Archives for :

Dockerized blog

So, here it is, at last! This blog is now dockerized 😛

The image used is the one made by bitnami (aka VMware). It’s a really nice image ready to go with an existing (or empty) WordPress. All necessary info and files on their github:

fail2ban quick setup against brute-force ssh

Having a quite smooth way to avoid some brute-force SSH attempts is relatively easy using fail2ban. On Debian, after the “apt install fail2ban” command, ssh is already protected but a little more can be done to improve the efficiency of this filter.

First, override the “dbpurgeage” setting to allow the data to remain up to 7.5 days. Add the file /etc/fail2ban/fail2ban.d/local.conf with:

dbpurgeage = 648000

Then add another config file to enable the “recidive” jail, for instance in /etc/fail2ban/jail.d/local.conf add:

enabled = true
maxretry = 2
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day

Restart the fail2ban service et voilà, fail2ban has now the ability to keep away some brute-force IP a bit longer. You can of course change the desired value to extend the ban or limit the findtime.

From Roundcube to RainLoop

Roundcube Webmail is a great piece of software when you need a self-hosted Webmail. It ahas some nice features and is quite straight forward to run.

But when it comes to using it on a mobile device, the fun disappear right away. The default skin, which fits well on a desktop display, fails to render anything useful on a small device. Even when using the Melanie2 Larry Mobile skin and its plugins (Mobile plugin and roundcube jquery mobile built on top of jQuery Mobile), the result sadly is far from being neat.

So, looking for an alternative to roundcube, I did a short search on teh net and found RainLoop which actually behaves very well on the Desktop and on a mobile device.

The config part is really easy as the web interface allows to set things up quickly. On the plus side, it doesn’t need a RDBMS to run (thumb up for this) and it has native/ready-to-use config domains for Gmail and Outlook (although that may not seem a killer-feature it was quite harsh to do it with Roundcube for I had to set up DNS aliases to do the same).

Using php5-geoip on Debian

Here is a straight way to get a fully functionnal GeoIP module for PHP5 on Debian:

apt-get install php5-geoip geoip-database-contrib

The second package is actually a download facility to fetch the various free databases from Maxmind. Once it’s done, edit the php.ini configuration file to append:

geoip.custom_directory = "/usr/share/GeoIP/"

Reload the web server and it should now work.

A tiny HTTPD error log parser

Probably the tinyest one yet useful, at least to me; here is a tiny perl script used to quickly check what script kiddies are doing on my Nginx web server:

#!/usr/bin/perl -n
/"((GET|HEAD|POST) [^"]+)"/ and $R=$1;
/client: ([^,]+)/ and $C=$1,$cnt{$C}++;
($C && $R) and print"$C\t$R ($cnt{$C})\n"

Executed with the error log file as argument, it gives something like: GET /clientaccesspolicy.xml HTTP/1.1 (1) GET /phpTest/zologize/axa.php HTTP/1.1 (1) GET /phpMyAdmin/scripts/setup.php HTTP/1.1 (2) GET /pma/scripts/setup.php HTTP/1.1 (3) GET /myadmin/scripts/setup.php HTTP/1.1 (4) GET /clientaccesspolicy.xml HTTP/1.1 (1) GET /vtigercrm/vtigerservice.php HTTP/1.1 (1) GET /clientaccesspolicy.xml HTTP/1.1 (3) GET /ossim/session/login.php HTTP/1.1 (1) GET /clientaccesspolicy.xml HTTP/1.1 (1) HEAD /.psi/profiles/default/config.xml HTTP/1.1 (1) HEAD /.purple/accounts.xml HTTP/1.1 (2) HEAD /dsa HTTP/1.1 (3) HEAD /.htpasswd HTTP/1.1 (4) HEAD /.htpasswd~ HTTP/1.1 (5) GET /clientaccesspolicy.xml HTTP/1.1 (1)

And yes, this is a real excerpt from my current logfile.

Distributed storage on Debian made easy with GlusterFS

GlusterFS is a mature, elegant and powerful distributed filesystem targeted at very high capacities and availability. Sponsored by Red Hat Inc. and included in their storage server solution, this open-source software is kindly available for some other Linux distributions package system or as sources.

Unlike many other distributed solutions, there is no need to have many computers in order to have a taste of Gluster ease of use. A few minutes to spare is fairly enough to do it on your own computer. Note also that only the amd64 architecture is present in the repository and thus the following apply to those 64 bits machines only.

First, add the GnuPG key for the repository and the corresponding entry for APT:

wget -O - | apt-key add -
echo "deb [ arch=amd64 ] wheezy main" >/etc/apt/sources.list.d/glusterfs.list

The arch option is useful, as documented in Multiarch specs in case you’re using multiarch with some foreign architecture package already installed.

Next, update the packages database and install both the server and client packages:

apt-get update
apt-get install glusterfs-server glusterfs-client

Now, either you have a whole disk or partition available or, like me, you don’t. Let’s just use a file as our disk then. In any case, the goal is to format our disk, preferably with XFS, and mount it.

Doing it with a disk or a partition is left to the reader’s discretion and knowledge ;] with a file, it’s as easy as (thanks to this libgfapi doc):

truncate -s 5GB /srv/xfsdisk
mkfs.xfs -i size=512 /srv/xfsdisk
mkdir -p /export/brick
echo "/srv/xfsdisk /export/brick xfs loop,inode64,noatime,nodiratime 0 0" >> /etc/fstab
mount /export/brick

Last tip before starting our cluster, as Gluster doesn’t want us to use localhost as a valid node hostname, we add a definition for another name on our loopback network:

echo " localnode" >>/etc/hosts

Now the real work with Gluster may begin; first, create a directory in the dedicated mount-point and add it as a brick on our upcoming volume:

mkdir /export/brick/b1
gluster volume create test localnode:/export/brick/b1

Last, start the volume and enjoy, it’s working.

gluster volume start test

And now…? Now you may play a little with the powerful gluster CLI, gluster help will output the available commands. You may also be a client of your cluster storage (yes, you can) by simply mounting the volume somewhere, like:

mkdir /mnt/gluster
mount -t glusterfs localnode:/test /mnt/gluster

Quake Live… less

As announced by SyncError the 17th of this month, QuakeLive is now a standalone game (not in the browser anymore, as a regular Quake 3) but (here comes the fail) for Windows only. No more Linux or Mac support for this game, unless a Linux developper is hired by id (sic).

Highly commented on this ESR article, some people may be able to launch and run the game using Wine or a Virtualization solution. I personnaly failed to run the installer using wine and don’t have a working OpenGL with VirtualBox; too bad.

Following the departure of John Carmack, this is probably the last step showing the decline of id Software since they have been bought by Bethesda. Somewhat a shame for all of non-Windows users supporting id for many years but that’s the way it is and Defrag still runs fine.


Nightmare is a brilliant short movie directed by Patrick “dKsL” Stürmer, which is a tribute to two great russian Quake 3 players, LeXeR and uNkind.

The movie starts in a dreamish sequence introducing the players reaching the Elite Level of Q3. We then follow the players during their fights in the arenas, both of them trying to escape and frag their opponents…

Available as the 60 fps 2.5 Mb/s WebM version or the 30 fps 2 Mb/s WebM version and the original MP4 versions: 30 fps, 60 fps. Pictures are also available in a screenshots gallery.


A happy cat is a sleepy cat…

ineko ^^

GtkRadiant 1.6.4


Last week, a new version of the id Tech3 level editor has been released and binaries are available on the official website for downloads as well as the source code, hosted on GitHub.

Kudos to TTimo and the GtkRadiant team for this new release!