DNS Monitoring: Check and Alert if DNS nameserver resolver of Linux machine is not properly resolving shell script. Monitor if /etc/resolv.conf DNS runs Okay


March 14th, 2024

linux-monitor-check-dns-is-resolving-fine

If you happen to have issues occasionally with DNS resolvers and you want to keep up an eye on it and alert if DNS is not properly resolving Domains, because sometimes you seem to have issues due to network disconnects, disturbances (modifications), whatever and you want to have another mean to see whether a DNS was reachable or unreachable for a time, here is a little bash shell script that does the "trick".

Script work mechacnism is pretty straight forward as you can see we check what are the configured nameservers if they properly resolve and if they're properly resolving we write to log everything is okay, otherwise we write to the log DNS is not properly resolvable and send an ALERT email to preconfigured Email address.

Below is the check_dns_resolver.sh script:

 

#!/bin/bash
# Simple script to Monitor DNS set resolvers hosts for availability and trigger alarm  via preset email if any of the nameservers on the host cannot resolve
# Use a configured RESOLVE_HOST to try to resolve it via available configured nameservers in /etc/resolv.conf
# if machines are not reachable send notification email to a preconfigured email
# script returns OK 1 if working correctly or 0 if there is issue with resolving $RESOLVE_HOST on $SELF_HOSTNAME and mail on $ALERT_EMAIL
# output of script is to be kept inside DNS_status.log

ALERT_EMAIL='your.email.address@email-fqdn.com';
log=/var/log/dns_status.log;
TIMEOUT=3; DNS=($(grep -R nameserver /etc/resolv.conf | cut -d ' ' -f2));  

SELF_HOSTNAME=$(hostname –fqdn);
RESOLVE_HOST=$(hostname –fqdn);

for i in ${DNS[@]}; do dns_status=$(timeout $TIMEOUT nslookup $RESOLVE_HOST  $i); 

if [[ “$?” == ‘0’ ]]; then echo "$(date "+%y.%m.%d %T") $RESOLVE_HOST $i on host $SELF_HOST OK 1" | tee -a $log; 
else 
echo "$(date "+%y.%m.%d %T")$RESOLVE_HOST $i on host $SELF_HOST NOT_OK 0" | tee -a $log; 

echo "$(date "+%y.%m.%d %T") $RESOLVE_HOST $i DNS on host $SELF_HOST resolve ERROR" | mail -s "$RESOLVE_HOST /etc/resolv.conf $i DNS on host $SELF_HOST resolve ERROR";

fi

 done

Download check_dns_resolver.sh here set the script to run via a cron job every lets say 5 minutes, for example you can set a cronjob like this:
 

# crontab -u root -e
*/5 * * * *  check_dns_resolver.sh 2>&1 >/dev/null

 

Then Voila, check the log /var/log/dns_status.log if you happen to run inside a service downtime and check its output with the rest of infrastructure componets, network switch equipment, other connected services etc, that should keep you in-line to proof during eventual RCA (Root Cause Analysis) if complete high availability system gets down to proof your managed Linux servers was not the reason for the occuring service unavailability.

A simplified variant of the check_dns_resolver.sh can be easily integrated to do Monitoring with Zabbix userparameter script and DNS Check Template containing few Triggers, Items and Action if I have time some time in the future perhaps, I'll blog a short article on how to configure such DNS zabbix monitoring, the script zabbix variant of the DNS monitor script is like this:

[root@linux-server bin]# cat check_dns_resolver.sh 
#!/bin/bash
TIMEOUT=3; DNS=($(grep -R nameserver /etc/resolv.conf | cut -d ' ' -f2));  for i in ${DNS[@]}; do dns_status=$(timeout $TIMEOUT nslookup $(hostname –fqdn) $i); if [[ “$?” == ‘0’ ]]; then echo "$i OK 1"; else echo "$i NOT OK 0"; fi; done

[root@linux-server bin]#


Hope this article, will help someone to improve his Unix server Infrastucture monitoring.

Enjoy and Cheers !

How to count number of ESTABLISHED state TCP connections to a Windows server


March 13th, 2024

count-netstat-established-connections-on-windows-server-howto-windows-logo-debug-network-issues-windows

Even if you have the background of a Linux system administrator, sooner or later you will have have to deal with some Windows hosts, thus i'll blog in this article shortly on how the established TCP if it happens you will have to administarte a Windows hosts or help a windows sysadmin noobie 🙂

In Linux it is pretty easy to check the number of established conenctions, because of the wonderful command wc (word count). with a simple command like:
 

$ netstat -etna |wc -l


Then you will get the number of active TCP connections to the machine and based on that you can get an idea on how busy the server is.

But what if you have to deal with lets say a Microsoft Windows 2012 /2019 / 2020 or 2022 Server, assuming you logged in as Administrator and you see the machine is quite loaded and runs multiple Native Windows Administrator common services such as IIS / Active directory Failover Clustering, Proxy server etc.
How can you identify the established number of connections via a simple command in cmd.exe?

1.Count ESTABLISHED TCP connections from Windows Command Line

Here is the answer, simply use netstat native windows command and combine it with find, like that and use the /i (ignores the case of characters when searching the string) /c (count lines containing the string) options

C:\Windows\system32>netstat -p TCP -n|  find /i "ESTABLISHED" /c
1268

Voila, here are number of established connections, only 1268 that is relatively low.
However if you manage Windows servers, and you get some kind of hang ups as part of the monitoring, it is a good idea to setup a script based on this simple command for at least Windows Task Scheduler (the equivallent of Linux's crond service) to log for Peaks in Established connections to see whether Server crashes are not related to High Rise in established connections.
Even better if company uses Zabbix / Nagios, OpenNMS or other  old legacy monitoring stuff like Joschyd even as of today 2024 used in some big of the TOP IT companies such as SAP (they were still using it about 4 years ago for their SAP HANA Cloud), you can set the script to run and do a Monitoring template or Alerting rules to draw you graphs and Trigger Alerts if your connections hits a peak, then you at least might know your Windows server is under a "Hackers" Denial of Service attack or there is something happening on the network, like Cisco Network Infrastructure Switch flappings or whatever.

Perhaps an example script you can use if you decide to implement the little nestat established connection checks Monitoring in Zabbix is the one i've writen about in the previous article "Calculate established connection from IP address with shell script and log to zabbix graphic".

2. Few Useful netstat options for the Windows system admin
 

C:\Windows\System32> netstat -bona


netstat-useful-arguments-for-the-windows-system-administrator

Cmd.exe will lists executable files, local and external IP addresses and ports, and the state in list form. You immediately see which programs have created connections or are listening so that you can find offenders quickly.

b – displays the executable involved in  creating the connection.
o – displays the owning process ID.
n – displays address and port numbers.
a – displays all connections and listening ports.

As you can see in the screenshot, by using netstat -bona you get which process has binded to which local address and the Process ID PID of it, that is pretty useful in debugging stuff.

3. Use a Third Party GUI tool to debug more interactively connection issues

If you need to keep an eye in interactive mode, sometimes if there are issues CurrPorts tool can be of a great help

currports-windows-network-connections-diagnosis-cports

CurrPorts Tool own Description

CurrPorts is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.
In addition, CurrPorts allows you to close unwanted TCP connections, kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file.
CurrPorts also automatically mark with pink color suspicious TCP/UDP ports owned by unidentified applications (Applications without version information and icons).

Sum it up

What we learned is how to calculate number of established TCP connections from command line, useful for scripting, how you can use netstat to display the process ID and Process name that relates to a used Local / Remote TCP connections, and how eventually you can use this to connect it to some monitoring tool to periodically report High Peaks with TCP established connections (usually an indicator of servere system issues).
 

Big Church Scandal in the Bulgarian Orthodox Church the developments on how the Church basic law Establishment document is illegally broken and hope and action for truth to be restored


March 12th, 2024

His-Holiness-Patriarch-Neofit-of-Bulgarian-Orthodox-Church-and-Metropolitan-of-Sofia-Blessing

Christians Wake Up !


23-september-Saint-Alexander-Nevsky-and-his-holy-relics-parts-of-which-kept-in--Cathedral-Saint-Alexander-Nevsky-Sofia
Saint Alexander Nevsky and his Holy Relics parts of which kept in Saint Alexander Nevski
(2nd Largest Orthodox Christian Cathedral on the Balkans)

"God is not in the power but in the righteousness", that are the words of Saint Alexander Nevsky recalled also by the Bulgarian Patriarch Neofit (Neofitos) on 23 of November 2019 on the feast of the Saint Warrior Alexander.
Now as the His Holyiness is in Hospital in very critical health situation, where he cannot even speak, and thus unable to take up a position on the illegal activities of some of the Synodal Elders of the l Holy Bulgarian Orthodox Church has "spit over" the Establishment documents of the Church (the so called Church "Cyrkoven Ustav" or Establishment of the Bulgarian Church, which is the next in importance after the Holy writtings (The Bible), The Church tradition and the Canons with their unwalful decision about a "New Synodal order", which takes over the rights of Priests and Layman in their God given right to choose their own eparchy spiritual head  representative the eparchy's metropolitan.

Synodal-elders-Gavriil-Seraphim-Danijl

Three of the Synodal Elders – Lovchanski Metropolitan Gavriil, Nevrokop's metropolitan Serafim (Seraphim) and Vidin's Metropoitan Danijl (Deniel), during standard Synodal session to approve the choice of the people for new Metropolitan after the the passing of our oldest and perhaps most holy Metropolitan His Holiness Joanicius of Sliven. asked the rest of Synodal Member Metropolitans to stop overriding the Bulgarian Church Establishment legislation,  and choose between the two righteous selected candidates approved by people's choice opened and legal voting, those were:

1. Ierotey (with 26 votes for) 
and
2. Michael (with 22).

It is important to say until his death bed Ierotey has been a vicar bishop of Joanicius always following, his spiritual guidance and his recommendations without breaking even the smallest, being faithful to the holy elder Joanicius.

His-Holiness-Metropolitan-Joanichius-Joanikij-of-Sliven-of-the-Bulgarian-Orthodox-Church

His All Holiness Patriarch Neofit and His Holiness Joanicius 

The metropolitans warned this "Creates a very dangerous situation, which leads in question the legal (law) establishments of the whole Church.The legitimacy of the organs and powers of rule of whole Bulgarian Orthodox Church (Bulgarian Patriarchy) BPC-BP in the face of the bulgarian country is in danger."

Metropolitan-Joseph-Amerikanski-Joseph-metropolitan-of-America-and-Canada-of-the-Bulgarian-Orthodox-Church

Bulgarian Metropolit Joseph of America, Canada and Australia came up with official statement from America since, he was unable to join the discussions of the Synod, that the taken decision is improper and he sees a ""communist shadows" in the decision for that new "synodal order" and summons every member of the Snoyd to "return the rights of everyone by following the Church Establishment legislation of BPC-BP". He came with his opinion in the matter late, and came up with his open letter to support continuing the opened procedure selection for new Sliven Metropolitan in stead of its cancellation (cassation), as the choice was made due to both country and law's norms in a very transparent way and even has been publicly shown Live on facebook.

His-Holiness-Metropolitan-Ierotey-of_Agathopol

His Holiness Ierotey

His-Holiness-Bishop-Mihail-Konstantijski

His Hoiliness Mihail

After that, unexpectedly after a personal meeting between the Metropolitan Ioan of Varna and Veliko Preslav with the Sliven's eparchy layman and priests representative and the eparchical order (where 30 out of the 90 Sliven's priests) were present who has asked Iaon (who temporary rules) over the Sliven eparchy to restore order and do venerate their choose for Metropolitan between the canonically selected according to the Bulgarian Church establishment documents following the votings strictly and choosing the 2 bishops Ierotey (Ierotheus) and (Mihail) Michael as the possible choices as well as after a high pressure of his own priests in Varna and Velikopreslov, many of whom knows well what the situation is, he takes the decision to not support the new legislation that is breaking the establishment church laws. He is soon followed by Vraca''s Metropolitan Grigorij who also decides to not support a new legislation for cancellation of the procedure for choice of new Sliven metropolitan.

Metropolitan Nikolay offers, that in their assembly of 12.03.2024 all the decisions to be cancelled, and to follow the procedure as it was choosen in their assembly on 24.02.2024.

So far so good, until now you will think, okay the new orders of the synod is against the establishment orders, but the multitude of bishops is on their way to change it again.

The_Synodal-Palace-of-the-Bulgarian-Orthodox-Church-from-where-the-Bulgarian-Church-is-governed

Whether the new orders will be accepted or not will be known on 12 of March, when these decision that Important decision affecting the future of the Bulgarian church wll be taken.
"Because the Church integrity and independence of the national liberation movements, that led to the restoration of Bulgaria in year 1878 … and is one of the main factors for the stability and secrity of our dear motherland Bulgaria" / as Metropolitans Gavriil, Seraphim and Danijl writes".
 

One of the arguments for the in hurry made decision for "new synodal order" in said to be in the "name of church unity"??. But wait with unwalfulness you cannot achieve church unity, and here is not important the majority, but the truth, that is protected by the minority, which strictly follows the Establishment document laws of the Bulgarian Church, which was accepted with a whole nation approval in which members with the choice and selection of Layman, Priest, Bishops and Metropolitans together and accepted with a consent between those.

The Church establishment document (Cyrkoven Ustav) says that any new rules out of the already set in rules, should be only introduced with the aceptance of the Church national consent in the future, and such rules should be only introduced in situations of high emergency (a situation, which we don't have in the moment).

Introducing such an unwalful things, is shameful and makes our hearts sad, as we're all part of the one holy church and this could lead to even a schism of those who decide to follow the Establishment laws and those who would follow a way of the closed up form of secret organizations, whose decision are taken only by a small group of people without venerating the people's opinion. Unfortunately now such a schism will not be created by a DS (BG Government Security Agencies) like it was in the distant year 1992, by an anti church government decision of the "director of the confessions", when he decided to "fire-up" the Patriarch of the Church Patriarch Maxim and the Holy Synod and tried to appoint a new "Alternative Synod", now from the inside some of the members of the Holy Synod, self-authorizing / self-roganizing to set on the position for new Metropolitans without taking in consideration the preference of the ordinary layman, priests, monks and even bishops and others in the Church, following some of their own financial interests.

Whether there was a phenomenal push from the outside for introducing the "new emergency orders" from the inside by Metropolitan Nikolay as people speak now publicly or another paid "force" is uknown but the internal Church coup (of exchanging the facts) is a fact.

If the new synodal order is being approved tomorrow on 12 of March, that would be also turn against the people who suggested it "the metropolitans", they could be then fired up by, those with higher positions among the metropolitans "due to emergency" and "new orders", but that would be the least of trouble, because suddenly out of a Church with a common faith and common equal decision makers, the church would turn to anti-church governed by a clique of elites who would always impose their will on the people (an anti-church), against the church being a congregartion of each of its members.


What can be done against those phenomenal corporative pressure to advantage from the Bulgarian Church (poor people donated) lands and properties ?


Postings on blogs and social networks such as facebook unfortunately is not enough, and "plus as an information leaked out" out of priest in Plovdiv's eparchy there are organized buses paid by rich Plovdiv businessmena and other People who have financial interests for Metropolitan Nikolay to achieve more power over the Church (a tendency that is seen for years now) in his attempt to took over one of the richest Eparchys and to install his pawn, that would sell church lands for cheap to the businesses and allow even more construction nearby the sea to happen in Sliven, Burgas, Pomorie, Ahtopol, Sozopol and across the Huge bulgarian Sea-Coast lands … 

Those paid people will come in front of the Synodal Palace to support the Synodal "new emergency decisions" and scandalize the ordinary Church truely beliving people and servents of Christ. Those fake and often diluded people (some of which would be even true believers), will be blinded, but most of them will be simply forced to go their by their head Metropolitan Nikolay.
Of course if this scenario would happen to a Polital movement or party that would be okay, but when these things happen in the True Church of Christ, then situation becomes absurd.
The announcements for organized buses from Plovdiv are being already hanged on many of the Churches in Plovdiv and this whole things is being made unscrupulous in the 21 century not venerating any freedom or truthfulness, blatantly. The announcement says" 


"A free of charge trip is organised for those who will to stand behind the New Synodal emergency order on 12.03.2024. To sign up go to the Church go the person selling candles. A Departure in 07:00, return in 12:00 h",
this is announced in Plovdiv's Churches.

announcement-sticked-on-Churches-in-Plovdvid-for-support-of-Synodal-new-unwalful-church-order

"Supporting the Holy Synod" is very sly formulation, which does misleads and is being presented as "the people's" support for the "Synodal orders", like it is about the exchange of the decisions of the Synod on 24 of February.

In order to protect the righteousness and holiness of the Church and its Establishment, we  should be next to the Bishops and Metropolitans, who guardian the Church as Jesus Christ ordered Saint Apostle Peter, by telling him "If you love me graze my flock", we should be next to those who venerate the decisions of the Church National Assembly accepted Church Establishment, and which should help to not accept any unwalful decisions on 12 of March (if such are being made by the Synod).

If Third of March 1878, put the stablishment of the Third Bulgarian Country, 4th of March 870 put the stablishment of the Bulgarian Church, when the Constinople's assembly accepted its autonomy.

On 12 March 2024, we still can with a peaceful presence be in front of the Synodal Building, when will be taken а crucial decision about whole Church,
Because if we have the Bulgarian Orthodox Church, we have the Bulgarian country !

Those who read that, Please pray, fervently for us  tomorrow in 9 o'clock CET for everyone that will stand up to protect the freedoms of People to continue be part of taking the important decisions in the Church !
Who can let him come, also to state his support, that Country's and God's legal law and orders should be followed !

Lets hope if Metropolitan Joanicius has the perseverance from Heaven, he can pray and put things in order shortly and all pray !

Lord Jesus Christ son of the Blessed God Have mercy on Us the Sinners ! Oh Most Holy Mother of God pray for us !

 

 

Enormous Church Scandal in the Bulgarian Orthodox Church on the selection of new Metropolitan for one of Biggest Church Eparchies the Eparchy of Sliven


February 28th, 2024

Priests-layman-monks-protest-against-Cassation-of-vote-for-New-Sliven-Metropolitan-Ierotey

Currently an enormous scandal has been ongoing in the Bulgarian Orthodox Church. The Church Mafia is fighting the People's will for choice of a Metropolitan in an attempt to 'install' a new Metropolitan, that is part of the clique clerics that has a connection to the Underground Criminal World in Bulgaria.

Sliven_Metropolitan-Ioanikij-Ikoanikius-Slivenski_mitropolit_Joanikij

Holy Liturgy Blessing of Metropolitan Ioanikij Nedelchev (Joanichius) in the Dormition of Mother of God Church in Nessebar 15 August 2008 
(Photo source Wikipedia)

The reason for the Scandal is the choice of a New Metropolitan of Sliven after the blessed passing of his Holiness Joanichius the Metropolitan of Sliven (2nd March 1939 – 9 January 2024 ), who has wisefully governed the Eparchy for almost a decate a 44 years in which he has seen the times and lived through when communist try to infiltrate the Churches completely as well as the new time after the fall of communist (socialist) regime in Bulgaria, where big part of ex-communist party has given money to different people to work and grow business for them leading to the dark years in which thje ex-communist reordered the country in a way to make each other a super rich and act only for their interests and against the interests of people, leaving a lot of people without any normal social benefits and normal standard of living for one to feel himself a person but pushing him all the time to live on the edge and just making money out of the people's tragedies for few and leaving on the border of poorness many.

Those dark years, where the country was bankrupt and people lost their money and belongings in favour of some people who become mega rich, stealing from the country's belongings selling them for pennys and destroying everything built till this moment however seems to have not ended.

The democracy and democractic choice for governors in Both the Country Stages of Power in Bulgaria (The National Assembly, President and local  city Mayers and all the other people assigned with functions to govern over the citizens) is still suppressed and people are installed on country government positions in the old communist 'scheme' of dictatorship not regarding at all the choice and will of people on who should govern the country.

So far so good everyone in Bulgaria now knows, that even though the European Union inclusion of the country and the attempt from the European Union messangers to change some realms of power distance and over-dominance of governors of Bulgaria and unwalfulness for the better, still the situation is critical and again following the old communist scheme before 1995 is again practiced fully not only in the Country but also in the Church.

Bulgarian Orthodox Church has done a lot of improvement and development at first after the great Scheme that was organized by Secret services of Bulgaria called (DS Darzhavna Sigurnost or Country Security / CS). After those terrible time of dictatorship only few of the new seclected Church highest authorities (Mitrpolitans) like Metropolitan Daniil of Vidin and Seraphim of Nevrokop as well as the old selected (during communism) but very much pious and truth loving Gavriil of Lavchanska eparchy has been legally selected venerating both the will of people and the will of the Highest Church governing Authorities, that is the Holy Synod.

Those metropolitans until today over the years, since their official election as Metropolitans after the pass of the old Metropolitans has shown their high spirituality and perseverence for God and the Church and  every normal orthodox christian in Bulgaria highly values, their good deeds for the Church, the preach and the charisma and their sincere desire and acts to help the Bulgarian Church institution rise up its position in the eyes of todays degradated youth to push back Church moral in society and educate the long time kept illiterate of faith nominal Christians in Bulgaria, just like they have done a lot to share the Gospel and help people in spiritual and material need and has truly dedicated themselves to follow the Gospel as it is preached and shown on a deed by Jesus Christ himself.

Unfortunately the old government installed Metropolitans (agents) in the Synod even though as publicly showing as a perfect and good are known by people in the country that most of them have some at least points of dark past (connection with Secret Services and compromising materials with sexual and immoral acts) that helped them to rise over the ladder of Church power to become the Metropolitans they are today.

This is not a secret to anyone in the country even though noone really speaks about it too frequent.

This is also at least partially the reason if not fully, why many people in Bulgaria even though baptized in the Church, choose to be a nominal Christians and not frequently visit Church services. I myself was one those people while my faith was missing (or partial and shaking) and took me very difficult and hard road to return back to my ancestors Orthodox faith. Many of people in Bulgaria that are about 40 – 50 has walked similar path and we all have interacted or seen some of the abnormalities in the Church and the unwalfullness in times. Don't get me wrong unlawfulness actually is normal as we're human and such we do sin all the time, but still there are some limitations on when unwalfulness that is created by our own passions ends and unwalfulness from a mania for power and money and even megalomania comes. 

The Church as everyone knows has a set of Financial activities that are interesting for people willing to live a relatively confort live and less, or people who want to become a succesful businessman in cassocs, without having too high education but having a high perseverence to follow orders without thinking of superior.
For that reason over the past years of 'pseudo' democracy, where the country shows the face of a fully free to the world even though such a democracy and law is followed only for simple things and for the big and important government questions 'its all about money' and law is not venerated.

For that reason many people that are in the High Stages in the Church, for the lack of proper spiritual elders in the Church and the activities of Bulgarian Secret Services SS (DS) operations, as well as Mafia sponsorship  has installed even from communism times till now, the pseudo spiritual pastors, who are ex or even current informers to SS / Mafia as well as because of lack of normal high church authorities, many of whom were governed by the communist party has been filled with many people unworthy due to their sinful life and thinking and unfollowing the Christ Highest standard of Love God and the Neighbor but only considering their own corrupted interests and interests of their masters to whom they seem to be simple a puppets who receive benefits for following the orders of the masters …

You would say everywhere is the same and that would be true in more a or less for each country Local / Public / Government institution.
But when the unwafulness becomes a standard and public unwalfulness is tolerated that is a indicator for either a lack of country or dictatorship in it.
If such unwafullness as unfollowing the norms of Public Law are happening in the Country every now and then that is normal, but what becomes abnormal if such anomalities has become a standard also for not only how things happen in Government Parliaments but how things happen in the Church, then this is a tragedy.
The Church has always been the Highest standard and example for people and even today for many it is still a barrometer for whereto things are going.

For those who don't know the Church's governence Authorities The Metropolitans (a High Powered Monks Bishops who give a vows for unaffection to money posetions and worldy goods that promised God to work only and mainly for the Good of the Church members the people assembly Ecclasia) has the holy duty to not only persevere for their own salvation but has taken the responsibility to lead the people following the Highest Standards of The Christ Gospel in their way to salvation. Those people in the Bulgarian Church who govern it are callet the Holy Synod (or Assembly of Metropolitans) and as of today's article writting are 28.02.2024 are numbered of 13 'elders / starci (as called in Bulgarian) who should take the important decisions for the Church, those 13 are being exchanged with others that should be selected once one passes over using a special procedure for choice that is written in the so-called 'Church institution' the Church statuses regulations, that are written and approved together with Priests ,Monks, and Laymen and has been selected to be followed as a legal internal way on how the Church takes decision of the seclection of new Metropolitans once one passes away. To this date this law has been followed and this kind of selection procedure, where the Church members the people choose on the new Metropolitan together with Priests in a special selection day that is set by the Holy Synod elders and with one Elder (A Metropolitan from the Holy Synod) who will be observer on how the people and clergy vote for their new Hierarch and as currently we had this Eparchy of Sliven His Holiness Joanichius metropolitan of Slived – Died  passing to Christ just 49 days ago and a decision was taken by the Holy Synod to organize the selection procedure for new Metropolitan. 

The procedures of selection of new Metropolitan has been followed closely up to the smallest details, and two candidates has been selected just like the Church accepted rules prescribes those was

On the first circle of selections (which by the way  were publicly translated in Facebook !!!) 3 bishops were selected

1. Ierotey of Agathopolski (received most votes)
2. Arsenij Znepolsky (second in votes)
3. Mihail Konstantijski (third in votes)

A second circle up to the official selection rules was done on which Arsenij has been put out of the list as he received only 17 votes for the people will.

 

1. Bishop Ierotey of Agatopolos spiritual district (received 26 votes by Sliven's Monks, Priests and Laymen that are part of Eparchal assembly as to the Church rules)
2. Bishop Mihail of Konstant  spiritual district (received 22 votes by Sliven's Monks, Priests and Laymen that are part of Eparchal assembly as to the Church rules)

 

His-Holiness-Bisohop-Ierotey-Kosakov-the-peoples-choice-for-new-Metropolitan-of-Sliven-Eparchy

Bishop Ierotey

 

(note both spiritual districts are no longer existing in Bulgarian Orthodox Church due to territorial change of the country and this titles are given usually to non metropolitan Bihops in the Bulgarian Church).

Possible-choice-Bishops-for-new-Metropolitan-of-Sliven-eparchy-Bulgarian-Orthodox-Church-bishops-as-of-28-02-2024

The selection process was leaded by Metropolitan Ioan (John) of eparchy Varna and Veliko Preslav. 
After the selection his Holiness John of Varna and Velikopreslav has been very happy and told publicly to the news the first part of selection of new Metropolitan for Sliven has been sucessfully finished and no any irregularities on the votes process has been seen.

The official process and practice in that case in the Bulgarian Orthodox Church so far has always been to ratify the Choice of People and select one of the two that seems for the 14 Metropolitan Eldersas the most suitable for the Eparchy to lead and teach the people on the Gospel and Christs Words and lead them in their path to Salvation and to protect the flock against heresies etc. etc.

The practice up to this date was to ratify one of the two chosen Bishops as favourites and Entrone him as the Official Governor and local Church Spiritual Leader of the Eparchy of the Holy Orthodox Church and the person who will take the important decisions for the Eparchy and by the Public head official representative of the Priests, Monks and Layman of those eparchy.

A date was set on which the Synod should come up with an information on his selection of the new Bishop of Sliven between the pre-selected ones Ierotey or Mihail.
Everyone was expecting the choice and the clirics and people of Sliven Bulgas and the many black sea Black Sea tourist famous destinations cities such as  Ahtopol, Chernomoretz, Pomorie, Rezovo as well as people from villages and everyone was waiting to celebrate and congrat their new Metropolitan and accept him in the Synodal Palace in Sliven. 

But guess what happens, the official set process of selection is cancelled in a very unwalful way out of the Sudden the Sinodal elders makes a paradoxal decision without any official explanation to cancel the prior vote selection of Metropolitan Ierotey or Mihail !!! 

During that strange behaviors there even more oddities, the Patriarch is in Hospital and unconscios and not part of the decision of the Synod, which makes the important decision out of Quorum of 14 + 1 (patriarch), moreover the strange unlogical and unargumented decision however is not approved by 3 of of the Synodal Elders


+ Gavriil
+ Seraphim 
+ Danijl

Who has the fame of the few only truthful uncorrupted or unkept by compromats or sex or other public scandals and who are serving Holy Liturgies, serving, working steadily for the goodness of church temples, the people and the interest of the Bulgarian nation.
Besides that the Patriarch did not take any decision as his health situation is unclear (some people in the Church even doubt whether he is still alive?? as no laymen or clergy man is allowed to enter the Hospital where officially he is said to be health with a severe deadly disease a cancer on the white lungs). 
Besides that the Metropolitan of America His Beautitude Yosif Metropolitan of America did not took part of the discussions in the Synodal Palace.
Meaning out of 12 present Sinodal Elders during the decision assembly in Synodal palace  only 8 do vote for and 5 vote against. Strange enough the observer of the whole voting process that took place 2 weeks ago in Sliven Sinodal Palace Joan of Veliko Preslav has also voted for the cassation of the choice??

Now Suddenly John starts suddenly talking the vote was not really done in a proper way even though he himself has been part of the vote and has confirmed after the vote that everything was flawless actual and honest and there was no corruption during the vote and again (The vote has been shown on facebook LIVE !!!).
That of course leads to the fact that someone has pushed him to make those strange choice of cassation from somewhere and to publicly claim the voting process has been compromised controrary to what he claimed earlier. 

But the strangeness here in Metropolitan voting does not end. On those same day where the Synod has chosen to cassase (cancel) the voting by sliven's eparchy people and priests, there is an offer made that the Official way of how a selection of new metropolitan is made is changed immediately !!!
The Church is immediately voted by those same 8 of Elders that has voted for the cassation and those "Elders". What a coincidence HUH


OR IS IT A CONSPIRACY ? 


And this offer to cancel the current Rules that are provided by officially Church legal binding document on the process of Choice of Metropolitan that has been used until today and whose latest revision was from 2009 and has been accepted on a Church National Assembly ratified by Layman, Deacons, Priests, Monks, Ipodeacons, Layman to be the official guide for how the voting of new metropolitan should be made as well as how to solve different complex situations that could emerge in the Church realms.

For over 150 years of the existing of new Bulgarian history, after liberation (The Church Statues state rules has been the leading guide for the Highest authorities like a help manual so things in the Church are done in lawful way and everything as transparent as possible, now without the allowness of people and clergy except the synod they want to cancel those Church Statuses not caring about the people opinion.

Sorry guys but this is the 21 century and in realms of 21 century this kind of behavior is called Dictatorship !!! Every normal member of the Bulgarian Church recognized those and now a great set of discussions in facebook and on many Bulgarian websites and informational websites are explaining a lot of hidden details on the real reasons for those scandal which in short are:
 

1. The Patriarch of the Church Neofit is near his deadbed or has passed away and this is kept in secret until new Metropolitan is installed
according to the Plans and in that way the group of Nikolay even prankly called Nikolayts (for their dedication to Nicolay) will be complete
enough in order for him to succeed to be Enthroned as next Patriarch ?


2. There is Metropolitan Nikolay who is well known by at least 10+ years that has appetite to become patriarch or to command over the whole Church Synod and Bishops and those same person has forced his protegees to make that unlogical choice as he has helped him somewhere in their career development, by installing his new protegee Arsenij or someone else under his dominance power group who he is dictating pretty much like Hitler his Gestopo (just to name one scandal person who is a famous part of his group this is Sionij who by some proven sources has been claimed to have been involved with things that does not fit to his high position in society such as pedophilia sex, alcoholism and other criminal deeds that has connection to the Secret Servies and the Mafia of Bulgaria.


3. Sliven Metropoly (Eparchy) has a lot of Public Business interest for businessman involved as the Eparchy is a common tourist destinations and a lot of investors wants to buy a cheap Church land and such a dead could be easily helped with installing the right new Metropolitan on the Eparchy Ship steering wheel. Rumors are ongoing that this two priests are receiving money to act as they did for quite some time within different circuits of the Church.


4. Both pepople and Clergy preselected Bishops Ierotey and Mihail does not have compromats and are not easily blackmailed as a consequence as many others have, and are known in the public and common people in the Church to have a good Spiritual life in Christ and are famous for their good deeds and has already helped a lot of people in need both materially and spiritually and continue to do so as their faith for Christ is real and not nominal dictated only by public and material interests and that does not fit the overall agenda.

Ierotey has been part of Sliven's eparchy for 21 years and has been next to Metropolitan Joanikij (Yoanikius) for the last 10 years and has been his Vicar Bishop and has taken care about the Graceful elder Metropolitan Joanikij while he was on a deadbed, was his spiritual Childrean of him and knows pretty well the things in the Eparchy.

While Mihail who is also serious monk and has lived a secluded life in Greek monastery and a notorious Greek Elder near Athens and has been proven to also a Quality good and Highly spiritual person and monk. 

Even though it is logical and expected by people for Ierotey to be the selected candidate as he is already known with the people for 21 years and people know them and love him.
Mihail is also a good suit because he has a good spiritual base, even though being ordered as bishop much later than Ierotey and having much less experience as such.

After the cassation the Elders did not come with an official explanation on why really the cassation was made. Secondly they had come up with a later news on bg-patriarshia.bg which is the Bulgarian Orthodox Church, with a very cloudy message that the voting is cancelled with no explanations.

Just recently after 3 of the other Metropolitans who has been against the cassation came with a very thoroughful and clearly explained position, on why changing the rules for a Metropolitan selection while the selection is ongoing is anti-Church deed which is not accepted and they throughfully explained why chaing the Church statue rules, to be legal should be made on an official Church National Assembly gathering as it was used to accept the Church statue rules after all.
In the same Church statue rules, it has been pointed that the Church rules are most important Church Organ after, Holy Bible, Holy Tradition and Canons. Church canonists of the Bulgarian Orthodox Church specialist on the topic has been already explained why a dead of changing the Church statue rules without taking in consideration the members of the church the layman and the low clergy priests, monks is totally unchurch and evil.

Intesrestingly enough two brother priests (or better say fake priests as their deeds are not worthy for priesthood) Silvestar and Evgeni ( Yanakievi ) of the Sliven Eparchy who created a lot of scandals historically in the Bulgarian Church and has pressed and harmed many normal people, has preached a lot of ultras ideas and neven stick to their right hierarchical place (presenting themselves as saints and truthful lovers of Bulgarian faiths and traditions, often rioting the people are the main people who have been 'sceaming' and attacking about venerating the legal choice of Sliven's eparchy people and priest.

In a very unscrupulous way they spread lies about people in facebook and everywhere and are presenting themselves as the protectors of truth and Christianity and people who care about the 'clearness of faith' etc. Those scandal personalities continue to put more and more disturbance in facebook and the media preaching open lies that are against the Authority and personal dignity of Bishop Ierotey who.

They publicly claim Bishop Ierotey has been making money, by selling Church lands belonging to Pomorie Monastery who he has been a bishop of, those false claims that Ierotey has stole and sold land of monastery has been publicly shown as false by official documents and are available to be seen here.

Many Church important figures such as Profesor Ivan Zhelev (who has for 25 years has been official translator of the Bulgarian Orthodox Church) and many other has given already his opinion that the situation within the Church is absurd some, can see behind the strange coincident and indeaquate reactions of most of Synodal Elders a conspiracy with some specific aims such as creating a planned Schism within the Church or complete take over of the Church highest government bodies by the Mafia in Bulgaria Underground world or / and the Secret Services (DS) who after communist are well known to have a very good connections.

Nomatter what is the reason behind the Synod activies, one thing is clear people in the Bulgarian Church are not so stupid as they thought and such an unwalfulness is not going to be tolarated by people in the mask of humility as they want to convince her!
Protests in front of Slivent's synodal palace has taken place already, and such protests are about to continue as a follow up in front of Synod especially as people want their voice to be heard and not be commanded as a dumb flock as some people seems to want, breaking all democratic norms !!!

Unfortunately the Bulgarian Orthodox Church Synod with those last indeaquate and inadequate decisions puts another spot on the reputation of the Church which anyways is not so high as of today, because of certain Metropolitans indeate talks, decisions and acts, pretty much like it happened in official govenment.
That is sad and anti-people as obviously now the recent unwalfulness was tried to be shown as absolutely canonical and good and for the good of people that decisions on who should be governing an eparchy of Bulgarian Church has to be only taken by the so called 'Elders', many of whom as today in difference with the past their ancestors has neven been a serious monks not succeeded in any spiritual deeds and has been made bihops and monks with breaking church canons or rules.

The best one could do in that terrible situation to help resolve is to sign up a petition against the unwalful decision of the Synod to cancel the vote decision made for new Sliven Metropolitan.

Lord have mercy over the Bulgarian Holy Church and keep her out of those wolves in sheeps cloting, who try to destroy your Church and flock !!!

How to do a port redirect to localhost service with socat or ncat commands to open temporary access to service not seen on the network


February 23rd, 2024

socat-simple-redirect-tcp-port-on-linux-bsd-logo

You know sometimes it is necessery to easily and temporary redirect network TCP ports to be able to be accessible from Internal DMZ-ed Network via some Local Network IP connection or if the computer system is Internet based and has an external "'real" Internet Class A / B address to be reachable directly from the internet via lets say a modern Internet browser such as Mozilla Firefox / Google Chrome Browser etc.

Such things are easy to be done with iptables if you need to do the IP redirect permanent with Firewall rule changes on Linux router with iptables.
One way to create a TCP port redirect using firewall would include few iptable rules  like for example:

1. Redirect port traffic from external TCP port source to internal one

# iptables -t nat -I PREROUTING -p tcp –dport 10000 -j REDIRECT –to-ports 80
# iptables -t nat -I OUTPUT -p tcp -o lo –dport 10000 -j REDIRECT –to-ports 80
# iptables -t nat -A OUTPUT -o lo -d 127.0.0.1 -p tcp –dport 80 -j DNAT  –to-destination 192.168.0.50:10000
# iptables -t nat -I OUTPUT –source 0/0 –destination 0/0 -p tcp –dport 80 -j REDIRECT –to-ports 10000


Then you will have 192.168.00.50:10000 listener (assuming that the IP is already configured on some of the host network interface, plugged in to the network).

 But as messing up with the firewall is not the best thing to do especially, if you need to just temporary redirect external listener port to a service configured on the server to only run on TCP port on loopback address 127.0.0.1, you can do it instead with another script or command for simplicy.

One simple way to do a port redirect on the fly on GNU / Linux or FreeBSD / OpenBSD is with socat command.

Lets say you have a running statistics of a web server Apache / Nginx / Haproxy frontend / backend statistics or whatever kind of web TCP service on port 80 on your server and this interface is on purpose configured to be reachable only on localhost interface port 80, so you can either access it by creating an ssh tunnel towards the service on 127.0.0.1 or by accessing it by redirecting the traffic towards another external TCP port, lets say 10000.

Here is how you can achieve

2. Redirect Local network accessible IP on all configured Server network interfaces port 10000 to 127.0.0.1 TCP 80 with socat

# socat tcp-l:10000,fork,reuseaddr tcp:127.0.0.1:80

If you need to access later the redirected port in a Browser, pick up the machine first configured IP and open it in a browser (assuming there is no firewall filter prohibiting access to redirected port).

root@pcfreak:~# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 109.104.212.130  netmask 255.255.255.0  broadcast 109.104.212.255
        ether 91:f8:51:03:75:e5  txqueuelen 1000  (Ethernet)
        RX packets 652945510  bytes 598369753019 (557.2 GiB)
        RX errors 0  dropped 10541  overruns 0  frame 0
        TX packets 619726615  bytes 630209829226 (586.9 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Then in a browser open http://102.104.212.130 or https://102.104.212.130 (depending on if remote service has SSL encryption enabled or not) and you're done, the configured listener Server service should pop-up on the screen.

3. Redirect IP Traffic from External IP to Localhost loopback interface with netcat ( ncat ) swiss army knife hackers and sysadmins tool

If you need to redirect lets say TCP / IP port 8000 to Port a server local binded service on TCP 80 with ncat, instead of socat (if lets say socat is not pre-installed on the machine), you can do it by simply running those two commands:

[root@server ~]# mkfifo svr1_to_svr2
[root@server ~]# ncat -vk -l 8000 < svr1_to_svr2 | ncat 127.0.0.1 80 > svr1_to_svr2
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Listening on 0.0.0.0:10000
Ncat: Connection from 10.10.258.39.
Ncat: Connection from 10.10.258.39:51813.
Ncat: Connection from 10.10.258.39.
Ncat: Connection from 10.10.258.39:23179.

 

I you don't care to log what is going on the background of connection and you simply want to background the process with a one liner command you can achive that with:


[root@server /tmp]# cd tmp; mkfifo svr1_to_svr2; (ncat -vk -l 8000 < svr1_to_svr2 | ncat 127.0.0.1 80 > svr1_to_svr2 &)
 

Then you can open the Internal Machine Port 80 TCP service on 8000 in a browser as usual.

For those who want a bit of more sophisticated proxy like script I would suggest you take a look at using netcat and a few lines of shell script loop, that can simulate a raw and very primitive proxy with netcat this is exampled in my previous article Create simple proxy server with netcat ( nc ) based utility.

Hope this article is helpful to anyone, there is plenty of other ways to do a port redirect with lets say perl, python and perhaps other micro tools. If you know of one liners or small scripts, that do it please share in comments, so we can learn from each other ! 

Enjoy ! 🙂
 

Create Haproxy Loadbalancer Access Control Lists and forward incoming frontend traffics based on simple logic


February 16th, 2024

Create-haproxy-loadbalancer-access-control-list-and-forward-frontend-traffic-based-on-simple-logic-acls-logo

Haproxy Load Balancers could do pretty much to load balance traffic between application servers. The most straight forward way to use is to balance traffic for incoming Frontends towards a Backend configuration with predefined Application machines and ports to send the traffic, where one can be the leading one and others be set as backup or we can alternatively send the traffic towards a number of machines incoming to a Frontend port bind IP listener and number of backend machine.

Besides this the more interesting capabilities of Haproxy comes with using Access Control Lists (ACLs) to forward Incoming Frontend (FT) traffic towards specific backends and ports based on logic, power ACLs gives to Haproxy to do a sophisticated load balancing are enormous. 
In this post I'll give you a very simple example on how you can save some time, if you have already a present Frontend listening to a Range of TCP Ports and it happens you want to redirect some of the traffic towards a spefic predefined Backend.

This is not the best way to it as Access Control Lists will put some extra efforts on the server CPU, but as today machines are quite powerful, it doesn't really matter. By using a simple ACLs as given in below example, one can save much of a time of writting multiple frontends for a complete sequential port range, if lets say only two of the ports in the port range and distinguish and redirect traffic incoming to Haproxy frontend listener in the port range of 61000-61230 towards a certain Ports that are supposed to go to a Common Backends to a separate ones, lets say ports 61115 and 61215.

Here is a short description on the overall screnarios. We have an haproxy with 3 VIP (Virtual Private IPs) with a Single Frontend with 3 binded IPs and 3 Backends, there is a configured ACL rule to redirect traffic for certain ports, the overall Load Balancing config is like so:

Frontend (ft):

ft_PROD:
listen IPs:

192.168.0.77
192.168.0.83
192.168.0.78

On TCP port range: 61000-61299

Backends (bk): 

bk_PROD_ROUNDROBIN
bk_APP1
bk_APP2


Config Access Control Liststo seperate incoming haproxy traffic for CUSTOM_APP1 and CUSTOM_APP2


By default send all incoming FT traffic to: bk_PROD_ROUNDROBIN

With exception for frontend configured ports on:
APP1 port 61115 
APP2 port 61215

If custom APP1 send to bk:
RULE1
If custom APP2 send to bk:
RULE2

Config on frontends traffic send operation: 

bk_PROD_ROUNDROBIN (roundrobin) traffic send to App machines all in parallel
traffic routing mode (roundrobin)
Appl1
Appl2
Appl3
Appl4

bk_APP1 and bk_APP2

traffic routing mode: (balance source)
Appl1 default serving host

If configured check port 61888, 61887 is down, traffic will be resend to configured pre-configured backup hosts: 

Appl2
Appl3
Appl4


/etc/haproxy/haproxy.cfg that does what is described with ACL LB capabilities looks like so:

#———————————————————————
# Global settings
#———————————————————————
global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#———————————————————————
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#———————————————————————
defaults
    mode                    tcp
    log                     global
    option                  tcplog
    #option                  dontlognull
    #option http-server-close
    #option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 7
    #timeout http-request    10s
    timeout queue           10m
    timeout connect         30s
    timeout client          20m
    timeout server          10m
    #timeout http-keep-alive 10s
    timeout check           30s
    maxconn                 3000


#———————————————————————
# Synchronize server entries in sticky tables
#———————————————————————

peers hapeers
    peer haproxy1-fqdn.com 192.168.0.58:8388
    peer haproxy2-fqdn.com 192.168.0.79:8388


#———————————————————————
# HAProxy Monitoring Config
#———————————————————————
listen stats 192.168.0.77:8080                #Haproxy Monitoring run on port 8080
    mode http
    option httplog
    option http-server-close
    stats enable
    stats show-legends
    stats refresh 5s
    stats uri /stats                            #URL for HAProxy monitoring
    stats realm Haproxy\ Statistics
    stats auth hauser:secretpass4321         #User and Password for login to the monitoring dashboard
    stats admin if TRUE
    #default_backend bk_Prod1         #This is optionally for monitoring backend
#———————————————————————
# HAProxy Monitoring Config
#———————————————————————
#listen stats 192.168.0.83:8080                #Haproxy Monitoring run on port 8080
#    mode http
#    option httplog
#    option http-server-close
#    stats enable
#    stats show-legends
#    stats refresh 5s
#    stats uri /stats                            #URL for HAProxy monitoring
#    stats realm Haproxy\ Statistics
#    stats auth hauser:secretpass321          #User and Password for login to the monitoring dashboard
#    stats admin if TRUE
#    #default_backend bk_Prod1           #This is optionally for monitoring backend

#———————————————————————
# HAProxy Monitoring Config
#———————————————————————
# listen stats 192.168.0.78:8080                #Haproxy Monitoring run on port 8080
#    mode http
#    option httplog
#    option http-server-close
#    stats enable
#    stats show-legends
#    stats refresh 5s
#    stats uri /stats                            #URL for HAProxy monitoring
#    stats realm Haproxy\ Statistics
#    stats auth hauser:secretpass123          #User and Password for login to the monitoring dashboard
#    stats admin if TRUE
#    #default_backend bk_DKV_PROD_WLPFO          #This is optionally for monitoring backend


#———————————————————————
# frontend which proxys to the backends
#———————————————————————
frontend ft_PROD
    mode tcp
    bind 192.168.0.77:61000-61299
        bind 192.168.0.83:51000-51300
        bind 192.168.0.78:51000-62300
    option tcplog
        # (4) Peer Sync: a sticky session is a session maintained by persistence
        stick-table type ip size 1m peers hapeers expire 60m
# Commented for change CHG0292890
#   stick on src
    log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tw/%Tc/%Tt\ %B\ %ts\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq
        acl RULE1 dst_port 61115
        acl RULE2 dst_port 61215
        use_backend APP1 if app1
        use_backend APP2 if app2
    default_backend bk_PROD_ROUNDROBIN


#———————————————————————
# round robin balancing between the various backends
#———————————————————————
backend bk_PROD_ROUNDROBIN
    mode tcp
    # (0) Load Balancing Method.
    balance roundrobin
    # (4) Peer Sync: a sticky session is a session maintained by persistence
    stick-table type ip size 1m peers hapeers expire 60m
    # (5) Server List
    # (5.1) Backend
    server appl1 10.33.0.50 check port 31232
    server appl2 10.33.0.51 check port 31232 
    server appl2 10.45.0.78 check port 31232 
    server appl3 10.45.0.79 check port 31232 

#———————————————————————
# source balancing for the GUI
#———————————————————————
backend bk_APP2
    mode tcp
    # (0) Load Balancing Method.
    balance source
    # (4) Peer Sync: a sticky session is a session maintained by persistence
    stick-table type ip size 1m peers hapeers expire 60m
        stick on src
    # (5) Server List
    # (5.1) Backend
    server appl1 10.33.0.50 check port 55232
    server appl2 10.32.0.51 check port 55232 backup
    server appl3 10.45.0.78 check port 55232 backup
    server appl4 10.45.0.79 check port 55232 backup

#———————————————————————
# source balancing for the OLW
#———————————————————————
backend bk_APP1
    mode tcp
    # (0) Load Balancing Method.
    balance source
    # (4) Peer Sync: a sticky session is a session maintained by persistence
    stick-table type ip size 1m peers hapeers expire 60m
        stick on src
    # (5) Server List
    # (5.1) Backend
    server appl1 10.33.0.50 check port 53119
    server appl2 10.32.0.51 check port 53119 backup
    server appl3 10.45.0.78 check port 53119 backup
    server appl4 10.45.0.79 check port 53119 backup

 

You can also check and download the haproxy.cfg here.
Enjjoy !

Must have software on freshly installed windows – Essential Software after fresh Windows install


March 18th, 2016

Install-update-multiple-programs-applications-at-once-using-ninite

If you're into IT industry even if you don't like installing frequently Windows or you're completely Linux / BSD user, you will certainly have a lot of friends which will want help from you to re-install or fix their Windows 7 / 8 / 10 OS. At least this is the case with me every year, I'm kinda of obliged to install fresh windowses on new bought friends or relatives notebooks / desktop PCs.

Of course according to for whom the new Windows OS installed the preferrences of necessery software varies, however more or less there is sort of standard list of Windows Software which is used daily by most of Avarage Computer user, such as:
 

Not to forget a good candidate from the list to install on new fresh windows Installation candidates are:

  • Winrar
  • PeaZIP
  • WinZip
  • GreenShot (to be able to easily screenshot stuff and save pictures locally and to the cloud)
  • AnyDesk (non free but very functional alternative to TeamViewer) to be able to remotely access remote PC
  • TightVNC
  • ITunes / Spotify (for people who have also iPhone smart phone)
  • DropBox or pCloud (to have some extra cloud free space)
  • FBReader (for those reading a lot of books in different formats)
  • Rufus – Rufus is an efficient and lightweight tool to create bootable USB drives. It helps you to create BIOS or UEFI bootable devices. It helps you to create Windows TO Go drives. It provides support for various disk, format, and partition.
  • Recuva is a data recovery software for Windows 10 (non free)
  • EaseUS (for specific backup / restore data purposes but unfortunately (non free)
  • For designers
  • Adobe Photoshop
  • Adobe Illustrator
  • f.lux –  to control brightness of screen and potentially Save your eyes
  • ImDisk virtual Disk Driver
  • KeePass / PasswordSafe – to Securely store your passwords
  • Putty / MobaXterm / SecureCRT / mPutty (for system administrators and programmers that has to deal with Linux / UNIX)

I tend to install on New Windows installs and thus I have more or less systematized the process.

I try to usually stick to free software where possible for each of the above categories as a Free Software enthusiast and luckily nowadays there is a lot of non-priprietary or at least free as in beer software available out there.

For Windows sysadmins or College and other public institutions networks including multiple of Windows Computers which are not inside a domain and also for people in computer repair shops where daily dozens of windows pre-installs or a set of software Automatic updates are  necessery make sure to take a look at Ninite

ninite-automate-windows-program-deploy-and-update-on-new-windows-os-openoffice-screenshot

As official website introduces Ninite:

Ninite – Install and Update All Your Programs at Once

Of course as Ninite is used by organizations as NASA, Harvard Medical School etc. it is likely the tool might reports your installed list of Windows software and various other Win PC statistical data to Ninite developers and most likely NSA, but this probably doesn't much matter as this is probably by the moment you choose to have installed a Windows OS on your PC.

ninite-choises-to-build-an-install-package-with-useful-essential-windows-software-screenshot
 

For Windows System Administrators managing small and middle sized network PCs that are not inside a Domain Controller, Ninite could definitely save hours and at cases even days of boring install and maintainance work. HP Enterprise or HP Inc. Employees or ex-employees would definitely love Ninite, because what Ninite does is pretty much like the well known HP Internal Tool PC COE.

Ninite could also prepare an installer containing multiple applications based on the choice on Ninite's website, so that's also a great thing especially if you need to deploy a different type of Users PCs (Scientific / Gamers / Working etc.)

Perhaps there are also other useful things to install on a new fresh Windows installations, if you're using something I'm missing let me know in comments.

Create Bootable Windows installer USB from a MAC PC, MacBook host or Linux Desktop computer


February 8th, 2024

Creating Windows bootable installer with Windows Media Creation tool is easy, but sometimes if you're a geek like me you don't have a Windows personal PC at home and your Work PC is so paranoidly restricted by its administrator through paranoid Domain Controller Policies, that you can only copy from a USB drive towards the Win PC but you cannot write to the USB. 

1. Preparing Linux installer USB via Mac's Boot Camp Assistant

If you're lucky you might have a MAC Book Air or some kind of other mac PC, if that is the case you can burn the Windows Installer iso, with the Native Mac tool called BootCamp Assistant, by simply downloading the Win Boot ISO, launching the app and burning it:

Finder > Applications > Utilities and open Boot Camp Assistant.

create-windows-10-bootable-installer-usb-mac-screenshot.png

2. Preparing Bootable Windows installer on Linux host machine

On DEBIAN / UBUNTU and other Deb based Linuxes

# apt install gddrescue 

On CENTOS / FEDORA :

# dnf install ddrescue

To install the Windows Image to the right USB drive, first find it out with fdisk and list it:

# fdisk -l
 

Disk /dev/sdb: 14.41 GiB, 15472047104 bytes, 30218842 sectors
Disk model: DataTraveler 3.0
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xc23dc587

Device     Boot    Start      End  Sectors  Size Id Type
/dev/sdb1           8192 30216793 30208602 14.4G  7 HPFS/NTFS/exFAT
/dev/sdb2       30216794 30218841     2048    1M  e W95 FAT16 (LBA)

Then Use ddrescue to create the bootable MS windows Installer USB disk.

# ddrescue windows10.iso /dev/sd1 –force -D

3. Using GUI Linux tool WoeUSB-ng to prepare Microsoft Windows start up USB drive

If you're a lazy Linux user and you plan to prepare up to date Windows image files regularly, perhaps the WoeUSB-ng Graphical tool will suit you better, to use it you will have to install a bunch of python libraries.
 

On Ubuntu Linux:

# apt install git p7zip-full python3-pip python3-wxgtk4.0 grub2-common grub-pc-bin
# pip3 install WoeUSB-ng

On Fedora Linux:

dnf install git p7zip p7zip-plugins python3-pip python3-wxpython4
# sudo pip3 install WoeUSB-ng

Launch the WoeUSB-ng program :

 

$ python3 /usr/local/bin/woeusbgui

 

Download, the latest Version of Windows Installer .ISO IMAGE file, plug in your USB flash disk and let the program burn the ISO and create the GRUB boot loader, that will make WIndows installer bootable on your PC.

WoeUSB-ng-python-burn-windows-installer.-tool-screenshot

With WoeUSB-ng you have to be patient, it will take some time to prepare and copy the Windows installer content and will take about 15 to 20 minutes from my experience to finalize the GRUB records required, that will make the new burnt ISO bootable.


Then just plug it in to your Desktop PC or laptop, virtual machine, whatever where you would like to install the Windows from its latest installation Source image and Go on with doing the necessery evil to have Microsoft Spy on you permanently.

P.S. I just learned, from colleagues from Kvant Serviz (a famous hardware second hand, shop and repair shop here in Bulgaria, that nowadays Windows has evolved to the points, they can and they actually do overwrite the PC BIOS / UEFI as part of updates without any asking the end user !!!
At first I disbelived that, but after a short investigation online it turned out this is true, 
there are discussions online from people complaining, that WIndows updates has ovewritten their current BIOS settings and people complaining BIOS versions are ovewritten.

Enjoy your new personal Spy OS ! 🙂

How to run SSH server Mac OS X and set it to auto boot on Mac Book system start


February 5th, 2024

mac os X

How to run SSH Server on Mac OS X to administrate remotely your MAC OS to access remote MacBook Air or Mac OS 

Linux / UNIX users know it is pretty easy to run OpenSSH server on old Linux SystemV releases

it is done with cmd:

# /etc/init.d/sshd start


On newer Linux distros where systemd is the standard it is done wtih:

# systemctl start ssh.service

To enable ssh service on boot on systemd distros

# systemctl enable ssh.service


To enable SSH access on Mac OS X this is done wtih a simple command

To check the status of SSH server being on or OFF, either connect with netcat to TCP port 22, which is usually installed by default on most MAC OS-es or run:

# systemsetup -getremotelogin

To start and enable SSH service on Mac OS X run:

# systemsetup -setremotelogin on 


If you later need to turn off the SSH service

# systemsetup -setremotelogin off

Actually systemsetup command can do pretty much on MAC OS X and it is worthy to take a look at it, if you're running a MAC PC or Mac Book laptop.

systemsetup can set the current date, change time server host, set computer name (hostname) and much more.

sh-3.2# systemsetup -help

systemsetup Help Information
————————————-
Usage: systemsetup -getdate
        Display current date.

Usage: systemsetup -setdate <mm:dd:yy>
        Set current date to <mm:dd:yy>.

Usage: systemsetup -gettime
        Display current time.

Usage: systemsetup -settime <hh:mm:ss>
        Set current time to <hh:mm:ss>.

Usage: systemsetup -gettimezone
        Display current time zone.

Usage: systemsetup -settimezone <timezone>
        Set current time zone to <timezone>. Use "-listtimezones" to list time zones.

Usage: systemsetup -listtimezones
        List time zones supported by this machine.

Usage: systemsetup -getusingnetworktime
        Display whether network time is on or off.

Usage: systemsetup -setusingnetworktime <on off>
        Set using network time to either <on> or <off>.

Usage: systemsetup -getnetworktimeserver
        Display network time server.

Usage: systemsetup -setnetworktimeserver <timeserver>
        Set network time server to <timeserver>.

Usage: systemsetup -getsleep
        Display amount of idle time until computer, display and hard disk sleep.

Usage: systemsetup -setsleep <minutes>
        Set amount of idle time until computer, display and hard disk sleep to <minutes>.
        Specify "Never" or "Off" for never.

Usage: systemsetup -getcomputersleep
        Display amount of idle time until computer sleeps.

Usage: systemsetup -setcomputersleep <minutes>
        Set amount of idle time until compputer sleeps to <minutes>.
        Specify "Never" or "Off" for never.

Usage: systemsetup -getdisplaysleep
        Display amount of idle time until display sleeps.

Usage: systemsetup -setdisplaysleep <minutes>
        Set amount of idle time until display sleeps to <minutes>.
        Specify "Never" or "Off" for never.

Usage: systemsetup -getharddisksleep
        Display amount of idle time until hard disk sleeps.

Usage: systemsetup -setharddisksleep <minutes>
        Set amount of idle time until hard disk sleeps to <minutes>.
        Specify "Never" or "Off" for never.

Usage: systemsetup -getwakeonmodem
        Display whether wake on modem is on or off.

Usage: systemsetup -setwakeonmodem <on off>
        Set wake on modem to either <on> or <off>.

Usage: systemsetup -getwakeonnetworkaccess
        Display whether wake on network access is on or off.

Usage: systemsetup -setwakeonnetworkaccess <on off>
        Set wake on network access to either <on> or <off>.

Usage: systemsetup -getrestartpowerfailure
        Display whether restart on power failure is on or off.

Usage: systemsetup -setrestartpowerfailure <on off>
        Set restart on power failure to either <on> or <off>.

Usage: systemsetup -getrestartfreeze
        Display whether restart on freeze is on or off.

Usage: systemsetup -setrestartfreeze <on off>
        Set restart on freeze to either <on> or <off>.

Usage: systemsetup -getallowpowerbuttontosleepcomputer
        Display whether the power button is able to sleep the computer.

Usage: systemsetup -setallowpowerbuttontosleepcomputer <on off>
        Enable or disable whether the power button can sleep the computer.

Usage: systemsetup -getremotelogin
        Display whether remote login is on or off.

Usage: systemsetup -setremotelogin <on off>
        Set remote login to either <on> or <off>. Use "systemsetup -f -setremotelogin off" to suppress prompting when turning remote login off.

Usage: systemsetup -getremoteappleevents
        Display whether remote apple events are on or off.

Usage: systemsetup -setremoteappleevents <on off>
        Set remote apple events to either <on> or <off>.

Usage: systemsetup -getcomputername
        Display computer name.

Usage: systemsetup -setcomputername <computername>
        Set computer name to <computername>.

Usage: systemsetup -getlocalsubnetname
        Display local subnet name.

Usage: systemsetup -setlocalsubnetname <name>
        Set local subnet name to <name>.

Usage: systemsetup -getstartupdisk
        Display current startup disk.

Usage: systemsetup -setstartupdisk <disk>
        Set current startup disk to <disk>.

Usage: systemsetup -liststartupdisks
        List startup disks on this machine.

Usage: systemsetup -getwaitforstartupafterpowerfailure
        Get the number of seconds after which the computer will start up after a power failure.

Usage: systemsetup -setwaitforstartupafterpowerfailure <seconds>
        Set the number of seconds after which the computer will start up after a power failure. The <seconds> value must be a multiple of 30 seconds.

Usage: systemsetup -getdisablekeyboardwhenenclosurelockisengaged
        Get whether or not the keyboard should be disabled when the X Serve enclosure lock is engaged.

Usage: systemsetup -setdisablekeyboardwhenenclosurelockisengaged <yes no>
        Set whether or not the keyboard should be disabled when the X Serve enclosure lock is engaged.

Usage: systemsetup -version
        Display version of systemsetup tool.

Usage: systemsetup -help
        Display help.

Usage: systemsetup -printCommands
        Display commands.

 

Enabling SSH in Mac OS X computers can be done also from Graphical interface for the lazy ones.

enable-ssh-mac-remote-login-from-mac-OS-X-gui