Facebook Linkedin
Git Instagram
36 posts tagged


Later Ctrl + ↑

Parsing sssd debug log

Lol, hope to add more in furure

grep -v "timed event" |grep -v "timer event"|grep -v "Requesting"|grep -v "SBUS"|grep -v "callback"|grep -v "dispatch"|grep -v "a sysbus message"|grep -v "No sub-attributes for" |grep -v "reusing cached connection" |grep -v "nesting:"|grep -v "sbus_remove_watch"|grep -v "be_client_destructor"|grep -v "sdap_process_result"|grep -v "Comparing LDAP with LDAP" |grep -v "Message type:"|grep -v "unenforced gpo skipped"
 No comments    17   2017   IT   linux   sssd

More .bashrc improvements

I need to see long path and host name. And not to lose command line space at the same time:

BOLD="\[$($TTY  && /usr/bin/tput bold)\]"
COLOR_BLACK="\[$($TTY  && /usr/bin/tput setaf 0)\]"
COLOR_RED="\[$($TTY  && /usr/bin/tput setaf 1)\]"
COLOR_GREEN="\[$($TTY  && /usr/bin/tput setaf 2)\]"
COLOR_YELLOW="\[$($TTY && /usr/bin/tput setaf 3)\]"
COLOR_BLUE="\[$($TTY  && /usr/bin/tput setaf 4)\]"
COLOR_MAGENTA="\[$($TTY  && /usr/bin/tput setaf 5)\]"
COLOR_CYAN="\[$($TTY  && /usr/bin/tput setaf 6)\]"
COLOR_WHITE="\[$($TTY  && /usr/bin/tput setaf 7)\]"
COLOR_GRAY="\[$($TTY  && /usr/bin/tput setaf 8)\]"
RESET="\[$($TTY  && /usr/bin/tput sgr0)\]"

function prompt_command  {     
    local TIMESTAMP="${BOLD}${COLOR_GRAY}\D{%d/%m %H:%M:%S}${RESET}"
    local CURPWD="${BOLD}${COLOR_BLUE}${PWD/#${HOME}/~}${RESET}"

    PS1=${PS1}"└─"${TIMESTAMP}${BOLD}"-> "


 No comments    11   2017   bash   IT   linux

Google group calendars in Evolution Mail

If your organization uses Google Apps as mail service but you are using Evolution, there is no evident way to view and edit shared group calendars until recent versions. To add group calendar you need:

  1. go to calendar settings on web
  2. Calendar Address: -> ID (somenting like example.com_1d32345331343234213832@resource.calendar.google.com)
  3. Evolution -> New Calendar -> Google
  4. User name -> this ID
  5. Auth with usual name-pass or other means you use (Kerberos, OTP) in the window appear.
  6. Allow Evolution to use the Google’s resources.
 No comments    8   2017   desktop   IT   linux


Recently I have checked my messages headers of the mail that comes from the andreybondarenko.com MX and found that Google shows that my DKIM signature is invalid:

Authentication-Results: mx.google.com; dkim=temperror (no key for
 signature) header.i=@andreybondarenko.com;

In the spam score section:


However the header itself is present:

DKIM-Filter: OpenDKIM Filter v2.10.3 andreybondrenko.com CE25780BAC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=andreybondarenko.com; s=default; t=1483634085;

I have found that it’s quite common configuration error of the OpenDKIM, the selector you choose to store key can be chosen randomly, but the TXT record should match /etc/opendkim.conf. In my case:

##  Defines the name of the selector to be used when signing messages.
Selector   default

But the DNS record:

[user@andreybondarenko ~]$ dig TXT mail._domainkey.andreybondarenko.com

mail._domainkey.andreybondarenko.com. 1800 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdGRWtWPPZVIg0fy7Pr0+rsBsoL6Imt1GBE/QRd3X5Izv1iAJFUsOtea

Changing ‘Selector’ to ‘mail’ and restating opendkim (it’s faster then change DNS):

Authentication-Results: mx.google.com; dkim=pass

In the spam score section:

 No comments    37   2017   dkim   linux   mail   security

Let’s encrypt cert updates

Let’s encrypt is wonderful, but certificate are getting expired every 3 months. Since it’s a first time I need to renew them, I have done it manually. The tool authenticates you (by default) with special file created in the .well-know/acme-challenge directory of the root, so the blog engine should not interfere or rewrite anything and should not return it’s own 404 page. Historically my nginx.conf has lots of existing redirects and rules, I am too lazy to correct and simplify it, so simple

localtion ~ .well-known {
        allow all;

does not work. And I am too lazy to figure out why it is so (bad for me). So the most simple way to renew certs for me is to switch to minimal config. Putting it here for the future reference.

user  nginx;  
worker_processes  1;
error_log  /var/log/nginx/error.log;
pid        /run/nginx.pid;
events {
    worker_connections  1024;
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    server_names_hash_bucket_size 128;
    index   index.html index.htm;
    server { listen 80;
        listen [::]:80;
        server_name andreybondarenko.com;
location / {
                 root   /var/www/;

 No comments    21   2016   IT   linux   nginx

TOC and collapsible block samples

I am writing some tool for my daily work that produces fancy HTML page from RHEL, CentOS or Fedora log and config files, so it would be more easy to read them. Nothing special, just some bash scripts with sed, grep and awk that produce HTML with some CSS and JQuery.

  1. TOC I really liked: http://projects.jga.me/toc/ It’s very easy to use and implement, it just looking through the document for h1, h2, etc tags. Scope and what tags to look can be customized.
  1. Collapsible blocks sample: https://codepen.io/peternguyen/pen/hICga/

May be it would be yet another “log2html” framework in the end.

 No comments    47   2016   bash   IT   jquery   js   linux   work

Debugging Kerberos

If you need to debug Kerberos, check the time synchronization at the first place. In about 50% cases it is it.

  1. the ntpd (or chrony) should be presented in the process list
  2. they should really be configured correctly
  3. in case of the virtual host crony is preferable, with the ntpd time skew is possible

Really nice crony/ntpd comparative chart: https://chrony.tuxfamily.org/comparison.html , “Summary” section is complete.

 No comments    51   2016   chrony   kerberos   linux   ntpd   security

Not to forget: ugly font and the Opera Browser

Might be interesting for non-English speaking users of the Opera: some font on some sites are really ugly and there is no way in the interface to disable them, because they’re not system fonts, but one that web page get downloaded. --disable-remote-fonts is the option to fix them forever. Such fonts usually contain normal English glyphs, bot other are ugly. To fix it in the Gnome Shell:

  1. cp /usr/share/applications/opera.desktop ~/.local/share/application
  2. Add --disable-remote-fonts to every “Exec”. Don’t touch “TryExec”
 No comments    7   2016   desktop   linux   opera   web

Not to forget useful vi and bash settings


alias opera=opera --disable-remote-fonts
alias grep='grep --color=auto'
alias unigrep='grep -P "[^\x00-\x7F]"'
alias mkdir="mkdir -p"
alias ls='ls -lh --color=auto'


set mouse=r
syntax enable
set tabstop=4
set softtabstop=4
set expandtab
set number
set cursorline
set hlsearch
set incsearch  
set showmatch
nmap <F1> <Esc>:set nonumber<cr>                                                                                                                                             
nmap <F2> <Esc>:set number<cr>
nmap <F5> <Esc>yy<cr>
nmap <F6> <Esc>p<cr>
nmap <F8> <Esc>dd<cr>
nmap <F10> <Esc>:wq!<cr>
nmap <F12> <Esc>:q!<cr>

Not sure about ‘number’ setting, if interferes with the clipboard annoyingly, so I can turn them off.

 No comments    27   2016   bash   centos   desktop   linux   vi
Earlier Ctrl + ↓