CAT | Tips
If you’ve already got Nagios monitoring your SSL-enabled web server, then it’s very easy to make it also warn you when your SSL certificate is soon to expire.
Simple change your check_https command definition (in the file /etc/nagios-plugins/config/http.cfg on Debian/Ubuntu) to the following:
define command{
command_name check_https
command_line /usr/lib/nagios/plugins/check_http --ssl -C 14 -H '$HOSTADDRESS$' -I '$HOSTADDRESS$'
}
The ‘14′ in the command line is the number of days prior to expiry Nagios should warn you to renew the certificate – change as appropriate.
Now Nagios will produce a warning when your SSL certificate is close to renewal time, and show status CRITICAL if you let it expire anyway.
Many networks have hosts which aren’t directly accessible via SSH, but have to be connected to via another host. This can be a pain, especially when one wishes to use scp or sftp.
For a while now I’ve been using the following in my SSH .config file to allow me to SSH ‘directly’ to such hosts:
Host ultimate-destination-name ProxyCommand ssh -q intermediary-host nc %h %p $* HostName ultimate-destination-host
Where ‘ultimate-destination-name’ is the friendly name for the remote host – this probably shouldn’t be a hostname to avoid confusion, ‘intermediary-host’ is the Internet-accessible host to connect via, and ‘ultimate-destination-host’ is the local hostname/IP for the destination machine, ie what you’d type after ssh once logged into the intermediary host.
You’ll need netcat installed on the intermediary host for this to work.
Apart from the obvious advantage of being able to just type ’ssh foo’ to get straight to host foo, this method also allows you to use your local ssh keys without any sort of trust arrangement.
Installing trac today, I realised there wasn’t any obvious way to change the date format, and all bugs report dates were showing in MM/dd/yy format – less than ideal for us here in the UK.
Fortunately, after some Googling, I found the way to alter this is to add the following to your Location tags in the Apache config:
PythonOption TracLocale en_GB
(Replacing en_GB with the appropriate locale for you).
This unfortunately doesn’t help if you have a trac installation which is likely to be used by people in multiple locales – if anyone knows of a way to achieve this a comment would be appreciated.
