Author name: Dan Langille

I've been playing with computers since I read an Elementary Electronics magazine way back in the 1970s. I started contributing to open source projects in 1998. After that, I gradually moved from being a software developer to being a systems administrator.

Getting ‘FreeBSD-10.2 is vulnerable’ messages on a 12.0 host

2 Comments / Nagios, nrpe, Open Source / By /

I started playing with /usr/local/etc/periodic/security/405.pkg-base-audit as part of a monitoring system. It works fine from the command line, but when I use Nagios plugins, I am getting unexpected results. By unexpected, I mean messages about FreeBSD 10.2. The host in question runs FreeBSD 12.0. The problem cannot be reproduced on the host, only from the Nagios monitoring host. Oh wait, the Nagios monitoring host is a jail on the host in question. That […]

Getting ‘FreeBSD-10.2 is vulnerable’ messages on a 12.0 host Read More »

slocum – the new : assembly details

Leave a Comment / hardware / By /

This covers the facts regarding the list of things to do on Server Build Saturday. The slocum – the new hardware changes occurred on 2 February 2019, with the help of a guy I’ve known since my early days in PA. jb33z did the heavy lifting, both of the chassis and of the HDD. He moved all the HDD from the old server to the new server. I did the SSDs, which were

slocum – the new : assembly details Read More »

slocum – the new

Leave a Comment / hardware / By /

This post has been replaced by a new one. For reference, the previous post on this server is still available. This server was upgraded on Feb 2 2019. Only the storage persisted. Everything else was upgraded. The hardware M/B – Supermicro X9DRE-TF+ RAM – 128GB composed of 8x 16GB DDR3 1600Mhz 21300 ECC/REG CPU – 2x E5-2620v2 – Intel Six Core 2.10Ghz Xeon 15MB cache 7.2 GT/s QPI (80W) chassis – SC846E16-R1200B SAS9300-8i

slocum – the new Read More »

ACME domain alias mode

Leave a Comment / Let's Encrypt / By /

I recently became aware that ACME DNS validation can be accomplished via proxy. By proxy, I mean you can update the DNS records of another domain, not the domain for which the certificate is being issued. Why would you do this (as taken from acme.sh DNS Alias Mode): Your DNS provider does not provide API access; you can’t update the domain easily. You are concerned about the security implications. That is, a third-party

ACME domain alias mode Read More »

Server build Saturday!

Leave a Comment / hardware, racks / By /

Tomorrow I’ll be doing some server and rack work. I’ll be moving one system into a new chassis, combining two desktops into the old chassis, and putting both chassis back into the rack. There are a bunch of steps here and I want to write them down so they all get done. These steps were completed last night: Remove tape01 and tape02 from the rack. Remove the shelf from the rack which held

Server build Saturday! Read More »

Using Postfix to block mail based on From/sender and To/recipient

Leave a Comment / Postfix / By /

Back in late November (now 56 days ago), I started getting huge levels of very directed spam. When I tweeted about it, I was getting perhaps 100-250 a day. I thought it would soon stop and they would target someone else. They would get into my spam folder yes, but it still takes time to go through that folder. Eventually it did stop. For a few days, then it came back at about

Using Postfix to block mail based on From/sender and To/recipient Read More »

Double timestamps in logs

1 Comment / FreeBSD, Open Source, syslogd / By /

I noticed some double timestamps in my logs recently. They started just after I upgraded the host to FreeBSD 12, but I am not convinced they are related. This is from /var/log/messsages: Jan 22 21:41:40 knew 1 2019-01-22T21:41:40.760533+00:00 knew.int.unixathome.org pkg 89351 – – py36-iocage-devel upgraded: 1.0.0.20181219,1 -> 1.0.0.20190122,1 They started late yesterday, this is from /var/log/maillog: Jan 21 22:28:58 knew 1 2019-01-21T22:28:58.677083+00:00 knew.int.unixathome.org postfix/anvil 42521 – – statistics: max connection rate 1/60s for

Double timestamps in logs Read More »

Upgrading to FreeBSD 12.0 from FreeBSD 11.2 using beadm and freebsd-update

Leave a Comment / beadm, FreeBSD, freebsd-update / By /

Today I will upgrade knew from FreeBSD 11.2 to FreeBSD 12.0. It so happens that this is my last server at home which is still running 11.2, but I do have another server still on 11.2, but that one is at NYI. This post isn’t so much about beadm or about freebsd-update. I have written about moving to a beadm layout, but if your zfs list output looks something like this, you’re good

Upgrading to FreeBSD 12.0 from FreeBSD 11.2 using beadm and freebsd-update Read More »

Collecting statistics from bind / named

3 Comments / FreeBSD, iocage, Jails, named / By /

I use bind (Berkeley Internet Name Domain) as my DNS server. I am currently running bind 9.11.5P1 on FreeBSD 11.2-RELEASE-p8 in a jail, with iocage as my jail manager. The OS, jail, and jail manager should play no part in how this works. I have been collecting statistics from bind for some time. I have configured LibreNMS to collect the details via snmpd and they are plotted in a lovely looking graph. The

Collecting statistics from bind / named Read More »

Registering FireTV – unable to receive verification code on phone

Leave a Comment / General / By /

I was setting up my FireTV (seems to be a TV with built-in FireStick functions). I was stuck, waiting for a verification code which never arrived on my phone. I was expecting an incoming text. I was wrong to expect that. I had gotten to the stage of logging in with my Amazon credentials and was getting told (and I paraphrase here): Because of the way your account is set up, your login

Registering FireTV – unable to receive verification code on phone Read More »

Scroll to Top