Archív značiek: script

Nagstamon – Python OpenSSL certificate validation

nagstamon_header_logoWhen I try to connect to my monitoring system with desktop widget Nagstamon, Nagstamon was not able to connect due to SSL certificate validation problem. I’m using certificate from

After a while of hacking I have found this workaround in source code. This is the wrong way: Pokračovať v čítaní

MySQL consistency check – permissions and non-accessible databases

mysql-grant-syntax-2The following query lists all grants for nonexistent databases:

Grants for nonexistent databases

/* grants in mysql.db for nonexistent databases */
FROM mysql.db AS d
LEFT JOIN information_schema.SCHEMATA AS s ON (d.db = s.SCHEMA_NAME)

/* grants cleanup */
DELETE mysql.db
FROM mysql.db 
LEFT JOIN information_schema.SCHEMATA ON (mysql.db.db =  information_schema.SCHEMATA.SCHEMA_NAME)

Databases withouth grants

/* databases withouth grants */ \
FROM information_schema.SCHEMATA AS s 
LEFT JOIN mysql.db AS d ON (d.db = s.SCHEMA_NAME)

Queries are not complete, you are welcome to add other queries.

Make cryptsetup ask the same password only once at boot

initramfs-tools-cryptroot-as-password-onceluks-logoI bought a new hard drive. Because I protect all my harddisk with encryption, I setup LUKS for new harddrive too. But init scripts ask password for every encrypted partition and I want enter my harddisk password only once. I have started with googling but I wasn’t succesfull. I have found this thread about the same problem. But author didn’t provide patch and uploaded *.tar.gz archive is no longer available. Pokračovať v čítaní

Create triggers with MySQL procedures

Angry developer

Angry developer

I wrote some SQL procedures, which can create triggers. The main goal was to create triggers for `mysql` schema, but it is not possible for the following limitation of current version MySQL and MariaDB:

1465 HY000 ER_NO_TRIGGERS_ON_SYSTEM_SCHEMA Triggers can not be created on system tables

Pokračovať v čítaní

Shorewall – filtering IMAP/SMTP access to domain

gmail-firewall-IMAPDo you need to discover what IP netblocks are owned and operated by Google to perhaps add to your firewall ACLs?

With dynamic zones available in Shorewall, you are able to define firewall rules and to filter network traffic based on the domain name. For example, you can permit IMAPS connection only to domain. Problem is that Google cluster is very big and you are always connecting to different IP address. So you can’t define static rules for traffic filtering.

Here is little HOWTO do this.
Pokračovať v čítaní