cat /dev/urandom| tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?='|fold -w 12| head -n 4| grep -i '[!@#$%^&*()_+{}|:<>?=]'
Tuesday, March 23, 2010
generate reasonable passwords at the commmand line
generate strong random passwords at the command line
cat /dev/urandom| tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?='|fold -w 12| head -n 4| grep -i '[!@#$%^&*()_+{}|:<>?=]'
remove serverbeach backdoor
when you lease a server from ServerBeach, they install a backdoor on your server. Here's how to remove it when you choose CentOS or similar redhat type system.
service sbadm stop
chkconfig --del sbadm
rm -f /etc/ssh/.sbadm_config
rm -f /usr/sbin/sbadm
rm -rf /usr/local/webmin-*
rm -f /etc/init.d/sbadm
service sbadm stop
chkconfig --del sbadm
rm -f /etc/ssh/.sbadm_config
rm -f /usr/sbin/sbadm
rm -rf /usr/local/webmin-*
rm -f /etc/init.d/sbadm
Monday, March 22, 2010
Wednesday, March 3, 2010
linux boot disk fun
note to self. never, ever, ever ...leave the custom linux boot disk you made, with the fancy all-in-one kickstart file, in the cd drive of your laptop and reboot.
do not allow it to persist in your cd drive, for even the most trivial length of time for which it is unnecessary...REMOVE IT.
do not allow it to persist in your cd drive, for even the most trivial length of time for which it is unnecessary...REMOVE IT.
Tuesday, February 9, 2010
make a bootable custom rhel install disk
run from the root of where you have copied the RHEL disk to and your ks.cfg resides.
# mkisofs -o /root/x/rhel43_app.iso -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -R -J -V -T ./
# mkisofs -o /root/x/rhel43_app.iso -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -R -J -V -T ./
Tuesday, February 2, 2010
grantaccess.sh
#!/bin/sh
if [ $# -lt 4 ]; then
echo "syntax: $0 host user time 'reason'"
echo "e.g. grantaccess.sh '0am jan 10' 'reason why'"
exit 1
fi
ssh $1 usermod -U $2
ssh $1 chage -E -1 $2
echo "ssh $1 usermod -L $2 " | at $3
echo "ssh $1 skill -KILL -u $2" | at $3
echo `logname` granted $2 access on $1 till $3 - Reason Given:"$4" | mail -s "Access granted"
if [ $# -lt 4 ]; then
echo "syntax: $0 host user time 'reason'"
echo "e.g. grantaccess.sh
exit 1
fi
ssh $1 usermod -U $2
ssh $1 chage -E -1 $2
echo "ssh $1 usermod -L $2 " | at $3
echo "ssh $1 skill -KILL -u $2" | at $3
echo `logname` granted $2 access on $1 till $3 - Reason Given:"$4" | mail -s "Access granted"
Tuesday, January 19, 2010
BlackBerry Bold "Caller ID" doesnt work
ok, lets be clear...its not the ANI data that's messed up (aka Caller ID) but its the a security feature of the phone that's keeping the name of the contact resolving on the screen when the phone is locked (also not a default setting of the phone).....which in the case of losing your phone is a great thing. In the case of normal usage, its impractical. My phone locks rather quickly and has a message that helps the finder return it if I lose it.
This thread was difficult to find but outlines the situation. however, the steps given in the thread are a little different for the newest version from AT&T. By default, many of the features in 'Options | Security Options | Encryption' are turned off. I went in there and turned a bunch of stuff on....thinking "Hey, Cool! Security is so great...lets turn it on! Oh, wow...it doesnt work anymore. hmm."
To make the Contact Name show up when the phone is locked and ringing, be sure that the 'Include Contacts' for 'Encryption: Device Memory' is 'No'.
The Bold must do some housekeeping when it locks, memory wiping and so forth. The Contact list is potentially a list containing PII, and its probably a requirement somewhere to make sure that data is at rest when the device is idle. Just guessing here...
This thread was difficult to find but outlines the situation. however, the steps given in the thread are a little different for the newest version from AT&T. By default, many of the features in 'Options | Security Options | Encryption' are turned off. I went in there and turned a bunch of stuff on....thinking "Hey, Cool! Security is so great...lets turn it on! Oh, wow...it doesnt work anymore. hmm."
To make the Contact Name show up when the phone is locked and ringing, be sure that the 'Include Contacts' for 'Encryption: Device Memory' is 'No'.
The Bold must do some housekeeping when it locks, memory wiping and so forth. The Contact list is potentially a list containing PII, and its probably a requirement somewhere to make sure that data is at rest when the device is idle. Just guessing here...
Thursday, January 14, 2010
import dshield block list for pf
/usr/local/bin/wget -q -O - http://feeds.dshield.org/block.txt | egrep -v '#|Start' | awk '{print $1 "/24"}' | sed -n '4,50p;50p' > /etc/pf.blocklist.dshield && pfctl -f /etc/pf.conf
Thursday, January 7, 2010
make bootable usb with openbsd 4.6 installer
# fdisk -iy sd0
# disklabel -E sd0
> d *
> a a
##make install partition 1G
> q
# newfs sd0a
# mkdir /mnt/usb
# cd /mnt/usb
# mount /dev/sd0a /mnt/usb
# ftp ftp.openbsd.org
user: anonymous
password: 123456
ftp> cd pub/OpenBSD/4.6/i386
ftp> mget *
mget INSTALL.i386? a
ftp> exit
# cp /boot /mnt/usb/boot
# /usr/mdec/installboot -v /mnt/usb/boot /usr/mdec/biosboot sd0c
# cp /mnt/usb/bsd /mnt/usb/bsd.old
# cp /mnt/usb/bsd.rd /mnt/usb/bsd
# cd /
# umount /mnt/usb
try it
see also: http://bsdanywhere.org/
see also: https://calomel.org/bootable_openbsd_cd.html
# disklabel -E sd0
> d *
> a a
##make install partition 1G
> q
# newfs sd0a
# mkdir /mnt/usb
# cd /mnt/usb
# mount /dev/sd0a /mnt/usb
# ftp ftp.openbsd.org
user: anonymous
password: 123456
ftp> cd pub/OpenBSD/4.6/i386
ftp> mget *
mget INSTALL.i386? a
ftp> exit
# cp /boot /mnt/usb/boot
# /usr/mdec/installboot -v /mnt/usb/boot /usr/mdec/biosboot sd0c
# cp /mnt/usb/bsd /mnt/usb/bsd.old
# cp /mnt/usb/bsd.rd /mnt/usb/bsd
# cd /
# umount /mnt/usb
try it
see also: http://bsdanywhere.org/
see also: https://calomel.org/bootable_openbsd_cd.html
Sunday, December 6, 2009
allow tftp under selinux
For RHEL5:
# audit2allow -a -M mytftp
# semodule -i mytftp.pp
# service xinetd restart
# audit2allow -a -M mytftp
# semodule -i mytftp.pp
# service xinetd restart
add virtual hard disk to linux
#in vmware workstation | vm settings
add virtual hard disk to vm
#in vm
fdisk /dev/sdb
n
[ENTER][ENTER]
w
mkfs -t ext3 /dev/sdb1
mkdir /newdir
mount -t ext3 /dev/sdb1 /newdir
echo "/dev/sdb1 /software ext3 defaults 1 1" >> /etc/fstab
See: http://www.matttopper.com/?p=25
add virtual hard disk to vm
#in vm
fdisk /dev/sdb
n
[ENTER][ENTER]
w
mkfs -t ext3 /dev/sdb1
mkdir /newdir
mount -t ext3 /dev/sdb1 /newdir
echo "/dev/sdb1 /software ext3 defaults 1 1" >> /etc/fstab
See: http://www.matttopper.com/?p=25
Wednesday, December 2, 2009
tw_cli: 3ware controller commands
when replacing a failed disk, you must issue a 'maint deleteunit command', as the 'maint remove' command doesnt do what you might think it does. so, pull the drive, insert the new one, issue a rescan commmand, then deleteunit, then rebuild.
the following commands were used to start rebuiding the raid-1 array on a server with a single 8006 controller.
show ver
info
info c0
rescan
info c0
maint deleteunit c0 u1
maint rebuild c0 u0 p1
the following commands were used to start rebuiding the raid-1 array on a server with a single 8006 controller.
show ver
info
info c0
rescan
info c0
maint deleteunit c0 u1
maint rebuild c0 u0 p1
Friday, November 20, 2009
list pecl modules and info
You might have to:
`ln -s /usr/local/apache2/bin/apxs /usr/local/bin/apxs`
Then:
`/usr/local/apache2/php/bin/pecl list`
`/usr/local/apache2/php/bin/pecl install apc`
`vi /usr/local/apache2/php/conf/php.ini`
- add 'extension=apc.so'
`/usr/local/apache2/bin/apachectl_admin restart`
`ln -s /usr/local/apache2/bin/apxs /usr/local/bin/apxs`
Then:
`/usr/local/apache2/php/bin/pecl list`
`/usr/local/apache2/php/bin/pecl install apc`
`vi /usr/local/apache2/php/conf/php.ini`
- add 'extension=apc.so'
`/usr/local/apache2/bin/apachectl_admin restart`
Thursday, November 19, 2009
list kernel modules
# modinfo $(cut -d' ' -f1 /proc/modules) | sed '/^dep/s/$/\n/; /^file\|^desc\|^dep/!d'
Wednesday, November 11, 2009
host firewall for the mac
#!/bin/sh
#fwrules
IPFW='/sbin/ipfw -q'
$IPFW -f flush
$IPFW add 2000 allow ip from any to any via lo*
$IPFW add 2010 deny log ip from 127.0.0.0/8 to any in
$IPFW add 2020 deny log ip from any to 127.0.0.0/8 in
$IPFW add 2030 deny log ip from 224.0.0.0/3 to any in
$IPFW add 2040 deny log tcp from any to 224.0.0.0/3 in
$IPFW add 2050 allow log tcp from any to any out
$IPFW add 2060 allow tcp from any to any established
$IPFW add 12190 deny log tcp from any to any
Then apply it to the firewall
# sudo ipfw list
# chmod 600 ./rules
# sudo ipfw ./rules
#fwrules
IPFW='/sbin/ipfw -q'
$IPFW -f flush
$IPFW add 2000 allow ip from any to any via lo*
$IPFW add 2010 deny log ip from 127.0.0.0/8 to any in
$IPFW add 2020 deny log ip from any to 127.0.0.0/8 in
$IPFW add 2030 deny log ip from 224.0.0.0/3 to any in
$IPFW add 2040 deny log tcp from any to 224.0.0.0/3 in
$IPFW add 2050 allow log tcp from any to any out
$IPFW add 2060 allow tcp from any to any established
$IPFW add 12190 deny log tcp from any to any
Then apply it to the firewall
# sudo ipfw list
# chmod 600 ./rules
# sudo ipfw ./rules
Tuesday, November 10, 2009
Wednesday, October 7, 2009
resize a mounted lvm-managed disk in linux
I have found many overly-complex and incorrect and/or unnecessary instructions all over the web. So, I made this reference for me, but it may work well for you too. I typically use RHEL4/5 in my data center implementations, so these steps cover lvm managed disk space (which is decent for a simple LAMP stack).
I tend to do the following a lot in vmware products (workstation/esx/esxi).
First, check and note the size of your disks and partitions in your target vm.
Then, go into the settings of your vm (e.g. through the vi client) and either add another virtual hard disk or increase the size of the existing disk. In my case i simply extended the existing virtual disk from 8G to 16G.
Reboot.
Check to see that the size of /dev/sda has increased.
/* If you increased the size of your existing disk, its probably easiest to boot from the gparted-live disk and create a new primary partition in the newly free space, format ext3. */
wget http://downloads.sourceforge.net/project/gparted/gparted-live-stable/0.4.6-1/gparted-live-0.4.6-1.iso?use_mirror=softlayer
reboot
/* check for /dev/sda3, your new parition */
/* create the lvm pv reference */
/* extend the lvm vg reference */
/* note the free space for your upcoming `lvextend` command */
/* extend the lvm vg reference */
/* resize the volume group while its still mounted */
check the following
now, go on with your life.
I tend to do the following a lot in vmware products (workstation/esx/esxi).
First, check and note the size of your disks and partitions in your target vm.
[root@host]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
5.8G 665M 4.9G 12% /
/dev/sda1 99M 9.1M 85M 10% /boot
none 506M 0 506M 0% /dev/shm
[root@host]# sfdisk -s
/dev/sda: 8385898
/dev/sda1: 104391
/dev/sda2: 8281507
/dev/dm-0: 6160384
/dev/dm-1: 2031616
Then, go into the settings of your vm (e.g. through the vi client) and either add another virtual hard disk or increase the size of the existing disk. In my case i simply extended the existing virtual disk from 8G to 16G.
Reboot.
Check to see that the size of /dev/sda has increased.
[root@host]# sfdisk -s
/dev/sda: 16777216
/dev/sda1: 104391
/dev/sda2: 8281507
/dev/dm-0: 6160384
/dev/dm-1: 2031616
[root@host]# sfdisk -l
Disk /dev/sda: 2088 cylinders, 255 heads, 63 sectors/track
Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0
Device Boot Start End #cyls #blocks Id System
/dev/sda1 * 0+ 12 13- 104391 83 Linux
/dev/sda2 13 1043 1031 8281507+ 8e Linux LVM
/dev/sda3 0 - 0 0 0 Empty
/dev/sda4 0 - 0 0 0 Empty
/* If you increased the size of your existing disk, its probably easiest to boot from the gparted-live disk and create a new primary partition in the newly free space, format ext3. */
wget http://downloads.sourceforge.net/project/gparted/gparted-live-stable/0.4.6-1/gparted-live-0.4.6-1.iso?use_mirror=softlayer
reboot
/* check for /dev/sda3, your new parition */
[root@host]# sfdisk -s
/dev/sda: 16777216
/dev/sda1: 104391
/dev/sda2: 8281507
/dev/sda3: 8385930
/dev/dm-0: 6160384
/dev/dm-1: 2031616
/* create the lvm pv reference */
[root@host]# pvcreate /dev/sda3
/* extend the lvm vg reference */
[root@host]# vgextend VolGroup00 /dev/sda3
/* note the free space for your upcoming `lvextend` command */
[root@host]# vgdisplay
--- Volume group ---
VG Name VolGroup00
System ID
Format lvm2
Metadata Areas 2
Metadata Sequence No 4
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 2
Open LV 2
Max PV 0
Cur PV 2
Act PV 2
VG Size 15.84 GB
PE Size 32.00 MB
Total PE 507
Alloc PE / Size 250 / 7.81 GB
Free PE / Size 257 / 8.03 GB
VG UUID L7woQB-ymCv-NeWL-i47M-b5Ua-fOHQ-hM0DXI
/* extend the lvm vg reference */
[root@host]# lvextend -L+8.03G /dev/VolGroup00/LogVol00
/* resize the volume group while its still mounted */
[root@host]# ext2online /dev/VolGroup00/LogVol00
check the following
[root@host]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
14G 668M 13G 6% /
/dev/sda1 99M 9.1M 85M 10% /boot
none 506M 0 506M 0% /dev/shm
[root@host]# sfdisk -l
Disk /dev/sda: 2088 cylinders, 255 heads, 63 sectors/track
Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0
Device Boot Start End #cyls #blocks Id System
/dev/sda1 * 0+ 12 13- 104391 83 Linux
/dev/sda2 13 1043 1031 8281507+ 8e Linux LVM
/dev/sda3 1044 2087 1044 8385930 83 Linux
/dev/sda4 0 - 0 0 0 Empty
now, go on with your life.
Subscribe to:
Posts (Atom)