Schlagwort-Archive: lang:en

Root login on debian mariadb

Debian switched to mariadb by default. On a new installation you can login to your mysql database as root just by executing the mysql command without a password.

root@host:~# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 56339
Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type ‚help;‘ or ‚\h‘ for help. Type ‚\c‘ to clear the current input statement.

MariaDB [(none)]>

This is or can be a nice security feature. Connecting as root is only allowed by the root system user through the mysql unix socket. On the other hand you may have some software which needs the root user to access the database server. In this case you need to tweak some user settings.

First, set a password.

MariaDB [(none)]> update mysql.user set password=password(‚geheim‘) where user=’root‘;
MariaDB [(none)]> flush privileges;

Next, change the connection type.

MariaDB [(none)]> update mysql.user set plugin=“ where user=’root‘;
MariaDB [(none)]> flush privileges;

Downside seems to be the init process and autostart procedure. If you set a password for the root account, you need to add it to your /etc/mysql/debian.cnf in cleartext. Maybe you might want to consider this. Better choice would be to create a second privileged user.

Reverse ssh tunnel

My ISP started to roll out broken IPv6 for home users, so my services aren’t available from outside anymore. I don’t need a full vpn solution, but sometimes I just want to ssh home to check a file etc. The simplest solution was to create a reverse ssh tunnel. The raspberry pi inside my home network connects to my public server via ssh. Logged in on the server I can connect to a local port and get forwarded to the raspberry. That works for me really well.

Since wifi is a little bit flaky, I need to make sure, that the ssh connection is reopened when there is a connection loss. You can write a very simple script like this and use a cronjob to execute it.

#!/bin/bash

COUNT=$(ps ax | grep 'ssh -Nf -R' | wc -l)

if [ $COUNT -eq 1 ]
then
    echo "No tunnel yet. Creating..."
    ssh -Nf -R LOCALPORT:localhost:PORT user@remote
else
    echo "Tunnel already exists. Aborting."
fi

But I just found out about autossh. Which does the monitoring for you. I tried to get it working with systemd, but without any success. Ideas are welcome.

$ cat /etc/systemd/system/autossh-tunnel.service
[Unit]
Description=reverse ssh tunnel
Wants=network-online.target
After=network-online.target

[Service]
Type=simple
User=localuser
ExecStart=/usr/bin/autossh -f -M 0 remote -l remoteuser -N -o "ServerliveInterval 60" -o "ServerAliveCountMax 3" -R LOCALPORT:localhost:PORT
ExecStop=/usr/bin/pkill autossh
Restart=always

$ sudo systemctl enable autossh-tunnel.service
$ systemctl start autossh-tunnel.service

Looking at journalctl, I can see the exit but no reason. Executing the command manually works fine.

systemd[1]: Starting reverse ssh tunnel...
systemd[1]: Started reverse ssh tunnel.
autossh[2468]: port set to 0, monitoring disabled
autossh[2474]: starting ssh (count 1)
ssh child pid is 2476
received signal to exit (15)

In the end I modified the bash script to use autossh.

#!/bin/bash

COUNT=$(ps ax | grep 'autossh' | wc -l)

if [ $COUNT -eq 1 ]
then
  echo "No tunnel yet. Creating..."
  /usr/bin/autossh -f -M 0 remote -l remoteuser -N -o "ServerliveInterval 60" -o "ServerAliveCountMax 3" -R LOCALPORT:localhost:PORT
else
  echo "Tunnel already exists. Aborting."
fi

If you have a better solution, let me know.

Turn-by-turn navigation with a single click

I was always looking to start a navigation using Google Maps on Android with a just a single click. Of course you can set some presets or even a location, and since a few generations of Google now, there is even a navigation shortcut for your work or home address. But one thing, all these methods were missing: A real one click solution. Every shortcut only gets you to the calculated route, you always have to start the real navigation with another click.
Using tasker, I found a way to finally realize what i needed.
Tasker has support for intents and using the Google Maps-Intent works like a charm.

Create a new task.
Add System -> Send Intent
Action: android.intent.action.VIEW
Type: None
Data: google.navigation:q=location+you+look+for&mode=w

modes:

  • d for car (drive)
  • w for walk
  • b for bike

Take a look the the manual page for all options.

Trakt.Watch 1.2 update – Loading screen, watchlist

I updated the pebble watchapp to version 1.2 and added two new features:

  • Loading screen
  • Watchlist

Since most entries require a web request to get the relevant data, there is always some loading time. Depending on your bluetooth connection to your phone and your phone’s network connection, this can take a few seconds. To make it visible, that the app is working and processing your request, I added a loading screen when making a web request.

I added a new menu entry: watchlist. At the moment the menu only shows the episodes on your watchlist. I’m planing to add shows and to mark them as watched.

I would love to hear some user feedback and your feature requests.

 

Trakt.Watch v1.1 for pebble released

I got my Pebble 2 a few weeks ago and decided to tinker a little bit with the SDK. Since I’m using trakt.tv to track my tv shows and wanted to try a few things, I build a watchapp for my pebble and released it today.

At the moment the app is able to:

  • authenticate against the trakt.tv api using the API (using the watchapp configuration dialog)
  • show your „on deck“ episodes
  • add the episode to you watch history (with current timestamp)
  • show your history of watched shows
  • „unwatch“ an episode
  • show basic user information
  • show auth information

Maybe I will add some more features in the future.

You can find more info about the app here: https://qstracker.com/traktwatch/. You’re welcome to try the watchapp and leave some comment.

The process of build the app and all other things needed to operate this (oauth handler etc) was quite fun and I’m thinking about porting this for some other APIs.

COPS – Another OPDS catalog

The setup using the owncloud app described here works really well. Unless you want to share your books and catalog with someone else and you use the owncloud user also for other stuff and files. Of course it would be possible to create a special books-user and share the folder with other users etc., but this is to complex for my single user installation. Looking for a ebook reader addon, I found COPS – Calibre OPDS (and HTML) PHP Server. COPS generates an OPDS catalog using multiple sorting features and provides a search function. It also includes an ebook reader.

Install some needed packages.

sudo aptitude install php5-gd php5-sqlite php5-json php5-intl

Download the latest version from github.
I created a new subfolder in the webserver’s document root under /var/www/cops/ and extracted the files.

Copy the example configuration.

sudo cp /var/www/cops/config_local.php.example /var/www/cops/config_local.php

Edit the config file and change the path to your ebook directory containing the metadata.db from calibre.

$config['calibre_directory'] = '/media/usb/owncloud/user/files/ebooks/';

Edit your nginx configuration to password-protect your book collection. Add the section to your server configuration.

location /cops {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}

Generate the .htpasswd file with your tool of choice. For testing use an online generator.

Point your browser to the encrypted SSL version of your url like https://yourip/cops. It should ask for a username and password and after correct credentials, show you your collection. To use the catalog with an app like FBReader, you need to apend feed.php to the url like https://yourip/cops/feed.php.cops

cops2

 

Replace harddisk to grow raid and lvm volume

I ran out of disk space on a 2 disk raid mirror. I already replaced one of the harddisks with a bigger 4TB one. The size doesn’t allow for MBR anymore and I needed to switch to GPT. The now smaller drive is also to replaced. Here are some of my notes for the procedure for later use. In the end I didn’t use this guide. I had a good backup and some time on the weekend as nobody needed the server, so I opted for the live migration. Since I already wrote most of the steps down, I will keep it and just add some notes at the end.

Mark the smaller disk as failed and remove it from the array.
mdadm --manage /dev/md0 --fail /dev/sda1
mdadm --manage /dev/md1 --fail /dev/sda2
mdadm --manage /dev/md2 --fail /dev/sda3
cat /proc/mdstat
mdadm --manage /dev/md0 --remove /dev/sda1
mdadm --manage /dev/md1 --remove /dev/sda2
mdadm --manage /dev/md2 --remove /dev/sda3

Shutdown the system, replace harddisk with new one and boot a live system. Install the needed packages.
aptitude install mdadm gdisk
modprobe raid1

Start raid.
mdadm --examine --scan >> /etc/mdadm/mdadm.conf

Clone the GPT partition schema to the new disk.
sgdisk --backup=table /dev/sdb
sgdisk --load-backup=table /dev/sda
sgdisk -G /dev/sda

Add to raid
mdadm --manage /dev/md0 --add /dev/sda1
mdadm --manage /dev/md1 --add /dev/sda2
mdadm --manage /dev/md2 --add /dev/sda3

Synchronisation starts. You can watch the process with
watch cat /proc/mdstat

Expand the raid to the new maximum size.
mdadm --grow /dev/md2 --size=max

Grow the LVM.
pvresize /dev/md2
lvextend -L +1TB /dev/mapper/deb7-home
resize2fs /dev/mapper/deb7-home
grub-install /dev/sdc --recheck

Reboot.

Manual integrity-check of raid.
/usr/share/mdadm/checkarray /dev/md0
/usr/share/mdadm/checkarray /dev/md1
/usr/share/mdadm/checkarray /dev/md2

 

Alternative: Live migration

Live migration is nearly the same, but you don’t have to reboot the system.

Hotplug the new (third) drive to your system. If the Sata-controller is set to AHCI mode, the system should recognize the new drive.

After cloning the partition table with sgdisk, add the drive to the raid.
mdadm /dev/md0 --manage --add /dev/sdc1
mdadm /dev/md1 --manage --add /dev/sdc2
mdadm /dev/md2 --manage --add /dev/sdc5

Grow the raid to 3 devices and let it recover.
mdadm /dev/md0 --grow -n3
mdadm /dev/md1 --grow -n3
mdadm /dev/md2 --grow -n3

Mark the to-be-replaced drive as failed and remove it from the raid array.
mdadm /dev/md0 --manage -f /dev/sda1 -r /dev/sda1
mdadm /dev/md1 --manage -f /dev/sda2 -r /dev/sda2
mdadm /dev/md2 --manage -f /dev/sda3 -r /dev/sda3

Shrink the array again to 2 drives.
mdadm /dev/md0 --grow -n2
mdadm /dev/md1 --grow -n2
mdadm /dev/md2 --grow -n2

Grow the raid and extend pv, lv and filesystem like above.

OPDS catalog in owncloud

A few ebook reader apps are able to connect to an OPDS catalog and fetch books from there directly. Since I store all my calibre-managed ebooks on my owncloud share, it would be nice to automatically generate such a catalog. Frank de Lange has built a plugin for owncloud to do just that. You can find it in his github or here.

To install, download the files and unzip them into the owncloud/apps/ directory.

After that change the directory permissions:

sudo chmod -R 750  /var/www/owncloud/apps/files_opds/

You also have to app the option

„appcodechecker“ => false

to your config.php. You can then activate the extension in the apps menu.

Visit the administration page and check your settings (defaults should be fine). After that change to your personal settings. Edit the directory containing your ebooks. Make sure, you don’t add a backslash at the end of the path. This one took me some time to figure out.

Root directory: /documents/ebooks

Click the „Schedule rescan“ button. After that you can access your OPDS catalog using your owncloud login at the url

https://yourinstallation/owncloud/index.php/apps/files_opds/

Chrome doesn’t know what to do with the data, but firefox displays the catalog nicely.

Amazon Fire Stick: Screensaver timeout

There are two timeouts for your fire stick:

  • Time until the screensaver starts
  • Time until the screen goes dark

The first one can be set in the preferences menu, the second only via adb. Enable debugging support on you device and connect via adb.

adb connect IP_ADDRESS
connected to IP_ADDRESS:5555
adb shell

Change the timeout:

shell@montoya:/ $ settings put system screensaver_timeout 30000
shell@montoya:/ $ settings put system screen_off_timeout 214760000
shell@montoya:/ $ settings get system screen_off_timeout
214760000

Install a full syslog-ng in pfsense

Some quick notes.

# Remove old syslog-ng package
pkg_info | grep syslog-ng
pkg_delete syslog-ng-1.6.12_1

# Installing new version
setenv PACKAGESITE
http://files.pfsense.org/packages/amd64/8/All/
ftp://ftp4.freebsd.org/pub/FreeBSD/ports/i386/packages-stable/Latest/
pkg_add -r syslog-ng

# Make sure there is a /usr/local/etc/syslog-ng.conf

# Autostart syslog-ng, edit /etc/rc.conf.local
syslog_ng_enable=“YES“

# Disable default syslog, /etc/rc.conf.local
syslogd_enable=“NO“

# Kill syslogd, start syslog-ng
kill `cat /var/run/syslog.pid`
/usr/local/etc/rc.d/syslog-ng start

 

Sources:
http://forum.pfsense.org/index.php?topic=3976.0
http://forum.pfsense.org/index.php/topic,7793.0.html
http://www.mail-archive.com/discussion@pfsense.com/msg02764.html
FreeBSD based version info: http://doc.pfsense.org/index.php/PfSense_and_FreeBSD_Versions