Fully automated backup for Satellite 6.4

January 16, 2019 - Reading time: ~1 minute

This is how I manage my backups in Satellite 6.4 using foreman-maintain:


#katello backup, biweekly full + daily incremental
0 2 * * 0 root expr `date +\%s` / 604800 \% 2 >/dev/null || (/usr/bin/foreman-maintain backup offline -y /opt/backups/ && ls -td -- /opt/backups/satellite-backup-* | head -n 1 > /opt/backups/latest_full; find /opt/backups/ -type d -ctime +30 -exec rm -rf {} \;)
0 2 * * 2-6 root /usr/bin/foreman-maintain backup offline -y --incremental "$(head -n1 /opt/backups/latest_full)" /opt/backups/
#this checks if the latest backup failed and cleans up anyway to free up space
0 6 * * 0 root if [[ $(find "$(cat /opt/backups/latest_full)" -mtime +15 -print) ]]; then find /opt/backups/ -type d -ctime +30 -exec rm -rf {} \;; fi

CVE-2018-19788 HUG: How to test your machines

December 17, 2018 - Reading time: ~1 minute

Albeit that chances are small you are impacted by HUG. Just to make sure I tested all my Ansible managed machines to see if none had an UID that is larger than 2147483647.

This is my shell script:

cat /etc/passwd | cut -f3 -d':' | awk '$1>2147483647'

And the Ansible command to run it on all nodes:

ansible all -m script -a hug_test.sh

Reference article

Hot adding memory to a Linux VM

December 3, 2018 - Reading time: ~1 minute

After you have added more memory on your hypervisor level, you still have to get it online. Nicolas Hurion wrote this one-liner to enable all memory in one shot:

grep line /sys/devices/system/memory/*/state | grep -i offline | sed "s/:offline//g" | sed "s/\/sys\//echo online > \/sys\//g" | /bin/bash

And this is mine but it is still 21% slower :)

grep -l offline /sys/devices/system/memory/*/state | xargs -I % sh -c 'echo online > %'

User session recording using log-user-session

August 21, 2018 - Reading time: ~1 minute

Since I needed a good way to track what users do based on their IP/SSH fingerprint I started looking and found log-user-session to be a very neat tool. I created an RPM for RHEL7 and a DEB for Ubuntu 18.04 Bionic and aside from installing the RPM/DEB you just need to make sure these 2 lines are present in /etc/ssh/sshd_config and you are good to go.

ForceCommand /usr/bin/log-user-session

For fingerprint pairing, just use the date and IP and get the fingerprint out of the secure.log/auth.log.

The GitHub page of the project

RPM for Red Hat 7

DEB for Ubuntu 18.04

FPM2 for Ubuntu 18.04

August 6, 2018 - Reading time: ~1 minute

Today I built FPM2 (Figaro's Password Manager 2) for Ubuntu 18.04 Bionic Beaver because the package has been out of the standard repositories for years and the latest one stopped having a decent functioning copy mechanism.

How I built my package:

tar -zxvf source-app.tar.gz
cd source

My package for FPM 0.79 on Ubuntu 18.04 x86_64

No audio on direct redirect using SIP (external follow up numbers) on Asterisk

May 7, 2018 - Reading time: ~1 minute

I had a set up where incoming calls and outbound calls had audio but when a call was redirected without being picked up to an external number there was no audio. This is probably because direct media is not working through NAT. To work around this I did something like this:


The directmediadeny will make sure direct media will not be used for the IP of the external SIP server. Most of the times this is a quick fix, direct media should work if your NAT set up is OK.



Koen Diels

I'm a freelance system and network engineer from Mechelen (BE) and I'm available for ad-hoc and long term projects.

>>my resume<<