krstfvndm
/
blog
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
464 KiB
 
 
 
Tree: a81c619b3f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a81c619b3f'
${ noResults }
blog/public/index.json

1 lines
36 KiB
Raw Blame History

[{"author":"Kristof Vandam - Adam Verbeeck","content":"Setting up Arch with other bells and whistles.\nTarget Lenovo X240 i5-4300U 8GB DDR3 RAM 500GB SSD\nPre-requirements Bootable USB with Arch installer installed Cabled connection Device connected to a power supply First things first Keyboard layout loadkeys [keyboard-identifier] Check your internet connection ping archlinux.org Set timezone timedatectl set-timezone Europe/Brussels Prepairing your disks Check which disks you have available fdisk -l Partitioning Device your disk into individual partitions:\n boot arch windows Some letters we gonna use p show your partition n new partition a set the bootflag t set the type L show available types w write the changes The actual work fdisk [your-disk] press n to create a new partition, the first prompt asks the type of partition, use p for Primary Partition number, enter. first sector, enter. goto \u0026lsquo;Specify your sizes\u0026rsquo;.\nSpecify your sizes +[SIZE][TGMK]\nSet the bootflag A partition needs a bootflag for the MBR know which partition use at startup\nSet the types Use t to set the type:\n83 for boot (linux) 8e for arch (lvm) 7 for windows (HPFS/NTFS/exFAT)\nLVM pvcreate /dev/sda2 vgcreate vg0 /dev/sda2 lvcreate -L +2G -n swap vg0 lvcreate -l 100%FREE -n swap vg0 Filesystems mkswap /dev/mapper/vg0-swap mkfs.ext4 /dev/sda1 mkfs.xfs /dev/mapper/vg0-root Mount your disks and strap your seatbelt, we gonna pacstrap mount /dev/mapper/vg0-root /mnt mkdir /mnt/boot mount /dev/sda1 /mnt/boot pacstrap /mnt base base-devel vim bash-completion networkmanager Make sure it boots! genfstab -U /mnt \u0026raquo; /mnt/etc/fstab\nmaking it yours arch-chroot /mnt\nTime, Date, Region ln -sf /usr/share/zoneinfo/Europe/Brussels /etc/localtime hwclock --systohc locale-gen /etc/locale.conf\nLANG=en_US.UTF-8 UTF-8 /etc/vconsole.conf\nKEYMAP=be-latin1 /etc/hostname\nmyhostname /etc/hosts\n127.0.0.1 localhost ::1 localhost 127.0.0.1 myhostname.localdomain myhostname passwd Grub pacman -S grub grub-install /dev/sda grub-mkconfig \u0026gt; /boot/grub/grub.cfg Ignore warnings\nfstab Add swap to fstab\n/dev/mapper/vg0-swap swap swap default 0 0 Check your work by swapping the swap\nswapoff -a mount -a swapon -a free does your swap have bytes?\nLVM can\u0026rsquo;t bot Add the LVM module to the mkinitcpio config file at /etc/mkinitcpio.conf\nadd lvm2 to the HOOKS Array before filestystems\n... HOOKS=(base udev autodetect modconf block lvm2 filestystems keyboard fsck) ... mkinitcpio -p linux Cross fingers - reboot Enable services systemctl enable NetworkManager systemctl start NetworkManager ","date":"2018-11-30T10:08:22+02:00","href":"https://blog.hagfi.sh/administration/yet-another-arch-guide/","tags":["arch"],"title":"Yet Another Arch Guide"},{"author":"Olivier De Ram","content":"Usefull bash tips \u0026amp; tricks\nUsefull CLI shortcuts: Shortcut Description Ctrl+a Jump to the beginning of the command line. Ctrl+e Jump to the end of the command line. Ctrl+u Clear from the cursor to the beginning of the command line. Ctrl+k Clear from the cursor to the end of the command line. Ctrl+Left Arrow Jump to the beginning of the previous word on the command line. Ctrl+Right Arrow Jump to the end of the next word on the command line. Ctrl+r Search the history list of commands for a pattern. Esc + . Copy the last word of the previous command on the current command line where the cursor is Redirect output: Command result \u0026gt; file redirect stdout to overwrite a file \u0026gt;\u0026gt; file redirect stdout to append to a file 2\u0026gt; file redirect stderr to overwrite a file 2\u0026gt; /dev/null discard stderr error messages by redirecting to /dev/null \u0026amp;\u0026gt; file (OR \u0026gt; file 2\u0026gt;\u0026amp;1) redirect stdout and stderr to overwrite the same file \u0026amp;\u0026gt;\u0026gt; (OR \u0026gt;\u0026gt; file 2\u0026gt;\u0026amp;1) redirect stdout and stderr to append to the same file Create a function: It\u0026rsquo;s straightforward, use function to create a function, give it a usefull short name and put the statemants between curly brackets.\nUse $1 for the first argument, $2 for the second argument and so on\u0026hellip;\nfunction \u0026lt;name\u0026gt; { \u0026lt;bashcommands\u0026gt; } For example the function logsearch which searches for the given string whitin all logfiles in the current directory:\nfunction logsearch { zgrep $1 ./*log } Short scripts: Loop every file in path: for F in /path/to/files/*; do echo \u0026#34;Files $F\u0026#34;; done Loop file line per line: while read LINE; do echo $LINE; done \u0026lt; file.txt ","date":"2018-11-11T16:01:15+01:00","href":"https://blog.hagfi.sh/administration/bash/","tags":["bash","script"],"title":"Bash Tips \u0026 Tricks"},{"author":"Kristof Vandam","content":"Switch between run levels / environments.\nChanging boot targets On the fly Goto a graphical environment\nsystemctl isolate graphical.target Goto a text based environment\nsystemctl isolate multi-user.target Permanently change environments Graphical environment\nsystemctl set-default graphical.target Text based environment\nsystemctl set-default multi-user.target Set target on boot Interrupt the bootloader (GRUB) and edit the kernel entry before booting. Press e to edit the entry Goto the line that starts with linux16 suffix the line with your desired target as followed: systemd.unit=rescue.target ","date":"2018-11-09T10:08:15+02:00","href":"https://blog.hagfi.sh/administration/boot-targets/","tags":["linux","security","boot"],"title":"Changing boot targets"},{"author":"Kristof Vandam","content":"Automagically mount remote directories on login.\nInstall the required pakages sudo yum -y install autofs Create the entry file the mapper file is a file where we specify the directory where all our mounts should be placed.\nThis file should be stored in /etc/auto.master.d, note that the extension is required to be .autofs\nfor example: /etc/auto.master.d/home.autofs\n/home/guests /etc/auto.home The value for /home/guests is the file where we specify our mount options.\nNote: Make sure the /home/guests directory exists, if not create it with:\nmkdir /home/guests Create the mapper file We earlier specified where our map file should be stored (/etc/auto.home), create this file.\nSay we want to auto mount the home directories stored on serverA on /home/guests/[USER] when [USER] logs in.\n* -rw,sync serverA:/home/guests/\u0026amp; The wildcards task is to create the directory based on the users homedirectory on serverA (specified with \u0026amp;) We give option like: read/write and sync As last param we have to say where we want to mount to, again, the \u0026amp; is dynamic and maps to the logged in user. Enable and start the service sudo systemctl enable autofs sudo systemctl start autofs Wrapping up Log in as a user, and check if the mount is present as expected.\ndf -h Should output something like:\nFilesystem Size Used Avail Use% Mounted on /dev/xvda1 8.0G 5.6G 2.5G 70% / devtmpfs 224M 0 224M 0% /dev tmpfs 244M 0 244M 0% /dev/shm tmpfs 244M 41M 204M 17% /run tmpfs 244M 0 244M 0% /sys/fs/cgroup tmpfs 49M 0 49M 0% /run/user/1000 tmpfs 49M 0 49M 0% /run/user/0 /serverA:/home/guests/user1 200M 0 200M 0% /home/guests/user1 Note the last line where we see that the mount is present\n","date":"2018-11-09T10:08:15+02:00","href":"https://blog.hagfi.sh/administration/autofs/","tags":["linux","data","mount","shares"],"title":"Mount with automount (autofs)"},{"author":"Kristof Vandam","content":"fatrace watches every file on server (except from itself and other kernel file systems).\nfatrace watches every file on server (except from itself and other kernel file systems).\nInstall on Centos7 Download the repo file from fedorainfracloud.org\nsudo curl https://copr.fedorainfracloud.org/coprs/ifas/fatrace/repo/epel-7/ifas-fatrace-epel-7.repo \u0026gt; /etc/yum.repos.d/ifas.repo sudo yum install fatrace -y Usage Option Description -c, \u0026ndash;current-mount Only record events on partition/mount of current directory. Without this option, all (real) partitions/mount points are being watched. -o FILE, \u0026ndash;output=FILE Write events to given file instead of standard output. -s SECONDS, \u0026ndash;seconds=SECONDS Stop after the given number of seconds. -t, \u0026ndash;timestamp Add timestamp to events. When this option is given once, the format will be a humanreadable -p PID, \u0026ndash;ignore-pid=PID Ignore events for this process ID. Can be specified multiple times. Output The output should look something like the following. My action was reloading this page while watching with fatrace.\n$ fatrace -t 12:58:20.859174 pickup(7666): CO /var/spool/postfix/maildrop 12:58:21.017572 caddy(7472): CO /var/www/vhosts/blog/tools/fatrace 12:58:21.017572 caddy(7472): CO /var/www/vhosts/blog/tools/fatrace/index.html 12:58:21.017572 caddy(7472): W /var/log/caddy/blog.log 12:58:21.213908 caddy(7472): CO /var/www/vhosts/blog/index.json 12:58:21.213908 caddy(7472): W /var/log/caddy/blog.log 12:58:21.305848 caddy(7472): RCO /var/www/vhosts/blog/img/favicon.png 12:58:21.305848 caddy(7472): W /var/log/caddy/blog.log Letter Description R Read W Write O Open C Close Action identifiers can be combined\nUsecases identifying which files are accessed by a process.\nReferences Manpage fatrace\n","date":"2018-11-05T22:13:49+02:00","href":"https://blog.hagfi.sh/tools/fatrace/","tags":["directory","size","inventory"],"title":"Fatrace: Report system wide file access events"},{"author":"Kristof Vandam","content":"Remapping interfaces and their MAC address.\nOften, when you clone a VM you could stumble against errors like:\n[FAILED] Device eth0 does not seem to be present, delaying initialization You could change your network configuration to match the correct interface or let Linux reread the available interfaces\n/etc/udev/rules.d/70-persistent-net.rules holds the configuration of available devices. Make sure that the MAC address is correct and that the name maches your configuration\n","date":"2018-11-05T22:13:49+02:00","href":"https://blog.hagfi.sh/administration/toubles-with-interfaces-after-clone/","tags":["network","networking","interfaces","ifconfig"],"title":"Troubles with interfaces after a VM clone"},{"author":"Kristof Vandam","content":"ncdu is a command line tool to scan and calculate directory and file sizes.\nComparison with \u0026lsquo;du\u0026rsquo; While the initial scan is about the same as du, ncdu keeps the results in memory. This can become handy when investigating the storage hog. You can compare the already cached results immediately with a (r) escan.\nAlso navigation is a breese. ncdu creates a interactive session where the arrow keys are used to open and close directories.\nOptions ncdu is not bloated with options, but each of these are useful and easy to remember. All these are used inside the interactive session.\n Key Description up, k Move cursor up down, j Move cursor down right/enter Open selected directory left, \u0026lt;, h Open parent directory n Sort by name s Sort by size C Sort by items d Delete selected file or directory t Toggle dirs before files when sorting g Show percentage and/or graph a Toggle between apparent size and disk usage c Toggle display of child item counts e Show/hide hidden or excluded files i Show information about selected item r Recalculate the current directory b Spawn shell in current directory q Quit ncdu Advanced ncdu JSON for development ncdu -x / -o- | jq -x chose directory \u0026lsquo;/\u0026rsquo; -o- output to stdout Will create a JSON object of the current directory and all his subdirectories. This can come handy for developing or generating reports.\nStore result ncdu -0xo- / | gzip \u0026gt; scan.gz -0 surpress unwanted output -x chose directory \u0026lsquo;/\u0026rsquo; -o- output to stdout Use stored result zcat scan.gz | ncdu -f- -f read from stdin Author Official Website\n","date":"2018-09-17T22:18:38+02:00","href":"https://blog.hagfi.sh/tools/ncdu/","tags":["du","ncdu","directory","size","inventory"],"title":"NCDU: NCurses Disk Usage"},{"author":"Kristof Vandam","content":"HUGO is static, that\u0026rsquo;s a fact. How can I implement a live search? Searching the internet provided me only solutions that require a page refresh, this time of age performance is key, so that\u0026rsquo;s why I wanted a fast and fuzzy search implementation.\nResearch Some this I found which helped to get there are:\n here more specific here https://vuejs.org/ http://fusejs.io/ https://momentjs.com/ https://github.com/axios/axios Create a JSON object containing all articles Actually every data you want to search, in this guide (and on this website) I use the following data:\n Title Date Author Tags Content This is specified in a custom layout. Note the (dict \u0026quot;title\u0026quot; ...) line. You can add any data that HUGO processes (for each article). Its a list of key/values, the keys are presented between the quotes, the value as first value.\nlayouts/json/single.html\n{{- $.Scratch.Add \u0026quot;index\u0026quot; slice -}} {{- range where .Site.Pages \u0026quot;Type\u0026quot; \u0026quot;not in\u0026quot; (slice \u0026quot;page\u0026quot; \u0026quot;json\u0026quot;) -}} {{- $.Scratch.Add \u0026quot;index\u0026quot; (dict \u0026quot;title\u0026quot; .Title \u0026quot;date\u0026quot; .Date \u0026quot;author\u0026quot; .Params.author \u0026quot;href\u0026quot; .Permalink \u0026quot;tags\u0026quot; .Params.tags \u0026quot;content\u0026quot; .Plain) -}} {{- end -}} {{- $.Scratch.Get \u0026quot;index\u0026quot; | jsonify -}} Now, with this file in place the next thing to do is to create a content page, where this layout is used. This file triggers the creation of \u0026ldquo;index.json\u0026rdquo;.\ncontent/search.md\n--- date: \u0026quot;2017-03-05T21:10:52+01:00\u0026quot; type: \u0026quot;json\u0026quot; url: \u0026quot;index.json\u0026quot; --- Example of the data returned You can checkout the json object for this website, just go to https://hagfi.sh/index.json\n[ { \u0026quot;author\u0026quot;: \u0026quot;Kristof Vandam\u0026quot;, \u0026quot;content\u0026quot;: \u0026quot;HUGO is static, that\\u0026rsquo;s a fact. How can I implement a live search? Searching the internet provided me only solutions that require a page refresh, this time of age performance is key, so that\\u0026rsquo;s why I wanted a fast and fuzzy search implementation. Research Some this I found which helped to get there are:\\n https://gohugo.io/tools/search/ \u0026quot;, \u0026quot;date\u0026quot;: \u0026quot;2018-08-29T22:44:46+02:00\u0026quot;, \u0026quot;href\u0026quot;: \u0026quot;http://localhost:1313/development/live-search-with-hugo/\u0026quot;, \u0026quot;tags\u0026quot;: null, \u0026quot;title\u0026quot;: \u0026quot;Live Search With HUGO\u0026quot; } ] Add the required dependencies (we use CDN\u0026rsquo;s) Make sure the following dependencies are loaded between the head tags. We use a little trick to let the browser decide if http or https is used. These are called Protocol-Relative URL\u0026rsquo;s.\n\u0026lt;script src=\u0026quot;//cdnjs.cloudflare.com/ajax/libs/moment.js/2.18.1/moment.js\u0026quot;\u0026gt;\u0026lt;/script\u0026gt; \u0026lt;script src=\u0026quot;//cdnjs.cloudflare.com/ajax/libs/vue/2.5.17/vue.min.js\u0026quot;\u0026gt;\u0026lt;/script\u0026gt; \u0026lt;script src=\u0026quot;//cdnjs.cloudflare.com/ajax/libs/axios/0.18.0/axios.min.js\u0026quot;\u0026gt;\u0026lt;/script\u0026gt; \u0026lt;script src=\u0026quot;//cdn.bootcss.com/fuse.js/3.2.0/fuse.min.js\u0026quot;\u0026gt;\u0026lt;/script\u0026gt; Add the actual search logic It\u0026rsquo;s a best practice to add the JavaScript right before the closing body tags. I highly suggest checking out VueJS with Webpack, but in this case a some simple JS inside script tags will do just fine.\nI will go over each section to clarify.\nvar app = new Vue({ el: '#app', data: { fuse: null, search: \u0026quot;\u0026quot;, result: [], index: [] }, mounted() { let self = this let options = { shouldSort: true, threshold: 0.6, location: 0, distance: 100, maxPatternLength: 32, minMatchCharLength: 1, keys: [ \u0026quot;title\u0026quot;, \u0026quot;author\u0026quot;, \u0026quot;date\u0026quot;, \u0026quot;content\u0026quot; ] } axios.get('/index.json') .then(function (response) { self.index = response.data self.fuse = new Fuse(response.data, options); self.result = fuse.search(\u0026quot;\u0026quot;); }) .catch(function (error) { console.log(error) }) }, watch: { search(nval, oval) { if (nval.length \u0026gt; 0) { this.result = this.fuse.search(nval) } else { this.result = [] } } } }) Create the Vue instance When creating a new Vue instance we assign Vue to a DOM element, most of the time an ID on your body tag is used.\nvar app = new Vue({ el: '#app', ... }) Create a data object This object is accesible across your DOM and Vue instance. Inside functions you can reffer to these with this.*.language-\nI initiated some variables like \u0026lsquo;fuse\u0026rsquo; so it can be used inside watch and methods.\ndata: { fuse: null, search: \u0026quot;\u0026quot;, result: [], index: [] }, What todo when everything is ready The mounted() function is triggered when everything ready to start processing your custom code. (This function used to name \u0026lsquo;ready()').\nWe assign this to self to handle some scope issues in the axios promise.\nWe polulate some options for FuseJS, note that the keys array is important here. Here we specify which keys of our index.json we want to search.\nThe index.json file is loaded with AJAX, this way the page should not wait for content that is not required immediately.\nWhen axios retrieves the date we create a Fuse instance (assigned to self.fuse (or this.fuse)).\nmounted() { let self = this let options = { shouldSort: true, threshold: 0.6, location: 0, distance: 100, maxPatternLength: 32, minMatchCharLength: 1, keys: [ \u0026quot;title\u0026quot;, \u0026quot;author\u0026quot;, \u0026quot;date\u0026quot;, \u0026quot;content\u0026quot; ] } axios.get('/index.json') .then(function (response) { self.index = response.data self.fuse = new Fuse(response.data, options); self.result = fuse.search(\u0026quot;\u0026quot;); }) .catch(function (error) { console.log(error) }) }, When something is entered inside the search field We watch for this.search to change, if it changes this function is called. Remember we set search: \u0026quot;\u0026quot; inside our data object? If the \u0026lsquo;nval\u0026rsquo; (New VALue) is larger than 0 characters we trigger the search function of fuse, which will return a new data set, but filtered. This dataset is stored inside this.result.language-\nIf the length of \u0026lsquo;nval\u0026rsquo; changes to 0 characters we hardcode the result to be an empty array (to prevent possible edgecases).\nwatch: { search(nval, oval) { if (nval.length \u0026gt; 0) { this.result = this.fuse.search(nval) } else { this.result = [] } } } Ok, cool, now how do I showcase the results? Well, it\u0026rsquo;s up to you. The most important parts in this example are:\n Bind this.search to the input field (with v-model) Loop through this.result with v-for, it will recreate the li tag \u0026lsquo;for each\u0026rsquo; result item. Use the result item, reffered as r. Links are extracted from the result item by the \u0026lsquo;href\u0026rsquo; key and bound to the href attribute. :href=\u0026quot;r.href\u0026quot; We use Moment.js to format the default (can be changed) HUGO date format to \u0026lsquo;D\u0026rsquo; (Day), \u0026lsquo;MMM\u0026rsquo; (Month, max 3 characters), \u0026lsquo;YYYY\u0026rsquo; (Full Year).\n\u0026lt;div class=\u0026quot;search-wrapper\u0026quot;\u0026gt; \u0026lt;input type=\u0026quot;text\u0026quot; placeholder=\u0026quot;Search ...\u0026quot; v-model=\u0026quot;search\u0026quot; class=\u0026quot;search\u0026quot;/\u0026gt; \u0026lt;ul class=\u0026quot;result-items\u0026quot;\u0026gt; \u0026lt;li v-for=\u0026quot;r of result\u0026quot; class=\u0026quot;result-item\u0026quot;\u0026gt; \u0026lt;div class=\u0026quot;result-item-wrapper\u0026quot;\u0026gt; \u0026lt;div class=\u0026quot;result-item-left\u0026quot;\u0026gt; \u0026lt;span class=\u0026quot;post-date\u0026quot;\u0026gt; \u0026lt;span class=\u0026quot;post-date-day\u0026quot;\u0026gt;\u0026lt;sup v-text=\u0026quot;moment(r.date).format('D')\u0026quot;\u0026gt;\u0026lt;/sup\u0026gt;\u0026lt;/span\u0026gt;\u0026lt;span class=\u0026quot;post-date-separator\u0026quot;\u0026gt;/\u0026lt;/span\u0026gt;\u0026lt;span class=\u0026quot;post-date-month\u0026quot; v-text=\u0026quot;moment(r.date).format('MMM')\u0026quot;\u0026gt;\u0026lt;/span\u0026gt; \u0026lt;span class=\u0026quot;post-date-year\u0026quot; v-text=\u0026quot;moment(r.date).format('YYYY')\u0026quot;\u0026gt;\u0026lt;/span\u0026gt; \u0026lt;/span\u0026gt; \u0026lt;template v-if=\u0026quot;r.author\u0026quot;\u0026gt;By \u0026lt;a class=\u0026quot;post-author\u0026quot; v-text=\u0026quot;r.author\u0026quot;\u0026gt;\u0026lt;/a\u0026gt;\u0026lt;/template\u0026gt; \u0026lt;/div\u0026gt; \u0026lt;div class=\u0026quot;result-item-left\u0026quot;\u0026gt; \u0026lt;span class=\u0026quot;nav-item-separator\u0026quot;\u0026gt;//\u0026lt;/span\u0026gt;\u0026lt;a :href=\u0026quot;r.href\u0026quot; v-text=\u0026quot;r.title\u0026quot;\u0026gt;\u0026lt;/a\u0026gt; \u0026lt;/div\u0026gt; \u0026lt;/div\u0026gt; \u0026lt;/li\u0026gt; \u0026lt;/ul\u0026gt; \u0026lt;/div\u0026gt; ","date":"2018-08-29T22:44:46+02:00","href":"https://blog.hagfi.sh/development/live-search-with-hugo/","tags":["vue","vuejs","prism","prismjs","hugo","javascript","js","json"],"title":"Live Search With HUGO"},{"author":"Olivier De Ram","content":"Let\u0026rsquo;s Encrypt: Aanmaken / vernieuwen certificaat: /opt/letsencrypt/letsencrypt-auto certonly --expand ---email support@domain.tld --agree-tos --webroot -w /var/www/vhosts/WEB/ROOT -d domain.tld -d domainalias.tld --dry-run /bin/certbot --text --agree-tos --non-interactive certonly -a webroot --webroot-path /var/www/vhosts/WEB/ROOT -d domain.tld -d domainalias.tld --dry-run --dry-run om het aanmaken te testen.\nApache / httpd (1) Voeg volgende regels toe aan de apache config: Alias /.well-known /var/www/vhosts/letsencrypt/.well-known \u0026lt;Directory /var/www/vhosts/letsencrypt/.well-known\u0026gt; order allow,deny allow from all satisfy any \u0026lt;/Directory\u0026gt; Of (2) voeg volgende regels toe aan .htaccess: \u0026lt;IfModule mod_rewrite.c\u0026gt; RewriteEngine on #Allow Let's Encrypt SSL renewal RewriteRule ^.well-known/ - [L,NC] RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L] Combineer Basic Auth met Let\u0026rsquo;s Encrypt:\nDit moet je bekijken ale een if/else. (Ofwel valid-user ofwel REQUEST_URI) \u0026lt;Directory /var/www/vhosts/WEB/ROOT\u0026gt; AuthType Basic AuthName protected AuthUserFile /etc/httpd/passwd/phpmyadmin.htpasswd require valid-user Require expr %{REQUEST_URI} =~ m#^/.well-known/acme-challenge/.*# \u0026lt;/Directory\u0026gt; Nginx Voeg volgende regels toe aan Nginx location /.well-known { root /var/www/vhosts/WEB/ROOT; index index.html index.htm index.php; } Controleer DNS lijst domeinen: while read LINE; do echo $LINE \u0026gt;\u0026gt; list_processed.txt \u0026amp;\u0026amp; dig +short @9.9.9.9 $LINE \u0026gt;\u0026gt; list_processed.txt; done \u0026lt; list.txt (WIP) #!/bin/bash #IP=\u0026lt;%= @default_ipadress %\u0026gt; IP=$(dig +short @9.9.9.9 $(hostname)) FILE=$1 while read LINE do CHK=$(dig +short @9.9.9.9 $LINE) if $IP -eq $CHK echo \u0026quot;$LINE|$CHK\u0026quot; \u0026gt;\u0026gt; /tmp/le-ok elif echo \u0026quot;$LINE|$CHK\u0026quot; \u0026gt;\u0026gt; /tmp/le-nok fi done \u0026lt; $FILE echo \u0026quot;Domains OK:\u0026quot; echo /tmp/le-ok | column echo \u0026quot;-------------------------------\u0026quot; echo \u0026quot;Domains NOT OK:\u0026quot; echo /tmp/le-nok | column rm -rf /tmp/le-ok rm -rf /tmp/le-nok ","date":"2018-08-25T22:08:15+02:00","href":"https://blog.hagfi.sh/administration/letsencrypt/","tags":null,"title":"Let's Encrypt"},{"author":"Olivier De Ram","content":"MySQL Tuner WAARDE ACTIE query_cache_size AFBLIJVEN table_cache AFBLIJVEN (maximumwaarde = 64) table_open_cache AFBLIJVEN join_buffer_size Verhogen indien Joins performed without indexes++ tmp_table_size Verhogen = max_heap_table_size max_heap_table_size Verhogen = tmp_table_size query_cache_type =1 indien =0 mysql tuning improvements table_cache NOOIT hoger dan 64 Sudo vim /etc/my.cnf query_cache_size' =\u0026gt; \u0026lsquo;256M’, It caches the select query along with the result set, which enables the identical selects to execute faster as the data fetches from the in memory. Caching voor select queries en bijhorende result sets, wat het mogelijk maakt om identieke selects sneller op te vragen uit memory. \u0026lsquo;open_files_limit\u0026rsquo; =\u0026gt; \u0026lsquo;4096\u0026rsquo;, Changes the number of file descriptors available to mysqld. You should try increasing the value of this option if mysqld gives you the error Too many open files. \u0026lsquo;join_buffer_size\u0026rsquo; =\u0026gt; \u0026lsquo;256K’, The minimum size of the buffer that is used for plain index scans, range index scans, and joins that do not use indexes and thus perform full table scans. Normally, the best way to get fast joins is to add indexes. Increase the value of join_buffer_size to get a faster full join when adding indexes is not possible. Minimumgrootte van buffer voor index en table scans.\n \u0026lsquo;max_heap_table_size\u0026rsquo; =\u0026gt; \u0026lsquo;32M’, This variable sets the maximum size to which user-created MEMORY tables are permitted to grow. Max grootte van user-created memory tables These 2 need to be the same size!!! \u0026lsquo;tmp_table_size\u0026rsquo; =\u0026gt; \u0026lsquo;32M’, The maximum size of internal in-memory temporary tables. Max grootte van interne in-memory tijdelijke tabellen\n table_cache=64 (maximumwaarde!!) Table_Cache should always - well mostly anyway - be significantly bigger than the total number of tables in the server. Otherwise it\u0026rsquo;ll keep opening and closing tables. Maximumwaarde voor caching van geopende tabellen. thread_cache_size=4 How many threads the server should cache for reuse. Aantal threads dat de server kan cachen voor hergebruik. \u0026lsquo;innodb_buffer_pool_size\u0026rsquo; =\u0026gt; \u0026lsquo;1G\u0026rsquo;, The size in bytes of the buffer pool, the memory area where InnoDB caches table and index data. The default value is 128MB.\nSudo service mysql/mariadb reload (restart enkel onder toezicht)\n query_cache_*: query_cache_type\nNeeds to be set to 1 to enable caching.\nquery_cache_size\nIs the size of the cache. This can be in bytes, or you can use a M suffix to specify the amount of megabytes.\nquery_cache_limit\nIs the maximum size of an individually cached query. Queries over this size won’t go into the cache. This is also in bytes, or megabytes with the M suffix. 1MB is a safe bet.\nMaximumgrootte voor elke individuele gecachte query. Queries groter dan dit zullen niet gecacht worden.\ntable_open_cache\nIndicates the maximum number of tables the server keeps open\n innodb_buffer_pool_instances=2\nEnables the use of multiple threads for innodb.\nquery_cache_type=1\nEnables query caching.\njoin_buffer_size=1024K\nIncreased the buffer size for non-indexed joins.\ntmp_table_size=64M \u0026amp;\u0026amp; max_heap_table_size=64M\nIncreased the size for temporary tables.\njoin_buffer_size\nOmwille van het aantal JOIN queries uitgevoerd zonder indexes, werd de minimumgrootte van de buffer voor index en table scans verhoogd.\nmax_heap_table_size \u0026amp; tmp_table_size\nDe maximale grootte van user-created memory tables en van interne in-memory tijdelijke tabellen werd verhoogd.\nthread_cache_size\nHet maximale aantal threads dat de server kan cachen voor hergebruik werd verhoogd.\n","date":"2018-08-25T22:08:15+02:00","href":"https://blog.hagfi.sh/administration/mysql_tuner/","tags":null,"title":"MySQL Tuner"},{"author":"Olivier De Ram","content":"Windows troubleshooting VRAGEN:\n openen vanuit ticketing, wachtwoord en gebruiker custom even viewer view? test server? EventViewer run: eventvwr\n custom views windows application (non windows standard, puppet, vmware, mssql, \u0026hellip;) security, aan en afmelden set-up: updates en installatie verwijderen programma\u0026rsquo;s system: OS meldingen application and services: diep graven \u0026ndash;\u0026gt; Filter Log:\n logged (date range) event level event source event ID: 99,-1024,-4634 rechtsonderaan \u0026gt; event copy \u0026gt; copy as text\nPowerShell $first = $last = get-eventlog -Logname system - `get-winevent -LogName \u0026#39;Microsoft-Windows-TaskScheduler/Operational\u0026#39; | Where-Object { $_.Message -like ‘*insta* }` Task Viewer tasks users performance (indien gecrasht, bevestigen anders is het netwerk) Resource monitor (task manager \u0026gt; performance \u0026gt; open resouce monitor)\nOverview \u0026gt; CPU (ovenste tab) app aanvinken \u0026ndash;\u0026gt; filtert alles\nNetstat netstat -abo \u0026gt; C:\\temp\\log.txt\nChocolate C:\\ProgramData\\chocolatey\\bin\\Procmon.exe \u0026ndash;\u0026gt; selecteer lijn+kolom \u0026gt; exclude \u0026lsquo;name\u0026rsquo; (=grep -v) / include \u0026lsquo;name\u0026rsquo; (=grep)\nUsefull programs TreeView VBluescreenviewer Sysinternals Zabbix VMware events BareTail choco install choco list -lo (view choco installed programs) telnet 12.34.56.78 900 powershell: stop service 'name' EventID\u0026rsquo;s Event ID 6005: “The event log service was started.” This is synonymous to system startup.\n Event ID 6006: “The event log service was stopped.” This is synonymous to system shutdown.\n Event ID 6008: \u0026ldquo;The previous system shutdown was unexpected.\u0026rdquo; Records that the system started after it was not shut down properly.\n Event ID 6009: Indicates the Windows product name, version, build number, service pack number, and operating system type detected at boot time.\n Event ID 6013: Displays the uptime of the computer. There is no TechNet page for this id. Add to that a couple more from the Server Fault answers listed in my OP:\n Event ID 1074: \u0026ldquo;The process X has initiated the restart / shutdown of computer on behalf of user Y for the following reason: Z.\u0026rdquo; Indicates that an application or a user initiated a restart or shutdown.\n Event ID 1076: \u0026ldquo;The reason supplied by user X for the last unexpected shutdown of this computer is: Y.\u0026rdquo; Records when the first user with shutdown privileges logs on to the computer after an unexpected restart or shutdown and supplies a reason for the occurrence.\n PowerShell $filter = \u0026#34;*abbix*\u0026#34; get-winevent -logname \u0026#39;Application\u0026#39; | Where-Object { $_.Message -like $filter } ","date":"2018-08-25T22:08:15+02:00","href":"https://blog.hagfi.sh/administration/windows_troubleshooting/","tags":null,"title":"Windows troubleshooting"},{"author":"Kristof Vandam","content":"Create an encrypted partition that will automatically mount at boot.\nSometimes it\u0026rsquo;s nice to have encryption, sometimes it\u0026rsquo;s mandatory, either way, there are a couple of thing you should take in mind. Most solutions you find are at disk level but these have some pro\u0026rsquo;s and con\u0026rsquo;s.\n PRO\u0026rsquo;s CON\u0026rsquo;s Every application can work with it Data is only secured from physical theft No extra development required Can cause some overhead, as everything goes through encryption/decryption, everything There are also a couple of choisen you can make implementing LUKS, you could create a LVM layer on top of a LUKS partition or, what we are doing in this guide, add a LUKS encrypted mount on top of a LVM stack. The latter allows you to automatically mount the encrypted disk after or at boot time.\nAdd a new disk (LVM) This is unrelated to encrypting the disk, but in our setup we started by adding a new disk to the server.\nThe commands below are just some I often use as a group. From lines 1 to 3 you can just copy/paste. Line 1 makes sure a rescan is triggered to detect the newly added disk. 2 \u0026amp; 3 create some variables, which can be checked and used later. Make sure the output of these are what you expected. You can echo them as shown on 4 \u0026amp; 5.\nCreate a Physical Volume and extend the Volume Group \u0026lsquo;centos\u0026rsquo;\nroot@server:/dev/centos # for i in /sys/class/scsi_host/host*; do echo \u0026quot;- - -\u0026quot; \u0026gt; $i/scan; done root@server:/dev/centos # NEWDISK=$(dmesg|tail|grep 'Attached'|awk '{print $4}'|tail -n1|cut -d \u0026quot;[\u0026quot; -f2|cut -d \u0026quot;]\u0026quot; -f1) root@server:/dev/centos # VGROUP=$(vgdisplay|grep Name|head -n1|awk '{print $3}') root@server:/dev/centos # echo ${NEWDISK} sdd root@server:/dev/centos # echo ${VGROUP} centos root@server:/dev/centos # pvcreate /dev/${NEWDISK} Physical volume \u0026quot;/dev/sdd\u0026quot; successfully created. root@server:/dev/centos # vgextend ${VGROUP} /dev/${NEWDISK} Volume group \u0026quot;centos\u0026quot; successfully extended Create a logical volume (LVM) Add a Logical Volume named \u0026lsquo;encrypted\u0026rsquo; to the Volume Group \u0026lsquo;centos\u0026rsquo;.\nroot@server:/dev/centos # lvcreate -L 15G -n encrypted centos Logical volume \u0026quot;encrypted\u0026quot; created. Encrypt the partition Ok, the fun parts starts here (CAUTION before continueing make sure there is no important data on /dev/centos/encrypted, this will be wiped). We encrypt the Logical Volume with the first command. A passphrase is required (see it as a backup) LUKS can contain up to 5 different passwords. In a future section we add a second, more complex, password to use as key on boot. Hold tight.\nAfter the first command (the actual formatting of the partition) we need to \u0026lsquo;open\u0026rsquo; the partition. By opening we mean creating a new disk, but you should notice there is a password required to do so. Use the password you just created.\nroot@server:/dev/centos # cryptsetup -v --verify-passphrase luksFormat /dev/centos/encrypted root@server:/dev/mapper # cryptsetup luksOpen /dev/centos/encrypted luks-encrypted Create a mountpoint Before you can use the encrypted partition you should mount it. Do it like you always do it. Create a directory to mount to and mount /dev/mapper/luks-encrypted with mount.\nroot@server:/dev/mapper # mkdir /encrypted root@server:/dev/mapper # mount /dev/mapper/luks-encrypted /encrypted From here on you are actually done, if you want to type password manually on every boot. I highly doubt you want that so lets go on. (It is ofourse more safe to do so).\nCreate a key (to auto-mount the encrypted disk) Create a key-file we can add to /etc/crypttab, any random string will do, but we create it with /dev/urandom. Make sure to set some strict permissions.\nroot@server:/dev/mapper # dd if=/dev/urandom of=/root/lukskey bs=1024 count=4 root@server:/dev/mapper # chmod 0400 /root/lukskey Unmount and add the key Add the key you just created to make it valid for LUKS, but first unmount the mount and close the vault.\nroot@server:/ # umount /encrypted root@server:/ # cryptsetup luksClose luks-encrypted root@server:/ # cryptsetup luksAddKey /dev/mapper/centos-encrypted /root/lukskey Get UUID Get the UUID of the disk, using the UUID to mount disk is a more solid solution than using the disknames (/dev/sd*). These disknames CAN change, the UUID cannot.\nroot@server:/ # blkid /dev/mapper/centos-encrypted /dev/mapper/centos-encrypted: UUID=\u0026quot;0dab9a5c-1870-478d-8d74-226eeb512f78\u0026quot; TYPE=\u0026quot;crypto_LUKS\u0026quot; Auto-mount LUKS (edit /etc/crypttab) Add a entry to the /etc/crypttab, see it as the /etc/fstab file. Just as fstab crypttab will automount the defined entries.\nroot@server:/ # blkid /dev/mapper/centos-encrypted /dev/mapper/centos-encrypted: UUID=\u0026quot;0dab9a5c-1870-478d-8d74-226eeb512f78\u0026quot; TYPE=\u0026quot;crypto_LUKS\u0026quot; Auto-mount LUKS (edit /etc/cypttab) luks-encrypted /dev/disk/by-uuid/0dab9a5c-1870-478d-8d74-226eeb512f78 /root/lukskey luks Check your work Congrats, this should be it, reboot and make sure the disk is mounted automatically.\n","date":"2018-08-23T22:08:15+02:00","href":"https://blog.hagfi.sh/administration/luks-encryption/","tags":["encryption","security","disk","partition"],"title":"Luks Encryption"}]