Paranoids Blog – Page 2 – Linux, Network, Scripting

ubuntu 16.04 mysql dump too many open files mysql?

20/02/201920/02/2019 paranoids

In my case it was a process limitation of systemd. The mysql config my.cnf was correctly setup. (open_files_limit)
Just run the following commands:

systemctl edit mysql.service

[Service]
LimitNOFILE=infinity

systemctl daemon-reload

systemctl restart mysql

Have fun!

cgroup ubuntu 18.04 howto

19/02/201927/02/2019 paranoids

Install required packages

apt install cgroup-tools

copy cgred.conf from examples

cp /usr/share/doc/cgroup-tools/examples/cgred.conf /etc/

/etc/cgconfig.conf

group web2 {
     cpu {
         cpu.cfs_quota_us=10000;
     }
     memory {
         memory.limit_in_bytes = 1024m;
     }
}

cpu.cfs_quota_us = 10000 equals to 10% cpu usage
memory.limit_in_bytes = 1024 equals to 1G of system memory

/etc/cgrules.conf

#<user>    <controllers>           <destination>
web2       cpu,memory              web2

This will limit every process of the user web2 to 10% CPU and 1G of memory.

For testing use this commands:

/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
/usr/sbin/cgrulesengd -vvv

check if cgroup’s are working properly

cat /sys/fs/cgroup/cpu/web2/tasks
cat /sys/fs/cgroup/memory/web2/tasks

Here my systemd service files, install them the usual systemd way

cgconfigparser.service

[Unit]
Description=cgroup config parser
After=network.target

[Service]
User=root
Group=root
ExecStart=/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
Type=oneshot

[Install]
WantedBy=multi-user.target

cgrulesgend.service

[Unit]
Description=cgroup rules generator
After=network.target cgconfigparser.service

[Service]
User=root
Group=root
Type=forking
EnvironmentFile=-/etc/cgred.conf
ExecStart=/usr/sbin/cgrulesengd
Restart=on-failure

[Install]
WantedBy=multi-user.target

reload systemd and start services

systemctl daemon-reload
systemctl enable cgconfigparser
systemctl enable cgrulesgend
systemctl start cgconfigparser
systemctl start cgrulesgend

Have fun!

Archlinux systemd networkd static IPv4 IPv6 dualstack config

10/02/201920/02/2019 paranoids

Hi

Here my systemd networkd config

/etc/systemd/network/eno1.network

[Match]
Name=eno1

[Network]

Domains=domain.tld
NTP=192.168.x.x
NTP=192.168.x.x

IPv6AcceptRA=no

Address=XXXX:XXXX:XXXX::a/64
Gateway=XXXX:XXXX:XXXX::1
DNS=XXXX:XXXX:XXXX::9
DNS=XXXX:XXXX:XXXX::2
Address=192.168.x.10/24
Gateway=192.168.x.1

Have fun!

WordPress Gravatar Emoji Gutenberg Google Fonts Spyware

08/02/201908/02/2019 paranoids

Hello

After viewing some of Richard Stallman’s interviews I decided to check this blog for spyware. I’ve found some major problems with WordPress and privacy.

First were the Gravatars. I’ve simply disabled them in WordPress settings.

Settings -> Discussion -> Avatar Display

Second were the Google Fonts in the template. I’m using as template sparkling. In the child-template I’ve disabled the fonts of the theme. I simply set my own local font in style.css.

https://colorlib.com/wp/forums/topic/remove-google-font/#post-113288

Third were the emoji’s.

Settings -> Writing -> Formatting -> Convert emoticons like :-) and :-P to graphics on display

Fourth and last is the Gutenberg Editor. It seems that WordPress uses in it’s core Google Fonts at least for the Gutenberg editor. I’ve found a plugin which does the job very well.

https://wordpress.org/plugins/disable-google-fonts/

Discussion on Github about WordPress core
https://github.com/WordPress/gutenberg/issues/11648

Have fun!

Archlinux SAMBA Fileserver Btrfs Qnap TS-459 PRO II

21/12/201807/02/2019 paranoids

I’ve got an used half dead Qnap TS-459 PRO II in hands. The original Qnap OS won’t detect the installed disks not quite stable, due to a faulty Marvell SATA-Controller Chip.
The other Marvell SATA-Controller works fine. So only 2 of 4 disks are working.

Archlinux has very good btrfs support due to the fresh packages. Otherwise I would have used debian or ubuntu.

Problems with this special type of hardware:
*) Bios does not detect the connected disks on this devices, thus you only can boot from the internal USB device

You have to set /boot to the internal USB-Device

I’ve changed the /boot/grub/grub.cfg at the first line

set root='mduuid/daa55d04:df1b4f59:52419904:51489ef3'

set root='hd0,msdos1'

Now grub is reading it’s config files from that USB-Device.

WARNING! If you recreate your grub.conf with gurb-mkconfig -o /boot/grub/grub.cfg this change will be overwritten. I was to lazy to fix that :-)

Archlinux booting from Software-RAID you have to

mdadm --detail --scan >> /etc/mdadm.conf

vim /etc/mkinitcpio.conf

HOOKS=(base udev autodetect modconf block filesystems keyboard fsck mdadm btrfs)

mkinitcpio -p linux

mdadm will include the /etc/mdadm.conf in initramfs. I’m using btrfs for root and data partitions. Therefore I’ve added btrfs just in case :-). Normally it will be automatically included.

You also want some periodic check of your RAID consistency. This device has really old used disks built in. So I’ve “stolen” the checkarray script from an ubuntu installation and created a systemd timer

/etc/systemd/system/checkarray.timer

[Unit]
 Description=Software RAID checkarray timer
 [Timer]
 OnCalendar=monthly
 AccuracySec=1h
 [Install]
 WantedBy=timers.target

/etc/systemd/system/checkarray.service

[Unit]
 Description=Software RAID checkarray service
 [Service]
 Type=oneshot
 ExecStart=/usr/local/sbin/checkarray --all --idle --quiet

Might you want to have lm_sensors support.
*) vim /etc/modules-load.d/sensors.conf
it87
*) Install lm_sensors and run pwmconfig.

Fancontrol runs really nice on this board!

Here my samba config file if you need it. I’ve enabled samba audit for the “daten” share. Very handy to handle Crypto-Trojans faster and easier.

[global]
         workgroup = nas01.local
         server string = nas01
         domain logons = No
         domain master = No
         printing = bsd
         security = user
         hosts allow = 127.0.0.1 192.168.0.0/16
     printcap name = /dev/null
     #Windows XP fix
         lanman auth = yes
         ntlm auth = yes
     full_audit:failure = none
     full_audit:success = mkdir rename unlink rmdir pwrite write
     full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S
     full_audit:facility = local7
     full_audit:priority = NOTICE

 [daten]
         comment = daten
         hosts allow = 192.168.0.0/16
         path = /daten/samba/daten
         read only = No
         valid users = daten
         available = yes
     create mode = 0644
     directory mode = 0755
     vfs objects = full_audit
 
[backup]
         comment = daten
         hosts allow = 192.168.0.0/16
         path = /daten/samba/backup
         read only = No
         valid users = backup
         available = yes
         create mode = 0644
         directory mode = 0755
 
[snapshots]
         comment = daten
         hosts allow = 192.168.0.0/16
         path = /daten/.snapshots
     force user = root
     valid users = daten
         read only = yes
         available = yes

I’ve enabled btrfs snapshots with snapper and the corresponding systemd-timers of the Archlinux package. Useful if you want to recover accidentally deleted or overwritten files

WARNING! Snapshots do not replace a real Backup!

This device has also an LCD Display. Someone has written a very good ksh script dealing with it.
https://github.com/jdupl/QnapFreeLCD

I don’t need all of this goodness. So I wrote my on crappy script to display only the Information I need :-) It does what it should do :-)

https://www.paranoids.at/downloads/lcdMonitor.php.txt

Have fun!