Monday, September 28, 2015

fail2ban recipes

Here are some fail2ban recipes. I will update this post as I find some more.


- Add an IP/range in the recidive chaik

      fail2ban-client -vvv set recidive banip ip_address

      ip_address can be a single IP or a range (like 62.210.6.0/24)


Monday, June 22, 2015

SNMP proxy configuration

Ok, let's say you have a server or gateway that you already monitor using SNMP, but you need to also monitor other devices (switches, AP,...). There are two major ways to do it:

The first if to map all devices to their own external UDP port and make your monitoring software (Cacti, Zabbix,...) fetch the data on this port. Easy enough, but sometimes you do not have this luxury. Also it opens up the firewall on a bunch of ports which I personally don't like.

The second it to configure the SNMP server on the server or gateway so that it proxies specific communities to internal devices.

Let's take the following network architecture:
The Cacti server is already monitoring the Firewall (a Linux host). So in the Firewall snmpd configuration, you simply have to add:

view    systemview     included      .1.3.6.1
com2sec notConfigUser  default       public
group   notConfigGroup v1            notConfigUser

Then for Switch1:

# Setting up the proxy configuration for Switch1
com2sec -Cn switch1 notConfigUser  default      switch1
access  notConfigGroup switch1        any     noauth  prefix  systemview none none
proxy -Cn switch1 -v 2c -c public 10.0.9.2 .1.3

And for Server1:

# Setting up the proxy configuration for Server1
com2sec -Cn server1 notConfigUser  default      v
access  notConfigGroup v        any     noauth  prefix  systemview none none
proxy -Cn v -v 2c -c public 10.0.9.10 .1.3

Then from your Cacti server you can access the Switch1 like this:

[root@dev-ac-monitor ~]# snmpwalk -c switch1 -v1 FIREWALL_IP sysDescr
SNMPv2-MIB::sysDescr.0 = STRING: SF300-24 24-Port 10/100 Managed Switch

Note the community switch1 used in the above command...

Tuesday, May 26, 2015

ESP8266 WiFi module intro

So I received yesterday 2 of these nice ESP8266 WiFi module:


Bought it from Ebay at 3.58$ each including shipping:


It did take about 5 weeks to get here, but I was in no rush.

One thing to be carefull, this is a 3.3v device do do not plug it to anything that will bring 5v to it's inputs or you will destroy it.

Found this nice how to on using simple resistor voltage divisor and transistor to drive this module from anything 5v:


Will update in a later post my progress on using this what seems to be pretty versatile module.

Wednesday, May 20, 2015

IoT/IoE, hardware, electronics...And some Ruby to rule them all !

So last night (May 19th 2015) did a small talk at the Montreal.rb meetup (www.montreal.rb).

(Photo from @Blanckus)


While most talk at these meetup are Ruby/Rails related my talk was more on electronics, DIY/Maker stuff, IoT/IoE and yes how to use Ruby to work/control these embedded platforms.

The following is a link to the PDF version of the slides used during the presentation:

IoT-IoE, hardware, electronics...And some Ruby to rule them all ! 

Also during the presentation my small CreeperBot telepresence robot was shown:


I have committed all the files for this project to my GitHub:


Feel free to fork it and do whatever you want with it !

If you have any questions, comments, recommendations or find errors in any of the documents supplied, please feel free to drop me a line.

Embedding hardware parts in 3D prints

Yesterday I did my first attempt at embedding a nut in a print... The idea was to have the nut (8-32 hex nut) be captive in the print so i...