Fail2Ban+Nginx (blocking repeated 404's, etc)

Posted on Mon 16 March 2020 in Tech • Tagged with Tech, Security, Linux

After hosting a mail server for a few years, I've gotten tired of seeing alllll the 404 attempts in my daily logwatch. Fail2Ban can help here really well, and it turns out to be really easy.

Start with nano /etc/fail2ban/filter.d/nginx-4xx.conf (I'm counting on your running Debian and having things in default locations here), and enter the following:

failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$
ignoreregex =

Note: Make sure you use a capital 'D' in Definition there.

Now, edit your /etc/fail2ban/jail.conf …

Continue reading

sa-compile failing during upgrade

Posted on Sun 15 March 2020 in Tech • Tagged with Tech, Linux

I just spent an hour troubleshooting the most ridiculous thing. I guess to help people search, I'd describe this as "dpkg failing at sa-compile in Debian 10" but that's really not a good picture of what's happening here...

Setting up sa-compile (3.4.2-1~deb9u3) ...
Running sa-compile (may take a long time)
/bin/sh: 1: x86_64-linux-gnu-gcc: Permission denied
make: *** [body_0.o] Error 126
command 'make PREFIX=/tmp/.spamassassin22062Ifq5yDtmp/ignored INSTALLSITEARCH=/var/lib/spamassassin/compiled/5.024/3.004002 >>/tmp/.spamassassin22062Ifq5yDtmp/log' failed: exit 2
dpkg: error processing package sa-compile (--configure …

Continue reading

Zentyal 6.0 to 6.1 upgrade getting stuck

Posted on Tue 17 December 2019 in Tech • Tagged with Tech, Security, Linux, Mail

So I faced a little challenge with a Zentyal server the other day. I was upgrading from ye olde 6.0 to 6.1, when everything just stopped. I let it sit in the corner for about an hour or so, but it never picked up the thread. All the services were still live, so I logged in to have a look.

(Note, my DNS server is named RIMU; yours may be something else!)

Running ps aux, I discovered this line:

sh -c /usr/bin/sudo -p sudo: /var/lib …

Continue reading

New things I didn't know about WireGuard

Posted on Thu 27 December 2018 in Tech • Tagged with Tech, Security, WireGuard, Networking, Linux

This is part of my brief series on WireGuard. I'm pretty enamoured with WireGuard and the way it works, and I've been using it pretty seamlessly for over a year now. I've learned a couple things that weren't immediately obvious though, so I'm documenting them here.

Easy Provisioning

Samuel Holland mentioned an interesting trinket, in his post at

"[...] WireGuard will ignore a peer whose public key matches the interface's private key. So you can distribute a single list of peers everywhere …

Continue reading

When AppArmor eats your breakfast

Posted on Mon 19 March 2018 in Tech • Tagged with Security, Tech, Linux

I've knocked heads with AppArmor a few times now. To be quite honest with myself, I think it's primarily because I install it, enable all the plugins, and then forget it's there until there's a problem.


On a fully-updated Zentyal 5.0 system running DHCP, the AppArmor profile in /etc/apparmor.d/usr.sbin.dhcpd will prevent isc-dhcp-server from restarting itself after an upgrade.

More search-type words: Zentyal dhcp server doesn't start again after upgrade. isc-dhcp-server graceful shutdown, but no restart.

This frustration-laden, Google-friendly equivalent of speaking slowly …

Continue reading

Installing PowerChute Network Shutdown on ProxmoxVE

Posted on Tue 27 February 2018 in Tech • Tagged with Tech, Linux

This is going to be one of those posts where I just dump stuff. Power failures are shite, and if your server isn't talking with your UPS, it won't shut down gracefully. This is the story of my trying to get APC's PowerChute Network Shutdown working on a ProxmoxVE 5.1 environment.

Note I opted out of using either nut or apcupsd, because I had a nice fancy Network Management Card (NMC2 / Schneider AP9631) available. Also, I wanted to shut down more than a single server, so a USB or …

Continue reading

Fix Dell Keyboard Backlight under Debian

Posted on Thu 11 January 2018 in Tech • Tagged with Tech, Linux

My personal laptop is an old Dell Latitude E6410. One of the things I actually love about it, is the fact that the keyboard has a backlight.

However, because Linux, sometimes that backlight just stops working. When this happens, you'll see error messages in dmesg, such as:

dell_wmi: Unknown key with type 0x0011 and code 0x01e2 pressed

If this happens to you, just run this command:

$ sudo echo 7 > /sys/devices/platform/dell-laptop/leds/dell\:\:kbd_backlight/brightness

You can echo a higher number if you want your keyboard brighter, but …

Continue reading

When the problem is DNS: FreeNAS and NFS

Posted on Sun 07 January 2018 in Tech • Tagged with Tech, Linux

I discovered a while ago that NFS requires DNS to function correctly:

That's somewhat annoying, because when your DNS server goes down (and your backups are stored on your FreeNAS server and accessed over NFS), is precisely the time when you really want your backups to be accessible.

However, turns out it doesn't aaaaactuallyyyyy need DNS... it needs name resolution. Specifically, FreeNAS just needs to be able to resolve it's own hostname. Cue the handy-dandy hosts file.

Under Network -> Global Configuration -> Host name data …

Continue reading

Making MindTouch's Dekiwiki work on Debian Stretch

Posted on Sun 17 September 2017 in Tech • Tagged with Tech, Security, Linux

We had accumulated a certain amount of technical debt, due to a Wiki solution that was selected a few years ago: Dekiwiki, by MindTouch. Unfortunately a few months after implementation, MindTouch Core (which Dekiwiki builds on) was well-and-truly deprecated back in 2013.

It all happened before my time, but it seems as if Dekiwiki came as a pre-built VMware Appliance, based on Debian Etch (Debian 4.0; released in 2007). After giving our Dekiwiki environment some serious side-eye for a while, I finally decided to get my hands dirty and …

Continue reading

Compiling Heimdall without installing Qt

Posted on Wed 13 September 2017 in Tech • Tagged with Android, Tech, Linux

During my recent Wrecked-phone Saga, I had some trouble flashing my firmware. My phone was broken at the time, so I couldn't enable ADB Debugging - therefore adb wasn't an option. OEM Bootlock was on, so fastboot wasn't an option. My Recovery bootloader was also broken. I thought my phone was bricked.

That's until I remembered Heimdall.

Heimdall is specifically a tool for working with the partitions on Samsung phones - other visitors need not apply. It works a treat for my Samsung Galaxy S5 (kltedv) though.

Heimdall, however, is old. The …

Continue reading