How to Create a Self Signed TLS Certificate in Linux

Here is a quick way to create a self signed certificate in Linux.

Run the following command. Fill out the required info.

openssl req -x509 -sha256 -nodes -days 3652 -newkey rsa:4096 -keyout /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt
chmod 400 /etc/pki/tls/private/localhost.key

Now in your Apache or Nginx files, specify the path to the Key and the Certificate.

Note that if you’ll need to add the

Give Ubuntu User Access to Run Docker?

By default on Debian based systems, Docker needs the sudo command to run. We can add a normal user to the Docker group so we don’t have to.

sudo usermod -aG docker username

Change out the username to your Ubuntu username.

The -a option means append the group to the username. It does not remove the user from current groups.
the -G option means add the specified group.

How to Undelete Files on XFS Filesystem

There are a couple different options for undeleting files for XFS filesystems.


TestDisk is a great command line recovery tool. Unfortunately, it can be slightly more difficult on systems using XFS compared to EXT4 systems. TestDisk does not support undeleting a file in place on XFS.

You can still recover files using TestDisk, you just need to recover the whole drive and dig through the recovery results to find the files you want.


There is also another utility that can be helpful. xfs_undelete

It allows for a little more flexibility in recovering files. For instance, you can specify to recover the files from the past hour to recover.

Download prerequisites

sudo dnf install tcllib
chmod u+x ./xfs_undelete


Example of running xfs_undelete

./xfs_undelete -t -1hour ./dev/sda2

You will need a different filesystem to save the files to. Otherwise you will receive the following error.

Your output directory is  /home/bob/recovery/
That is within the filesystem  /  you want to recover files
from. This isn't feasible as it would overwrite the deleted files you wanted to
recover. Please specify the option -o /path/to/output_directory on another (rw
mounted) filesystem or run xfs_undelete from within a directory on that
filesystem so the recovered files could be written there. They cannot be
recovered in place.

It’s not the greatest idea to recover on the system while running. Ideally, shut the system down, plug the drive into another machine as read only, and copy the files off.

You could also boot up in single user mode or a live Linux iso/thumbdrive and mount another recovery drive. Should work for both physical and virtual environments.

Log rotation for rsyslog using fixed size

We’ll follow the documentation from here.

Changes are made to the /etc/rsyslog.conf config file.

For this example, we will be configuring our named.log file to not exceed 50MiB, and then we’ll have a rotated log “.1” that is also 50MiB. Total it should not exceed 100BMiB.

First we need to create an out channel, and then we assign the out channel to a logging channel. We also need a script that rotates the logs.

Create the Output Channel

$outchannel log_rotation,/var/log/named.log, 52428800,/home/user/

Assign Output Channel to Logging Channel

On our line that is logging named, at the end add :$log_rotation


local0.*                   /var/log/named.log:$log_rotation

Script to Rotate Log

Somewhere on the system, create a script. Name it whatever you want, just be sure the path and name in the rsyslog.conf is the same.

Add the following one line to move the current log to a rotate log.

mv -f /var/log/named.log /var/log/named.log.1

As the log fills up and hits ~50MiB, the script will run which rotates(moves) the log file to logfile.log.1. This will keep our usage for named.log to 100MiB.

Mongo “illegal hardware instruction mongo” on Linux

While trying to install and run mongo on Kali Linux, I encountered the following error.

zsh: illegal hardware instruction mongo

Using a Bash shell it returns the following instead.

Illegal instruction

It appears that the issue is from running mongo in a virtual machine.

Resolution? Run on bare metal or find a way to enable avx2 in the virtual machine.

Running Node App as systemd Service

In this post we will be using systemd to run a node application. This is helpful as it will automatically start the app when the server starts so we don’t have to manually. These steps can easily be modified to run a bash script, or any other application.

  • Create systemd file
  • Customize systemd file
  • Enable systemd file

We’ll be creating a service for the Simple Whisper Web Interface as an example. Chang things as needed.

Create systemd file

This is super simple. We create a .service file in /lib/systemd/system. When we enable the service, it will create a symlink to this file.

sudo vim /lib/systemd/system/whisperweb.service

Customize systemd file

Change the settings as appropriate. It would be a good idea to run any service as a limited user that only has the rights needed to get the job done. Do note that you will need to have any prerequisites installed and available for that user to use. I.e. libraries installed with npm etc.

Description=Simple Whisper Web Interface Service File

ExecStart=/usr/bin/node mainssl.js


Enable systemd file

Enabling the service will create a symlink that will then run this service file on system boot.

sudo systemctl enable whisperweb.service

And now we can start the service.

sudo systemctl start whisperweb.service

We can verify that the service is running by running

sudo systemctl status whisperweb.service

The following article has some great explanations on what different options in the unit file mean and do.

Creating a Simple systemd Service to Launch Shell Script on System Boot

We will setup a simple systemd service to automatically run a bash script on system boot.

Create systemd file

Create the service file with

vi /etc/systemd/system/

Now fill out the file. Change the Description and ExecStart. After= means only start this unit after the other units have finished. This is needed if we need to make a network connection. If our script runs before the network is up, the connection will fail.

Description=systemd Unit File to Launch Bash Script on System Boot



Change the ExecStart to your bash script and save the file

Enable systemd file

Now that the file is created, we need to enable the service so it starts on system boot

systemctl enable bashscript.service

You should get the following output.

Created symlink /etc/systemd/system/ → /etc/systemd/system/bash.service.

Now to test, reboot your system, or start the service with

systemctl start bashscript.service

How to Bypass NVIDIA NVENC Limits on RTX Cards on Linux

It appears that NVIDIA has limited the number of NVEncoding streams on consumer GPUs. Guess it is so people have to buy the more expensive professional cards.

Fortunately, the limit is only applied to the driver, and there is a patch available that let’s us bypass the limiter.

Install Patch

This assumes you already have the driver installed. If you do not, or run into issues with the commands below, refer to the above link.

Download the tool


Unzip the file


Run the patch script

cd nvidia-patch-master
sudo bash ./

And we are finished!

Further reading

NVIDIA has a matrix of which cards support how many streams etc.

And while we are on the topic of artificial limits, check out the vGPU license bypass

How to POST a message to a Telegram Channel

It’s fairly easy to send a message to a Telegram Channel using curl. Copy and paste the following command in, replacing the API_TOKEN, chat_id, and test_message, with the appropriate items.

curl -s -o /dev/null -X POST -H "Content-Type: application/json" -d "{\"chat_id\": \"-100XXXXXXXXXX\", \"text\": \"test_message\", \"disable_notification\": true}"{API_TOKEN}/sendMessage

Need to send a message to Teams? Check out the following post.

Bash script to send messages to Microsoft Teams