ZFS zpool vanishing after upgrading ProxmoxVE 5.4 to 6.2

Posted on Sat 23 May 2020 in Tech • Tagged with Tech, Linux

Performing a major version upgrade is never pleasant. I've been using ProxmoxVE for about ten years now though, and it's consistently done a fantastic job. Since it's based on Debian, all the upgrades are done with a simple apt update && apt upgrade, with a variety of steps in the middle to point to new repositories, etc. Nothing out of the ordinary, nothing scary.

So I've got two servers - one is an old one, with only a couple testing VM's residing on it. I go ahead and work through the 5 …


Continue reading

Using Fail2Ban to insta-block malicious hits

Posted on Tue 07 April 2020 in Tech • Tagged with Tech, Security, Linux

Okay so a few days ago I posted about adopting Caddy.

Of course, anyone who hosts anything knows that accessible services on the internet will start getting hit by scanners within literal moments of being accessible. On the very first night of having my site live on the new VPS, Logwatch informed me of a bunch of attempts to access wp-admin.php. Sigh.

Well, this entire site is built with my favourite static site generator Pelican. That means I don't have any PHP on my site whatsoever. Why not just …


Continue reading

Moving to the Caddy web server

Posted on Sun 05 April 2020 in Tech • Tagged with Tech, Security, Linux

For the last couple of years I've been running this site, as well as my friend's site (Under The Umbrella) on Nginx. Recently my VPS host decided to do away with their cheapest tier, so instead of doubling my annual cost, I hopped onto https://www.lowendbox.com and found myself a replacement Cheaps McGee VPS to host this.

Well, a major change like that is a great time to learn about something new, so I took the opportunity to get started with Caddy. If you don't already know about …


Continue reading

Fail2Ban+Nginx (blocking repeated 404's, etc)

Posted on Mon 16 March 2020 in Tech • Tagged with Tech, Security, Linux

After hosting a mail server for a few years, I've gotten tired of seeing alllll the 404 attempts in my daily logwatch. Fail2Ban can help here really well, and it turns out to be really easy.

Start with nano /etc/fail2ban/filter.d/nginx-4xx.conf (I'm counting on your running Debian and having things in default locations here), and enter the following:

[Definition]
failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$
ignoreregex =

Note: Make sure you use a capital 'D' in Definition there.

Now, edit your /etc/fail2ban/jail.conf …


Continue reading

sa-compile failing during upgrade

Posted on Sun 15 March 2020 in Tech • Tagged with Tech, Linux

I just spent an hour troubleshooting the most ridiculous thing. I guess to help people search, I'd describe this as "dpkg failing at sa-compile in Debian 10" but that's really not a good picture of what's happening here...

Setting up sa-compile (3.4.2-1~deb9u3) ...
Running sa-compile (may take a long time)
/bin/sh: 1: x86_64-linux-gnu-gcc: Permission denied
make: *** [body_0.o] Error 126
command 'make PREFIX=/tmp/.spamassassin22062Ifq5yDtmp/ignored INSTALLSITEARCH=/var/lib/spamassassin/compiled/5.024/3.004002 >>/tmp/.spamassassin22062Ifq5yDtmp/log' failed: exit 2
dpkg: error processing package sa-compile (--configure …

Continue reading

Zentyal 6.0 to 6.1 upgrade getting stuck

Posted on Tue 17 December 2019 in Tech • Tagged with Tech, Security, Linux, Mail

So I faced a little challenge with a Zentyal server the other day. I was upgrading from ye olde 6.0 to 6.1, when everything just stopped. I let it sit in the corner for about an hour or so, but it never picked up the thread. All the services were still live, so I logged in to have a look.

(Note, my DNS server is named RIMU; yours may be something else!)

Running ps aux, I discovered this line:

sh -c /usr/bin/sudo -p sudo: /var/lib …

Continue reading

New things I didn't know about WireGuard

Posted on Thu 27 December 2018 in Tech • Tagged with Tech, Security, WireGuard, Networking, Linux

This is part of my brief series on WireGuard. I'm pretty enamoured with WireGuard and the way it works, and I've been using it pretty seamlessly for over a year now. I've learned a couple things that weren't immediately obvious though, so I'm documenting them here.

Easy Provisioning

Samuel Holland mentioned an interesting trinket, in his post at https://lists.zx2c4.com/pipermail/WireGuard/2018-December/003703.html:

"[...] WireGuard will ignore a peer whose public key matches the interface's private key. So you can distribute a single list of peers everywhere …


Continue reading

When AppArmor eats your breakfast

Posted on Mon 19 March 2018 in Tech • Tagged with Security, Tech, Linux

I've knocked heads with AppArmor a few times now. To be quite honest with myself, I think it's primarily because I install it, enable all the plugins, and then forget it's there until there's a problem.

TL;DR:

On a fully-updated Zentyal 5.0 system running DHCP, the AppArmor profile in /etc/apparmor.d/usr.sbin.dhcpd will prevent isc-dhcp-server from restarting itself after an upgrade.

More search-type words: Zentyal dhcp server doesn't start again after upgrade. isc-dhcp-server graceful shutdown, but no restart.

This frustration-laden, Google-friendly equivalent of speaking slowly …


Continue reading

Installing PowerChute Network Shutdown on ProxmoxVE

Posted on Tue 27 February 2018 in Tech • Tagged with Tech, Linux

This is going to be one of those posts where I just dump stuff. Power failures are shite, and if your server isn't talking with your UPS, it won't shut down gracefully. This is the story of my trying to get APC's PowerChute Network Shutdown working on a ProxmoxVE 5.1 environment.

Note I opted out of using either nut or apcupsd, because I had a nice fancy Network Management Card (NMC2 / Schneider AP9631) available. Also, I wanted to shut down more than a single server, so a USB or …


Continue reading

Fix Dell Keyboard Backlight under Debian

Posted on Thu 11 January 2018 in Tech • Tagged with Tech, Linux

My personal laptop is an old Dell Latitude E6410. One of the things I actually love about it, is the fact that the keyboard has a backlight.

However, because Linux, sometimes that backlight just stops working. When this happens, you'll see error messages in dmesg, such as:

dell_wmi: Unknown key with type 0x0011 and code 0x01e2 pressed

If this happens to you, just run this command:

$ sudo echo 7 > /sys/devices/platform/dell-laptop/leds/dell\:\:kbd_backlight/brightness

You can echo a higher number if you want your keyboard brighter, but …


Continue reading