Treg's blog

November 4th, 2014

CentOS 6.x, Zabbix and SElinux

Posted by Treg in Linux, Tech

Since Zabbix version 2.2, I’m running into faulty/wrong zabbix-agent SElinux policies. There is not too much information available on the web to fix this issue. The steps underneed should do:

Install Zabbix Agent:
# yum install zabbix22-agent

# Edit the Zabbix Agent config file:
# vi /etc/zabbix/zabbix_agentd.conf

Run the service:
# service zabbix-agentd start

Interprete the audit log and create custom SElinux exceptions:
# cat /var/log/audit/audit.log | grep zab | audit2allow -M zabbix-agent

To install audit2allow:
# yum install policycoreutils-python

Verify the generated SElinux rules:
# vi zabbix-agent.te

Apply the generated SElinux rules:
# semodule -i zabbix-agent.pp

Additional: allow the Zabbix Agent to run on a different port, e.g. on port 8484:
# semanage port -a -t port_t -p tcp 8484

Restart the Zabbix Agent service:
# service zabbix-agentd restart

Verify the Zabbix Agent logs:
# tail /var/log/zabbix/zabbix-agentd.log

Please feel free to optimize the procedure and leave a comment.

November 24th, 2010

Plesk 9.x overuse policy, server wide fix

Posted by Treg in Linux, Tech

Parallels implemented an overuse policy since version 9 of its Plesk control panel for Linux. When you upgrade a Linux Plesk server (8.x) to version 9.x, all resellers, clients an domains get the “can’t overuse” policy. So, all objects which exceed a certain value get suspended. This isn’t quite what we/you want. (after the night, your overusing resellers/clients/domains will be suspended!)

So, the solution is quite simple: just set all the objects on “allow overuse”… except that this can’t be done serverwide. If you have 300 domains + 100 clients + 5 resellers, you will have to edit 405 objects manually. 🙁

The solution: you can solve this problem by executing the following scripts on the Linux box from the command line (with root privileges). The script will grant clients or domains the “allow overuse” policy.

  • Clients:

    # for i in `cat /etc/passwd |grep "/var/www/vhosts" | awk -F":" '{print $1}'`; do echo -n "$i  --  "; /usr/local/psa/bin/client_pref --update $i -overuse notify ; echo ""; done
  • Domains:

    # mysql -u'admin' -p"$(cat /etc/psa/.psa.shadow)" -D'psa' -NBe 'select name from domains order by name' | while read dom; do $(grep '^PRODUCT_ROOT_D' /etc/psa/psa.conf | awk '{print $2}')/bin/domain_pref -u "${dom}" -overuse notify; done
November 22nd, 2010

Pidgin & MSN (certificate error for omega.contacts.msn.com)

Posted by Treg in Linux, Tech

Last week, Microsoft changed its omega.contacts.msn.com certificate. This gives you a login error with an already configured Pidgin IM client. Execute the following steps to fix this error:

  1. Download the following file: http://files.andreineculau.com/projects/pidgin/omega.contacts.msn.com.2.txt
  2. Move it to “.purple/certificates/x509/tls_peers/”.
  3. Rename the file to “omega.contact.msn.com”.
  4. Restart Pidgin.

Source: blog@AndreiNeculau

October 20th, 2010

Tweetdeck on Linux, security problem (+fix)

Posted by Treg in HOWTO Ubuntu, Linux, Tech

While testing KDE4.5, it seemed I couldn’t use Tweetdeck anymore. The problem has something to do with storing passwords securely. Since Adobe AIR is a 32-bit application, it needs the 32-bit version of the KDE wallet client libraries in order to get the AIR ELS working properly. (Similarly on GNOME, the 32bit libraries for GNOME keyring are used.)

You can check if 32bit kdewallet client libraries are installed by testing the dynamic link dependencies of e.g. Adobe AIR’s libaddkey.so:

Code:
ldd "/opt/Adobe AIR/Versions/1.0/Resources/libaddkey.so" | grep kwallet

If you get something like “libkwalletclient.so.1 => not found” you will need to install the 32bit library. In Ubuntu 9.10 this library is in the kdelibs4c2a package, but this can be detected automatically by the getlibs package (see http://ubuntuforums.org/showthread.php?t=474790):

Code:
wget http://frozenfox.freehostia.com/cappy/getlibs-all.deb
sudo dpkg -i getlibs-all.deb
sudo getlibs libkwalletclient.so.1
sudo ldconfig

Re-run the ldd command above to check that the client library can now be resolved.

After this, erase Adobe AIR ELS and enter your account data anew:

Code:
rm -rf ~/.appdata/Adobe/AIR/ELS
TweetDeck

After this, AdobeAIR shows up in KDE wallet manager with an ELSKey stored password.

I found this solution on the Ubuntuforum.org. (provided by mkalen in this topic)

June 9th, 2010

Google Maps Navigation in België

Posted by Treg in Tech

Voor al degenen die het nog niet zouden gelezen hebben: Google Maps Navigation is sinds vandaag ook beschikbaar in België en Nederland. Dwz, koop je (de juiste) Android telefoon, dan krijg je er gratis goed werkende GPS software bij. 🙂

Google Maps Navigation

April 4th, 2010

Great VPN client, Shrew Soft

Posted by Treg in Linux, Tech

… and finally I found a VPN client that suits my needs: the Shrew Soft VPNClient. This piece of software is available for both Windows and Linux. (and works on both platforms without a problem!) It connects with many manufacturers’ VPN gateways. On their support page, they tell you how to do it.

Attention, there is one little “problem” if you want to use it on recent Ubuntu installations. You have to edit the file “/etc/sysctl.d/10-network-security.conf”. Please zero the values of the configuration:

net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0

That should work.

February 20th, 2010

Ubuntu One

Posted by Treg in General, Linux, Tech

Laatst was ik op zoek naar goede online backup software zodat ik wat cruciale data kan backuppen. Buiten de commerciële producten, kwam ik toevallig het Ubuntu One project tegen, dat blijkbaar  al een tijdje loopt. Deze software zit standaard in de laatste Karmic release van Ubuntu ingebakken, super! Het project lijkt een beetje op het oude Ifolder project van Novell (dat blijkbaar ook terug leeft).

Ubuntu One bestaat enerzijds uit client software die files synchronizeert vanop je computer met “the storage cloud”. Anderzijds is er ook een webinterface die je vanop elke browser-waardige computer kan raadplegen. Ubuntu One bied je gratis online storage aan tot 2GB. Hoger volumes kunnen aangekocht worden tot 100GB. Achterliggend gebruikt Ubuntu One de Amazon S3 cloud voor het opslaan van al zijn data.

Toch zijn er 3 minpuntjes. Momenteel zijn er enkel Linux clients beschikbaar, dus crossplatform werken gaat niet. Blijkbaar bevindt de data zich niet geëncrypteerd op de servers (hoorde ik, correct me if I’m wrong). Ook zet je de Ubuntu One client upload en download speed best niet op 0KB/s, want dan komt er effectief geen data door. Daar waar de meeste applicaties dan unlimited bandbreedte toelaten…

Ik kijk uit naar de nieuwe client versie en nieuwe features in de volgende Ubuntu release! 🙂

February 5th, 2010

Belgacom vernieuwt internetaanbod

Posted by Treg in Tech

… en het zal tijd gaan worden ook! Mooi (en vreemd) is dat zij dit als eerste doen als grote speler op de Belgische markt.

Concreet kan je vanaf 1 maart bij Belgacom een internet abonnement nemen met ongelimiteerde bandbreedte (FUP) met een snelheid van 20Mbit. Alle abonnementen verhogen zowel in snelheid als in volume. Jammergenoeg verhoogt het ADSL-Go abonnement ook in prijs.

Het volledige verhaal vind je op userbase.be

Update: Natuurlijk kon Telenet niet achterblijven. Ook zij verhogen en vernieuwen hun internet abonnementen. Lees er hier alles over.

January 23rd, 2010

Sapphire ATI HD5750 1G GDDR5 Vapor-X problems on Linux (x64)

Posted by Treg in Linux, Tech

Recently, I asked myself, what about a new graphics card for my pc? Since it was terribly slow… So I started looking around and bought myself an Asus Nvidia GTS250 card. This was a logic choice because Nvidia has good Linux drivers and this cards aren’t too expensive. But, it turned out that the card makes more noise than a vacuum-cleaner. 🙁

I returned the card and went looking for another one. The Sapphire ATI HD5750 Vapor-X 1G GDDR5 seemed to be the perfect quiet replacement. ATI supports Linux with binary drivers, so that was no problem (I tought). After installing the card with the latest proper drivers, all worked well. When suddenly… after 10 minutes my computer (videocard) crashed and my screen showed vertical lines. Most of the time I could SSH to the computer, so it didn’t totaly crash, but I was unable to relaunch Xorg. The graphics card was totally losing control.

After some surfing, emailing and chatting around, it turned out that many people are facing problems (ATI forum thread) with this cards. Finally, a good solution came from Sapphire. I had to upgrade the video bios from the graphics card. The new VBIOS adjust the powerplay function in 2D mode. Underneath you find my solution:

!! IMPORTANT, please check that your card has the following P/N:288-1E138-100SA and SKU#11164-04 !!
!! Don’t turn off the computer and do this at own risk !!

I’m hoping that this solves your problem too!

November 30th, 2009

Windows 7, network mapping problems.

Posted by Treg in Tech

So, you’re (very) satisfied with your new Windows 7 installation, but there they are, the first irritating problems. 😛

Sometimes, I’m working remotely with a VPN connection to the office. But since I’m using Windows 7, network mappings are acting very weird. They seem to be connected when I’m on a remote location without entering credentials, having the label “CSC-Cache”. I deleted, added, renamed, readded,… the network locations (also with “net use”), but in the explorer window, nothing good happened. Browsing the net learned me that Windows 7 standard uses “offline files”. Disabling this setting (finally) solved the problem. This is how you do it:

  1. Go to the “Control Panel”.
  2. In the “Search Control Panel” field, enter “offline” and click on search.
  3. The “Sync Center” will appear.
  4. Click on “Manage offline files” and click on “Disable offline files”.
  5. That’s it!
Next Page »