Category: UNIX

possible workarounds of fortigate VPN client changing DNS server

Since VPN technology is used to connect sites and users, usually most it’s implementations provide an ability to change DNS servers to available on remote side. But not all of them are able to do this neatly and without breaking existing configuration. And if routing configuration works fine in most use cases, dealing with resolv.conf

Continue Reading…

crontab truncates file path to 100 symbols

I use crontab’s ability to load it’s configuration from file in my deployment scripts. But today it refused to load the configuration due to inability to find the file, despite all permissions were correct for this file. Using stdin (cat $ABSOLUTE_PATH | crontab -) worked correctly, but I was curious why this happens in the

Continue Reading…

nginx IP rules beyond DDoS guard

I use ngx_http_access_module‘s allow/deny directives to protect sensitive parts of my websites from public access. But if a website is protected by CloudFlare, or same-scheme DDoS protection/CDN provider, your nginx will get only CloudFlare’s IPs, so your blocking (or any another IP-based, e.g. GeoIP) rules will not work. This HOWTO is written for CloudFlare. P.S.

Continue Reading…

unable to find LVM volume pve/root

I found out that my recently installed Proxmox hypervisor sporadically can’t boot due to inability to find it’s LVM logical volumes: This situation means that our initramfs is successfully loaded, unpacked and finished it’s work, and now, when the OS should run the real filesystem, disks are not present. First of all, you need to

Continue Reading…

jenkins can’t connect to slaves after update to 2.55 or higher

Jenkins is a continuous integration tool, which is written in Java and provides very useful toolchain for DevOps software cycle. After update to version 2.55 my master server was unable to connect to it’s own slaves. I began receiving messages like this after an update whilst trying to connect to slave: ERROR: Connection terminated java.io.IOException:

Continue Reading…

atop log does not rotate in debian stretch

atop is a sar-like tool which saves system diagnostic data and allows to view it if a fancy readable way. By default it’s configured to rotate logs every midnignt, but recently I found out that they aren’t rotating for a month, which made impossible finding any useful info: # ls -ltrh /var/log/atop/ total 7.8G -rw-r–r–

Continue Reading…

squid PAM authentication trick FreeBSD

PAM authentication is best for using on small (up to 10 users) squid installation. It is easy-to-use and does not even need recompilation from source, required helper ships with standard configuration (and in package, of course). You just need to add users to your system. But it hides a little trick: aside of configuring it

Continue Reading…

improving openvpn client in linux: dns bug workaround and systemd service creation

Part 1, workaround According to bug info, there is an issue with NetworkManager, it doesn’t update client’s DNS pushed by OpenVPN server. If you are using the option of routing all traffic through OpenVPN tunnel, there are no another way but updating /etc/resolv.conf manually. But it, of course, can be automated. The main idea is

Continue Reading…

COMPLETELY disable SSLv3 in nginx (avoiding POODLE attack)

Since SSLv3 is deprecated, it’s a good idea to disable it in webserver config to become invulnerable to POODLE attack (sorry, Windows XP users). The problem is, even if you disable it in config, it may be still available for negotiation! Follow the article to see the remedy for this issue. The main part is

Continue Reading…