browsers do either)
If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz
Puppet Nagios Plugin
Posted: 2016-03-14 10:39:58 by Alasdair Keyes
Over the weekend I finished migrating all my servers to being managed by a PuppetMaster. Some of these servers were quite old (One is over 5 years old, so forcing it's management into Puppet when it has lots of customisation and idiosynchrocies was a little nerve-wracking... thankfully all went well!
Now that everything is all under control, I wanted to ensure that Puppet was working correctly and nothing was getting left behind an errors weren't silently going un-noticed. There are a number of Puppet-centric tools that do this, but I didn't really want the extra Puppet functionality. Since I already monitor my systems with Nagios, I thought a simple Plugin would be useful.
With that, I've just released the first version of nagios-plugin-check_puppet_run
The core functionality is just to report the last run, the number of resources and the number of changes and any errors generated on the last run.
OK: Successes:0 Failures:0 Last Run:Mon Mar 14 10:10:41 2016 Version:3.7.2 Changes:0 Resources:44
WARNING: Successes:0 Failures:1 Last Run:Mon Mar 14 10:10:41 2016 Version:3.7.2 Changes:0 Resources:44
The script checks the Puppet last run summary file /var/lib/puppet/state/last_run_summary.yaml rather than other plugins that check if the Puppet service is running, this way, you can execute puppet by Cron/Daemon and still get a valid result on your Puppet install.
If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz
Inbox Zero: Update
Posted: 2016-03-10 07:25:53 by Alasdair Keyes
It's been almost 6 months since I started using Inbox Zero (See original post) so I thought I would provide an update....
Overall it's been a success, at present my personal inbox has 1 item in it and my work has 3 outstanding items.
It's not easy to measure it's value as I've been using email pretty succesfully for the past 20 years, however by the following metrics, it has been a great success...
- I can quickly see my outstanding items that need dealing with at any time
- Good filing and searches allows me to narrow down on specific emails quickly
- I've not messed up and missed any deadlines, actions, meetings or emails
- And the biggest winner for me is that although it still rises when I have a lot on, looking at my Inbox feels a lot less stressful!
Overall, if you can start using it, I think you'll really feel the benefits
If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz
Munin Automatic plugin addition with Puppet
Posted: 2016-03-06 14:40:25 by Alasdair Keyes
I manage the core of my servers with Puppet and also use Munin for graphing system resources and metrics.
Munin has a lot of built in plugins to record system metrics and on installation will auto-detect what is available on the system to monitor, but it doesn't activate new plugins automatically. For example, I installed Munin Node on a server and then after installing NTP, Munin didn't know to monitor NTP metrics until I updated the plugins with the munin-node-configure command.
To combat this I wrote the following Puppet stanza to do this for me. In essence, it checks if munin-node-configure has detected any new plugins, if so, it just activates them and notifies the munin-node service to reload.
exec { 'add_suggested_munin_checks':
path => [ "/usr/bin", "/usr/sbin", "/sbin", "/usr/local/sbin", "/bin" ],
command => "munin-node-configure --suggest --shell | grep 'ln -s' | bash",
onlyif => "munin-node-configure --suggest --shell | grep 'ln -s'",
notify => Service['munin-node'],
}
service { 'munin-node':
ensure => 'running',
enable => true,
}
If anyone else manages Munin Nodes via Puppet, this could well help you speed up your Munin updates over large estates
If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz
Worst passwords of 2015
Posted: 2016-02-15 20:42:23 by Alasdair Keyes
For any sysadmin, the use of weak passwords and the havoc it can wreak across your infrastructure and data can keep you up at night if you think about it too hard. A good password policy with correct enforcement can really help but people will use the easiest that they can get away with.
See the following worst passwords of 2015
https://www.teamsid.com/worst-passwords-2015/
If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz
rsync Puppet YUM repository
Posted: 2016-01-16 11:50:37 by Alasdair Keyes
I noticed that the Puppetlabs APT repository README has information on rsync'ing a local copy, but the YUM repository doesn't. So for anyone who wants to do it, the following will help...
YUM
rsync -av --stats --progress --copy-links --del rsync://yum.puppetlabs.com/packages/yum/ /home/repos/yum/puppet
APT
rsync -av --stats --progress --copy-links --del rsync://apt.puppetlabs.com/packages/apt/ /home/repos/apt/puppet
If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz
© Alasdair Keyes
IT Consultancy Services
I'm now available for IT consultancy and software development services - Cloudee LTD.
Happy user of Digital Ocean (Affiliate link)
Version:master-28fc6e6b4b
