When AppArmor eats your breakfast

Posted on Mon 19 March 2018 in Tech • Tagged with Security, Tech, Linux

I've knocked heads with AppArmor a few times now. To be quite honest with myself, I think it's primarily because I install it, enable all the plugins, and then forget it's there until there's a problem.

TL;DR:

On a fully-updated Zentyal 5.0 system running DHCP, the AppArmor profile in /etc/apparmor.d/usr.sbin.dhcpd will prevent isc-dhcp-server from restarting itself after an upgrade.

More search-type words: Zentyal dhcp server doesn't start again after upgrade. isc-dhcp-server graceful shutdown, but no restart.

This frustration-laden, Google-friendly equivalent of speaking slowly …


Continue reading

Installing PowerChute Network Shutdown on ProxmoxVE

Posted on Tue 27 February 2018 in Tech • Tagged with Tech, Linux

This is going to be one of those posts where I just dump stuff. Power failures are shite, and if your server isn't talking with your UPS, it won't shut down gracefully. This is the story of my trying to get APC's PowerChute Network Shutdown working on a ProxmoxVE 5.1 environment.

Note I opted out of using either nut or apcupsd, because I had a nice fancy Network Management Card (NMC2 / Schneider AP9631) available. Also, I wanted to shut down more than a single server, so a USB or …


Continue reading

Fix Dell Keyboard Backlight under Debian

Posted on Thu 11 January 2018 in Tech • Tagged with Tech, Linux

My personal laptop is an old Dell Latitude E6410. One of the things I actually love about it, is the fact that the keyboard has a backlight.

However, because Linux, sometimes that backlight just stops working. When this happens, you'll see error messages in dmesg, such as:

dell_wmi: Unknown key with type 0x0011 and code 0x01e2 pressed

If this happens to you, just run this command:

$ sudo echo 7 > /sys/devices/platform/dell-laptop/leds/dell\:\:kbd_backlight/brightness

You can echo a higher number if you want your keyboard brighter, but …


Continue reading

When the problem is DNS: FreeNAS and NFS

Posted on Sun 07 January 2018 in Tech • Tagged with Tech, Linux

I discovered a while ago that NFS requires DNS to function correctly: https://bugs.freenas.org/issues/4983

That's somewhat annoying, because when your DNS server goes down (and your backups are stored on your FreeNAS server and accessed over NFS), is precisely the time when you really want your backups to be accessible.

However, turns out it doesn't aaaaactuallyyyyy need DNS... it needs name resolution. Specifically, FreeNAS just needs to be able to resolve it's own hostname. Cue the handy-dandy hosts file.

Under Network -> Global Configuration -> Host name data …


Continue reading

Making MindTouch's Dekiwiki work on Debian Stretch

Posted on Sun 17 September 2017 in Tech • Tagged with Tech, Security, Linux

We had accumulated a certain amount of technical debt, due to a Wiki solution that was selected a few years ago: Dekiwiki, by MindTouch. Unfortunately a few months after implementation, MindTouch Core (which Dekiwiki builds on) was well-and-truly deprecated back in 2013.

It all happened before my time, but it seems as if Dekiwiki came as a pre-built VMware Appliance, based on Debian Etch (Debian 4.0; released in 2007). After giving our Dekiwiki environment some serious side-eye for a while, I finally decided to get my hands dirty and …


Continue reading

Compiling Heimdall without installing Qt

Posted on Wed 13 September 2017 in Tech • Tagged with Android, Tech, Linux

During my recent Wrecked-phone Saga, I had some trouble flashing my firmware. My phone was broken at the time, so I couldn't enable ADB Debugging - therefore adb wasn't an option. OEM Bootlock was on, so fastboot wasn't an option. My Recovery bootloader was also broken. I thought my phone was bricked.

That's until I remembered Heimdall.

Heimdall is specifically a tool for working with the partitions on Samsung phones - other visitors need not apply. It works a treat for my Samsung Galaxy S5 (kltedv) though.

Heimdall, however, is old. The …


Continue reading

Respecting Amavis' "Banned Extensions" setting

Posted on Sun 13 August 2017 in Tech • Tagged with Tech, Security, Linux, Mail

I've been dabbling a little bit with iRedMail, mostly just to have a play with a mail server, but also to see what's involved in mail security. iRedMail is a package that pulls together Postfix as an MTA, Dovecot as a POP3 & IMAP server, SOGo for ActiveSync, Roundcube for Webmail, SpamAssassin for spam protection, and ClamAV for virus scanning.

Okay I have no idea why I have to write this, but apparently it's a thing.

Amavis has a list of banned file extensions. In Debian, they live in /etc/amavis …


Continue reading

Making Amavis work with ESET Antivirus

Posted on Sat 12 August 2017 in Tech • Tagged with Tech, Security, Linux, Mail

I've been dabbling a little bit with iRedMail, mostly just to have a play with a mail server, but also to see what's involved in mail security. iRedMail is a package that pulls together Postfix as an MTA, Dovecot as a POP3 & IMAP server, SOGo for ActiveSync, Roundcube for Webmail, SpamAssassin for spam protection, and ClamAV for virus scanning.

But of course, ClamAV has shown disappointing performance, and it would be really nice to use something more... commercially suitable.

To tie together mail receipt and scanning, iRedMail uses Amavis (strictly …


Continue reading

Wireguard - Part Three (Troubleshooting)

Posted on Mon 12 June 2017 in Tech • Tagged with Tech, Security, Wireguard, Networking, Linux

This is part of my brief series on Wireguard. I'm pretty enamoured with Wireguard and the way it works, but there were a couple slightly curly bits that I needed to get my head around. This troubleshooting guide is a rough dump of the issues I had, and how I fixed them.

Gotten Stuck?

At this stage, there are actually a few ways that this can go wrong, even though we haven't done much. Think through all the bits:

  • Installed Wireguard at both ends
  • Set up your NAT rule on …

Continue reading

Wireguard - Part Two (VPN routing)

Posted on Sun 11 June 2017 in Tech • Tagged with Tech, Security, Wireguard, Networking, Linux

This is a continuation of my brief series on the new Wireguard VPN. Part One was about the simple building-blocks to get Wireguard working between two endpoints. Now that we've got a couple machines able to ping each other by IP address, we can carry on a bit deeper into the inter-LAN routing stuff.

Extending on from the IP addresses in Part One, instead of JUST connecting to the remote machine, I want to actually have access to everything on the whole 10.20.0.0/16 network; even the …


Continue reading