Thursday, July 9, 2020

Midnight Commander missing syntax highlighting

Midnight Commander missing syntax highlighting


Try to pres Ctl-s, which toggles syntax highlighting on and off in mcedit

Wednesday, March 25, 2020

VLC HowTo/Adjust subtitle delay in advance way

VLC HowTo/Adjust subtitle delay in advance way

Advance Synchronisation

When subtitles are late compared to the audio, and only in this case, you can use the advance synchronisation functionality of VLC :
  • Step 1 : Detect (“hear and see”) that subtitles are out of sync
  • Step 2 : Press Shift H when you hear a sentence that you will be able to easily recognize
  • Step 3 : Press Shift J when you read the same sentence in the subtitle
  • Step 4 : Press Shift K to correct the sync

Wednesday, January 15, 2020

Remove string from file in Windows 10 powershell like sed

Remove string from file in Windows 10 powershell like sed

 
If you need to edit file like stream and replace/remove string in
Windows using powershell

this command will open text.txt file, search for ",,,,," and replace
with nothing "" and save as new file test2.txt

get-content test.txt | %{$_ -replace ",,,,,",""} | set-content test2.txt

Thursday, October 24, 2019

How to check if NTP client works on windows 7/10

How to check if NTP client works on windows 7/10

run this command from command line:

w32tm /stripchart /computer:jp.pool.ntp.org /dataonly /samples:5

Response will be :

C:\Windows\System32>w32tm /stripchart /computer:jp.pool.ntp.org /dataonly /samples:5
Tracking jp.pool.ntp.org [162.159.200.1:123].
Collecting 5 samples.
The current time is 24.10.2019 08:58:22.
08:58:22, -00.3017199s
08:58:24, -00.3021865s
08:58:26, -00.3018570s
08:58:28, -00.3018344s
08:58:30, -00.3017718s

Tuesday, February 26, 2019

Securing the Pi-hole with fail2ban to prevent DNS Amplification attacks

Securing the Pi-hole with fail2ban to prevent DNS Amplification attacks

 

1. Install fail2ban 

sudo apt-get update ; sudo apt-get install fail2ban

2. create jail file


vi /etc/fail2ban/jail.d/pihole-dns.conf

[pihole-dns]
enabled = true
port     = 53
action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
logpath = /var/log/pihole.log
findtime = 60
maxretry = 5
bantime = 3600

 

3. create filter file


vi /etc/fail2ban/filter.d/pihole-dns.conf

# Fail2Ban configuration file
#
# script from www.marek.tokyo
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

_daemon = dnsmasq

# log example from /var/log/pihole.log
#Feb 26 04:41:28 dnsmasq[1887]: query[A] 21cl93vlx5n9p.aikoaiko.net from 67.21.36.3
#(?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?



failregex =  .*query\[A\].*from <HOST>
                   .*query\[ANY\].*from <HOST>

ignoreregex =

4. test if regex works


fail2ban-regex /var/log/pihole.log /etc/fail2ban/filter.d/pihole-dns.conf


you should have results like this:








Running tests
=============

Use   failregex filter file : pihole-dns, basedir: /etc/fail2ban
Use   log file : /var/log/pihole.log
Use   encoding : UTF-8


Results
=======

Failregex: 4127 total
|-  #) [# of hits] regular expression
|   1) [4125] .*query\[A\].*from <HOST>
|   2) [2] .*query\[ANY\].*from <HOST>

`-


Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [15674] (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
`-

Lines: 15674 lines, 0 ignored, 4127 matched, 11547 missed
[processed in 1.25 sec]

Missed line(s): too many to print.  Use --print-all-missed to print all 11547 lines




Got hits (in red) so regex works !

5. add your`s IP to ignore list to prevent being blocked

use your local IP or global if Pi-hole is open access/relay installed on cloud VPS etc.

 vi /etc/fail2ban/jail.conf

[DEFAULT]

#
# MISCELLANEOUS OPTIONS
#

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8, 192.168.0.1/24

 

6. restart fail2ban service

 

7. to check if fail2ban works 

fail2ban-client status pihole-dns

Status for the jail: pihole-dns
|- Filter
|  |- Currently failed: 1
|  |- Total failed:     75
|  `- File list:        /var/log/pihole.log
`- Actions
   |- Currently banned: 2
   |- Total banned:     2
   `- Banned IP list:   172.93.106.230 67.21.36.3

 8. (optional for Centos 7)

You can check ipset list directly

ipset list fail2ban-pihole-dns-udp



Name: fail2ban-pihole-dns-udp
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 600
Size in memory: 312
References: 1
Number of entries: 2
Members:
67.21.36.3 timeout 558
172.93.106.230 timeout 558


 

based on this

Monday, August 27, 2018

Apache 2.4 + mod_wsgi + Python 3.7 + Django installation on Centos 7.10

How to Apache 2.4 + mod_wsgi + Python 3.7 + Django installation

 

Httpd 2.4

1. Install  httpd
yum install httpd
 
2. Install  httpd-devel
yum install httpd-devel 

Python 3.7 on Centos 7.10


1. Download the newest python

cd /opt/
wget -dvS --no-check-certificate https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tgz

2. Unpack and install


tar xzf Python-3.7.0.tgz

cd /opt/Python-3.7.0/

./configure --prefix=/usr/local --enable-shared --with-threads --enable-optimizations

make altinstall

 
to test if works: 
python3.7 -V

mod_wsgi

0. (optional) uninstall current mod_wsgi

yum erase mod_wsgi



1. Download the newest mod_wsgi and install

cd /opt/

wget https://files.pythonhosted.org/packages/9e/37/dd336068ece37c43957aa337f25c59a9a6afa98086e5507908a2d21ab807/mod_wsgi-4.6.4.tar.gz


tar xzf mod_wsgi-4.6.4.tar.gz


cd mod_wsgi-4.6.4.tar.gz


 ./configure --with-python=/usr/local/bin/python3.7


LD_RUN_PATH=/usr/local/lib make


make install



2. Add path to  /etc/ld.so.conf
include ld.so.conf.d/*.conf

/usr/local/lib

3. Run


ldconfig 



4. check if mod_wsgi is linked correctly

ldd /usr/lib64/httpd/modules/mod_wsgi.so
        linux-vdso.so.1 =>  (0x00007ffc465bb000)
        libpython3.7m.so.1.0 => /usr/local/lib/libpython3.7m.so.1.0 (0x00007f2d23842000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2d23626000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f2d23422000)
        libutil.so.1 => /lib64/libutil.so.1 (0x00007f2d2321f000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f2d22f1d000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f2d22b50000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f2d23fe3000)

Install Django

pip3.7 install --upgrade pip

pip3.7 install Django

Configure apache to use wsgi

Add new config at /etc/httpd/conf.d/project1.conf

<IfModule mod_ssl.c>
Listen 8443 https
<VirtualHost *:8443>

        ServerAdmin [email protected]
        ServerName tester.com
        ServerAlias tester.com
        DocumentRoot /var/www/html/project1

        ErrorLog /var/log/httpd/project1-error.log
        CustomLog /var/log/httpd/project1-access.log combined
        CustomLog logs/project1-ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

        # Django project
        Alias /django_1 /opt/py/django_1
        <Directory /opt/py/django_1>
                Require all granted
        </Directory>

        Alias /static /opt/py/django_1/static
        <Directory /opt/py/django_1/static>
                Require all granted
        </Directory>

        <Directory /opt/py/django_1>
                <Files wsgi.py>
                    Require all granted
                </Files>
        </Directory>

        WSGIDaemonProcess django_1 python-path=/opt/py/django_1 python-home=/opt/py/django_1/venv
        WSGIProcessGroup django_1
        WSGIScriptAlias / /opt/py/django_1/django_1/wsgi.py
        WSGIPassAuthorization On


        SSLCertificateFile /etc/letsencrypt/live/tester.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/tester.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateChainFile /etc/letsencrypt/live/tester.com/chain.pem

</VirtualHost>
</IfModule>



Test if everything works:

https://tester.com:8443/admin/login/?next=/admin/


Don`t forget to add ALLOWED_HOSTS in your  settings.py

Also add
STATIC_URL = '/static/'
STATIC_ROOT = '/opt/py/django_1/static/'







Wednesday, August 1, 2018

Oxidized init.d script for Centos 6

Oxidized init.d script for Centos 6

 

To run oxidized as service


1. copy init script from oxidized/extra

 cp /usr/local/rvm/gems/ruby-2.3.0/gems/oxidized-0.24.0/extra/oxidized.init.d /etc/init.d/<br />

2. if you installed oxidized using manual (added system user oxidized) and rvm you need to modify script

#cmd=oxidized
cmd="sudo -u oxidized /usr/local/rvm/gems/ruby-2.3.0/wrappers/oxidized"
args="--daemonize"

#pidfile=/etc/oxidized/pid
pidfile=/home/oxidized/.config/oxidized/pid


#export OXIDIZED_HOME=/etc/oxidized
export OXIDIZED_HOME=/home/oxidized/

3. after that start as normal service

# /etc/rc.d/init.d/oxidized start

# /etc/rc.d/init.d/oxidized status
sudo (pid  9987) is running...


# ps aux | grep oxi
oxidized  9987  1.2  0.6 861488 97496 ?        Sl   08:52   0:25 puma 3.12.0 (tcp://127.0.0.1:8888) [/]

#netstat -tulpn   | grep 88
tcp        0      0 127.0.0.1:8888              0.0.0.0:*                   LISTEN      9987/puma 3.12.0 (t

Cybermap

Internet Storm Center Infocon Status

Internet Storm Center Infocon Status
Internet Storm Center Infocon Status