Locale Umloud Problems Cron

If you run scripts to handle text output by cronjobs your perhaps get problems with umlouds „ÖÄÜ“ cause they are displayed by „**“.
This is a problem cause cron uses „C“ setting as locale, you can test it by setting it into root crontab:

open crontab from root with:

$su - root
$crontab -

insert
* * * * * locale

This will mail cron’s locale echo to the mailbox of root! Read root’s mail!
After tests remove the locale entry at crontab!

Howto fix for Scripts:

open crontab from root with:

$su - root
$crontab -e

insert (for German):

LANG=de_DE.UTF-8 
LC_ALL=de_DE.UTF-8

for US:
LANG=en_US.UTF-8 
LC_ALL=en_US.UTF-8

Rsync: Performance NFS Boost

If you use two Linux Servers with NFS Shares connect over Gigabit Interfaces for Backups, you perhaps remark performance problems on using rsync.
It does often pause transmissions or reach only a rate of 32Mb/s. That’s bad and waste time and energy.

Background:
After some Tests of running Backups with single files and compressed big archives, the scans of my tools like iftop, systat, iptraf found out that the used Option „rsync -avz“ was the bottle neck, cause the Data Rate break down at intervals. The „z“ compress option was described on howtos as must have for slower networks did not work like a „on the fly permanent transmission“. My two Test Servers use each 3 Gigabit bonded NIC Cards, if the rsync command compress the Files, they were first pulled to RAM Cache and compressed there later after a small pause send.

Solution:
If you disable and remove the „z“ option and on used bash scripts as „batch run“ removing the „v“ Option too, i was able to send Data at range of 133MB/s.

On fast Network do:

$rsync -a /source/ /nfs-mounted-destination

FreeBSD: Monitor svn Updates

If you use the  svn subversion tool to update source tree or ports tree, you want to have a possibility to look back what was pulled, pushed and droped you can use a Log File to monitor the update scripts. This helps if you temporarily log out the Terminal Sessions for a Coffee break.

Howto:

  • Login to FreeBSD via SSH
  • Use a tmux program like screen or tmux, if not installed, then install it. This allows ongoing operations on disconnects
  • Run on the Terminal
    $tmux
  • Run
     $sudo svn update /usr/src > /home/updates/svn.log #exit STRG+B then press "d" detach
    
  • The svn script goes on at background and write the output to the svn.log
  • To read at realtime the log do
    $tail -f /home/updates/svn.log #remark this allow no interaction!
  • Later you can read the Log again to view what files were, dropped, updated, created. This helps to find MAJOR CHANGES!

FreeBSD: Current Version port upgrade fails with „portsnap extract“ bug

If you use the current „head“ Version (Release 12) of FreeBSD with a svn updated /usr/src path you could run into errors after updating the OS via buildworld from sources.

There’s a bug ahead Revision „r314099“ at the „portsnap“ lib that will stop on extracting the ports.tgz to /usr/ports!

Solution: Pull again sources to /usr/src with

$svn update /usr/src
$make buildworld
$make buildkernel
$make installkernel
$reboot
$mergemaster -p
$make installworld
$mergemaster -FiU
$reboot
$portsnap fetch update #again.. to update ports tree
$portupgrade -a
$reboot

This should work now, the failed portsnap extract function was a known bug. If you dont want to rebuild the system, you can use svn to update /usr/ports via svn repository. You can later rebuild the source OS again.

Security: Webserver HTTPS with Self Signed Certificate Do it yourself in 5 Minutes!!

Today the Point of Security and encrypted Webserver Communication is rolling over every User who hosts own Websites on the Internet. Last decades HTTPS was only used by Online Login Pages like Shops and Banks to verify the Communication between a User PC and the Website. But after January 2015 the most Search Engines like google decides to force index of Websites with HTTPS Protocol. The Background is that a TLS encrypted Connection isn’t easy to track and to force „drive-by-load-Viruses“ to the Website Visitors.

Self Signed Certificate Sample
Self Signed Certificate Sample

But a lot of Webmasters of the Opensource Community were angry about this handling. Thats is not real problem if you won’t buy a SSL/TLS Certificate. Every Webmaster can create a self signed Certificate on his Webserver if he is able to login via ssh and to config the Webserver like Apache. Self signed Certificates are warned by the Webbrowsers at the only first view, but if the User wants to install the Certificate the Browser isn’t warning next visits!

The Search Engines like Google don’t check the trust of the Certificates by the robots and so your Site will be good placed on the Index like the last decades. The ONLY thing is that you MUST move all Files,Images, Internal Links and Bookmarks to „https://“  that the „LOCK“ of the Browser Dialog is „CLOSED“  and „GREEN“ like on the Picture .

Of course if you want, you can buy and install „Domain Name Trusted“ Certificates, but if you only host private Websites/Blogs you won’t really pay over 100$ per Year for the Certificates.

Advantages:

  • Secure Login to your Site/Blog
  • Encrypted Transfer of Data
  • Security for your Visitors
  • No Drive-BY-Loads
  • Less Content Stealing

You will remark next years that the internet will be moved to HTTPS!

To create a Certificate use „OPENSSL“ with this command,answere the Questions of the Script, later put the Certificates .crt and .key to /etc/ssl/.. and tell Apache to pull them there!

$sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt

Raspberry Pi: Howto build a Local Network Monitor for Intrusion Logging Watchdog

Today the count of network devices at home networks grows up weekly, cause more and more home devices like freezers, coffee engines, dishwasher and more got builtin wifi interfaces. To have a Control Unit you can use a raspberry pi2 as cheap Network Monitor Logger.

The Raspian by default offers builtin free tools, like arp, arp-scan, nmap, ping to easy monitor a network. If you have learned some commands and the bash scripting you can fast create a Network Logger, perhaps with analyse tools to mail alerts if new „MAC“ NIC Adresses are seen. Every network device uses a owned MAC-ID like „00:d0:23:09:df:XX“. Thats like a car chassis number.

 

arp-scan
arp-scan

How to Setup:

  1. Install Raspian (Debian) on a SDCARD for PI2
  2. Boot the PI2 to Raspian
  3. Upgrade the OS
  4. Install lighttpd as Webserver for Outputs and start him
  5. Install the  Networktools „arp, arp-scan, nmap, ping“
  6. Edit root crontab to run the commands every minute like „* * * * *  /usr/sbin/arp-scan -l -I eth0 > /var/www/arp1/2-scan.log“
  7. Open a webbrowser to http://pi2/arp-scan.log #You should see the Text like inside the Image
  8. write a bash script with the „diff“ or „md5sums“ command to check the arp1-scan.log against the arp2-scan.log if any changes you can output a mail thru exim4 mailserver..

Advantage? A Pi2 is a powerful LAN WATCHDOG with 1Watt/hour and Mail Output Support to your devices! for free..