jpawlowski

Configure rsyslogd on CentOS 7 as Remote Syslog Server

echo "\$ModLoad imudp" > /etc/rsyslog.d/server.conf
echo "\$UDPServerRun 514" >> /etc/rsyslog.d/server.conf
echo "\$ModLoad imtcp" >> /etc/rsyslog.d/server.conf
echo "\$InputTCPServerRun 514" >> /etc/rsyslog.d/server.conf
echo "\$PreserveFQDN on" >> /etc/rsyslog.d/server.conf

yum -y install rsyslog-gnutls rsyslog-mysql rsyslog-crypto

jpawlowski

Basic setup, e.g. enable ssh

yum -y install epel-release
yum -y upgrade
yum -y install openssh-server net-tools iputils psmisc less which man mc bash-completion bash-completion-extras bash-argsparse bind-utils traceroute htop mtr
echo "export HISTTIMEFORMAT='%F %T  '" > /etc/profile.d/history.sh
echo "export HISTIGNORE='ls -l:pwd:date:'" >> /etc/profile.d/history.sh
echo "export HISTCONTROL=ignoredups" >> /etc/profile.d/history.sh
systemctl enable sshd
systemctl start sshd

jpawlowski

SNMPTT installation on CentOS 7 for Zabbix integration

yum install wget make gcc net-snmp net-snmp-utils

cd /usr/local/src
wget http://downloads.sourceforge.net/project/snmptt/snmptt/snmptt_1.4/snmptt_1.4.tgz

tar xfz snmptt_*.tgz
snmp_*
cp -rv snmptt snmpttconvert snmpttconvertmib snmptthandler-embedded /usr/sbin/

jpawlowski

#!/bin/bash
#
# This Script creates the following files to be used for
# Zabbix SNMP and SNMP trap integration:
#
# /etc/snmp/snmp.conf
# /etc/snmp/snmptt.conf.VENDOR
# Symlink vendor specific MIB files from
#  $MIBS_VENDORS to $MIBS
#

jpawlowski

HAproxy als Reverse Proxy auf Uberspace installieren

Wer bei verschiedenen Reverse Proxy Aktivitäten auf seinem Uberspace mit Apache auf Grenzen stößt, kann HAproxy installieren. Ähnlich wie Pound ist es DASein Swiss Army Knife für alle HTTP, HTTPS und TCP Aktivitäten. Man kann sehr granular auf Layer 3-7 beeinflussen, wie Daten an andere Server und Dienste weitergeschleust werden sollen.

Ich benötigte HAproxy, um eine Website von einem externen Server via TLS gesichert per Uberspace verfügbar zu machen, also ein recht simles Szenario.

Apache Proxy einrichten

jpawlowski

global
	maxconn			2000
	stats socket /tmp/haproxy.socket level admin
	uid			80
	gid			80
	nbproc			1
	chroot			/tmp/haproxy_chroot
	daemon
	tune.ssl.default-dh-param	2048
	# Modern browser compatibility only as mentioned here:

jpawlowski

brew install homebrew/dupes/grep; wget -q -O - https://cdn.media.ccc.de/congress/32C3/h264-hd/ | ggrep -oP '(?<=href=")[^"]*\.mp4(?=")' | xargs -I % bash -c 'test ! -f % && wget -q -nc "https://cdn.media.ccc.de/congress/32C3/h264-hd/%.torrent"'

jpawlowski

#!/bin/bash
mkdir -p /tmp/gds
# ftp-Server als Verzeichnis mounten:
curlftpfs ftp-outgoing2.dwd.de /tmp/gds -o user=user:password

cd /tmp/gds/gds/specials/radar/southeast
NEUESTE_DATEI=$(ls -t | head -n 1)
cp -fpv "${NEUESTE_DATEI}" "/tmp/gds_radarmap.jpg"

jpawlowski

#!/bin/bash

FILES=`ls /mnt/SonosSpeak/RINCON*`
CURRENTTIME=`date +"%s"`
PASTDAYS=75

THESHOLDATIME=`expr $CURRENTTIME - $PASTDAYS \* 24 \* 60 \* 60`

echo -e "Cleaning up all files older than $PASTDAYS days ...\n\n"

jpawlowski

#!/bin/bash
#
# see https://stribika.github.io/2015/01/04/secure-secure-shell.html

SSHD_VERSION=`/usr/sbin/sshd -v 2>&1 | grep OpenSSH | cut -d " " -f1 | cut -d "_" -f2 | cut -d"." -f2 | cut -d"p" -f1`
cat /etc/ssh/sshd_config | grep -v "KexAlgorithms" | grep -v "Ciphers" | grep -v "MACs" | grep -v "github.com" > /etc/ssh/sshd_config.new
cat /etc/ssh/ssh_config | grep -v "KexAlgorithms" | grep -v "Ciphers" | grep -v "MACs" | grep -v "github.com" > /etc/ssh/ssh_config.new
if [ "${SSHD_VERSION}" != "0" ]; then
	# better algorithms only available on newer OpenSSH versions
	echo "KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256" >> /etc/ssh/sshd_config.new