modsecurity on debian

Modsecuritty left me confused – i thought i had the basic rules but had the extended crs rules as well and so it did not need configuring.  Debian (my blog) wiki keeps mum on the subject as well.

I know its working although its reporting via ruby,  upgrades via python make it a multidisciplinary tool.

From what i read outside of Debian it seems to work with our stuff so it remains on.  Mystery software that sounds like a future problem for disable.

Its log messages are also hard to grep and awk.

I guess i shall be writing about mod-security rules at some point in the future…

some Debian 9.4 fun

with debian 9.4 postfix (my blog) started working once again, and opendmarc (my blog) had a funny five minutes when pidfile mismatched in the systemd config compared to the opendmarc.conf.I also needed dpkg --configure -a when apt decided stuff was still wrong with opendmarc..

who was right is a debate but I have not changed stuff i still have an opinion of systemd still sucks.

Opendmarc logging for reports also seems broken as to why i will have to look at it but it was and then it did not

I lost cups printers on an separate 686 Debian kernel but the rest of the zoo on i386 printers works so not a terrible headache

Overall forwards and a bit backwards too

Fixing systemd postfix failures via cron

Being when i write this it is winter i decided to reboot the zoos server and put in standard* more for the cooling fans, having done that (free room heat) i restarted and forget to check if postfix had started (my blog) .

Eventually i hand type the postmulti (my blog) command and it works. As reboots are rare this is not an everyday occurrence i can excuse the behaviour after all systemd wont tell me why it fails since its perfect so i must be to blame for going outside of ‘default’ systemd configuration..

So i decide to create an onboot script with cron and the @reboot command and that now starts postfix for me and does something that systemd cannot do

I imagine the idiots who develop systemd are most upset with me and will development a cron replacement that disables that feature.  If they do then i think my migration to a bsd variant will be guaranteed.

If your software sucks like systemd does then best do not blame us ‘users’ for stuff that other things can do.

*opposed to hurricane/typhoon speed which is good summer setting

apache2-doc debian weirdness fixed

If like the zoo you upgraded from debian 8 to debian 9 (my blog) then apache2-doc fails to do something on the lines of

ERROR: Conf apache2-doc does not exist!
dpkg: error processing package apache2 (–configure):

But apache still runs.  – An purge and install eg:

apt purge apache2-doc;apt install apache2-doc

Fixes it so shit software like systemd will not complain about it.  Honestly no idea why you have to do this when the version of the package was current but that’s how things go with systemd

debian 93

Did not do anything seriously nasty that i was immediately aware of and the systemd fault mentioned here (my blog) means systemd cannot load postfix on start up at all systend is very shit software.

zeitgeist-daemon is another headache with systemd as i baked a disk and could not start the x server on the machine on next login.  So i killed all my users processes [not root] and gave up and found some hardware elsewhere that worked.  I shall look into removing zeitgeist-daemon

I think i also lost x access for root in 9.2 as well not that i use it often [once a year] but having a gui as root is nicer than vi when you have four servers to do stuff to..

I could see a migration to the bsd way if things continue to go a certain way.- I demand very little but when systemd wont start stuff,magic daemons stop x and none of it your fault then perhaps linux as a server is not the thing i thought it was.

On that thought lets leave as accommodating linux quirks is possible but not that desirable perhaps you can justify calling /usr/sbin/postfix instead of using systemd in scripts but i feel perhaps there is something that works rather than is supposed too but does not.

I look forward to exploring bsd and knowing more so i can make an informed choice.

Creating and deleting files automatically in shell scripts

I frigging love linux for this shit

appends the date to filename $date + (“%Y%m%d”)


tar -zcf documents.backup.$(date +”%Y%m%d”).gz Documents

locate files of five days and older find * -type f -mtime +5

So there i was creating files and then wondering about the bother in deleting them manually when i thought there must be some way and a bit of thinking meant no human interaction from me with a cron job.

You want to the aim the find at the right place with the delete syntax which i have omitted.

Only moan i now have to delete my calender reminder i set.

Microsoft windows 10 – ransomware removal


The zoo bought some pc’s without microsft windows and when i got to install linux on it I spent a good ten minutes attempting to defeat tpm,secure boot and the windows boot manager for it had a virus on it called windows 10 *.

Quite why the fuck windows 10 has to talk to you and offers no shutdown during setup made me think of ransomware may be i think in original ways that this has never occurred to you before..

The bios really REALLY did not want me to remove the windows boot manager it kept going further and further down the list until it did get disabled – this reminding me of ransomware which happened to vista pc many years ago.

My linux on usb iso image although it worked on my usual device i wrote it to did not on the new pc. so i baked a cd image and that did, Once i installed the cdrom all was well with the universe and the ransomeware was gone from the disk..

In fact to remove the ransomware on that old pc i had to use a cd as well.  Great to see microsoft learning from the crooks.

I repurposed the usb thing for the non gpl hardware drivers.

mafia run the british red cross

It is strange that harddisks come with mafia approved virusware on them automatically , however i did find out the screen was ok, and the sound card worked. Thanks to the mafia at Microsoft.  Really wanted to not know that.

Here is a top tip: So if a new pc does not have sound  you should return it to your retailer immediately after all microsoft have decided its defective.

I wonder what other spyware courtesy of crooks and governments (my blog) was on the disk until i repartitioned it.

*no key sticker from microsoft


How much! and adverts too

also in beige

The zoo needed pc’s as some of them are well over ten years old and showing signs of hardware issues like forgetting the time** and being a bit slow with other regular seek human movements that persuaded the zoo to flash some cash on stuff..

Naturally i go to a site that i can buy to order rather than buy hp (my blog) or another brand get what we need without the crap copy of windows which is a lot cheaper than in stock and off the shelf from online retailers.


Deselecting windows 10 (my blog) resulted in the zoo shaving £100 off the bill (converted tp usd 130.00 at time i wrote this. So next time you wonder what you could do with an spare $130 makes using open source software a lot of sense.

mafia run microsoft

Apparently I also read that Microsoft are putting adverts everywhere in windows 10 so in addition to buying mafia insurance* from microsoft they also plaster adverts over it.

I am fascinated that people pay microsoft for this software via hardware vendors who i assume do it for laziness and some very shady microsoft sales staff.

Sure we have to install something on the hardware, but even windows needs setting up.

*nice shop window there, we will use it to sell your competitors products and spy on you. ** can break websites will refuse to load if your bios believes its 1/1/1980

Unreliable systemd (shit software in the mist)

Is it up or down ? systemd has one job although the megalomaniacs at the systemd project really want to make it linux itself after all who needs dns servers and other stuff – i mean they can do that too, systemd one day might build cars for elon musk.

So after fixing opendkim with my original systemd config it i turned my attention to postfix which works but systemd has decided is not loaded or active despite being so.  Go figure.

Starting postfix (via systemctl): postfix.serviceJob for postfix.service failed because
the control process exited with error code.
See “systemctl status postfix.service” and “journalctl -xe” for details.

So i go exploring the joys of systemd once more after debian 9.2 is released (my blog)

systemctl status postfix.service
● postfix.service – Postfix Mail Transport Agent
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since x; 11min ago
Docs: man:postfix(1)
Main PID: 10259 (code=exited, status=1/FAILURE)

Oct 10 14:50:22 * postfix/postfix-script[13821]: fatal: the Postfix mail system is already running
Oct 10 14:50:24 * postfix-*/postfix-script[13828]: fatal: the Postfix mail system is already running
Oct 10 14:50:25 * postfix-*/postfix-script[13835]: fatal: the Postfix mail system is already running
Oct 10 14:50:26 * postfix-*/postfix-script[13844]: fatal: the Postfix mail system is already running
Oct 10 14:50:27 * postfix-*/postfix-script[13851]: fatal: the Postfix mail system is already running
Oct 10 14:50:28* systemd[1]: postfix.service: Control process exited, code=exited status=1
Oct 10 14:50:28 * systemd[1]: Failed to start Postfix Mail Transport Agent.
Oct 10 14:50:28 * systemd[1]: postfix.service: Unit entered failed state.
Oct 10 14:50:28 * systemd[1]: postfix.service: Failed with result ‘exit-code’.
Oct 10 15:01:00 * systemd[1]: postfix.service: Dependency Before=postfix.service dropped

systemctl start postfix.service
Job for postfix.service failed because the control process exited with error code.
See “systemctl status postfix.service” and “journalctl -xe” for details.

postmulti -p status
postfix/postfix-script: the Postfix mail system is not running
postfix-*/postfix-script: the Postfix mail system is running: PID: 16077
postfix-*/postfix-script: the Postfix mail system is running: PID: 16075
postfix-*/postfix-script: the Postfix mail system is running: PID: 15993
postfix-*/postfix-script: the Postfix mail system is running: PID: 15642

for example

So regardless of whether /usr/sbin/postfix and postmutli starting in systemd  still cannot figure out whether its running or not  – well done you systemd project geniuses.

I can still run the software because i know systemd is shit at what it does but is this really the future of init systems ?   If systemd is unreliable and with distros ignoring custom systemd files then clearly systemd is not up to the job unless you think the systemd way*.

Why it starts twice now is a mystery to me and yet another systemd fuckup (my blog) to savour. although there be others well worth lol’ing over.

I do not change postfix configurations often and feel happy with postmulti so i know its not me making these changes.

Enough of that shit software i think for today

*George Orwell’s boot on face quote seems apt.