blog.monogatari.pl

FreeNas: Realtek 8111F and “re0: Watchdog Timeout Error” – universal solution

2018-17-03 BigRetroMlKE Leave a comment

This is continuation from FreeNas: Realtek 8111F and re0: Watchdog Timeout Error Last solution was only for FreeNas 9.1 which is now a bit outdated. Below I will show you how to fix the issue (by compiling your own drivers that are dedicated for your os version):

# I prefer making this inside jail so there is no extra leftovers
# so I created jail named 'test' which is my jail number 1
jls
jailme 1 /bin/csh
curl -o /tmp/rtlv194.01.tgz http://12244.wpc.azureedge.net/8012244/drivers/rtdrivers/cn/nic/0007-rtl_bsd_drv_v194.01.tgz
tar -xf /tmp/rtlv194.01.tgz -C /tmp/
cp /tmp/rtl_bsd_drv_v194.01/if_re* /usr/src/sys/dev/re/
cp /tmp/rtl_bsd_drv_v194.01/Makefile /usr/src/sys/modules/re/
cd /usr/src/sys/modules/re/
make
cp /usr/src/sys/modules/re/if_re.ko /if_re_194.ko
exit
cp /mnt/***/jails/test/if_re_194.ko /boot/kernel/if_re.ko

# Enable with the FreeNAS GUI in System/Tunables. Variable if_re_load, Value YES, Type loader, Enabled true
# reboot

# I prefer making this inside jail so there is no extra leftovers

# so I created jail named 'test' which is my jail number 1

jls

jailme 1 /bin/csh

curl -o /tmp/rtlv194.01.tgz http://12244.wpc.azureedge.net/8012244/drivers/rtdrivers/cn/nic/0007-rtl_bsd_drv_v194.01.tgz

tar -xf /tmp/rtlv194.01.tgz -C /tmp/

cp /tmp/rtl_bsd_drv_v194.01/if_re* /usr/src/sys/dev/re/

cp /tmp/rtl_bsd_drv_v194.01/Makefile /usr/src/sys/modules/re/

cd /usr/src/sys/modules/re/

make

cp /usr/src/sys/modules/re/if_re.ko /if_re_194.ko

exit

cp /mnt/***/jails/test/if_re_194.ko /boot/kernel/if_re.ko

# Enable with the FreeNAS GUI in System/Tunables. Variable if_re_load, Value YES, Type loader, Enabled true

# reboot

In case the official link to tgz […]

Nagios – network/device configuration

2018-28-02 BigRetroMlKE Leave a comment

If you don’t have working Nagios installation fell free to follow Nagios – New installation on Debian 9 link. We will need to add folder structure (for better organization) to nagios config file:

# edit nagios.cfg
mcedit /usr/local/nagios/etc/nagios.cfg

# lets add out root dir that will store our config files for device/network
# this way we don't need to type cfg_file for each .cfg file out there
cfg_dir=/usr/local/nagios/etc/devices

# save file and create proper directory
mkdir /usr/local/nagios/etc/devices
cd /usr/local/nagios/etc/devices

# edit nagios.cfg

mcedit /usr/local/nagios/etc/nagios.cfg

# lets add out root dir that will store our config files for device/network

# this way we don't need to type cfg_file for each .cfg file out there

cfg_dir=/usr/local/nagios/etc/devices

# save file and create proper directory

mkdir /usr/local/nagios/etc/devices

cd /usr/local/nagios/etc/devices

Not everyone have luxury to always use smart switches around network – those make live a lot easier, but life is […]

Nagios – New installation on Debian 9

2018-28-022018-28-02 BigRetroMlKE Leave a comment

If you have to install a really great network those such as Nagios those will be steps needed: 1.Installing Apache2 + PHP (Skip if you already have one):

apt-get install apache2 libapache2-mod-php7.0 php7.0
# enable cgi
a2enmod rewrite headers cgi
systemctl restart apache2

# setup correct timezone in php
mcedit /etc/php/7.0/apache2/php.ini
# set date.timezone according to http://php.net/manual/en/timezones.php
systemctl restart apache2

# info.php
echo '<?php phpinfo(); ?>' >/var/www/html/info.php

# open browser apache_server_ip/info.php and check 'default timezone'

apt-get install apache2 libapache2-mod-php7.0 php7.0

# enable cgi

a2enmod rewrite headers cgi

systemctl restart apache2

# setup correct timezone in php

mcedit /etc/php/7.0/apache2/php.ini

# set date.timezone according to http://php.net/manual/en/timezones.php

systemctl restart apache2

# info.php

echo '<?php phpinfo(); ?>' >/var/www/html/info.php

# open browser apache_server_ip/info.php and check 'default timezone'

2.Installing Nagios core:

# pre-request to build nagios from source:
apt-get install autoconf gcc libc6 make apache2-utils libgd-dev

# get source from https://www.nagios.org/downloads/nagios-core/
wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.3.4.tar.gz
tar xzf nagios-4.3.4.tar.gz
cd nagios-4.3.4/
./configure --with-httpd-conf=/etc/apache2/sites-enabled

# Output should look like this:
*** Configuration summary for nagios 4.3.4 2017-08-24 ***:

 General Options:
 -------------------------
        Nagios executable:  nagios
        Nagios user/group:  nagios,nagios
       Command user/group:  nagios,nagios
             Event Broker:  yes
        Install ${prefix}:  /usr/local/nagios
    Install ${includedir}:  /usr/local/nagios/include/nagios
                Lock file:  /run/nagios.lock
   Check result directory:  ${prefix}/var/spool/checkresults
           Init directory:  /etc/init.d
  Apache conf.d directory:  /etc/apache2/sites-enabled
             Mail program:  /usr/bin/mail
                  Host OS:  linux-gnu
          IOBroker Method:  epoll

 Web Interface Options:
 ------------------------
                 HTML URL:  http://localhost/nagios/
                  CGI URL:  http://localhost/nagios/cgi-bin/
 Traceroute (used by WAP):  /usr/sbin/traceroute


Review the options above for accuracy.  If they look okay,
type 'make all' to compile the main program and CGIs.

##################

# next we need to 'make' it ;-)
make all

# Output should look like this:
Enjoy.

# and we will in few minutes
# lets us create user for nagios
useradd nagios
# we will add him to apache group
usermod -a -G nagios www-data

# last but not least:
make install

# Output should look like this:

/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/libexec
/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/var
/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/var/archives
/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/var/spool/checkresults
chmod g+s /usr/local/nagios/var/spool/checkresults

*** Main program, CGIs and HTML files installed ***

You can continue with installing Nagios as follows (type 'make'
without any arguments for a list of all possible options):

  make install-init
     - This installs the init script in /etc/init.d

  make install-commandmode
     - This installs and configures permissions on the
       directory for holding the external command file

  make install-config
     - This installs sample config files in /usr/local/nagios/etc


##############

# let's add init script
make install-init
# and enable init script
systemctl enable nagios.service

# install and configure permissions for external command file:
make install-commandmode

# and add sample configuration so nagios will start:
make install-config

# add nagios-site apache configuration file:
make install-webconf

# we need to create nagiosadmin account for http
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

# finally we can restart apache and start nagios:
systemctl restart apache2
systemctl start nagios

# open browser and type: nagios_ip_address/nagios/

100

101

102

103

# pre-request to build nagios from source:

apt-get install autoconf gcc libc6 make apache2-utils libgd-dev

# get source from https://www.nagios.org/downloads/nagios-core/

wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.3.4.tar.gz

tar xzf nagios-4.3.4.tar.gz

cd nagios-4.3.4/

./configure --with-httpd-conf=/etc/apache2/sites-enabled

# Output should look like this:

*** Configuration summary for nagios 4.3.4 2017-08-24 ***:

General Options:

-------------------------

Nagios executable: nagios

Nagios user/group: nagios,nagios

Command user/group: nagios,nagios

Event Broker: yes

Install ${prefix}: /usr/local/nagios

Install ${includedir}: /usr/local/nagios/include/nagios

Lock file: /run/nagios.lock

Check result directory: ${prefix}/var/spool/checkresults

Init directory: /etc/init.d

Apache conf.d directory: /etc/apache2/sites-enabled

Mail program: /usr/bin/mail

Host OS: linux-gnu

IOBroker Method: epoll

Web Interface Options:

------------------------

HTML URL: http://localhost/nagios/

CGI URL: http://localhost/nagios/cgi-bin/

Traceroute (used by WAP): /usr/sbin/traceroute

Review the options above for accuracy. If they look okay,

type 'make all' to compile the main program and CGIs.

##################

# next we need to 'make' it ;-)

make all

# Output should look like this:

Enjoy.

# and we will in few minutes

# lets us create user for nagios

useradd nagios

# we will add him to apache group

usermod -a -G nagios www-data

# last but not least:

make install

# Output should look like this:

/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/libexec

/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/var

/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/var/archives

/usr/bin/install -c -m 775 -o nagios -g nagios -d /usr/local/nagios/var/spool/checkresults

chmod g+s /usr/local/nagios/var/spool/checkresults

*** Main program, CGIs and HTML files installed ***

You can continue with installing Nagios as follows (type 'make'

without any arguments for a list of all possible options):

make install-init

- This installs the init script in /etc/init.d

make install-commandmode

- This installs and configures permissions on the

directory for holding the external command file

make install-config

- This installs sample config files in /usr/local/nagios/etc

##############

# let's add init script

make install-init

# and enable init script

systemctl enable nagios.service

# install and configure permissions for external command file:

make install-commandmode

# and add sample configuration so nagios will start:

make install-config

# add nagios-site apache configuration file:

make install-webconf

# we need to create nagiosadmin account for http

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

# finally we can restart apache and start nagios:

systemctl restart apache2

systemctl start nagios

# open browser and type: nagios_ip_address/nagios/

3.Installing Nagios Plugins (needed !)

# pre-require
apt-get install libmcrypt-dev make libssl-dev bc gawk dc build-essential snmp libnet-snmp-perl gettext libldap2-dev smbclient fping default-libmysqlclient-dev

# get latest source file! from https://github.com/nagios-plugins/nagios-plugins/releases
wget https://github.com/nagios-plugins/nagios-plugins/archive/release-2.2.1.tar.gz
tar zxvf release-2.2.1.tar.gz
cd nagios-plugins-release-2.2.1/
./tools/setup
./configure
make
make install

# now we should have all commands in /usr/local/nagios/libexec/
ls /usr/local/nagios/libexec/

# restart nagios so he can load those:
systemctl restart nagios.service

# pre-require

apt-get install libmcrypt-dev make libssl-dev bc gawk dc build-essential snmp libnet-snmp-perl gettext libldap2-dev smbclient fping default-libmysqlclient-dev

# get latest source file! from https://github.com/nagios-plugins/nagios-plugins/releases

wget https://github.com/nagios-plugins/nagios-plugins/archive/release-2.2.1.tar.gz

tar zxvf release-2.2.1.tar.gz

cd nagios-plugins-release-2.2.1/

./tools/setup

./configure

make

make install

# now we should have all commands in /usr/local/nagios/libexec/

ls /usr/local/nagios/libexec/

# restart nagios so he can load those:

systemctl restart nagios.service

4.Enable SSL for Nagios (and not only)

# enable module
a2enmod ssl
systemctl restart apache2

# edit apache to redirect traffic to ssl
mcedit /etc/apache2/sites-enabled/000-default.conf
# add this to VirtualHost:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}/$1

# after modification file should look like this:
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        RewriteEngine on
        RewriteCond %{HTTPS} off
        RewriteRule ^(.*) https://%{HTTP_HOST}/$1

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

# enable ssl apache config file without it you will get SSL_ERROR_RX_RECORD_TOO_LONG error
a2ensite default-ssl.conf

# let us restart apache
systemctl restart apache2.service

# enable module

a2enmod ssl

systemctl restart apache2

# edit apache to redirect traffic to ssl

mcedit /etc/apache2/sites-enabled/000-default.conf

# add this to VirtualHost:

RewriteEngine on

RewriteCond %{HTTPS} off

RewriteRule ^(.*) https://%{HTTP_HOST}/$1

# after modification file should look like this:

ServerAdmin webmaster@localhost

DocumentRoot /var/www/html

RewriteEngine on

RewriteCond %{HTTPS} off

RewriteRule ^(.*) https://%{HTTP_HOST}/$1

ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

# enable ssl apache config file without it you will get SSL_ERROR_RX_RECORD_TOO_LONG error

a2ensite default-ssl.conf

# let us restart apache

systemctl restart apache2.service

How to setup VPN with PPTP

2018-23-01 BigRetroMlKE Leave a comment

In the past there was a Personal VPN Server (OpenVPN) which gave us more security than PPTP could give us. Then why would you want PPTP ? Because its faster and have lower footprint on CPU than OpenVPN. That way you can pick which you prefer in your case scenario. Also there is build-in support […]

Personal VPN Server (OpenVPN)

2018-23-01 BigRetroMlKE Leave a comment

Internet providers are collecting more and more data about our internet activities, but what can we do about it ? You want to have secure access to your home servers, nas, devices ? Virtual Private Network aka VPN is a solution for your needs! 1.Instalation

apt-get install openvpn easy-rsa

1	apt-get install openvpn easy-rsa

2.openvpn configuration

touch /etc/openvpn/server.conf

#edit /etc/openvpn/server.conf 
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

touch /etc/openvpn/server.conf

#edit /etc/openvpn/server.conf

port 1194

proto udp

dev tun

ca ca.crt

cert server.crt

key server.key

dh dh2048.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 208.67.222.222"

push "dhcp-option DNS 208.67.220.220"

keepalive 10 120

cipher AES-256-CBC

comp-lzo

user nobody

group nogroup

persist-key

persist-tun

status openvpn-status.log

verb 3

3.some system tweaks

echo 1 > /proc/sys/net/ipv4/ip_foward

#edit /etc/sysctl.conf
net.ipv4.ip_forward=1

echo 1 > /proc/sys/net/ipv4/ip_foward

#edit /etc/sysctl.conf

net.ipv4.ip_forward=1

4.Instalation […]

Running a secure DDNS service with BIND

2018-23-012018-23-01 BigRetroMlKE Leave a comment

If you lack of static ip for your home machines but would like to have static address to access them there is a simple setup to make on your primary DNS server to achieve that. On our client side let’s generate some keys:

#replace keyname with anything
dnssec-keygen -a HMAC-MD5 -b 512 -r /dev/urandom -n HOST keyname

1 2	#replace keyname with anything dnssec-keygen -a HMAC-MD5 -b 512 -r /dev/urandom -n HOST keyname

This will results in creating Kkeyname.***.key and Kkeyname.***.private, we will need […]

Fixing BIND’s journal out of sync with zone error

2018-23-01 BigRetroMlKE Leave a comment

When BIND stop to work and throw error like this:

zone example.com/IN: journal rollforward failed: journal out of sync with zone
zone example.com/IN: not loaded due to errors.

1 2	zone example.com/IN: journal rollforward failed: journal out of sync with zone zone example.com/IN: not loaded due to errors.

The simplest and fastest fix is by removing that journal file for zone

rm /var/cache/bind/zones/example.com.jnl

1	rm /var/cache/bind/zones/example.com.jnl

and then restart bind

service bind9 restart
# or
systemctl restart bind9

service bind9 restart

# or

systemctl restart bind9

Turn off additional telemetry from Mozilla Firefox

2018-16-012018-16-01 BigRetroMlKE Leave a comment

For starters I wouldn’t co all the paranoic about Mozilla getting some telemetry as most of them are not about privacy. Some of you probably will want to disable those also this could help speed up Firefox a bit. Get into internal settings by typing about:config in url bar and turn all of these to […]

Why I’m moving from Baikal to Radicale (CalDav & CardDav)

2017-06-09 BigRetroMlKE Leave a comment

Saber/Dav which is a core component of Baikal is looking for maintainer (full story here) It’s been some time now that I moved from Google Calendar service to self-hosted, open source solution. I never notice any down sides with accessibility – maybe my need were simple enough 🙂 I’m not saying that Baikal is […]

Bezpieczne połączenie do sieci (Android + OpenVPN)

2017-04-09 BigRetroMlKE Leave a comment

Być może korzystacie z darmowego internetu w kawiarenkach, restauracjach czy na lotniskach. Może wasz operator GSM sprzedając pakiety internetu śledzi co robicie, oczywiście na potrzeby celów marketingowych (Kiwam do Was T-Mobile, ach te czasy kiedy T-Mobile wstrzykiwało swoje reklamy w Twittera etc…) Zagrożeń płynących z dostępu do internetu w miejscach publicznych jest tak dużo lub […]