paritybit.ca

Files for paritybit.ca
Log | Files | Refs | README | LICENSE
commit cb8dedf0c648c70ca22f61c1df8693a3aa1ad43e
parent 8ba7f22bec09c3e05ce2ef9c3624a5cc1f17a7c6
Author: Jake Bauer <jbauer@paritybit.ca>
Date:   Tue, 21 Mar 2023 10:54:43 -0400

*

Diffstat:

Mcontent/garden/index.md | 1+


Mcontent/garden/openbsd-desktop.md | 25+++++++++++++++++++++++++


Mcontent/garden/server-monitoring.md | 113++++++++++++++++++++++++++++++++++++++++++++++---------------------------------


Mcontent/links.md | 1+


4 files changed, 93 insertions(+), 47 deletions(-)

diff --git a/content/garden/index.md b/content/garden/index.md
@@ -49,6 +49,7 @@ Here are links, documents, and other things I found interesting that I want to g
 * [Growing in reciprocation with nature.](https://tickfoot.sensorstation.co/garden)
 * [How Browsers Work](https://www.freecodecamp.org/news/web-application-security-understanding-the-browser-5305ed2f1dac/)
 * [An Introduction to Language-Oriented Programming Using Racket](https://beautifulracket.com/)
+* [Repeat yourself, do more than one thing, and rewrite everything](https://programmingisterrible.com/post/176657481103/repeat-yourself-do-more-than-one-thing-and)
 
 ## 🌾 The Plots
 
diff --git a/content/garden/openbsd-desktop.md b/content/garden/openbsd-desktop.md
@@ -7,6 +7,31 @@ Summary: OpenBSD on the Desktop
 
 Random things that I want to make note of. Usually small tutorial snippets.
 
+## GUI Program Scaling
+
+If you're using a window manager instead of a full-blown desktop environment,
+you might need to set scaling factors so programs will scale properly on your
+display. For example, on a 1920x1080 13.3" display, 1.5x scaling can be
+preferable so text isn't too small.
+
+In your `.Xresources` file, set an appropriate font size (18 is good for the
+above situation) and Xcursor size (36).
+
+In your `.xsession` file, add the following lines:
+
+```
+export QT_SCALE_FACTOR=1.5
+export GDK_SCALE=1
+export GDK_DPI_SCALE=1.5
+```
+
+If the DPI is automatically being set to fit your screen, this will make some
+programs too large. You can set the DPI explicitly to the "standard" using:
+
+```
+xrandr --dpi 96
+```
+
 ## Sysctl Tuning
 
 A few `sysctl.conf` tweaks to increase resource limits for a workstation
diff --git a/content/garden/server-monitoring.md b/content/garden/server-monitoring.md
@@ -71,11 +71,10 @@ building dashboards plus a large library of community-made ones here:
 
 On any client that you want to monitor, install `node_exporter`, enable and
 start it, and make sure it's available over port 9100. Then, in your Prometheus
-configuration, add another `static_configs` section or another target to the
-`targets` array:
+configuration, add another `targets` section or another target to the `targets`
+array:
 
 ```
-    static_configs:
       - targets: ["example.com:9100"]
       labels:
         group: "websites"
@@ -88,26 +87,60 @@ configuration.
 
 Although Prometheus has the ability to collect various metrics, it's not really
 a solution for log monitoring. I wanted something that would notify me of any
-successful login to my servers via SSH, so I wrote the following script::
+successful login to my servers via SSH, so I wrote the following script:
 
 ```
 #!/bin/sh
 
-# Watches /var/log/authlog for successful logins and sends an email
+# Watches SSH's auth log for successful logins and sends an email on login
 
 email="jbauer@paritybit.ca"
 
-send_alert() {
-	date=$(echo "$1" | cut -d' ' -f1-2)
-	time=$(echo "$1" | cut -d' ' -f3)
-	host=$(echo "$1" | awk '{print $4}')
-	user=$(echo "$1" | awk '{print $9}')
-	addr=$(echo "$1" | awk '{print $11}')
+case "$(uname -s)" in
+"OpenBSD")
+	tail_flags="-f"
+	logfile="/var/log/authlog";;
+*)
+	# Linux, Free/Net/DragonflyBSD
+	tail_flags="-F"
+	logfile="/var/log/auth.log";;
+esac
+
+tail $tail_flags $logfile | while true; do
+	read line
+	if [ -n "$(echo $line | grep -e "sshd.*: Accepted")" ]; then
+		subject=$(echo $line | awk '{print "ALERT: Login to "$9"@"$4" from "$11" on "$1" "$2" at "$3" EOM"}')
+		echo "" | mail -s "$subject" "$email"
+	fi
+done
+```
+
+This is an efficient solution (compared to the ones below) which analyzes each
+line in the logfile and sends an email whenever it detects a login. This should
+also be fairly portable thanks to a small amount of OS detection code at the
+top. It does have a flaw where, when the daemon is restarted, it will alert on
+log lines that have already been seen because `tail` will print out a few of the
+recent lines from the file. There are a few ways that this could be addressed
+(keeping a memory of the last alert in a file, analysing the date of the log
+line, etc.) but this is good enough for my needs, especially since my servers
+don't need to reboot often.
 
-	subject="ALERT: Login to $user@$host from $addr on $date at $time EOM"
+This is run like so from cron:
 
-	echo "" | mail -s "$subject" "$email"
-}
+```
+@reboot tmux new-session -d '/usr/local/bin/authalert'
+```
+
+(I should write an rc.d file for this so it can be a daemon.)
+
+Here is a different script I also came up with:
+
+```
+#!/bin/sh
+
+# Watches /var/log/authlog for successful logins and sends an email
+
+email="jbauer@paritybit.ca"
 
 count=$(grep -e "sshd.*: Accepted" /var/log/authlog | wc -l | awk '{print $1}')
 
@@ -123,7 +156,8 @@ while true; do
 		fi
 		for i in $(seq $difference); do
 			line=$(echo "$lines" | tail -$i | head -1)
-			send_alert "$line" &
+			subject=$(echo $line | awk '{print "ALERT: Login to "$9"@"$4" from "$11" on "$1" "$2" at "$3" EOM"}')
+			echo "" | mail -s "$subject" "$email"
 		done
 	fi
 	count=$newcount
@@ -131,18 +165,13 @@ while true; do
 done
 ```
 
-Which is run like so from cron:
-
-```
-@reboot tmux new-session -d '/usr/local/bin/authalert'
-```
-
-(I should write an rc.d file for this so it can be a daemon.)
-
-This solution does use more RAM and CPU than the solution I came up with below,
-but it alerts on every login without issue and really doesn't use any
-significant amount of resources (I measured roughly a couple hundred kilobytes
-for the log data and 0.5% CPU every second).
+This solution does use more RAM and CPU than the other iterations, but it alerts
+on every login without repeats and really doesn't use any significant amount of
+resources (I measured roughly a couple hundred kilobytes for the log data and
+0.5% CPU every second). It also doesn't require detecting the OS for tail flags,
+though the logfile name would still need to be changed depending on the OS. It
+is a relatively inefficient solution though, which is why I ultimately went for
+the one above.
 
 Prior to the above solution, I stumbled upon `fwa` for OpenBSD which is able to
 watch files for changes. I coupled that program with the following script:
@@ -154,31 +183,21 @@ watch files for changes. I coupled that program with the following script:
 
 email="mail@example.com"
 
-send_alert() {
-	date=$(echo "$1" | cut -d' ' -f1-2)
-	time=$(echo "$1" | cut -d' ' -f3)
-	host=$(echo "$1" | awk '{print $4}')
-	user=$(echo "$1" | awk '{print $9}')
-	addr=$(echo "$1" | awk '{print $11}')
-
-	subject="ALERT: Login to $user@$host from $addr on $date at $time EOM"
-
-	echo "" | mail -s "$subject" "$email"
-}
-
 /usr/local/bin/fwa /var/log/authlog | while true; do
 	lastline="$(tail -3 /var/log/authlog | grep -e "sshd.*: Accepted" | tail -1 )"
 	if [ -n "$lastline" ]; then
-		send_alert "$lastline" &
+		subject=$(echo $lastline | awk '{print "ALERT: Login to "$9"@"$4" from "$11" on "$1" "$2" at "$3" EOM"}')
+		echo "" | mail -s "$subject" "$email"
 	fi
 	read discard
 done
 ```
 
-It is slightly flawed in that it will fire off an identical alert if you, for
-example, ssh into the machine in two different terminals and then exit one of
-those sessions. Note that it reads the last three lines of authlog instead of
-just the last because I found that it wouldn't alert on really quick
-operations, like when a user would `scp` a file, since the connection would
-open and close so quickly the log would already have the "Disconected" message
-instead of the "Accepted" message by the time the log was `tail`ed.
+This is the least portable of the three solutions since `fwa` is specific to
+OpenBSD. Also, it reads the last three lines of authlog instead of just the last
+because I found that it wouldn't alert on really quick operations, like when
+a user would `scp` a file, because the connection would open and close so
+quickly the log would already have the "Disconected" message instead of the
+"Accepted" message by the time the log was `tail`ed. It is also slightly flawed
+in that it will repeat an alert if you, for example, ssh into the machine in two
+different terminals and then exit one of those sessions.
diff --git a/content/links.md b/content/links.md
@@ -406,6 +406,7 @@ content of any site below does not necessarily represent my views or opinions.</
 <li><a href="https://www.marginalia.nu/">Marginalia</a></li>
 <li><a href="https://ctrl-c.club/~lettuce/">Lettuce</a></li>
 <li><a href="https://prog21.dadgum.com/">Programming in the 21st Century</a></li>
+<li><a href="https://suha.ng/">suha.ng</a></li>
 </ul>
 
 The blogroll listing is generated by exporting from <a href="https://github.com/nkanaev/yarr">yarr</a> and running the exported file through the following command: