Fail2ban: Block CIDR IP Address Ranges (aka wildcard)

It has been requested to have the ability in fail2ban to block whole IP address ranges.

Yaroslav Halchenko replied, saying

we are working on the features which would occur in some 0.9.x release which would make it configurable out-of-the-box, but meanwhile you can just easily create an augmented action file where you would have customized iptables call with /XX to ban whatever big subnet you like

Well, at the time of this writing the current version is Fail2Ban v0.8.6 – and it seems to not have CIDR capabilities out of the box. However, you can still have fail2ban block an IP address by using a command like this:

fail2ban-client -vvv set apache banip 1.2.3.0/24

Your fail2ban log file ( maybe /var/log/fail2ban.log ) should have information about the rule you just added. Also, the -vvv flag tells the command to be verbose.

For the rule to take effect, you may need to wait until one of the other files fail2ban is monitoring has a change. So check out your /etc/fail2ban/jail.local file, see what is enabled, and then run touch /path/to/file on a logfile you are watching with fail2ban

Posted in Server Admin | Leave a comment

How to use http_get_request_headers with PECL_HTTP version 2

If you’re using the version 2 pecl_http (possibly version 2.0.6?) on your webserver, perhaps Ubuntu or CentOS, with PHP5, maybe 5.3, 5.4, or 5.5, you may have noticed that after getting it all installed and adding this to your php.ini file:

extension=raphf.so
extension=propro.so
extension=http.so

But then when you try and use the function get_request_headers() you end up getting:

PHP Fatal error: Call to undefined function http_get_request_headers()

Well, when this extension switched to pecl/http v2 it changed a lot of things, and global functions was one of them. It now uses namespaces, and so instead of using http_get_request_headers() you’ll need to use something like this:

$headers = \http\Env::getRequestHeader();
print_r($headers);

The check out the docs for more details on how to use the new function, basically you’ll see

getRequestHeader: Retrieve one or all headers of the current HTTP request.

Parameters:

Optional string $header_name

The key of a header to retrieve.

Returns:

  • NULL, if $header_name was not found
  • string, the compound header when $header_name was found
  • array of all headers if $header_name was not specified
Posted in Web Development | Tagged , | Leave a comment

How to install pecl pecl_http with homebrew php54 / php55

You may be tempted to try and run pecl install pecl_http if you’re using homebrew on Mac OS X in order to be able to access functions like http_get_request_headers – but there’s a better way. Instead, try using the command brew install php54-http or brew install php55-http ( depending on if you are using php 5.4 or php 5.5 with homebrew )

You can get more info about pecl_http with homebrew by using brew info php54-http or brew info php55-http ( again depending on your PHP version ).

If you have already tried pecl install pecl_http you may want to run pecl uninstall pecl_http before running the other commands.

If you have previously used something like brew install php54-http and now it doesn’t seem to be loading, check your configuration file in /usr/local/etc/php/5.4/conf.d or try doing:

brew remove php54-http

And then running:

brew install php54-http
Posted in Tech Tips | Tagged , | Leave a comment

zshell: rsync hostname completion with zsh

If you use ssh a lot with zsh and have a lot of entries in your hostsfile (/etc/hosts) you might find it convenient to disable completion from these hosts by using:

zstyle ':completion:*' hosts off

However, this may give you adverse affects, and your hostnames may stop auto-completing with rsync – in order to fix this try also adding this in to your .zshrc

zstyle -s ':completion:*:hosts' hosts _ssh_config
[[ -r ~/.ssh/config ]] && _ssh_config+=($(cat ~/.ssh/config | sed -ne 's/Host[=\t ]//p'))
zstyle ':completion:*:hosts' hosts $_ssh_config

If you also use oh-my-zsh and are still having trouble, trying adding those lines after this line:

source $ZSH/oh-my-zsh.sh
Posted in Tech Tips | Tagged , | Leave a comment

Hide “You can search from here with Google” in Chromium

If you’re running chrome in kiosk mode Google Chrome, or Chromium, or even if you are not using kiosk mode, you may have encountered the nuisance popup bubble telling you:

You can search from here with Google

According to a bug ticket you can create a master_preferences file “in the same directory as the chrome binary” and add this information to it:

{
    "distribution" : {
        "suppress_first_run_bubble": true
    }
}

That did not work for me, however, I used a command line switch ( a.k.a. a “flag” ) to successfully disable this popup balloon from showing.

Just use:

--no-first-run

When you are launching the Chrome / Chromium player.

That would look something like this on Linux:

./chrome --no-first-run

Or like this on Windows:

C:\path_to_chrome\chrome.exe --no-first-run
Posted in Linux | Tagged , | Leave a comment

strange error flushing buffer – solved

When trying to use some LAME libraries like the WAV2SWF from swftools I started gettin this error:

strange error flushing buffer

The file was still generated but it did not work.

Here’s what I did to fix:

Installed the latest version of swftools

This was done on Ubuntu but you can probably do almost the same thing on Mac OS X. I tried using homebrew but was not able to get a new enough version of the software.

Make sure you have zlib

sudo apt-get install zlib1g-dev

Or

brew install zlib

Next check the downloads page and get the latest version of the software, something like:

cd /tmp
wget "http://swftools.org/swftools-2013-04-09-1007.tar.gz"
cd swftools-2013-04-09-1007
./configure
make

You can then install this if you want, but to test I just continued without installing:

cd src
./wav2swf ~/input.wav

this gave me another error:

Error: no mp3 soundstream support compiled in.

So to get around needing support for that you can just specify some additional parameter so it doesn’t have to detect them:

./wav2swf -d -s 44100 -o ~/test.swf ~/input.wav

And voila! it worked!

Additional parameters are:

Usage: wav2swf [-o filename] file.wav
-h , --help                    Print short help message and exit
-V , --version                 Print version info and exit
-o , --output <filename>       Explicitly specify output file. (Otherwise, output will go to output.swf)
-r , --framerate <fps>         Set file framerate to <fps> frames per second.
-s , --samplerate <sps>        Set samplerate to <sps> frames per second (default: 11025).
-d , --definesound             Generate a DefineSound tag instead of streaming sound.
-l , --loop n                  (Only used with -d)
-C , --cgi                     For use as CGI- prepend http header, write to stdout.
-S , --stop                    Stop the movie at frame 0
-E , --end                     Stop the movie at the end frame
-b , --bitrate <bps>           Set mp3 bitrate to <bps> (default: 32)
-v , --verbose                 Be more verbose
Posted in Linux, Mac | Tagged , , | Leave a comment

How can I prevent zsh from autocompleting ssh hosts with the hosts file?

In bash you am able to export a variable to prevent /etc/hosts from being used with autocompletion of the ssh command:

export COMP_KNOWN_HOSTS_WITH_HOSTFILE=""

You can try that setting that in zsh but it won’t work. If you’ve tried searching in the zsh-completions directory but couldn’t find anything similar, it’s because it’s not there.

How can I prevent zsh from autocompleting ssh hosts with the hosts file?

So, how can you prevent zsh from autocompleting ssh hosts with the /etc/hosts file?

Add this to your ~/.zshrc file:

zstyle ':completion:*' hosts off
Posted in Uncategorized | Leave a comment

What does zsh-lovers do?

What is zsh-lovers? What does zsh-lovers do?

You may have run something like brew search zsh and gotten a few results:

zsh
zsh-completions
zsh-history-substring-search
zsh-lovers
zsh-syntax-highlighting
zshdb

Running brew info zsh-lovers isn’t that helpful:

zsh-lovers: stable 0.9.0
http://grml.org/zsh/#zshlovers
/usr/local/Cellar/zsh-lovers/0.9.0 (2 files, 60K) *
  Built from source
From: https://github.com/Homebrew/homebrew/commits/master/Library/Formula/zsh-lovers.rb

And neither is visiting the website that is referenced: http://grml.org/zsh/#zshlovers

So, what is zsh-lovers? And what does zsh-lovers do?

Simple! It’s just a man page with a lot of zsh examples that gets added alongside your other man pages, allowing you to run:

man zsh-lovers

And get this:

ZSH-LOVERS(1)        ZSH-LOVERS(1)
NAME
zsh-lovers - tips, tricks and examples for the Z shell
SYNOPSIS
Just read it. ;-)
OVERVIEW
Whenever we look at the zsh manual we wonder why there are no examples
or those simply things in (shell) life. The zsh contains many features,
but there was no manpage with some examples (like procmailex(5)).
That's why we wrote this manpage.
Most of the tricks and one-liner come from the mailing lists zsh-users,
zsh-workers, google, newsgroups and from ourself. See section LINKS for
details.
Note: This manpage (zsh-lovers(1)) is not an official part of the Z
shell! It's just a just for fun - manpage ;) For comments, bug reports
and feedback take a quick look at the section BUGS.
Posted in Tech Tips | Tagged | Leave a comment

Video Modal Popup similar to Apple.com for HTML5 video

I wanted to know “Are there any open source tools to create modal popups for videos like the ones used on apple.com ?”

I wanted something to do video popups in a modal like those on Apple.com – for product videos, etc. I was looking for how the popups are done on the main website – not the regular dialog popups on the apple “store” site.

After a lot of looking I found SublimeVideo which is not open source but it is free.

So, if you need it for popping up a video like how the main apple website does their videos, check out SublimeVideo and click on “lightbox”:

Video Modal Popup similar to Apple.com for HTML5 video

The customization is really easy and it is really easy to add multiple video sources / formats to have both low and high def ( HD ) video and posters, as well as a nice javascript API to interface with the video player.

Posted in Web Development | Tagged , | Leave a comment

QSFoundation/QSFoundation.h file not found – Building Quicksilver Plugins

Ok, so you’ve read the getting started guide on how to write quicksilver plugins, and read the QSApp Blog Post about how to get started with QS plugins, and checked out the Quicksilver Plugin Development Reference and checked out the repo of current plugins and visited the Quicksilver Developer Wiki and already referenced the Quicksilver Plugin Reference and read PJRobertson’s Quicksilver Plugin Reference page and now you have got your new Xcode project all setup and when you click “build” you get something like:

QSFoundation/QSFoundation.h file not found - Building Quicksilver Plugins

Here’s what to check

Make sure that in Xcode5 you have set up the SourceTrees in the preference pane – it’s under Locations -> Source Trees:

QSFoundation/QSFoundation.h file not found – Building Quicksilver Plugins

Secondly, you should have also already used git to clone the Quicksilver repo and built Quicksilver successfully. For help on this topic see Building Quicksilver.

Finally, you must have built Quicksilver for development in order for the header files to be in the right places. Here’s how to build for development:

QSFoundation/QSFoundation.h file not found – Building Quicksilver Plugins

To check and make sure the headers are in the correct place, check this folder:

/tmp/QS/build/Debug/QSFoundation.framework/Headers/

It should exist and not be empty.

For more help visit Quicksilver’s Google Group or open a support request on the Github page.

Posted in Web Development | Tagged | Leave a comment