Block Countries Behind ELB

To block countries behind an ELB (Elastic Load Balancer) you should use Maxmind’s GeoIP Country Database.

Problem

You are unable to use iptables or ipset to block countries because of your Amazon Elastic Load Balancer

Solution

Use Maxmind’s GeoIP Country Database in conjunction with Apache or NGINX

Example

This example is for Ubuntu 12.04 (Precise)

. . . → Read More: Block Countries Behind ELB

logstash ec2 instanceid

How to get Logstash to read your ec2 instance id logstash.sh !/bin/bash EC2_INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) export EC2_INSTANCE_ID conf=/opt/logstash/simple.conf lsjar=/opt/logstash/logstash.jar myjava=$(which java) if [ -z $myjava ]; then echo “java is required; please install openjdk or jre” exit 1 fi # spawn logstash $myjava -jar $lsjar agent -f $conf config file /opt/logstash/simple.conf input { exec { . . . → Read More: logstash ec2 instanceid

Ubuntu Set Timezone to UTC

Objective: Set Timezone to UTC on Ubuntu 12.04 LTS Howto

You will be using tzdata and ntpdate

Setting the timezone

After running this select “etc” (hit enter) then select “UTC” (hit enter)

pkg-reconfigure tzdata Syncing the clock apt-get -y install ntpdate ntpdate pool.ntp.org Updating crontab to sync clock daily crontab -l > tmp.cron echo “@daily . . . → Read More: Ubuntu Set Timezone to UTC

Howto Convert a ESXv5 to ESXv4 VM

Howto Convert a ESXv5 to ESXv4 VM

This details the steps needed to convert a machine from ESXv5 to ESXv4

Convert OVA to VMX On ESXv5 Machine, Export the VMWare ESX5 Machine to OVF (File -> Export -> Export OVF Template) Download ovftool

Convert ova to vmx (ignoring manifest errors)

ovftool sourefile.ova destfile.vmx (make sure . . . → Read More: Howto Convert a ESXv5 to ESXv4 VM

nohup example

here’s a nohup example:

nohup nice -n -19 /bin/bash cidr_to_ipset.sh all_countries.txt 2>&1 >/root/cidr_to_ipset_output.log </dev/null &

nohup is a POSIX command to ignore the HUP (hangup) signal. The HUP signal is, by convention, the way a terminal warns dependent processes of logout.

Output that would normally go to the terminal goes to a file called nohup.out . . . → Read More: nohup example

Apache ProxyPass with dynamic hostname

To use Apache ProxyPass directives with dynamic hostnames you will need to also use ModRewrite.

Objective

All requests to the virtualhost will ProxyPass and ProxyPassReverse (also known as an “Apache Gateway”) to the %{HTTP_HOST}

The only reason this would make sense to do is if you have localhost entries on the apache server for specfic . . . → Read More: Apache ProxyPass with dynamic hostname

curl: (35) error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)

Problem

When running curl you get this response:

curl: (35) error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112) Solution curl -ssl3

Ensure Beaver Log Shipping is Running

I have a love hate relationship with the beaver log shipper and ensuring that it is in fact running on all of my machines (and not in a defunct or partially running state)

I have finally whipped up a script to take care of this issue and thought i’d share it for anyone that cares.

. . . → Read More: Ensure Beaver Log Shipping is Running

shred files on Centos

Here’s a handy alias for shredding files on CentOS

alias shred=’shred -v -n 1 -z -u’

chkconfig with color on centos

alias chkconfig=”chkconfig | perl -pe ‘use Term::ANSIColor; s/\bon\b/color(\”green\”).on.color(\”reset\”)/ige;’”

or to permit passing an agrument:

function chkconfig(){ /sbin/chkconfig $* | perl -pe ‘use Term::ANSIColor; s/\bon\b/color(“green”).on.color(“reset”)/ige;’ }