ZFS enable email notification

Edit

/etc/zfs/zed.d/zed.rc

uncomment

ZED_EMAIL_ADDR="mail@example.com" 

and add a valid email address.

uncomment

ZED_EMAIL_PROG="mail"

uncomment

ZED_EMAIL_OPTS="-s '@SUBJECT@' @ADDRESS@"

uncomment

ZED_NOTIFY_VERBOSE=0

if you want to get an email after every scrup set the value to 1

save the file and restart zed service

systemctl restart zed.service

failed Import ZFS pools by cache file

A single disk zpool “test” crashed on my server (the disk died). It was just for testing, so nothing dramatic. However, when I rebooted the server I got the error message “failed Import ZFS pools by cache file”.  A zpool destroy -f did not solve the problem. zpool status still showed the “test” pool. The other pool tank was still working.

What did help was

# disable the cache file for the existing pool(s)
zpool set cachefile=none tank
# delete the old pool file
rm -rf /etc/zfs/zpool.cache
# recreate if
touch /etc/zfs/zpool.cache
reboot
# re-enable the cache
zpool set cachefile=/etc/zfs/zpool.cache tank

Well, the cache file should be automatically updated when your pool configuration is changed, but with the crashed pool it did not.

resize2fs new size too large to be expressed in 32 bits

After virtualizing a real computer with an old Linux I wanted to increase the partition size of the data drive. But I got this warning: resize2fs new size too large to be expressed in 32 bits

How to solve this? I started the VM with gparted-live.iso

# check file system
e2fsck -f /dev/sdb1
# auf 64 bit ändern
resize2fs -b /dev/sdb1
# increase partition .... wait :D / optional coffee
resize2fs -p /dev/sdb1
# check file system
e2fsck -f /dev/sdb1

Done :)

iptables 101

How to do things with iptables. Safety first: How to reset everything.

sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
Also, safety first: Don’t just copy something and run it on your server. You better understand what you are doing.
How to block a service?
Instead of using “DROP” you should use “REJECT –reject-with tcp-reset”. If you want to be able to access that service from the inside, you have to add an allow rule first.
sudo iptables -A INPUT -p tcp -s localhost --dport 3306 -j ACCEPT #mysql allow local
sudo iptables -A INPUT -p tcp --dport 3306 -j REJECT --reject-with tcp-reset #mysql

The “REJECT –reject-with tcp-reset” looks to the outside like there is no service running. A “DROP” will show that there is a firewall / iptables working.

Blocking an IP range

sudo iptables -A bannedDownloader -s 14.120.0.0/16 -j DROP

Disallow NTP queries

sudo iptables -A INPUT -p udp -s localhost --dport 123 -j ACCEPT #ntp allow local
sudo iptables -I INPUT -p udp --dport 123 -j REJECT #ntp

Block timestamp

sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-request -j DROP
sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-reply -j DROP
sudo iptables -A INPUT -p icmp --icmp-type 13 -j DROP

Influxdb 2.0 lessons learned

I played a bit with influxdb version 2.0.0, telegraf client and two of my raspberry pies.
On my oldest pi  a 1 B+ the telegraf client caused too much performance issues on that light weight single CPU and 480 MB of usable RAM. So I chose a simple bash script with curl to send the CPU temperature to influxdb.

#!/bin/bash
timestamp=$(date +%s)
temp=$(vcgencmd measure_temp)
curl -XPOST \
"https://flux.example.com/api/v2/write?org=none&bucket=pihole&precision=s" \
--header "Authorization: Token asas==" \
--data-raw "cpu-temperature,host=pihole ${temp//\'C/} ${timestamp}"

At first I was running influxdbd by hand. But I didn’t want the usual port of 9999 of the alpha version and I also wanted SSL encryption when I log into the backend. Pretty easy with the already running apache on that server.

<VirtualHost *:443>
	ServerName flux.example.com
	DocumentRoot /var/www/empty

	<Directory /var/www/empty>
		Options Indexes FollowSymLinks
		AllowOverride None
		Require all granted
	</Directory>

	ProxyPass / http://localhost:9999/
	ProxyPassReverse / http://localhost:9999/

	SSLEngine on
	SSLCertificateFile  fullchain.pem
	SSLCertificateKeyFile privkey.pem
</VirtualHost>

so far so good. Starting the influxdb by hand after a reboot or failing isn’t an option.  So I created by on systemd service file

sudo $EDITOR /lib/systemd/system/influxdb2.service

[Unit]
Description=InfluxDB 2.0 service file.
Documentation=https://v2.docs.influxdata.com/v2.0/get-started/
After=network-online.target

[Service]
User=influx
Group=influx
ExecStart=/usr/local/bin/influxd
Restart=on-failure

[Install]
WantedBy=multi-user.target

Do not forget to enable it :D sudo systemctl enable influxdb2

 

So far I made one observation. The telegraf client is doing a lot of DNS requests through the network. If I’m not wrong it does it for every request. If you look at the graphic you see that the bottom a big blue line. That is the DNS requests from telegraf. At some point around 20:00 You see a drop. Well there I change the flush interval to 120 seconds. Later at round 7:30 I wrote the IP and host name into /etc/hosts and the “noise” was gone. That is something you maybe want to do in your devices, too to save some bandwidth and energy.

CISCO router password recovery

– Attach a terminal or PC with terminal emulation to the console port of the router.
Use these terminal settings:

* 9600 baud rate
* No parity
* 8 data bits
* 1 stop bit
* No flow control
– If you can access the router, type show version at the prompt, and record the configuration register setting. See Example of Password Recovery Procedure in order to view the output of a show version command
Note: The configuration register is usually set to 0x2102 or 0x102. If you can no longer access the router (because of a lost login or TACACS password), you can safely assume that your configuration register is set to 0x2102.

 

– Press **Break** (**Ctrl-Break** Windows XP) on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.
– Type **confreg 0x2142** at the rommon 1> prompt in order to boot from Flash. This step bypasses the startup configuration where the passwords are stored.
– Type **reset** at the rommon 2> prompt. The router reboots, but ignores the saved configuration.
– Type **no** after each setup question, or press **Ctrl-C** in order to skip the initial setup procedure.
– Type **enable** at the Router> prompt. You are in enable mode and should see the Router# prompt.
– Type **configure memory** or **copy startup-config running-config** in order to copy the nonvolatile RAM (NVRAM) into memory. **Important**: Do not type **copy running-config startup-config** or **write**. These commands erase your startup configuration.
– Type **show running-config**. The **show running-config** command shows the configuration of the router. In this configuration, the **shutdown** command appears under all interfaces, which indicates all interfaces are currently shut down. In addition, the passwords (enable password, enable secret, vty, console passwords) are in either an encrypted or unencrypted format. You can reuse unencrypted passwords. You must change encrypted passwords to a new password.
– Type **configure terminal**.
– The hostname(config)# prompt appears.
– Type **enable secret <password>** in order to change the enable secret password. For example: hostname(config)#**enable secret cisco**
– Issue the **no shutdown** command on every interface that you use. If you issue a **show ip interface brief** command, every interface that you want to use should display up up.
– Type **config-register <configuration_register_setting>**. Where **configuration_register_setting** is either the value you recorded in step 2 or **0x2102** . For example: hostname(config)#**config-register 0x2102**
– Press **Ctrl-z** or **end** in order to leave the configuration mode. The hostname# prompt appears.
– Type **write memory** or **copy running-config startup-config** in order to commit the changes.

vim

normal mode

  • [count]operation[count]{motion}
  • :q! = quit without saving
  • :x = :wq == write and quit
  • dd or D = delete line
  • d7d = delete the next 7 lines
  • . = repeat the last command
  • CTRL + o = back to last cursor position
  • p = insert (from register) / paste in line below cursor
  • P = paste obove cursor- :reg = list registers
  • "1p = paste from register 1
  • "+y = copy into system clipboard
  • "+p = pate from system clipboard
  • u = undo
  • CTRL + R = redo
  • i = enter insert mode
  • v = enter visual mode
  • y = yank / copy what was selected
  • yy = yank / copy line
  • 4yy = yank 4 lines
  • >> = indent- &lt;&lt; = unindent
  • :E = open file explorer (works only with set nocompatible)
  • :bd = buffer delete / close buffer
  • :bn = goto next buffer
  • :bp = previous buffer
  • :ls = list of buffers
  • * = Find word unter cursor- :%s/search/replace/g g for global
  • :%!column -t spaces to columns
  • $ = goto the end of the line
  • x = delete charater under cursor
  • w = goto next word
  • dw = delete next word
  • 0 = goto start of line
  • z ENTER move view to line
  • :terminal Open Terminal in split view
  • :set rightleft right to left (exit with :set rightleft&)
  • :edit! reload file without saving or :e!
  • :set nowrap
  • :set wrap
  • :set nu Show line numbers. Reverse with nonu
    :setlocal cm=blowfish2
  • :X
  • h j k l = move cursor ( h: ← j: ↓ k: ↑ l: →
  • :sp = split screen (same file)
  • :sp filename = open other file
  • :vsp = vertical split
  • CTRL + w CTRL + w = switch between splits
  • :hide = close current window
  • :only = keep only this window
  • :help holy-grail = advanced help
  • :set rightleft = some fun

Search/Replace

  • R = enter replace mode- /pattern – search for pattern
  • ?pattern – search backward for pattern
  • n – repeat search in same direction
  • N – repeat search in opposite direction
  • :%s/old/new/g – replace all old with new throughout file
  • :%s/old/new/gc – replace all old with new throughout file with confirmations

insert mode

  • CTRL + n CTRL + p = Complete word
  • CTRL + x CTRL + l = Complete line
  • CTRL + r = insert register
  • 80i * ESC = insert 80 *
  • 5o # ESC = insert 5 rows starting with #
change EOL / line ending
  • :set ff=unix= set to unix line endings
  • How to jump back to NERDTree from file in tab
    ctrl-ww

INSERT
you can insert text from your host’s clipboard by pressing the right mouse button (default setting) or by pressing Shift + Ins. Note that this has the same effect as entering every character manually. So if you are using auto indentation in vim, this will very likely screw up your code.
To fix that, you can do the following:
Before pasting into vim, enable paste mode by entering :set paste.Press I to enter insert mode. The status bar should say -- INSERT (paste) -- now.Press Shift + Insert (The auto indentation of vim should not happen.)Press Esc to leave insert mode, and disable paste mode using :set nopaste again.

How to delete all lines of file in Vim
Type gg to move the cursor to the first line of the file, if it is not already there.Type dG to delete all the lines.

SSH Tricks

This is more for me than others. Sometimes I forget things like this.

SSH Dynamic Socks Proxy for the browser.

ssh -D 8888 mario@example.com
Browser: Socks Proxy localhost 888

SSH Tunnel to another host

ssh -L 9090:localhost:9090 user@proxyhost -i SSHKEY ssh -L 9090:localhost:9090 -N user@TARGETSYSTEM

Also SSH Tunnel Bypassing Transparent proxy using apache

Honor / huawei phone disable / remove huawei search

1) Download ADB
2) Enable USB Debugging on your device
3) Connect to computer and verify your device is listed with command “adb devices”
4) Type “adb Shell”
5) Type “pm list packages”, this will show you all packages installed on phone.
6) Type “pm uninstall -k –user 0 com.huawei.search”
7) you should see the word “Sucess” pop up
Well I removed some more bloat ware
adb devices
adb Shell
pm list package
pm list package | grep "huawei"
pm uninstall -k --user 0 com.huawei.search
pm uninstall -k --user 0 com.huawei.appmarket
pm uninstall -k --user 0 com.huawei.himovie.overseas
pm uninstall -k --user 0 com.huawei.android.mirrorshare
pm uninstall -k --user 0 com.huawei.tips
pm uninstall -k --user 0 com.huawei.wallet
pm uninstall -k --user 0 com.facebook.services
pm uninstall -k --user 0 com.facebook.appmanager
pm uninstall -k --user 0 com.facebook.system
pm uninstall -k --user 0 com.google.android.feedback
pm uninstall -k --user 0 com.huawei.android.karaoke
pm uninstall -k -–user 0 com.huawei.hifolder
pm uninstall -k --user 0 com.huawei.hwdetectrepair
pm uninstall -k --user 0 com.huawei.phoneservice
pm uninstall -k --user 0 com.huawei.hwid
pm list package | grep -v "google" | grep -v "huawei" | grep -v "com\.android"
pm list package huawei
pm list packages | grep "huawei" | sort

Posts Tagged linux

Archives by Month: