A python script that will monitor the Bambu X1C 3D printer and send pushover notifications on gcode_state changes.
Friday, April 21, 2023
Thursday, March 4, 2021
Wednesday, August 12, 2020
Extend XFS Linux partition
Summary
- Running CentOS 8 on VMWare.
Steps
- Increase disk volume size in VMWare
- Reboot or scan for disk changes
- ls /sys/class/scsi_device/
- echo 1 > /sys/class/scsi_device/0\:0\:1\:0/device/rescan
- SSH to server
- Run the following commands (note: server data disk located at /dev/sdb)
yum install cloud-utils-growpart
growpart /dev/sdb 1
xfs_growfs -d /dev/sdb1Thursday, February 13, 2020
Receive notifications on pfsense ipsec or openvpn connection/disconnection
A couple of scripts to receive notifications for ipsec or openvpn (dis)connections on your pfsense firewall. This was tested with a Netgate SG-5100 firewall with pfsense version 2.4.4-RELEASE-p3 (amd64).
https://github.com/ChadDevOps/pfsense-vpn-notifications
SSH
https://github.com/ChadDevOps/pfsense-vpn-notifications
SSH
- SSH to your pfsense firewall. Upload files to /root/
- chmod 755
4 -rwxr-xr-x 1 root wheel 1999 Jul 17 2019 ipsec.php
4 -rwxr-xr-x 1 root wheel 198 Jul 17 2019 notify.php
4 -rwxr-xr-x 1 root wheel 308 Jul 17 2019 openvpnconnect.sh
4 -rwxr-xr-x 1 root wheel 498 Jul 17 2019 openvpndisconnect.sh
Open VPN
For open VPN:
- Login to GUI
- VPN
- Edit your OpenVPN Server
- Under Advanced Configuration, Custom options, add the following line:
client-connect /root/openvpnconnect.sh;client-disconnect /root/openvpndisconnect.sh;ipsec
Create cron to run every minute or so. This will not give exact times for connect/disconnect but within a 60 second window.
- Login to GUI
- Services
- Cron
* * * * * root /usr/local/bin/php /root/ipsec.php > /dev/null 2>&1Notifications
Setup your SMTP server. The above files utilize pfsense's php functions to send via the send_smtp_message function
- Login to GUI
- System
- Advanced
- Notifications Tab
Wednesday, February 12, 2020
AWS Lambda script to delete old indices if ES server is low on space.
A lamda script to delete old indices from AWS Elastic Search Service if it's low on space. Tested with AWS ElasticSearch Service 7.1.
https://github.com/ChadDevOps/aws-elasticsearch-lambda-delete
https://github.com/ChadDevOps/aws-elasticsearch-lambda-delete
Tuesday, February 11, 2020
AWS Kibana Open Distro Alerting to MS Teams
MS Teams is a collaboration tool similar to Slack and it comes free with office365 business subscriptions. Below is a query to update the Kibana alerting trigger message (that comes with Open Distro) to use the MS Teams message card.
Note, this will only update the first trigger. If anyone scripts this to update all triggers, please comment below.
Run the query from Kibana dev tools.
Note, this will only update the first trigger. If anyone scripts this to update all triggers, please comment below.
Run the query from Kibana dev tools.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST .opendistro-alerting-config/_update_by_query | |
| { | |
| "script": { | |
| "lang": "painless", | |
| "source": "ctx._source.monitor['triggers'][0]['actions'][0]['message_template'] = params", | |
| "params": { | |
| "source": """ | |
| { | |
| "@context": "https://schema.org/extensions", | |
| "@type": "MessageCard", | |
| "potentialAction": [ | |
| { | |
| "@type": "OpenUri", | |
| "name": "View Kibana", | |
| "targets": [ | |
| { | |
| "os": "default", | |
| "uri": "http://your.kibana.url" | |
| } | |
| ] | |
| } | |
| ], | |
| "sections": [ | |
| { | |
| "facts": [ | |
| { | |
| "name": "Trigger:", | |
| "value": "{{ctx.trigger.name}}" | |
| }, | |
| { | |
| "name": "Severity:", | |
| "value": "{{ctx.trigger.severity}}" | |
| }, | |
| { | |
| "name": "Period start:", | |
| "value": "{{ctx.periodStart}}" | |
| }, | |
| { | |
| "name": "Period end:", | |
| "value": "{{ctx.periodEnd}}" | |
| } | |
| ], | |
| "text": "Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue." | |
| } | |
| ], | |
| "summary": "Alert", | |
| "themeColor": "0072C6", | |
| "title": "{{ctx.monitor.name}}" | |
| } | |
| """, | |
| "lang" : "mustache" | |
| } | |
| }, | |
| "query": { | |
| "match": { | |
| "monitor.type" : { | |
| "query" : "monitor" | |
| } | |
| } | |
| } | |
| } |
Friday, February 7, 2020
Ubuntu 18.04 Installing ClamAV with clamonacc
A quick guide to installing ClamAV with clamonacc on Ubuntu 18.04.
Note: This was installed on a virtualmin server with clamav. Existing clamav was removed/purged via apt-get and reinstalled. clamd.conf reflects settings as part of virtualmin and clamonacc.
Install clamav and mailx
sudo apt-get install -y bsd-mailx clamav clamav-base clamav-daemon clamav-docs clamav-freshclam
Create Quarantine Folder
Create the following files (see gist files below at end of blog or here)
Enable services
systemctl enable clamav-daemon.service
systemctl enable clamonacc.service
systemctl enable clamav-freshclam.service
Add root to clamav group
Clam, by default, will run under the clamav user and group. You can choose to keep/configure this or run as root. If you scan /root or folders owned by root you can encounter lstat() errors while running under the clamav user.
usermod -a -G clamav root
Crons
00 01,13 * * * /usr/bin/freshclam --quiet
0 19 * * 1-5 nice -n 16 systemd-cat --identifier="clamav-scan" clamdscan --quiet --fdpass /home /tmp >/dev/null 2>&1
0 6 * * 6 nice -n 18 systemd-cat --identifier="clamav-scan" clamdscan --quiet --fdpass / >/dev/null 2>&1
Final Step
Note: This was installed on a virtualmin server with clamav. Existing clamav was removed/purged via apt-get and reinstalled. clamd.conf reflects settings as part of virtualmin and clamonacc.
Install clamav and mailx
sudo apt-get install -y bsd-mailx clamav clamav-base clamav-daemon clamav-docs clamav-freshclam
Create Quarantine Folder
mkdir /root/quarantine
Create the following files (see gist files below at end of blog or here)
- /etc/systemd/system/clamonacc.service
- /etc/clamav/clamd.conf
- /etc/clamav/detected.sh
Enable services
systemctl enable clamav-daemon.service
systemctl enable clamonacc.service
systemctl enable clamav-freshclam.service
Add root to clamav group
Clam, by default, will run under the clamav user and group. You can choose to keep/configure this or run as root. If you scan /root or folders owned by root you can encounter lstat() errors while running under the clamav user.
usermod -a -G clamav root
Crons
00 01,13 * * * /usr/bin/freshclam --quiet
0 19 * * 1-5 nice -n 16 systemd-cat --identifier="clamav-scan" clamdscan --quiet --fdpass /home /tmp >/dev/null 2>&1
0 6 * * 6 nice -n 18 systemd-cat --identifier="clamav-scan" clamdscan --quiet --fdpass / >/dev/null 2>&1
Final Step
- Reboot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/clamav/clamd.conf | |
| #Used with Virtualmin | |
| #Tweak as needed | |
| TCPSocket 3333 | |
| TCPAddr 127.0.0.1 | |
| User root | |
| ScanMail true | |
| ScanArchive true | |
| ArchiveBlockEncrypted false | |
| MaxDirectoryRecursion 15 | |
| FollowDirectorySymlinks false | |
| FollowFileSymlinks false | |
| ReadTimeout 180 | |
| MaxThreads 12 | |
| MaxConnectionQueueLength 15 | |
| LogSyslog false | |
| LogRotate true | |
| LogFacility LOG_LOCAL6 | |
| LogClean false | |
| LogVerbose false | |
| PreludeEnable no | |
| PreludeAnalyzerName ClamAV | |
| DatabaseDirectory /var/lib/clamav | |
| OfficialDatabaseOnly false | |
| SelfCheck 3600 | |
| Foreground false | |
| Debug false | |
| ScanPE true | |
| MaxEmbeddedPE 10M | |
| ScanOLE2 true | |
| ScanPDF true | |
| ScanHTML true | |
| MaxHTMLNormalize 10M | |
| MaxHTMLNoTags 2M | |
| MaxScriptNormalize 5M | |
| MaxZipTypeRcg 1M | |
| ScanSWF true | |
| ExitOnOOM false | |
| LeaveTemporaryFiles false | |
| AlgorithmicDetection true | |
| ScanELF true | |
| IdleTimeout 30 | |
| CrossFilesystems true | |
| PhishingSignatures true | |
| PhishingScanURLs true | |
| PhishingAlwaysBlockSSLMismatch false | |
| PhishingAlwaysBlockCloak false | |
| PartitionIntersection false | |
| DetectPUA false | |
| ScanPartialMessages false | |
| HeuristicScanPrecedence false | |
| StructuredDataDetection false | |
| CommandReadTimeout 30 | |
| SendBufTimeout 200 | |
| MaxQueue 100 | |
| ExtendedDetectionInfo true | |
| OLE2BlockMacros false | |
| AllowAllMatchScan true | |
| ForceToDisk false | |
| DisableCertCheck false | |
| DisableCache false | |
| MaxScanTime 120000 | |
| MaxScanSize 100M | |
| MaxFileSize 25M | |
| MaxRecursion 16 | |
| MaxFiles 10000 | |
| MaxPartitions 50 | |
| MaxIconsPE 100 | |
| PCREMatchLimit 10000 | |
| PCRERecMatchLimit 5000 | |
| PCREMaxFileSize 25M | |
| ScanXMLDOCS true | |
| ScanHWP3 true | |
| MaxRecHWP3 16 | |
| StreamMaxLength 25M | |
| LogFile /var/log/clamav/clamav.log | |
| LogTime true | |
| LogFileUnlock false | |
| LogFileMaxSize 0 | |
| Bytecode true | |
| BytecodeSecurity TrustSigned | |
| BytecodeTimeout 60000 | |
| OnAccessMaxFileSize 5M | |
| OnAccessMountPath /home | |
| OnAccessIncludePath /home | |
| OnAccessExcludeUname root | |
| OnAccessPrevention true | |
| OnAccessExtraScanning false | |
| VirusEvent /etc/clamav/detected.sh | |
| OnAccessExcludeRootUID yes | |
| OnAccessRetryAttempts 3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/clamonacc.service | |
| [Unit] | |
| Description=ClamAV On Access Scanner | |
| Requires=clamav-daemon.service | |
| After=clamav-daemon.service syslog.target network.target | |
| [Service] | |
| Type=simple | |
| User=root | |
| ExecStart=/usr/bin/clamonacc -F --log=/var/log/clamav/clamonacc --move=/root/quarantine | |
| Restart=on-failure | |
| RestartSec=120s | |
| [Install] | |
| WantedBy=multi-user.target |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #/etc/clamav/detected.sh | |
| #modify reply and to addresses | |
| PATH=/usr/bin | |
| alert="Signature detected: $CLAM_VIRUSEVENT_VIRUSNAME in $CLAM_VIRUSEVENT_FILENAME" | |
| logtail="$(tail -n 50 /var/log/clamav/clamav.log | tac)" | |
| # send email | |
| export HOME=/root | |
| /usr/bin/printf "Host: $HOSTNAME.\n$alert\n\ntail -n 50 /var/log/clamav/clamav.log\n\n\n$logtail" | /usr/bin/mailx -s "VIRUS ALERT - $HOSTNAME" -r REPLY@YOURDOMAIN.COM "ALERTS@YOURDOMNAIN.COM" | |
| # Send the alert to systemd logger if exist, othewise to /var/log | |
| if [[ -z $(command -v systemd-cat) ]]; then | |
| echo "$(date) - $alert" >> /var/log/clamav/detections.log | |
| else | |
| echo "$alert" | /usr/bin/systemd-cat -t clamav -p emerg | |
| fi |
Subscribe to:
Posts (Atom)