DualStack ipv46 home network achieved

IPv6 Certification Badge for jostreff

 

 

 

 

~ jostreff$ ping6 google.com
PING6(56=40+8+8 bytes) 2001:470:1f15:1303:e813:c674:204e:ff54 –> 2a00:1450:4017:809::200e
16 bytes from 2a00:1450:4017:809::200e, icmp_seq=0 hlim=53 time=73.786 ms
16 bytes from 2a00:1450:4017:809::200e, icmp_seq=1 hlim=53 time=76.331 ms
16 bytes from 2a00:1450:4017:809::200e, icmp_seq=2 hlim=53 time=76.304 ms
^C
– google.com ping6 statistics –
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 73.786/75.474/76.331/1.193 ms

 

Next task – to made https://www.ostreff.info live in ipv6 world!

Network weathermap plugin for Cacti 1.0

Следвайки инструкциите на https://github.com/howardjones/network-weathermap е възможно да имате отново работещ weathermap в Cacti 1.x. Все още има какво да се корегира по кода, но основната функционалност като визуализиране (без clickable maps) на weathermap и тяхното редактиране работят.

Ключови моменти на които трябва да обърнете внимание (quick & durty method for install):

cd /usr/local/share/cacti/plugins
tar zcvvf weathermap-backup.tgz weathermap/* && rm -rf weathermap
git clone https://github.com/howardjones/network-weathermap.git
mv network-weathermap weathermap
cd weathermap
npm install -g bower
fetch https://getcomposer.org/installer -o composer-setup.phar
php composer-setup.php –install-dir=bin –filename=composer
bower install —allow-root
composer update –no-dev

Върнете съдържанието на вашата директория ./configs/*.conf от архива който сте направили ( в примера по горе наречен weathermap-backup.tgz ).

tar xvf weathermap-backup.tgz weathermap/configs/*.conf

След това може да достъпите уеб интерфейсът на вашата cacti инсталация и да инсталирате и активирате отново weathermap plugin от settings.

Благодаря на автора Howard Jones за съветите във форума на проекта!

Друг интересен проект на същият автор е https://github.com/howardjones/cacti-quicktree.

Quick way to upgrade from PHP5.6 to PHP7.2 on FreeBSD

There are many reasons why anyone will need to switch to PHP 7.2 his machine – here, here, here and many more PoC …

Use script like attached bellow:

#!/usr/local/bin/bash
for FILE in `pkg info | grep php56 | cut -f1 -d’ ‘` ; do
PKGNAME=`pkg info „$FILE“ | grep ‘Origin’ | cut -f2 -d’:’` ;
NEWPKGNAME=“${PKGNAME//php56/php72}“ ;
echo „Replacing port $FILE with $NEWPKGNAME“ ;
portmaster -o „$NEWPKGNAME $FILE“ ;
done
portmaster pecl\*
portmaster pear\*

Next you should check that everything from dynamic libraries is correctly linked with command „php -v“.

Hints for some “missing“ packages:

portmaster -o devel/php72-intl pecl-intl-3.0.0_12
portmaster -o security/pecl-mcrypt php56-mcrypt-5.6.34

Using Hurricane Electric free DNS service for slaves

So apart from setting ns[2345].he.net as your DNS servers at your registrar and adding a slave at http://dns.he.net you need to do the following:

  1. Allow transfer AXFR to slave.dns.he.net. Server that pulls zones is slave.dns.he.net, not ns1.he.net.
  2. Remove ns1.he.net from allow transfer ACLs if it was there.
  3. Set the server to send NOTIFY’s to ns1.he.net. Yes, to ns1, not to slave.dns.he.net. slave.dns.he.net doesn’t listen for any DNS requests including NOTIFY’s.

BIND example

The NOTIFY part is a bit tricky, so here’s an example from my setup.

Creating an ACL for slave.dns.he.net

At the top level of named.conf:

acl he-slaves
{
216.218.133.2; // slave.dns.he.net IPv4
2001:470:600::2; // slave.dns.he.net IPv6
};

Basic zone setup

zone "example.org" in
{
type master;
allow-transfer
{
he-slaves;
};
file "data/example.org";
};

Notification setup

Add this to the zone:

notify explicit;
also-notify
{
216.218.130.2;
};

So the zone looks like:

zone "example.org" in
{
type master;
allow-transfer
{
he-slaves;
};

notify explicit;
also-notify
{
216.218.130.2; // ns1.he.net
};

file "data/example.org";
};

PowerDNS 4 example

execute this commands on PowerDNS machine

pdnsutil set-meta example.org ALLOW-AXFR-FROM AUTO-NS 216.218.133.2
pdnsutil set-meta example.org ALSO-NOTIFY 216.218.130.2

The result can be checked via:

pdnsutil get-meta example.org

Suppress warning messages using mysql from within Terminal, but password written in shell script

Here’s how I got my bash script for my daily mysqldump database backups to work more securely.
1. First use mysql_config_editor (comes with mysql 5.6+) to set up the encrypted password file. Suppose your username is „db_user“. Running from the shell prompt:

mysql_config_editor set –login-path=local –host=localhost –user=db_user –password

It prompts for the password. Once you enter it, the user/pass are saved encrypted. Of course, change „system_username“ to your username on the server.

2. Change your shell script from this:

mysqldump -u db_user -pInsecurePassword my_database | gzip > db_backup.tar.gz

to this:

mysqldump –login-path=local my_database | gzip > db_backup.tar.gz

No more exposed passwords.

Samba 4 config example

# Samba 4 config example
# Connected to existing remote Samba 4 Active Directory Directory Controller

# ZFS pool @ /storage
# Network is 192.168.101.0/24
# Samba is installed with:
# pkg install samba42
# and then joined to existing AD with:
# samba-tool domain join <params
# After this /usr/local/etc/smb4.conf is edited and restarted with /usr/local/etc/rc.d/samba_server restart
# Global parameters
[global]
server string = Samba Server
hosts allow = 192.168.101. 127.0.0.1
load printers = no
max log size = 50
# Add aio_load=“YES“ FreeBSD’s /etc/rc.conf
aio read size = 16384
aio write size = 16384
aio write behind = true
use sendfile = true
read raw = true
min receivefile size = 16384
interfaces = 192.168.101.0/24
dns proxy = no
# These files are never saved
veto files = /Thumbs.db/.DS_Store/._.DS_Store/.apdisk/
delete veto files = yes
workgroup = HOME
realm = home.lan
netbios name = STORAGE
server role = active directory domain controller

[netlogon]
path = /var/db/samba4/sysvol/home.lan/scripts
read only = No

[sysvol]
path = /var/db/samba4/sysvol
read only = No

# ZFS pool
[storage]
path = /storage
force directory mode = 0666
force create mode = 0666
create mask = 0666
directory mask = 0666
read only = no
public = no
writable = yes
vfs objects = zfsacl
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown= yes
vfs object = recycle
# Remove deleted files to recycle bin directory with username and timestamp
recycle:repository = /storage/recyclebin/%U/%T
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = Yes
recycle:directory_mode = 0666
recycle:subdir_mode = 0666
nt acl support = yes
inherit acls = no
map acl inherit = yes