#!/bin/bash
ctrap(){
echo -ne "\033]0;"puppet"\007"
}
if [ $# -eq 1 ];then
trap ctrap SIGINT
echo -ne "\033]0;"$1"\007"
ssh $1
ctrap
exit 0
fi
ssh $*
Friday, October 8, 2010
Monday, September 20, 2010
Friday, July 30, 2010
symon/symux/syweb installation on openbsd 4.4
mkdir /mnt/cdrom
mount /dev/cd0c /mnt/cdrom/
cd /
tar -zxvf /mnt/cdrom/4.4/i386/xbase44.tgz
ldconfig /usr/X11R6/lib /usr/local/lib
pkg_add -v http://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/libart-2.3.20p0.tgz
pkg_add -v http://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/png-1.2.28.tgz
pkg_add -v http://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/rrdtool-1.2.23p0.tgz
pkg_add -v http://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/wget-1.11.3.tgz
pkg_add -v http://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/pcre-7.7p0.tgz
pkg_add -v http://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/php5-fastcgi-5.2.6.tgz
pkg_add -v http://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/php5-mbstring-5.2.6.tgz
echo "env -i PHP_FCGI_CHILDREN=5 PHP_FCGI_MAX_REQUESTS=1000 /usr/local/bin/php-fastcgi -q -c /var/www/conf/ -b 127.0.0.1:8888 &" > /root/run_php-fastcgi.sh && chmod 700 /root/run_php-fastcgi.sh
ln -s /var/www/conf/modules.sample/php5.conf /var/www/conf/modules
ln -fs /var/www/conf/php5.sample/mbstring.ini /var/www/conf/php5/mbstring.ini
mkdir /var/www/tmp
tar zxvf ./syweb-0.59.tar.gz
tar zxvf ./symon-2.80.tar.gz
cd symon
make && make install
cp ./symon/symon.conf /etc/symon.conf
cp ./symux/symux.conf /etc/symux.conf
cp ./symon/hifn_test.layout /var/www/symon/
useradd -d /var/empty -L daemon -c 'symon Account' -s /sbin/nologin _symon
/usr/local/libexec/symon
mkdir /var/www/symon /var/www/symon/rrds /var/www/symon/rrds/localhost
#fix up symux.conf here
./symux/c_smrrds.sh all
echo > /etc/symon.conf <#
# Demo configuration for symon. See symon(8) for BNF.
#
monitor { cpu(0), mem,
if(lo0),
pf,
mbuf,
# sensor(0),
proc(sshd),
if(em0),
io(wd0)
} stream to 127.0.0.1 2100
EOF
echo > /etc/symux.conf <#
mux 127.0.0.1 2100
source 127.0.0.1 {
accept { cpu(0), mem, pf,
if(em0),
if(lo0),
io(wd0),
df(sd0a) }
datadir "/var/www/symon/rrds/localhost"
}
EOF
Thursday, June 17, 2010
Tuesday, May 25, 2010
Storage Foundation / VRTS Licensing Info
# vxlicrep > report.txt
Labels:
linux,
storage foundation,
unix,
veritas file system,
vrts
Tuesday, May 18, 2010
convert vmdk from thick to thin
vmkfstools -i /vmfs/volumes/datastore1/somehost/somehost.vmdk /vmfs/volumes/datastore1/somehost/somehost-thin.vmdk -d 'thin' -a lsilogic
# adjust vmx and away you go.
# adjust vmx and away you go.
Labels:
linux,
system administration,
system engineering,
virtualization,
vmware
Monday, May 10, 2010
Saturday, April 24, 2010
backup your failing system hard drive and mount it under ubuntu
i heard some clicking coming from the hard drive of my openbsd firewall the other day. i have put a lot of time into this thing and i dont want to lose it. I have more hard drives, but i dont want to lose everything on this one. this system run on an an old Dell b733r, PIII w/256MB RAM. I love it. Its Perfect.
#on failing host, do not skip this critical step
disklabel -v wd0c > failing_host_disklabel.info && scp ./failing_host_disklabel.info root@stable_host:.
#on stable host
nc -p 2222 -l | bzip2 -d | dd of=/root/failing_host.img
#on failing host
bzip2 -c /dev/wd0c | nc stable_host 2222
#wait for completion ...
#on stable host
#test to see if image is good
sfdisk -l failing_host.img
sfdisk -d failing_host.img
fdisk -l -u failing_host.img
#take offset from disklabel.info: offset * bytes/sector = [value]
#default value for dd block size (bytes/sector) is 512, adjust as necessary
mount -v -o ro,loop,offset=[value],ufstype=44bsd -t ufs ./failing_host.img /mnt/failing_host
#if it fails and you get a message in dmesg that says:
#
#[some.date] ufs_read_super: bad magic number
#
# it means you have the wrong offset value
Wednesday, April 14, 2010
loop-aes-utils, smbfs and Ubuntu
The following was experienced on Ubuntu Desktop 9.10
if you install loop-aes-utils, and then install smbfs, the cryptoloop.ko is removed from the kernel.
`mount` will give you errors like:
ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (256 bits) not supported by kernel
`modprobe loop` will give you:
FATAL: Module loop not found
well, not sure what the whole story is, but the following fixes it.
`modprobe cryptoloop`
if you install loop-aes-utils, and then install smbfs, the cryptoloop.ko is removed from the kernel.
`mount` will give you errors like:
ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (256 bits) not supported by kernel
`modprobe loop` will give you:
FATAL: Module loop not found
well, not sure what the whole story is, but the following fixes it.
`modprobe cryptoloop`
Labels:
cryptography,
linux,
loop-aes-utils,
system engineering,
system hardening,
ubuntu
Monday, April 5, 2010
resolve IP's of established connections using pfctl
pfctl -s state | grep 'EST' | grep -v '<-' | awk '{print $6}' | cut -d":" -f1 | xargs dig +short -x
Wednesday, March 31, 2010
Monday, March 29, 2010
Install nginx with php-frm and mysql
#!/bin/sh
sudo apt-get install nginx
cd /tmp
wget http://us.archive.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2_i386.deb
wget http://us.archive.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_i386.deb
sudo dpkg -i *.deb
sudo echo "deb http://php53.dotdeb.org stable all" >> /etc/apt/sources.list
sudo apt-get update
sudo apt-get install php5-cli php5-common php5-suhosin php5-mysql php5-curl php-pear php5-imap php5-memcache php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
sudo apt-get install php5-fpm php5-cgi
echo > /etc/nginx/sites-enabled/default << EOF
server
{
listen 80;
server_name localhost;
access_log /var/log/nginx/localhost.access.log;
## Default location
location /
{
root /var/www/nginx-default;
index index.php;
}
## Images and static content is treated different
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$
{
access_log off;
expires 30d;
root /var/www/nginx-default;
}
## Parse all .php file in the /var/www directory
location ~ .php$
{
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/nginx-default$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k; }
## Disable viewing .htaccess & .htpassword
location ~ /\.ht { deny all; }
}
upstream backend { server 127.0.0.1:9000; }
EOF
/etc/init.d/php5-fpm start
/etc/init.d/nginx start
Tuesday, March 23, 2010
generate reasonable passwords at the commmand line
cat /dev/urandom| tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?='|fold -w 12| head -n 4| grep -i '[!@#$%^&*()_+{}|:<>?=]'
generate strong random passwords at the command line
cat /dev/urandom| tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?='|fold -w 12| head -n 4| grep -i '[!@#$%^&*()_+{}|:<>?=]'
remove serverbeach backdoor
when you lease a server from ServerBeach, they install a backdoor on your server. Here's how to remove it when you choose CentOS or similar redhat type system.
service sbadm stop
chkconfig --del sbadm
rm -f /etc/ssh/.sbadm_config
rm -f /usr/sbin/sbadm
rm -rf /usr/local/webmin-*
rm -f /etc/init.d/sbadm
service sbadm stop
chkconfig --del sbadm
rm -f /etc/ssh/.sbadm_config
rm -f /usr/sbin/sbadm
rm -rf /usr/local/webmin-*
rm -f /etc/init.d/sbadm
Labels:
backdoor,
linux,
rootkit,
security,
system hardening
Monday, March 22, 2010
Wednesday, March 3, 2010
linux boot disk fun
note to self. never, ever, ever ...leave the custom linux boot disk you made, with the fancy all-in-one kickstart file, in the cd drive of your laptop and reboot.
do not allow it to persist in your cd drive, for even the most trivial length of time for which it is unnecessary...REMOVE IT.
do not allow it to persist in your cd drive, for even the most trivial length of time for which it is unnecessary...REMOVE IT.
Tuesday, February 9, 2010
make a bootable custom rhel install disk
run from the root of where you have copied the RHEL disk to and your ks.cfg resides.
# mkisofs -o /root/x/rhel43_app.iso -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -R -J -V -T ./
# mkisofs -o /root/x/rhel43_app.iso -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -R -J -V -T ./
Tuesday, February 2, 2010
grantaccess.sh
#!/bin/sh
if [ $# -lt 4 ]; then
echo "syntax: $0 host user time 'reason'"
echo "e.g. grantaccess.sh '0am jan 10' 'reason why'"
exit 1
fi
ssh $1 usermod -U $2
ssh $1 chage -E -1 $2
echo "ssh $1 usermod -L $2 " | at $3
echo "ssh $1 skill -KILL -u $2" | at $3
echo `logname` granted $2 access on $1 till $3 - Reason Given:"$4" | mail -s "Access granted"
if [ $# -lt 4 ]; then
echo "syntax: $0 host user time 'reason'"
echo "e.g. grantaccess.sh
exit 1
fi
ssh $1 usermod -U $2
ssh $1 chage -E -1 $2
echo "ssh $1 usermod -L $2 " | at $3
echo "ssh $1 skill -KILL -u $2" | at $3
echo `logname` granted $2 access on $1 till $3 - Reason Given:"$4" | mail -s "Access granted"
Labels:
bash,
linux,
shell scripting,
system administration
Tuesday, January 19, 2010
BlackBerry Bold "Caller ID" doesnt work
ok, lets be clear...its not the ANI data that's messed up (aka Caller ID) but its the a security feature of the phone that's keeping the name of the contact resolving on the screen when the phone is locked (also not a default setting of the phone).....which in the case of losing your phone is a great thing. In the case of normal usage, its impractical. My phone locks rather quickly and has a message that helps the finder return it if I lose it.
This thread was difficult to find but outlines the situation. however, the steps given in the thread are a little different for the newest version from AT&T. By default, many of the features in 'Options | Security Options | Encryption' are turned off. I went in there and turned a bunch of stuff on....thinking "Hey, Cool! Security is so great...lets turn it on! Oh, wow...it doesnt work anymore. hmm."
To make the Contact Name show up when the phone is locked and ringing, be sure that the 'Include Contacts' for 'Encryption: Device Memory' is 'No'.
The Bold must do some housekeeping when it locks, memory wiping and so forth. The Contact list is potentially a list containing PII, and its probably a requirement somewhere to make sure that data is at rest when the device is idle. Just guessing here...
This thread was difficult to find but outlines the situation. however, the steps given in the thread are a little different for the newest version from AT&T. By default, many of the features in 'Options | Security Options | Encryption' are turned off. I went in there and turned a bunch of stuff on....thinking "Hey, Cool! Security is so great...lets turn it on! Oh, wow...it doesnt work anymore. hmm."
To make the Contact Name show up when the phone is locked and ringing, be sure that the 'Include Contacts' for 'Encryption: Device Memory' is 'No'.
The Bold must do some housekeeping when it locks, memory wiping and so forth. The Contact list is potentially a list containing PII, and its probably a requirement somewhere to make sure that data is at rest when the device is idle. Just guessing here...
Labels:
ani data,
blackberry,
bold,
caller id,
security options
Thursday, January 14, 2010
import dshield block list for pf
/usr/local/bin/wget -q -O - http://feeds.dshield.org/block.txt | egrep -v '#|Start' | awk '{print $1 "/24"}' | sed -n '4,50p;50p' > /etc/pf.blocklist.dshield && pfctl -f /etc/pf.conf
Thursday, January 7, 2010
make bootable usb with openbsd 4.6 installer
# fdisk -iy sd0
# disklabel -E sd0
> d *
> a a
##make install partition 1G
> q
# newfs sd0a
# mkdir /mnt/usb
# cd /mnt/usb
# mount /dev/sd0a /mnt/usb
# ftp ftp.openbsd.org
user: anonymous
password: 123456
ftp> cd pub/OpenBSD/4.6/i386
ftp> mget *
mget INSTALL.i386? a
ftp> exit
# cp /boot /mnt/usb/boot
# /usr/mdec/installboot -v /mnt/usb/boot /usr/mdec/biosboot sd0c
# cp /mnt/usb/bsd /mnt/usb/bsd.old
# cp /mnt/usb/bsd.rd /mnt/usb/bsd
# cd /
# umount /mnt/usb
try it
see also: http://bsdanywhere.org/
see also: https://calomel.org/bootable_openbsd_cd.html
# disklabel -E sd0
> d *
> a a
##make install partition 1G
> q
# newfs sd0a
# mkdir /mnt/usb
# cd /mnt/usb
# mount /dev/sd0a /mnt/usb
# ftp ftp.openbsd.org
user: anonymous
password: 123456
ftp> cd pub/OpenBSD/4.6/i386
ftp> mget *
mget INSTALL.i386? a
ftp> exit
# cp /boot /mnt/usb/boot
# /usr/mdec/installboot -v /mnt/usb/boot /usr/mdec/biosboot sd0c
# cp /mnt/usb/bsd /mnt/usb/bsd.old
# cp /mnt/usb/bsd.rd /mnt/usb/bsd
# cd /
# umount /mnt/usb
try it
see also: http://bsdanywhere.org/
see also: https://calomel.org/bootable_openbsd_cd.html
Subscribe to:
Posts (Atom)