Skip to content

Using fail2ban to block unfriendly web requests

Every time I peek into the webserver logfiles, I find quite a few 404 requests trying to figure out if certain exploits exist on this server. Now I get that these are automated attempts, and the number of requests coming from one IP show that they try several different exploits and path names. Nevertheless I thought that I don’t need this in my log, and on my webserver. fail2ban for the rescue.

 

Continue reading "Using fail2ban to block unfriendly web requests"

Migration from Twitter to Mastodon

Many people (I don’t like this phrase) are leaving Twitter these days, and looking for a new social media home. One of these places is Mastodon. This blog post aims to summarize the steps necessary for a migration, and includes pointers to websites which can help with said move.

 

Image & CC: https://www.pexels.com/photo/3-grey-elephants-under-yellow-sky-68550/

 

What is Twitter?

Twitter: @ascherbaum

Twitter is a Microblogging service. Users post short texts with maximal 140 280 characters, optionally including media attachments. Tweets (that’s the name for the posting) are public by default, however Twitter implemented the ability to protect accounts (make the content private to followers only), or recently implemented functionality to target specific user groups for Tweets. In October 2022 Elon Musk completed the acquisition of Twitter, and took over as CEO. The following weeks have seen erratic and dramatic changes, which are not well-received by all users. Quite a number of users decided to leave Twitter. In addition, as a consequence of the turmoil some companies stopped doing advertisements on Twitter. The future will show if the users and advertisers will come back.

Users have a unique username on the platform, mine is @ascherbaum.

 

What is Mastodon?

 

Mastodon: @ascherbaum@mastodon.social

Mastodon is a Microblogging, which in contrast to the centralized Twitter, runs on decentralized (federated) instances (servers). The instances communicate with each other. The software is open source, and the project started around 2016.

Postings in Mastodon are named Toots, not Tweets. Or Trööt in German. Please let me know the word in other languages, I will update this posting.

After Elon Musk took over at Twitter, users started to migrate to Mastodon as an alternative, and every controversial announcement shows a new wave of users leaving. This will likely keep going for quite a while.

Mastodon users have a unique username on one instance, however the same username on a different instance can be used by someone else. There is no universal verification across instances, instances might implement their own verification. For example the social.bund.de instance is only open to other federal agencies of the German government - therefore every account on this instance is already validated as a government account.

My Mastodon account (the one I’m currently using) is ascherbaummastodon.social. The software allows users to move to new instances and migrate followers over, check the profile settings of your instance how to do that.
 

 

Continue reading "Migration from Twitter to Mastodon"

Icinga Director and disk checks for fuse mountpoints

When I rolled out my new Icinga2 installation, and added disk checks for all laptops, I ran into a small problem: there is a fuse mountpoint for logged in users which only the user can read. Apparently it has something to do with Flatpack.

cat /proc/mounts | grep doc
/dev/fuse /run/user/1000/doc fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1000 0 0

By default, the Icinga2 ITL has a number of file system types excluded for the "check_disk" check, even some special fuse types, but plain "fuse" is not among them. Kind of makes sense, a fuse mountpoint can be anything, and you don't want to exclude all of them by default.

This results in the following error message when the check is rolled out on our laptops:

Plugin Output
DISK CRITICAL - /run/user/1000/doc is not accessible: Permission denied

Fortunately the fix is rather easy:

 

 

Continue reading "Icinga Director and disk checks for fuse mountpoints"

How to configure notifications in Icinga2 Director

I'm using Icinga2 for a long time, but recently installed a new system and using Director for the first time. I know how to configure notifications in Icinga2 config files, but getting them working in Director (with Director options only) is a bit of a challenge.

Here is a step-by-step to get simple mail notifications working. From there it should be easier to configure more advanced notifications.

 

Continue reading "How to configure notifications in Icinga2 Director"

Avoid linebreaks in Hugo shortcodes

Shortcodes in Hugo are a neat and poweful system to avoid repating the same piece of text over and over again. Let's say I have the following text:

Nunc in odio id magna molestie congue. Donec erat nulla, pulvinar eget volutpat non, molestie at nisi. Curabitur nec tristique felis. Cras imperdiet, ante et vestibulum iaculis, tellus ipsum pulvinar felis, at viverra est tellus et eros. In nec dignissim lectus, bibendum hendrerit ex. Praesent lobortis eget justo non vehicula.

Nulla et neque cursus libero tristique laoreet nec a ligula. Fusce sit “amet” scelerisque erat. Quisque lorem lectus, lobortis vitae mattis non, tincidunt sed felis. Donec sit “amet” erat nibh.

Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. In et imperdiet dui. In ut enim pharetra, blandit purus vel, malesuada est. Morbi sollicitudin eget leo nec dignissim. Praesent sed leo quis purus pretium aliquet sed quis arcu. Pellentesque facilisis tellus nulla, dignissim laoreet quam maximus et.

And I want to link the "amet" word, then I can create a shortcode:

layouts/shortcodes/amet.html

And in this shortcode I place the text:

<a href="https://www.lipsum.com/feed/html">amet</a>

In the Markdown source this is:

Nulla et neque cursus libero tristique laoreet nec a ligula. Fusce sit "{{< amet >}}" scelerisque erat. Quisque lorem lectus, lobortis vitae mattis non, tincidunt sed felis. Donec sit "{{< amet >}}" erat nibh.

Pretty easy. However Hugo by default does a little bit too much: while generating the static content, it adds a line break. Which in the browser results in:

Nulla et neque cursus libero tristique laoreet nec a ligula. Fusce sit “amet ” scelerisque erat. Quisque lorem lectus, lobortis vitae mattis non, tincidunt sed felis. Donec sit “amet ” erat nibh.
                                                                            ^                                                                                                         ^

There is a nasty little space between the word and the quotation mark. The generated HTML source shows the problem:

  <p>Nunc in odio id magna molestie congue. Donec erat nulla, pulvinar eget volutpat non, molestie at nisi. Curabitur nec tristique felis. Cras imperdiet, ante et vestibulum iaculis, tellus ipsum pulvinar felis, at viverra est tellus et eros. In nec dignissim lectus, bibendum hendrerit ex. Praesent lobortis eget justo non vehicula.</p>
<p>Nulla et neque cursus libero tristique laoreet nec a ligula. Fusce sit &ldquo;<a href="https://www.lipsum.com/feed/html">amet</a>
&rdquo; scelerisque erat. Quisque lorem lectus, lobortis vitae mattis non, tincidunt sed felis. Donec sit &ldquo;<a href="https://www.lipsum.com/feed/html">amet</a>
&rdquo; erat nibh.</p>

Usually a line break in HTML is not a big deal, the browsers deal with that. But here an unnecessary space is added while rendering the content. Hugo makes it complicated to avoid this problem. There is no default setting to turn this off, however the shortcode can have an extra Hugo tag to avoid the training linebreak:

<a href="https://www.lipsum.com/feed/html">amet</a>{{- / Strip trailing newline. / -}}

By adding the {{- -}}, the training line break is not included in the final HTML output, and the quotation mark comes right after the shortcode content.

Blog website crawlers and bots in Apache2

Found a couple more bots crawling my website, and from the look at online resources it seems I catched a few of the bad guys. Crawlers which ignore the robots.txt standard, and just crawl a website for content.

Decided to do something against it, and added a filter in Apache2.

The way I have my webserver setup is that I have templates for every website (they all have different configs), and deploy them using Ansible. Parts of the website configuration which are the same, or at least similar, are handled by includes.

 

Continue reading "Blog website crawlers and bots in Apache2"

Monitor website status with Huginn

After setting up Huginn, and implementing the actions on my todo list, I had a look at the available agents and started thinking what else they can be useful for.

One of the ideas I came up with is monitoring if a website is available, or has some trouble. I already have a monitoring system in place, but it's a nice exercise to learn more about the other agents.

 

Continue reading "Monitor website status with Huginn"

Huginn: Filter Retweets

A while ago I started using Huginn, as a replacement for IFTTT. That's going quite well. Huginn offers more features, integrations, and especially your chains (scenarios) can be as complex as you wish. IFTTT is quite limited in this area.

I use the Twitter integration to find certain Tweets. Now this does not only find native Tweets, but also finds every Retweet made for a native Tweet. Obviously I am not interested in duplicate content.

Huginn offers a way to filter out Retweets.

 

Continue reading "Huginn: Filter Retweets"

Public previews in Hugo

Hugo is a static templating system. It is (mainly) used to deploy websites/blogs which don't have and need dynamic content. The content of all pages is pre-generated, and the webserver delivers files from disk (or rather from cache, once files are loaded into memory). This approach allows for extremely fast websites, as no dynamic content is generated on every request.

While I know Hugo from work, I haven't really used it for private projects - until recently. I have started a new project where I present interviews with people behind the PostgreSQL Project - and this is perfect for a static website. Interviews don't change, once published.


There was just a little problem: every interview must be approved by the interviewed person. This requires a full preview, but one which does not show up on the main website, or the Sitemap, or the RSS feed. By default, even drafts show up in Sitemap and the RSS feed in Hugo.

 

Continue reading "Public previews in Hugo"

Pushover app on Huawei Android phones

While diving deeper into my openHAB installation, the need for notifications on mobile phones came up. After some research, I settled with Pushover, which provides Android and iOS apps, as well as Desktop notifications. openHAB Rules have support for Pushover, and everything works well together.

 

Except when Android decides to kill apps, because they sit idle and do nothing. It so happens on my Huawei phone that notifications are delivered to the device, but no popup shows up. Only when I open the up, suddenly all the messages are there. The Pushover FAQ has an entry for this, even for Huawei phones, but it is outdated.

 

Continue reading "Pushover app on Huawei Android phones"