Read the latest posts from WriteFreely.

from LinuxPizza

Writing this down, so people and myself can easily find this solution

The Cisco docs is incomplete, this is the correct way of enabling SNMP on the SG350 series:

configure term
snmp-server community public RO
snmp-server community private RW
snmp-server server
snmp-server location hackerspace

Thanks to @fedops@fosstodon.org for telling me about the “snmp-server server” step.

#cisco #networking #switching #snmp #observium

Läs mer...

from LinuxPizza

I dont claim responsibility for anything being done on your router. This short TODO is written for myself – dont follow if you are not familiar with certificates and PKI.

1 SSH into your machine 2. Navigate to /data/unifi-core/config 3. Replace unifi-core.key with your private key 4. Replace unifi-core.crt with your TLS-certificate 5. Restart Unifi Core:

systemctl restart unifi-core

Done! A screenshot, showing a valid certificate on udr.selea.se, located on a Unifi Dream Router

#linux #pki #certificates #unifi


from LinuxPizza

LVM stuff

WARNING: PV /dev/sda2 in VG vg0 is using an old PV header, modify the VG to update.

Update the metadata with the vgck command – where the “vg0” is your own pool.

vgck --updatemetadata vg0

curl stuff

Curl a specific IP with a another host-header

curl -H "Host: subdomain.example.com"

git stuff

tell git.exe to use the built-in CA-store in Windows

git config --global http.sslBackend schannel

random stuff

See which process is using a file

fuser file

Import RootCert into Java-keystore example

sudo /usr/lib/java/jdk8u292-b10-jre/bin/keytool -import -alias some-rootcert -keystore /usr/lib/java/jdk8u292-b10-jre/lib/security/cacerts -file /usr/share/ca-certificates/extra/someRoot.crt`

Apache2 configs example

Enable AD-authentication for web-resources

<Location />
   AuthName "AD authentication"
   AuthBasicProvider ldap
   AuthType Basic
   AuthLDAPGroupAttribute member
   AuthLDAPGroupAttributeIsDN On
   AuthLDAPURL ldap://IP:389/OU=Users,OU=pizza,DC=linux,DC=pizza? 
   AuthLDAPBindDN cn=tomcat7,ou=ServiceAccounts,ou=Users,OU=pizza,dc=linux,dc=pizza
  AuthLDAPBindPassword "exec:/bin/cat /etc/apache2/ldap-password.conf"
  Require ldap-group 
  ProxyPass "http://localhost:5601/"
  ProxyPassReverse "http://localhost:5601/"


Insert Matomo tracking script in Apache using mod_substitute

AddOutputFilterByType SUBSTITUTE text/html
Substitute "s-</head>-<script type=\"text/javascript\">var _paq = _paq || [];_paq.push(['trackPageView']);_paq.push(['enableLinkTracking']);(function() {var u=\"https://matomo.example.com/\";_paq.push(['setTrackerUrl', u+'matomo.php']);_paq.push(['setSiteId', '1']);var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);})();</script></head>-n"

Load balance backend-servers

<Proxy balancer://k3singress>
	BalancerMember http://x.x.x.1:80
	BalancerMember http://x.x.x.2:80
	BalancerMember http://x.x.x.3:80
	BalancerMember http://x.x.x.4:80
	ProxySet lbmethod=bytraffic
	ProxySet connectiontimeout=5 timeout=30
	SetEnv force-proxy-request-1.0 1
	SetEnv proxy-nokeepalive 1
       ProxyPass "/" "balancer://k3singress/"
       ProxyPassReverse "/" "balancer://k3singress/"
       ProxyVia Full
       ProxyRequests On
       ProxyPreserveHost On

Basic Apache-config for PHP-FPM

<VirtualHost *:80>
  ServerName www.example.com
  DocumentRoot /srv/www.example.com/htdocs
  <Directory /srv/www.example.com/htdocs>
    AllowOverride All
    Require all granted
    DirectoryIndex index.html index.htm index.php
    <FilesMatch "\.php$">
      SetHandler proxy:unix:/run/php/www.example.com.sock|fcgi://localhost
  SetEnvIf x-forwarded-proto https HTTPS=on

Basic PHP-fpm pool

user = USER
group = GROUP

listen = /var/run/php/$pool.sock

listen.owner = www-data
listen.group = www-data

pm = ondemand
pm.process_idle_timeout = 10
pm.max_children = 1

chdir = /

php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f no-reply@ftp.selea.se
php_admin_value[mail.log] = /srv/ftp.selea.se/log/mail.log
php_admin_value[open_basedir] = /srv/ftp.selea.se:/tmp
php_admin_value[memory_limit] = 64M
php_admin_value[upload_max_filesize] = 64M
php_admin_value[post_max_size] = 64M
php_admin_value[max_execution_time] = 180
php_admin_value[max_input_vars] = 1000

php_admin_value[disable_functions] = passthru,exec,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,mail

Netplan – use device MAC instead of /etc/machine-id for DHCP

      dhcp4: true
      dhcp-identifier: mac
  version: 2

HPs apt repo for various utilities for proliant machines

deb http://downloads.linux.hpe.com/SDR/repo/mcp buster/current non-free

psql stuff


Get entity for AD/SMB based user so you can put it in /etc/passwd:

getent passwd USERNAME

#linux #kubernetes #netplan #php-fpm #apache #LVM


from LinuxPizza

Imagine my suprise when I could not tail the syslog anymore..

Debian 12 has moved the syslog to journalctl. So just run journalctl -f and you will be greeted with the logs running throu the screen :)

If you want to check the logs from for example apache:

journalctl -u apache2.service

If you want to format the logs as json, just append o json-pretty

#linux #debian #logging


from LinuxPizza

8 years ago, I saw a post somewhere about a pretty small niché distro that was looking for a mirror for its packages. That got me thinking about the possibility to provide a public mirror for Linux packages for various distros.

It started back then in my home office, with redundant ISP and the two HP Microservers and the Supermicro box that I had running. My ambitions did not stop, and I applied to be an official mirror for Debian, Ubuntu, Parabola, Linux-Libre and more in the weeks after.

One year after that, I got access to a nice environment that my friends had. With 100TB of storage and unlimited bandwidth – I moved the mirror there, and it has been living there ever since.

Fast forward a couple of years...

The small distros that mirror.linux.pizza was the sole mirror for has dissappeared, and the other projects such as Parabola, EndeavourOS and PureOS where I was the first one to start mirroring them – has gotten plenty of more mirrors to help out.

I've decided to shut mirror.linux.pizza down, the reason is financial and I want to focus my effort on the community that is social.linux.pizza instead.

I've already notified the different projects about the shut down, and I will take steps to ensure that systems does not break after the mirror goes offline, such as HTTP-redirects to other mirrors in the nordic.

I've also reached out to the hosting providers that have been using the mirror exclusively to notify them about the upcoming change, so they can prepare for that aswell.

I am thankful that I have been able to give something back to the community by hosting this mirror – around 100k unique IP-addresses connect to it every day. So it did definitely help out!

#linux #mirror #mirrorlinuxpizza #sunset #debian #ubuntu #pureos


from yeold

The AST Advantage 611s, the first computer my family got. With a whopping 8MB of RAM and an IBM 5x86 CPU clocked at 100MHz.

We recently managed to get it working again, and came to the conclusion that it would be a good idea to make a backup of the BIOS on the motherboard, since there may not exist too many backups out there.

I ordered a XGecu T48 Universal Programmer with the appropriate adapters for the flash chip for 59$ If you want to check it out you can find it here: https://xgecu.myshopify.com/products/xgecu-new-t48-tl866-3g-programmer-support-28000-ics-for-spi-nor-nand-flash-emmc-bga-tsop-sop-plcc-9-parts

The T48 is also called TL866-3G and is of course the successor to the popular TL866 universal programmer.

Removing the chip and identifying the model number

Taking a look in the computer, the BIOS flash is located in the PLCC44 socket, but it's a bit hard to reach so the ISA riser card needs to be removed.

Flash Chip location

A closer look at the chip shows a sticker and a serial number that points back to 94.

Flash Chip sticker

Removing the chip was easy because of the included chip removal tool. Just place the hooks in the slots in the corners and press until it pops out.

Flash Chip removal

Now I needed to find out what type of flash chip it really was. But I'd rather not ruin the sticker. So I used a scalpel blade to carefully remove the sticker so I could read the model number. (Pardon for the out of focus photo)

The flash chip model number

A quick google search told me that it was an Intel N28F001BX-T150 1Mbit (128KB) Boot block flash memory.

Reading the flash using Xgpro

IC flashing

The program used for the T48 is the Xgpro. The first thing I did was to make sure the right IC was selected by clicking “Select IC” in the upper left corner.

IC selection

After marking the correct IC and clicking “Select” I clicked on “READ” in the upper toolbar. Now a new window appeared with a picture on how to seat the chip in the adapter and the ZIF socket. After connecting it according to the picture I clicked “Read” and the “BACK”

Read data

Now I could see the data from the chip. Scrolling down a bit, I could find some readable text like a Copyright from 1984 and an AST Research Copyright from 1995. Cool!

Flash dump

After confirming that I got some data from the chip I saved it to a .bin file using the “SAVE” button on the top left.

Save dialog

My plan is to upload the bin file to a site like The Retro Web, this page in particular: https://theretroweb.com/motherboards/s/ast-advantage!-610-611-486-202728-101 So people can find a copy of the BIOS and easily flash a new one if they ever need to do that.

Läs mer...