Category Archives: Systems Administration

HTTPS + CT SCT TLS extension on my blog

Finally, I managed to enable HTTPS on my own blog!

I opted for a quick-and-dirty solution based on a self-compiled version of HAProxy in front of WordPress, statically linked to OpenSSL 1.0.2, in order to serve Certificate Transparency information during the TLS setup.

Read more …

SHA-1 sunset: valid SHA-2 chains treated as insecure

While dealing with the SHA-1 sunsetting process I encountered a problem with some certificates from StartSSL/StartCom that may lead Chrome to raise warnings or even errors on websites with updated SHA-2-only chains (at least on Microsoft Windows clients).

Chrome yellow-triangle

Read more …

Displaying pmacct country code on a Kibana 4 map

On the Integration of pmacct with ElasticSearch and Kibana post a user (Xentoo) asked how to display geographic information provided by pmacct on a Kibana 4 map using pmacct-to-elasticsearch.

An experimental feature of p2es called transformations can be used to add a Geo Point field on the basis of the country code provided by pmacct.


Read more …

DNS_FROM_AHBL_RHSBL 2.699 on Spamassassin

The public DNSBL services offered by AHBL have been shutdown.

Services and programs which used, and need to be updated in order to avoid false positives:

X-Spam-Status: No, score=0.789 tagged_above=-999 required=6
	tests=[BAYES_00=-1.9, DNS_FROM_AHBL_RHSBL=2.699,
	T_RP_MATCHES_RCVD=-0.01] autolearn=no

Spamassassin configuration, for example, needs to be fixed:

# cat /usr/share/spamassassin/ | grep AHBL
header DNS_FROM_AHBL_RHSBL    eval:check_rbl_envfrom('ahbl', '')
describe DNS_FROM_AHBL_RHSBL  Envelope sender listed in
tflags DNS_FROM_AHBL_RHSBL    net

Comment that block or (at least) force a score zero for the rule in your local configuration:

# cat /etc/spamassassin/ | grep AHBL

Integration of pmacct with ElasticSearch and Kibana

In this post I want to show a solution based on a script (pmacct-to-elasticsearch) that I made to gather data from pmacct and visualize them using Kibana/ElasticSearch. It’s far from being the state of the art of IP accounting solutions, but it may be used as a starting point for further customizations and developments.

I plan to write another post with some ideas to integrate pmacct with the canonical ELK stack (ElasticSearch/Logstash/Kibana). As usual, add my RSS feed to your reader or follow me on Twitter to stay updated!

The big picture

This is the big picture of the proposed solution:

pmacct-to-elasticsearch - The big picture

There are 4 main actors: pmacct daemons (we already saw how to install and configure them) that collect accounting data, pmacct-to-elasticsearch, which reads pmacct’s output, processes it and sends it to ElasticSearch, where data are stored and organized into indices and, at last, Kibana, that is used to chart them on a web frontend.

Read more …