BenV's notes


OCSP messing up your day?

by on Jan.21, 2018, under Software

I had a few people complain about their favorite browser showing an error such as:
Invalid OCSP signing certificate in OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert)

Or maybe like this:

Secure Connection Failed

An error occurred during a connection to Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

This was when they were going to a website that I host on my apache server that also serves this blog.
Knowing that my apache configuration is near perfect (*cough*) – at least, gives this server at least an A rating – I wondered what was up with Firefox now.
At least, when testing the site in Google Chrome it worked fine.

Turns out that someone did the work for me:
Hanno BΓΆck wrote a detailed post about the issue. Thanks Hanno, time to tweak some apache configuration and hope that Firefox steps up their game.
Thanks Hanno! πŸ™‚

Leave a Comment :, , , more...

Check_MK IRC_Notify new version

by on Dec.04, 2016, under Software


This weekend I found some time to upgrade my little Check_MK Notification bot a bit.
After a good fight with the perl POE framework and learning a thing or two (teaching me the price of not using my own proven bot framework :p) I did manage to get some new features built into the bot.

This bot has been in use by me and the company I work at for about a year now, proving to be a nice to have notification channel.
One of the things that sometimes annoyed me was when someone would put a ton of services in downtime – or when something really breaks and a ton of alerts go off that the bot(s) would spam tons of messages for a while. This lead to the first new feature called MUTE.
The bot can be silenced for a custom amount of time (defaulting to 5 minutes if you omit it) by simply saying “mute” to it. See the screenshot below for a demonstration.
If you feel lonely immediately after this or botched the time you can use unmute to immediately cancel the mute.

Another nice new feature are filters. The command “problems” would already show -all- problems, but I implemented a filter feature so now you can also search for specific host issues or maybe issues for a specific contact group such as “SLA”.
For example, you can now ask the bot: problems host=web;contact=SLA and it will return all hosts that report to the SLA contactgroup and have web in their hostname.
Following up on this, it is now also possible to acknowledge all these problems using the same filter technique by issuing a command like ack all host=web;contact=SLA || We are fixing stuff. Useful filter columns right now are host_name service_description notes comments contact_groups, but the filter matches on a partial key.
If you don’t feel like typing a key since you have a specific enough keyword to search on you can also simply filter like this: problems which will search in both host and service names, notes, and comments.

Another itch that needed scratching was the need for multiple IRC connections. These days we use Slack in addition to other communication tools, so a lot of colleagues are no longer found on IRC but only linger on for instance Slack. Previously this meant either the bots were no longer seen, or you needed to run it twice.
Well, the bot can now make multiple IRC connections! πŸ™‚
Simply add another [irc] and [channels] block with a (unique) number appended to it and the config parser should add a connection.
Because I wanted to have Slack working I also added support for IRC server Username and Password, but do note that I needed to set the nickname to username to get Slack to accept the connection. Also be mindful of the channels that the user you use for the bot may automatically be subscribed to, since it will report to -all- of the channels it is in.
NEW (version 1.3a): Unless you set the regonly option to 1 in the configuration file for that IRC connection. This option will make the bot ignore channels that are not in the channel list in the configuration file. Very useful for Slack and Bitlbee etc.

Here’s a screenie to show off some of the new things:

IRC_Notifications NagiosBot v1.3

IRC_Notifications NagiosBot v1.3 showing off new features

Obviously there are a bunch of fixes and improvements (*cough*) in the new version as well, so new bug reports are welcome πŸ™‚

The new 1.3a version can be downloaded here:
irc_notify-1.3a.mkp (4523 downloads)      SHA1: 26efbb637c4b69adaec1418f5b3b8b0b8bb86927  MD5: 51779dac78d5efeb39315c2ef03be41b

It should also be up soon on the Check_MK Plugin exchange soon:

Leave a Comment :, , , more...

Check_MK plugin: MTR for pretty ping graphs

by on Dec.31, 2015, under Check MK

Another day, another Check_MK plugin!
This one is inspired by smokeping, but different because it doesn’t need smokeping. It does need the tool formerly known as Matt’s TraceRoute, aka mtr. It’s installed on all my machines by default and easily available in all distro’s that are worthy. Even pokemon OS has it πŸ˜‰

The reason I wanted to build this plugin was first of all because of pretty graphs (of course!). The second reason was that my girlfriend had some network issues to figure out, but only ping and DNS resolve times don’t paint a complete picture. This plugin makes some graphs that hopefully fill that void a bit πŸ™‚

Now that you’ve skipped the last 2 paragraphs, here are some example graphs that I made while testing the plugin:

Check_MK MTR plugin's perf-o-meter

Check_MK MTR plugin’s perf-o-meter

This is the plugin status per host on the service overview page of Check_MK. As you can see I configured multiple hosts. (continue reading…)

25 Comments :, , , more...

Check_MK Custom Notifications — IRC

by on Oct.27, 2015, under Check MK

One of the cool things Check_MK offers these days is the option for custom notifications. Email notifications are of course fine, but a lot of people are also interested in Pagerduty or their own SMS service or whatnot. Personally I was interested in an IRC based notification system where alerts would simply be sent as a message into a specific channel on my IRC server.
Let’s see how we can implement that πŸ™‚
(continue reading…)

Leave a Comment more...

Slackware-current and a dedicated Terraria Server

by on Jun.30, 2015, under Software

With the v1.3 patch coming soon ™, hopefully today, it’s time to play Terraria again! πŸ™‚
One of the claims is that it will now be easier / at all possible to run multiplayer games through steam. Well, we’ll see about that, but I figured this would be a great time to get my own dedicated headless server up and running. (continue reading…)

Leave a Comment :, , , more...

Nullmailer check_mk plugin

by on Mar.20, 2015, under Check MK

Here’s another small plugin for Check_MK – this one keeps track of Nullmailer queues.

Without further delay, here’s the package:
[Download not found]
[Download not found]

For installation check out one of my older plugin posts πŸ˜‰
Have fun with this new plugin! πŸ™‚

V1.1: Updated agent to check different queue location for Debian etc. No other changes.
V1.0: Initial version

2 Comments :, more...

Slackware current upgrades readline library

by on Feb.27, 2015, under Software

Surprise, surprise, something broke with the readline library upgrade πŸ˜‰
While upgrading my slackware(64)-current installation today, this happened:

Verifying package readline-6.3-x86_64-1.txz.
Installing package readline-6.3-x86_64-1.txz:
# readline (line input library with editing features)
# The GNU Readline library provides a set of functions for use by
# applications that allow users to edit command lines as they are typed
# in. Both Emacs and vi editing modes are available. The Readline
# library includes additional functions to maintain a list of previously
# entered command lines, to recall and perhaps edit those lines, and
# perform csh-like history expansion on previous commands.
Executing install script for readline-6.3-x86_64-1.txz.
Package readline-6.3-x86_64-1.txz installed.

Package readline-5.2-x86_64-4 upgraded with new package ./readline-6.3-x86_64-1.txz.

awk: error while loading shared libraries: cannot open shared object file: No such file or directory

Package: btrfs-progs-20150213-x86_64-1.txz
β€˜/mnt/general_stores/OS/Slackware/slackware64-current/./slackware64/a/btrfs-progs-20150213-x86_64-1.txz’ -> β€˜/var/cache/packages/./slackware64/a/btrfs-progs-20150213-x86_64-1.txz’
β€˜/mnt/general_stores/OS/Slackware/slackware64-current/./slackware64/a/btrfs-progs-20150213-x86_64-1.txz.asc’ -> β€˜/var/cache/packages/./slackware64/a/btrfs-progs-20150213-x86_64-1.txz.asc’
awk: error while loading shared libraries: cannot open shared object file: No such file or directory
ERROR - Package not installed! gpg error!
awk: error while loading shared libraries: cannot open shared object file: No such file or directory

Hmz, seems like awk (which is actually gawk) hasn’t been updated yet, yet it still links to the old libreadline (5).
This in turn breaks loads of things, so while packages are still being rebuilt / link to the old libreadline this might be a good idea for now:

# This is for slackware64, drop the 64 if you run an ancient machine / install.
root@slack64:~# ln -sf /usr/lib64/ /usr/lib64/
root@slack64:~# ln -sf /usr/lib64/ /usr/lib64/

Fixed for now πŸ™‚

Leave a Comment more...

(Visma)’s AccountView and upgrades

by on Feb.18, 2015, under Software

If you’ve ever had the burden of being an admin of an office with imbeciles that use AccountView you probably already lost a bunch of hairs over it, if it didn’t push you to angry KILL CRUSH DESTROY mode (yet). Fortunately my encounters with the product are usually only in the form of “kill -9 hanging task AVWIN.EXE” or “recover from last night’s backup“. (when will those idiots start using a real database as backend instead of those easily corrupted DBF/CDX files…. idiots. Then again, the horrible garbage still uses FoxPro, so color me surprised.)
Today my boss forwarded me an email with the corresponding ‘Here, update instructions, go fix!‘ command. After a few sighs, a download and a backup of the current installation (version 9.2) I went to work.
Start the installer, next a few times, point it to the old … wait, why can’t I select the network folder that we have the old one installed on?
Apparently since version 9.3 you can’t select non local folders anymore, no matter if you select the server/standalone/workstation install.
Giving it a mapped folder location like “Y:\AccountView9” resulted in a no such location or permission denied message.
Just great.
But then I got this idea: What if I give it a symlink on a local folder?

C:\Users\Administrator> mklink /D "C:\AccountView9" "\\\AccountView\AccountView9"
symbolic link created for "C:\AccountView9" <<==>> "\\\AccountView\AccountView9"

Next I went through the 9.4a installer again and pointed it to the C:\AccountView9 symlink. Result?
SURE THING! Did you know that there’s an old installation in that folder?
Ha. I WIN πŸ˜‰

Leave a Comment more...

EnhanceIO and Check_MK plugin

by on Jan.01, 2015, under Check MK, Software

A while ago when faced ‘why is my disk slow’ I realized “hej, I have an SSD… let’s use it as cache!”.
Easier said than done, because these days you have tons of options. A quick glance at them shows BCache, DM-Cache, FaceBook’s Flash-Cache or what I went for which is based on Flash-Cache: EnhanceIO. There’s probably more of them, while writing this I ran into this article on LVM cache – sounds interesting too.
Here’s a little comparison between a few of the above options: different ssd to hdd cacheing options on (continue reading…)

5 Comments :, more...

Check_MK plugin: fail2ban

by on Nov.03, 2014, under Check MK

This one has been on my todo list for a while, so today I took a stab at it: a fail2ban plugin for Check_MK.
My previous plugin (LMSensors plugin for Check_MK) still gets quite a few hits, so I figured you guys might like this one as well.

Why? Pretty graphs of course πŸ˜‰
Another reason might be that you want to keep an eye on how many ssh bots etc fail2ban keeps out. (continue reading…)

18 Comments :, more...


  • 2018 (1)
  • 2016 (1)
  • 2015 (7)
  • 2014 (4)
  • 2013 (11)
  • 2012 (27)
  • 2011 (26)
  • 2010 (25)
  • 2009 (68)