Journald - log rate limiting

Tue 03 November 2015 by admin

It seems to be an easy task, make available logging from haproxy to syslog. Configuration on haproxy side was pretty easy, log file start growing, but from time to time there were some pauses. Rsyslog was the first victim, I dig into limiting configuration area, but default limits doesn't apply in this particular situation. After some time I realized that this configuration also includes systemd-journal which catch-all syslog data and then send its to rsyslog. At systemd-journal level there is also ratelimit configuration and that was the point in my case.

http://www.freedesktop.org/software/systemd/man/journald.conf.html#RateLimitInterval=


How domains are being resolved ?

Thu 23 October 2014 by admin

Not so far ago I was doing some cleanup work with static entries in /etc/hosts. I was wondering how many of these static entries are being actively used. To figure out I started digging, but without much luck. Tools like strace, ltrace doesnt give me a clear look which ...

read more

How safely change ip address on remote host ?

Sun 05 October 2014 by admin

Routine task change ip address on remote host without cut off. There are a lot of possibilites i.e. from reboot with new ip address to some fancy stuff with cron job. But there is a one method to make it clear and elegant.

Simply set:

echo 1 > /proc/sys ...
read more

Zerofree your filesystem

Sat 28 September 2013 by admin

Lets assume that you have file image:

dd if=/dev/zero of=file.1 bs=4k count=128

on top of it you create filesystem ext3/ext4

mkfs.ext4 /root/file.1

mount it, create remove some files etc. and you gonna make it more space efficient, that's ...

read more

linux nocache idea

Sun 09 June 2013 by admin

Each time when you read file it's content is put into cache:

# grep -w "Cached" /proc/meminfo
Cached:           255220 kB
# cat sample.file >/dev/null
# grep -w "Cached" /proc/meminfo
Cached:           357628 kB

of course it happens when there is enough free memory. But imagine situation when you read ...

read more

hidepid capabilities of procfs

Wed 01 May 2013 by admin

RHEL 5.9 introduces new feature which allow to hide some sensitive information about process activity to non-root users.  Release notes about new RHEL version doesn't tell us too much:

Restricting Access to /proc/<PID>/
The hidepid= and gid= mount options have been added to procfs to allow
restricting ...
read more

Scan for new hard disk

Wed 01 May 2013 by admin

Useful especially in virtual environment to discover hot-added hard disk i.e.:

echo "- - -" > /sys/class/scsi_host/host2/scan
read more

Trusted Path Execution - reduce attack vector

Sat 10 November 2012 by admin

TPE is a feature presented in Grsecurity, which denies users from executing programs that are not owned by root. This approach eliminates some parts of self uploaded exploits by users.  Using Grsecurity force us to prepare custom - mainly non-distribution kernel. Nowadays TPE is prepared as separate linux kernel module, which ...

read more

Collect data about working system

Sun 15 April 2012 by admin

Pretty simple task get information about particular system, answer read documentation about it. But what if there is no documentation or it's outdated. One of the solution is to write down some outputs of basic commands, the second solution is to use dedicated software.

The first one which I ...

read more

Oracle Linux - new approach

Sat 24 March 2012 by admin

Paying for subscription or doing on your own ? Choosing the second way you probably take into consideration: CentOS or Scientific Linux, but nowadays we have another player: Oracle Linux.

We offered both the base distribution release DVDs (OL4, OL5, OL6) and the update releases, such as 5.1, 5.2 ...

read more