Skip to content

SantaBarbaraDataSystems

— IT happens.

  • /SBDS.com/etc/
  • /SBDS.com/root/

/SBDS.com/etc/

delete

Posted on March 9, 2017 - March 14, 2017 by elijah

Find and delete a bunch of files:

find /var/log/ -name '*.gz' -exec rm {} +

Note: Concluding with ‘+’ rather than ‘\;’ should be faster by not running rm on every instance from find.

Confirm before delete:

find /var/log/ -name '*.gz' -exec rm -i {} +

Include directories:

find /var/log/ -name '*.gz' -exec rm -r {} +

Truncate instead:

find /var/log/ -name '*log' -type f -exec truncate -s 0 {} +

Delete empty directories:

find /path/to/dir -empty -type d -delete

 

Posted in Centos7, useful commands

cabon-cache TLS error after update

Posted on March 6, 2017 - March 7, 2017 by elijah

After running updates, carbon-cache throws the folling error on a service restart.

systemctl status carbon-cache
● carbon-cache.service - Graphite Carbon Cache
 Loaded: loaded (/usr/lib/systemd/system/carbon-cache.service; enabled; vendor preset: disabled)
 Active: failed (Result: exit-code) since Mon 2017-03-06 11:04:37 PST; 6s ago
 Process: 31672 ExecStart=/usr/bin/carbon-cache --config=/etc/carbon/carbon.conf --pidfile=/var/run/carbon-cache.pid --logdir=/var/log/carbon/ start (code=exited, status=1/FAILURE)
 Main PID: 16619 (code=exited, status=0/SUCCESS)

Mar 06 11:04:37 acme.com carbon-cache[31672]: from twisted.protocols.tls import TLSMemoryBIOFactory, TLSMemoryBIOProtocol
Mar 06 11:04:37 acme.com carbon-cache[31672]: File "/usr/lib64/python2.7/site-packages/twisted/protocols/tls.py", line 63, in <module>
Mar 06 11:04:37 acme.com carbon-cache[31672]: from twisted.internet._sslverify import _setAcceptableProtocols
Mar 06 11:04:37 acme.com carbon-cache[31672]: File "/usr/lib64/python2.7/site-packages/twisted/internet/_sslverify.py", line 38, in <module>
Mar 06 11:04:37 adme.com carbon-cache[31672]: TLSVersion.TLSv1_1: SSL.OP_NO_TLSv1_1,
Mar 06 11:04:37 acme.com carbon-cache[31672]: AttributeError: 'module' object has no attribute 'OP_NO_TLSv1_1'
Mar 06 11:04:37 acme.com systemd[1]: carbon-cache.service: control process exited, code=exited status=1
Mar 06 11:04:37 acme.com systemd[1]: Failed to start Graphite Carbon Cache.
Mar 06 11:04:37 acme.com systemd[1]: Unit carbon-cache.service entered failed state.
Mar 06 11:04:37 acme.com systemd[1]: carbon-cache.service failed.

This seems to relate to changes to TLS version support in pyOpenSSL/OpenSSL. I’m not using TLS for carbon-cache, I don’t think, so disabling the reference in Twisted framework’s respective file should be fine. Comment out the lines referenced in the above error, like so:

sed -i 's/TLSVersion.TLSv1_1: SSL.OP_NO_TLSv1_1,/#TLSVersion.TLSv1_1: SSL.OP_NO_TLSv1_1,/g' /usr/lib64/python2.7/site-packages/twisted/internet/_sslverify.py
sed -i 's/TLSVersion.TLSv1_2: SSL.OP_NO_TLSv1_2,/#TLSVersion.TLSv1_2: SSL.OP_NO_TLSv1_2,/g' /usr/lib64/python2.7/site-packages/twisted/internet/_sslverify.py

 

Posted in errors

setup Firewalld

Posted on January 18, 2017 - April 12, 2017 by elijah

install firewalld:

yum install firewalld
systemctl start firewalld.service
systemctl enable firewalld.service

create zones, add rules, and attach to interfaces:

firewall-cmd --permanent --new-zone=pci-web
firewall-cmd --reload
firewall-cmd --permanent --zone=pci-web --add-service=https
firewall-cmd --permanent --zone=pci-web --add-service=ntp
firewall-cmd --zone=pci-web --permanent --change-interface=eno1

firewall-cmd --permanent --new-zone=lcl-mgt
firewall-cmd --reload
firewall-cmd --permanent --zone=lcl-mgt --add-rich-rule 'rule family="ipv4" source address="172.16.0.0/12" service name="ssh" log prefix="ssh" level="info" limit value="1/m" accept'
firewall-cmd --permanent --zone=lcl-mgt --change-interface=eno2

confirm:

firewall-cmd --state
firewall-cmd --zone=pci-web --list-all
firewall-cmd --zone=lcl-mgt --list-all
firewall-cmd --get-active-zones

 

Posted in Centos7, Firewalld

Apache security settings

Posted on January 16, 2017 - April 12, 2017 by elijah

Relax settings for web frame:

<Location "/ipa">
. . .
# Header always append X-Frame-Options DENY
# Header always append Content-Security-Policy "frame-ancestors 'none'"
Header append X-Frame-Options ALLOWALL
Header always set Content-Security-Policy: "frame-src 'self' *.SantaBarbaraDataSystems.com;"
Header always set Content-Security-Policy: "frame-ancestores 'all';"
</Location>

 

Posted in Apache, server configs

curl for public IP address

Posted on January 12, 2017 - March 7, 2017 by elijah 
curl -s checkip.dyndns.org | sed -e 's/.*Current IP Address: //' -e 's/<.*$//'

 

Posted in networking, useful commands

install Sensu with Redis, RabbitMQ, Carbon, Graphite-API

Posted on January 12, 2017 - March 7, 2017 by elijah

Redis

yum install redis
systemctl start redis
systemctl enable redis

RabbitMQ

yum install rabbitmq-server
systemctl start rabbitmq-server
systemctl enable rabbitmq-server
rabbitmqctl add_vhost /sensu
rabbitmqctl add_user sensu wh@t3v3r
rabbitmqctl set_permissions -p /sensu sensu ".*" ".*" ".*"
rabbitmqctl list_exchanges -p /sensu

Sensu

vim /etc/yum.repos.d/sensu.repo
  [+] [sensu]<br >name=sensu
  [+] baseurl=http://sensu.global.ssl.fastly.net/yum/$basearch/
  [+] gpgcheck=0<br >enabled=1
yum install sensu
systemctl start sensu-server
systemctl start sensu-api
systemctl start sensu-client
systemctl enable sensu-server
systemctl enable sensu-api
systemctl enable sensu-client

Carbon

yum install python-carbon
pip install txAMQP

Graphite-API

pip install graphite-api
Posted in Centos7, installs

install Python3 inside a virtual environment, and compile mod_wsgi

Posted on January 11, 2017 - March 14, 2017 by elijah

install Python 3.6.0

wget https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tgz
tar xzvf Python-3.6.0.tgz
cd Python-3.6.0
./configure --prefix=/usr/local --enable-shared
make
make altinstall

In case of an error like this: “/usr/local/bin/python3.6: error while loading shared libraries: libpython3.6m.so.1.0: cannot open shared object file: No such file or directory“, do this:

vim /etc/ld.so.conf
  [+] /usr/local/lib
ldconfig

install a Python virtual environment

/usr/local/bin/python3.6 -m venv /stuff/grafster/env36
source /stuff/grafster/env36/bin/activate
pip install --upgrade pip

upgrade mod_wsgi to run Python 3 applications

cd /stuff/downloads/mod_wsgi
git pull
./configure --with-python=/stuff/wholebadgermilk/env36/bin/python
make clean
make
make install
Posted in Centos7, installs, Python

kill an SSH session in Linux

Posted on December 28, 2016 - March 7, 2017 by elijah

kill the host’s oldest session:

pkill -o -u YOURUSERNAME sshd

 

Posted in Centos7, useful commands

tag and delete emails in Mutt

Posted on December 4, 2016 - March 7, 2017 by elijah

Limit the view, tag the result, delete ’em:

l: ~f nagios ~d >1y
T
;: d
d
$

 

Posted in Mutt

kill a defunct process in Linux

Posted on October 17, 2016 - March 7, 2017 by elijah 
ps -ef | grep defunct | grep -v grep | cut -b8-20 | xargs kill -9

 

Posted in Centos7, useful commands

Posts navigation

Older posts

Recent Posts

  • delete
  • cabon-cache TLS error after update
  • setup Firewalld
  • Apache security settings
  • curl for public IP address

Categories

  • Apache
  • Centos7
  • errors
  • Firewalld
  • installs
  • Mutt
  • networking
  • Python
  • server configs
  • useful commands

Recent Comments

    Archives

    • March 2017
    • January 2017
    • December 2016
    • October 2016
    • August 2016

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Proudly powered by WordPress | Theme: micro, developed by DevriX.