System Administration

Transfer files from iPad to Windows wireless w/o cloud in 10 steps

/ chirale / Leave a comment

10 steps to transfer files without using iCloud or other cloud services: an iPad and Windows are all you need.

Requirements:

  • Windows (tested on Windows 7)
  • Wi-fi router

Windows

  1. Create a new folder ipadshare on your disk (even removable) to host files
  2. Right click on the folder > Share with... > Specific users…
  3. Click on the bottom arrow on the dropdown > Create a new user > Another account (second to last element) > Create new account
  4. Type the name and the password for the new user (no Administrator)
  5. Back to the Share with…> Specific people… window:
    1. Select the new user from the dropdown
    2. Click on Add
    3. Give her read/write access
    4. Save

Ipad

  1. Connect to the same Wi-fi router your Windows PC is connected to
  2. From home screen go to Settings > Display and Brightness > Auto-Lock > Never
  3. From App Store, Install and open FileExplorer (free)
  4. Enter into Local or Photos
    1. Tap Edit and then Select all on the bottom (or select one element at time)
    2. Tap Copy into
  5. Select Connections > ipadshare. Type user and password and then tap Save.

Do not lock the screen during the transfer process since otherwise FileExplorer free can freeze. After the transfer, check the transferred items before deleting them from the ipad.

Photo by AddictiveTips.com.

No media key buttons on my keyboard: quick fix

/ chirale / 4 Comments

How to add media key buttons adding customizable shortcuts on a standard keyboard (working example attached).

Not all keyboards have media keys but you can fix this issue adding a global shortcut for your Windows system:

  1. Download and install AutoHotkey
  2. Download the media keys shortcut zip file  and extract on your Desktop
  3. Double click to add the media shortcut to your systray: the shortcut are added
  4. Open your media player and
    1. Tracks
      1. AltGr+Right arrow: Next
      2. AltGr+Alt+Down arrow: Play / Pause
      3. AltGr+Alt+Left: Previous
    2. Volume
      1. AltGr+Shift+Right: Volume Up
      2. AltGr+Shift+Down: Mute
      3. AltGr+Shift+Left: Volume Down
    3. AltGr+Shift+F1: open this howto with the default browser
  5. Alternatively you can use Ctrl+Alt in place of AltGr

Remember to launch the script each time you start the system or to add on automatic execution on start. To do so, Start > Run paste the following:

%appdata%\Microsoft\Windows\Start Menu\Programs\Startup

And then Enter. In the opened folder Right Click > New > Shortcut and paste:

%UserProfile%\Desktop\media_keys_shortcut.ahk

And Next to add the shortcut every time you login.

Download media_keys_shortcut
MD5: 5595F1686DE184A817A0261297003415

You can also read the file as a simple text file with your file editor to add new shortcuts.

See also

Media Keys on superuser

PuTTY freezes on OpenVPN on Windows

/ chirale / Leave a comment

Issue: Opening PuTTY no login information are returned and then the connection is closed.

Solution (Windows 7):

  1. On the taskbar Right click and then Disconnect the VPN
  2. Look for the VPN icon and then Right click on VPN shortcut icon > Properties
  3. Select Compatibility tab and then check Run as administrator
  4. Launch OpenVPN: a message will be prompted to allow the app to run as administrator

Stop to send Microsoft information about your system

/ chirale / Leave a comment

These steps will help you to block some of error reporting to Microsoft.

To help you in the task of finding error reporting issues install and run the free Kaspersky Security Scan: you will be notified by a list of issue affecting the PC the other antivirus usually don’t tell.

One of it is the notification to Microsoft of system states in situations like crashes. To stop sending Microsoft information like this you can follow these steps.

  1. On Windows 7, search “Action Center” in Windows > Search (or in your language, e.g. “Centro operativo” in Italian)
  2. Go to the 2nd voice on the left bar “change settings”
  3. Go to 2nd voice of related settings about error notification
  4. Check the very last element (Never check for solutions)
  5. In the previous screen check the first element about software use is disabled

Now take care about Microsoft Internet Explorer:

  1. On Windows 7, Run gpedit.msc
  2. Go to User Configuration > Administrative Templates > Windows Components > Internet Explorer
  3. Double click on Turn off Crash detection and then “Enable”
  4. Under Browser Menu Disable “Turn off the ability to launch report site problems using a menu option”

If you don’t use Internet Explorer as your main browser, disable also this under User Configuration > Administrative Templates > Windows Components > Internet Explorer:

  1. On the starting page option, check disable and set starting page as about:blank
  2. Run Internet Explorer and confirm the dialog about the about:blank as default page
  3. Now standard user cannot change the default starting page

Now go to Internet Explorer:

  1. Go to Gear (top right on IE 11) > Internet Options > Advanced > Security
  2. Select “Do not save crypted pages on disk”

Now go to Kaspersky Security Scan, go to Reports and refresh the list of issue. Note that if you have an antivirus, like Avira, Kaspersky will tell you autorun are active even if Avira block it so you can ignore these warning in this case.

Free disk space by finding big files

/ chirale / Leave a comment

Here you can find some useful application to look for big files on disk for Windows and Linux. These disk tools are all free software, and very useful to find big files on disk and free disk space.

On Windows: WinDirStat

  • Download and install WinDirStat
  • Run WinDirStat on your disks (it will take time)
  • You’ll see a coloured map of file occupation by file type

windirstat

On Linux command line: ncdu

  • On Ubuntu / Debian
    • apt-get install ncdu
    • cd /dir/to/check
    • ncdu
  • On CentOS / Fedora / RedHat
    • yum install ncdu
    • cd /dir/to/check
    • ncdu
ncdu-screenshot

ncdu screenshot by dev.yorhel.nl: Official Website

Press c to show the number of files / directories contained inside each directory, and C to sort them for number of items, pressing ? will show all available shortcuts.

On Linux with window manager (recent OS)

On a GNOME system (e.g. Ubuntu 20), the Disk Usage Analyzer is already installed, you can run with the command “baobab”. If not installed, you can:

apt-get install baobab

baobab

On Linux with window manager (legacy OS)

  • CentOS / Fedora / RedHat
    • yum install k4dirstat
  • On Ubuntu / Debian
    • apt-get install k4dirstat

Again, you’ll see a coloured map of file occupation by file type.

Official website

 

dirstat1-yuenhoe

Screenshot by yuenhoe.com

Updated on 2020-04-26

How to exchange a webserver maintaining the same IP address: haproxy

/ chirale / Leave a comment

Scenario: An obsolete server hosting a website must be put offline and a new one must take his IP address. You don’t want to change all of yours A records on DNS to put online your new website, just exchange the internal IP address of your local network.

Your provider can exchange the addresses to assign the old IP public address to the new internal IP but it takes his time. How to cover the time between the provider action and your new website online?

Haproxy is the answer.

This is the content of the /etc/haproxy/haproxy.cfg:

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
# redirect all traffic on :80 to another server
frontend  main *:80
    default_backend             app

backend app
    balance     roundrobin
    # where 192.168.x.x is the internal address of the new server
    server  app1 192.168.x.x:80 check

And then restart haproxy (e.g. on centos 6 service haproxy restart).

Before configuring haproxy remember to stop or reconfigure the service listening to the port 80. If for example you want to reconfigure apache you have to change Listen 80 into something like Listen 8081 in /etc/httpd/conf/httpd.conf (CentOS 6 systems), if you have varnish listening to the 80 you have to change the VARNISH_LISTEN_PORT parameter in  /etc/sysconfig/varnish.

Now all the traffic arriving to the old server on port 80 will be redirected to the new server via local network. When the provider will exchange the addresses you haven’t to change anything. Meanwhile, you can test all the production settings prior to the real internal IP exchange.

 

Installing Solr 5 on CentOS 6 with Java 1.7

/ chirale / Leave a comment

Here the instructions for a CentOS 6 with an already-installed Java 1.7 for Solr 5 without Tomcat.

cd
yum install lsof unzip
wget http://www.eu.apache.org/dist/lucene/solr/5.3.0/solr-5.3.0.tgz
tar zxvf solr-5.3.0.tgz
cd solr-5.3.0/bin

Now run the install_solr_service script as documented on official documentation:

mkdir /usr/local/etc/apache-solr-5
./install_solr_service.sh ../../solr-5.3.0.tgz -i /usr/local/etc/apache-solr-5 -d /var/mysolr5 -u mysolr5 -s
mysolr5 -p 5448

To get the current status:

service mysolr5 status

The service is already set to autostart:

chkconfig --list | grep solr
mysolr5 0:off 1:off 2:on 3:on 4:on 5:on 6:off

If you want to secure the Solr instance running it only on localhost, you can add a custom SOLR_OPTS:

nano /var/mysolr5/solr.in.sh
# Anything you add to the SOLR_OPTS variable will be included in the java
# start command line as-is, in ADDITION to other options. If you specify the
# -a option on start script, those options will be appended as well. Examples:
# ...
# run only on localhost
SOLR_OPTS="$SOLR_OPTS -Djetty.host=127.0.0.1"

Apply the changes and then check where the service is running:

service mysolr5 restart
netstat -tulpn | grep java
tcp 0 0 ::ffff:127.0.0.1:4448 :::* LISTEN 11273/java
tcp 0 0 ::ffff:127.0.0.1:5448 :::* LISTEN 11273/java

Before was available to all clients:

tcp 0 0 :::5448 :::* LISTEN 24541/java

Using supervisord

As alternative of the standard service you can use a nice tool like supervisor using the -f option to execute the command from there: I try before without the argument and supervisord will start the service on the client but it will not stop. Not good. The -f (foreground) option can solve this issue but I haven’t tested yet.

Using Tomcat

Tomcat is another way to run solr. I’ve used it in the past for multicore solr, but I will not use it anymore because I prefer single core running on multiple instances on different port. With this approach you can have a solr 5.x and 3.x instances running on the same server, not exactly efficient for consumed resources but really really more easy to deploy and maintain than Tomcat / multicore. So I’m happy with the service right now.

How to enable gzip on proxy servers on nginx

/ chirale / Leave a comment

I use often Gunicorn as web server for django applications.

Usually I use Apache but I’m starting to use nginx as webserver to serve both the static files and the proxied gunicorn response.

I need to do something like what I’ve done with Apache to compress the response after I received from django since I’ve noticed that in my case compressing it before using @gzip_page decorator is more detrimental to performance than doing it after.

Here an essential mysite.conf to put in /etc/nginx/conf.d.

server {
    listen      80;
    server_name .example.com other.domain.example.com;
    charset     utf-8;
    # max upload size
    client_max_body_size 75M;
    # Enable gzip for proxied requests and static files
    gzip on;
    gzip_proxied any;
    gzip_vary on;
    gzip_http_version 1.1;
    gzip_types application/javascript application/json text/css text/xml;
    gzip_comp_level 4;
    # Serve static files via nginx
    location /media  {
        alias /usr/local/etc/files/mysite/media_root;
    }
    location /static {
        alias /usr/local/etc/files/mysite/static_root;
    }
    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        # Serve dynamic requests via gunicorn on custom port (e.g. 8585)
        # and gzip the response
        if (!-f $request_filename) {
            proxy_pass http://localhost:8585;
            break;
        }
    }
}

In this way, content by Gunicorn is served to nginx and before to send it to client nginx gzip it, here with a compression level of 4 of 9. A compression between 1 and 4 is generally acceptable for any text content, avoiding to stress the CPU too much for a small compression gain.

Even the static files like css and javascript are served compressed for client with HTTP 1.1 support. You can add more type to compress including the mime type on the gzip_types row.

Read also on the same topic: How to enable gzip on proxy servers on Apache

Reference:

Installing and configure Memcache on CentOS 7

/ chirale / 1 Comment

Memcached is a service to speed up page caching by saving them not on file or database tables but on volatile memory.

This howto cover three configurations: memcached for use on localhost (A) and memcached for local and remote use (AB).

A: configuration for host for Memcache server.
B: configuration for client host that will use the memcached service.AB: configuration for host for the server machine AND for host that will use the memcache service (e.g. via loopback) client and server on the same machine.

I will tag the steps with these symbols to allow to do the right steps if you want an A or an AB configuration. Any of these steps has to run as root user.

Apply to: AB, A

Install memcached daemon, start it and set it to boot on system restart (enable):

yum install memcached nano
systemctl start memcached
systemctl enable memcached

And allow memcache to be contacted by the webserver if needed:

setsebool -P httpd_can_network_memcache 1

Install libraries for Memcache client

Apply to: AB, B

Install libraries needed to consume the memcached service by applications. The fundamental library is libmemcached, a very efficient library written in C and then wrapped by libraries in other languages like pylibmc.

yum install memcached python-memcached gcc python-pip libmemcached libmemcached-devel zlib-devel
pip install pylibmc

Check the configuration

Apply to: A, AB

Check if service is running:

systemctl status memcached -l

You’ll get something like:

memcached.service – Memcached
Loaded: loaded (/usr/lib/systemd/system/memcached.service; enabled)
Active: active (running) since gio 2015-09-03 09:36:18 CEST; 23h ago
Main PID: 25149 (memcached)
CGroup: /system.slice/memcached.service
└─25149 /usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024

set 03 09:36:18 myhostnamehere systemd[1]: Started Memcached.

Check again via netstat:

netstat -tulpn | grep memcached

And look at the stats:

memcached-tool 127.0.0.1 stats

The default setting for memcache is to run as TCP service. If you want to use memcache as UNIX socket to remove the TCP overhead, you can.

If you are are in AB configuration and you want to use Memcache only on the same server via TCP on loopback, you’ve done. If you are on A configuration and you want to serve memcache on other machine of the same network skip the next step.

Serve Memcache on UNIX socket

Apply to: AB (optional, skip if you want Memcached to be served as regular TCP service)

nano /etc/sysconfig/memcached

change:

OPTIONS=""

to:

OPTIONS="-s '/var/run/memcached/memcached.sock' -a 0766"

Restart the service:

systemctl restart memcached

it should fail due to write permission. Check the SELinux rule that is blocking the socket writing:

cat /var/log/audit/audit.log | grep memcached  | audit2allow

You should get something like:

#============= memcached_t ==============
allow memcached_t tmp_t:dir write;
allow memcached_t var_run_t:file getattr;
allow memcached_t var_run_t:sock_file create;

Apply the rule:

cat /var/log/audit/audit.log | grep memcached  | audit2allow -M mymemcached
semodule -i mymemcached.pp

And then restart the service again:

systemctl restart memcached

Now the TCP service is not running anymore:

netstat -tulpn | grep memcached

And to check the Memcached stats you have to ask to the socket instead of IP:

memcached-tool /var/run/memcached/memcached.sock stats

Serving memcache via TCP on different host on the same network

Apply to: A

You have to run memcache not on 127.0.0.1 but on the private address of the current machine. To do this, you have to get the address of the current machine and to bind memcache on it.

nano /etc/sysconfig/memcached

change:

OPTIONS=""

to:

OPTIONS="-l 192.168.xxx.yyy"

Where 192.168.xxx.yyy is the private address of your Memcache server host. To check what argument get -l you have to check using the ifconfig command. You get something like:

interfacenamehere: flags=0000 mtu 1500
inet 192.168.xxx.yyy netmask 255.255.255.0 broadcast 192.168.zzz.zzz
inet6 xxx::xxx:xxx:xxx:xxx prefixlen 00 scopeid 0x00
ether xx:xx:xx:xx:xx:xx txqueuelen 1000 (Ethernet)
RX packets 1657561 bytes 482287070 (459.9 MiB)
RX errors 0 dropped 6355 overruns 0 frame 0
TX packets 1492103 bytes 349546801 (333.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Now if you are on the B server and you ask for the 11211 port on the 192.168.xxx.yyy, you can’t connect.

You have to add a rule to the firewall on memcache server (A) to allow connections on local network.

Serving memcache via TCP on different host: create a memcached service for firewalld

Now you have to add a service to identify memcache

python

Then type the rows without the initial hashtag #. To avoid conflicts with future services I use memcached_chirale as service name:

# @see http://forums.fedoraforum.org/showpost.php?s=ff16ee76b348a3a4af5fb9c35c6c42a1&p=1730933&postcount=5
import firewall.core.io.service as ios
#Creates a service object
s=ios.Service()
#A short description
s.short = 'Memcached chirale'

#this defines the name of the xml file
s.name = 'memcached_chirale'

#A list of ports
s.ports = [('11211', 'tcp'), ('11211', 'udp')]
ios.service_writer(s, '/etc/firewalld/services')

Ctrl+D and or exit() and the configuration file is written:

less /etc/firewalld/services/memcached_chirale.xml

You can see all the configuration just written.

firewall-cmd --reload

to apply and then

firewall-cmd --get-services | grep memcached_chirale

will highlight the new service.

Serving memcache via TCP on different host: allow connection from the B server

Apply to: A

On the B host, run ifconfig to get the private address of the machine as before.

Then go to the A server and whitelist the B machine address on the firewall on the internal zone where 192.168.bbb.bbb is the B host private address.

firewall-cmd --permanent --zone=internal --add-service=memcached_chirale
firewall-cmd --permanent --zone=internal --add-source=192.168.bbb.bbb
firewall-cmd --reload

You will receive success messages if everything is ok.

You can check the rules on the file /etc/firewalld/zones/internal.xml or using:

firewall-cmd --zone=internal --list-all

Check the service on 192.168.bbb.bbb (B host)

Use telnet to connect to 11211 port on A host:

telnet

After the connection establishment just type:

stats

And you’ll get values like:

STAT pid 55555
STAT uptime...

Then, Ctrl+D and you’re done. You can use the same command you use via memcached-tool but remember

A note about the firewalld zone

Note: I used the internal zone because it match my need. The internal zone is described like this:

For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.

The very last sentence is important, since only IPs added via add-source on the zone are allowed to connect to the service. Use this and other rules with caution and don’t be too permissive. This howto can be very shorter avoiding firewall and selinux but disabling these tools will open to malicious attacks your systems.

Acknowledgements

Here some of the sources I’ve used to make this thing happen. Thank you for helping the community to spare time writing useful howtos!

Photo by Memcache

How to fix the Bash bug on CentOS 6

/ chirale / Leave a comment

Recently a critical bash bug was discovered.

To fix your CentOS 6 you have to check if you have a vulnerable bash installed. From a non root user, type:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you read “vulnerable” as output then you have to update bash. Type su- and then the password to log in as superuser, then type:

yum update bash

Type Y when asked. When the update process is completed, retype the test script:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

And you shouldn’t read the “vulnerable” message anymore.

Read more: