Subscribe via feed.

Create a Network-Wide Ad Blocker with a Raspberry Pi

Posted by kwame under Uncategorized (No Respond)

You have software to block ads on your computer, but if you want to block ads on all your devices—from your smartphone to your tablets—you’ll need something a little stronger. Enter the Pi-Hole, a Raspberry Pi image that blocks ads of all sorts at the router level.

Source: Create a Network-Wide Ad Blocker with a Raspberry Pi

Linux: Keep An Eye On Your System With Glances Monitor

Posted by kwame under Uncategorized (No Respond)

Is there is a tool that can provide me a maximum of information (such as cpu, disk I/O, network, nfsd, memory and more) about my Linux/Unix server in a minimum of space in a terminal?

There are plenty of monitoring tools on Linux or Unix-like systems that can provide information about your server:

 

  1. CPU load
  2. OS Name/Kernel version
  3. System load
  4. Disk and Network I/O
  5. Process
  6. Memory usage
  7. Mount point and much more.

Source: Linux: Keep An Eye On Your System With Glances Monitor

10 Job Interview Questions for Linux System Administrators | Linux.com

Posted by kwame under Featured, linux, networking, sysadmin (No Respond)

questions-flickr-cc   SysAdmins of all experience levels can benefit from brushing up on their job interview skills if they want to find and land a great new job.

Source: 10 Job Interview Questions for Linux System Administrators | Linux.com

 

 

Allegations Of Corruption Dog Mexico’s First Lady Angélica Rivera

Posted by kwame under podcast, politica, radio (No Respond)

Rivera promised she would sell a multimillion-dollar home bought under controversial circumstances. Many questions remain regarding the purchase, and she hasn’t sold the house.

Source: Allegations Of Corruption Dog Mexico’s First Lady Angélica Rivera

Flash plugin update on Debian 8

Posted by kwame under geek stuff, linux, sysadmin (No Respond)

flash-logo   Just a quick reminder on how to upgrade your flash-plugin install in Debian 8

update-flashplugin-nonfree –install

 

Cheers!

Sergio Valdeolmillos aguarda propuesta oficial | Excélsior

Posted by kwame under Uncategorized (No Respond)

El coach español sabe que Gustavo Ayón pidió su vuelta a la Selección Nacional; él está en la posición de negociar con miras al Preolímpico

CIUDAD DE MÉXICO, 29 de abril.- Gustavo Ayón ha vuelto a poner contra la pared a la Liga Nacional de Basquetbol Profesional (LNBP) y promueve el regreso a la selección del entrenador español Sergio Valdeolmillos, como garantía de que él pueda vestir la playera nacional de basquetbol.

Desde España, Valdeolmillos afirmó a Excélsior que “México me merece el mayor de los respetos y por supuesto que los escucharía”.

El lunes por la noche, la Comisión Nacional de Cultura Física y Deporte (Conade) informó que Alfredo Castillo, titular del organismo, y Ayón sostuvieron una conversación telefónica para charlar sobre el regreso del nayarita a la selección.

Source: Sergio Valdeolmillos aguarda propuesta oficial | Excélsior

Billy Donovan learning toward taking Oklahoma City coaching job

Posted by kwame under Uncategorized (No Respond)

Billy Donovan is leaning strongly toward taking the Oklahoma City Thunder coaching job, according to sources in both the pro and college game.

Source: Billy Donovan learning toward taking Oklahoma City coaching job

Internet radio stations at the tip of your fingers (and terminal)

Posted by kwame under geek stuff, general, linux, podcast, radio (No Respond)

For those who want to listen to a variaty of internet radio stations, here I leave you with these bash alias

<span class="pl-s3">alias</span> news=<span class="pl-s1"><span class="pl-pds">"</span>mplayer -playlist http://minnesota.publicradio.org/tools/play/streams/news.pls<span class="pl-pds">"</span></span> <span class="pl-c"># MPR News </span>
<div id="file-internet_radio_stream_aliases-sh-LC7" class="line"><span class="pl-s3">alias</span> current=<span class="pl-s1"><span class="pl-pds">"</span>mplayer -playlist http://minnesota.publicradio.org/tools/play/streams/the_current.pls<span class="pl-pds">"</span></span> <span class="pl-c"># The Current </span></div>
<div id="file-internet_radio_stream_aliases-sh-LC8" class="line"><span class="pl-s3">alias</span> classical=<span class="pl-s1"><span class="pl-pds">"</span>mplayer -playlist http://minnesota.publicradio.org/tools/play/streams/classical.pls<span class="pl-pds">"</span></span> <span class="pl-c"># Classical MPR </span></div>
<div id="file-internet_radio_stream_aliases-sh-LC9" class="line"><span class="pl-s3">alias</span> minnesota=<span class="pl-s1"><span class="pl-pds">"</span>mplayer -playlist http://minnesota.publicradio.org/tools/play/streams/local.pls<span class="pl-pds">"</span></span> <span class="pl-c"># Minn </span></div>
<div id="file-internet_radio_stream_aliases-sh-LC10" class="line"><span class="pl-s3">alias</span> heartland=<span class="pl-s1"><span class="pl-pds">"</span>mplayer -playlist http://minnesota.publicradio.org/tools/play/streams/radio_heartland.pls<span class="pl-pds">"</span></span> <span class="pl-c"># MPR Radio Heartland </span></div>
<div id="file-internet_radio_stream_aliases-sh-LC11" class="line"><span class="pl-s3">alias</span> wonderground=<span class="pl-s1"><span class="pl-pds">"</span>mplayer http://wondergroundstream2.publicradio.org/wonderground<span class="pl-pds">"</span></span> <span class="pl-c"># MPR Wonderground Windows Media </span></div>
<div id="file-internet_radio_stream_aliases-sh-LC12" class="line"><span class="pl-s3">alias</span> choral=<span class="pl-s1"><span class="pl-pds">"</span>mplayer -playlist http://choralstream1.publicradio.org/choral.m3u<span class="pl-pds">"</span></span> <span class="pl-c"># Clasical MPR Choral</span></div>
<div id="file-internet_radio_stream_aliases-sh-LC13" class="line"><span class="pl-s3">alias</span> wefunk=<span class="pl-s1"><span class="pl-pds">"</span>mplayer -playlist http://www.wefunkradio.com/play/shoutcast.pls<span class="pl-pds">"</span></span> <span class="pl-c"># WEFUNK Radio MP3 64K</span></div>
<div id="file-internet_radio_stream_aliases-sh-LC14" class="line"><span class="pl-s3">alias</span> sleepbot=<span class="pl-s1"><span class="pl-pds">"</span>mplayer -playlist http://sleepbot.com/ambience/cgi/listen.cgi/listen.pls<span class="pl-pds">"</span></span> <span class="pl-c"># Sleepbot Environmental Broadcast 56K MP3</span></div>
<div id="file-internet_radio_stream_aliases-sh-LC15" class="line"><span class="pl-s3">alias</span> groovesalad=<span class="pl-s1"><span class="pl-pds">"</span>mplayer -playlist http://somafm.com/groovesalad130.pls<span class="pl-pds">"</span></span> <span class="pl-c"># Soma FM Groove Salad iTunes AAC 128K</span></div>
<div id="file-internet_radio_stream_aliases-sh-LC16" class="line"><span class="pl-s3">alias</span> dronezone=<span class="pl-s1"><span class="pl-pds">"</span>mplayer -playlist http://somafm.com/dronezone130.pls<span class="pl-pds">"</span></span> <span class="pl-c"># Soma FM Drone Zone iTunes AAC 128K</span></div>
<div id="file-internet_radio_stream_aliases-sh-LC17" class="line"><span class="pl-s3">alias</span> lush=<span class="pl-s1"><span class="pl-pds">"</span>mplayer -playlist http://somafm.com/lush130.pls<span class="pl-pds">"</span></span> <span class="pl-c"># Soma FM Lush iTunes AAC 128K</span></div>
<div id="file-internet_radio_stream_aliases-sh-LC18" class="line"><span class="pl-s3">alias</span> sonicuniverse=<span class="pl-s1"><span class="pl-pds">"</span>mplayer -playlist http://somafm.com/sonicuniverse.pls<span class="pl-pds">"</span></span> <span class="pl-c"># Soma FM Sonic Universe iTunes AAC 128K 

First impressions of CentOS 7

centos7-logoCentOS 7 has been out for a while now and it’s time to get busy with it and exploring this new version.
Some major changes have taken place in this version and I’ll list them here with no specific order.

The first thing you’ll see is that the installer is now the same as the one used in Fedora, you can still drop to the text mode install but if you use the GUI installer it’s just about the same as the one Fedora uses.

During the partitioning you’ll see that the filesystem chosen by default is now xfs and not ext4, even though it’s still available (ext4). It’s kind of a surprise that xfs was chosen as the default over ext4, specially considering that the last recorded updates for xfs date from 2013 http://xfs.org/index.php/XFS_Status_Updates. Now, talking about the nice features of xfs, it’s very powerful, it allows you to create incremental backups and from what I read in the documentation, it has the ability to suspend and resume in-progress dumps. If you are serious about migrating to CentOS 7 in the near future, xfs is definitively something you need to get your head around.

I’ll continue in another post my review of CentOS 7

Restricting mysql access to a user based on his source ip

Posted by kwame under geek stuff, linux, MySQL, sysadmin (1 Respond)

mysqlOne of the most challenging aspects of working as a sysadmin is the broad scope of the tasks you have to work on. In a single day’s work you could be asked to look into a security report and take the appropriate steps to address it and fix it. You can also be brought into an alert reported by a monitoring system and do various things, such as, modify the threshold of the alert since it was a false positive and / or look into the alert itself and fix it. You can be asked to modify some application software to be able to handle the load it’s receiving by changing its settings or just deploy a second or more instances of this application and place all of them behind a load balancer so the load is spread between all of the app servers, all of this, without any downtime or interrupting the sessions of users already logged into your application. You can also be tasked to lock down the access to an application on a specific layer and you need to be able to do it in a very short amount of time since the application might be vulnerable or under attack.

All of these aspects make a sysadmin’s work day a very interesting one. I was recently asked to restrict access to MySQL and allow users to be able to connect from only a specific network segment. If I had just been asked to restrict access to MySQL based on network segment (this is a high traffic MySQL server running on a Linux server) I would have used iptables right out of the bat and be done with the task, but the request was to restrict access in the database itself.

So I went to the MySQL documentation site and followed some pointers. Fired up a VM to do some tests and these are the steps I would follow to achieve such task.

1. Review grants for the user which I want to lock down:

[root@workvm ~]# mysql -u root -p -h localhost
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> select user,host from mysql.user;
+-------+--------------------+
| user  | host               |
+-------+--------------------+
| kwame | %                  |
| root  | 127.0.0.1          |
|       | localhost          |
| kwame | localhost          |
| root  | localhost          |
|       | workvm.pythian.com |
| root  | workvm.pythian.com |
+-------+--------------------+
7 rows in set (0.00 sec)

mysql> show grants for 'kwame'@'%';
+------------------------------------------------------------------------------------------------------+
| Grants for kwame@%                                                                                   |
+------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'kwame'@'%' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' |
| GRANT ALL PRIVILEGES ON `db1`.* TO 'kwame'@'%'                                                       |
+------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql>

In this case we want to restrict access to the user ‘kwame’ to have access only from 192.168.100.x

2. Remove access to this user:


mysql> delete from user where user='kwame' and host='%';
Query OK, 1 row affected (0.00 sec)

mysql> delete from user where user='kwame' and host='localhost';
Query OK, 1 row affected (0.00 sec)

mysql>

3. Grant access to the user only from 192.168.100.x


mysql> grant all privileges on `db1`.* TO 'kwame'@'192.168.100.%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for 'kwame'@'192.168.100.%';
+------------------------------------------------------------------------------------------------------------------+
| Grants for kwame@192.168.100.%                                                                                   |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'kwame'@'192.168.100.%' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' |
| GRANT ALL PRIVILEGES ON `db1`.* TO 'kwame'@'192.168.100.%'                                                       |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> select user,host from mysql.user;
+-------+--------------------+
| user  | host               |
+-------+--------------------+
| root  | 127.0.0.1          |
| kwame | 192.168.100.%      |
|       | localhost          |
| root  | localhost          |
|       | workvm.pythian.com |
| root  | workvm.pythian.com |
+-------+--------------------+
6 rows in set (0.00 sec)

mysql> 


4. Confirm the access is working only from the expected source:

[kwame@workvm ~]$ ifconfig | grep 'inet addr' | grep 100
          inet addr:192.168.100.194  Bcast:192.168.100.255  Mask:255.255.255.0
[kwame@workvm ~]$ mysql -u kwame -p -h 192.168.100.194
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show grants;
+------------------------------------------------------------------------------------------------------------------+
| Grants for kwame@192.168.100.%                                                                                   |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'kwame'@'192.168.100.%' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' |
| GRANT ALL PRIVILEGES ON `db1`.* TO 'kwame'@'192.168.100.%'                                                       |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql>