klogd: The Kernel Logging Dæmon 
Linux Journal article about kernel logging. The article explains explains /proc/kmsg, printk, sys_syslog and other interesting kernel logging how-to.

klogd reads kernel log messages and helps process and send those messages to the appropriate files, sockets or users. This month we discuss memory address resolution and how to modify klogd's default behavior using command-line switches.


[ add comment ] ( 5 views )   |  [ 0 trackbacks ]   |  permalink
Izer - plzenska mluva  

[ add comment ] ( 4 views )   |  [ 0 trackbacks ]   |  permalink
Digital Certificates 
https://www.startssl.com/ is offering free certificates for domain or email. This CA is trusted by Microsoft systems by default. There is a good comment on that in discussion about this service at http://www.istartedsomething.com/200910 ... y-windows/

Are we really to be happy about this, or is this a double-edge sword? In mean from security perspectief. If its so easy now to obtain a free certificate, I assume dubious charachters on the Net will also find it easy to obtain one forthwith.

Given that such company like StartCom Ltd is doing it for free, I wonder how much energy they’ll put in verifying their registrations. I am afraid we may face an avalache of bogus SSL/TLS encrypted sites trusted by default by Windows. This will end up breaking the TSL system.

Personally, I don’t share your enthusiasm about this. I am pissed naturally that the big-wigs like Verisign etc are charging heaven and HELL for a bit of Bits, the Internet community should start a prostest against these known CA’s to reduce their charges. I still don’t see any reason why a certificate renewal should cost about $5,000.00 with verisign. They can charge Banks and Wall Street that kind of amount, but they should also have an “almost” free service for the John Doe’s of this world.

[ add comment ] ( 4 views )   |  [ 0 trackbacks ]   |  permalink
Linux: EPEL 
Extra Packages for Enterprise Linux (EPEL) is a volunteer-based community effort from the Fedora project to create a repository of high-quality add-on packages for Red Hat Enterprise (RHEL) and its compatible spinoffs such as CentOS or Scientific Linux. Fedora is the upstream of RHEL and add-on packages for EPEL are sourced from the Fedora repository primarily and built against RHEL.


Install appropriate release:
http://download.fedora.redhat.com/pub/e ... noarch.rpm

[ add comment ] ( 5 views )   |  [ 0 trackbacks ]   |  permalink
LINUX: Low level BIOS information, biosdecode and dmidecode 
biosdecode is a command line utility to parses the BIOS memory and prints information about all structures (or entry points) it knows of.

# biosdecode
ACPI 2.0 present.
OEM Identifier: INTEL
RSD Table 32-bit Address: 0x9FB39038
XSD Table 64-bit Address: 0x000000009FB39120
SMBIOS 2.5 present.
Structure Table Length: 2670 bytes
Structure Table Address: 0x9FA32000
Number Of Structures: 73
Maximum Structure Size: 115 bytes
PNP BIOS 1.0 present.
Event Notification: Not Supported
Real Mode 16-bit Code Address: F000:CA66
Real Mode 16-bit Data Address: F000:0000
16-bit Protected Mode Code Address: 0x000FCA8E
16-bit Protected Mode Data Address: 0x000F0000
PCI Interrupt Routing 1.0 present.
Router ID: 00:1f.0
Exclusive IRQs: None
Compatible Router: 8086:122e
Slot Entry 1: ID 00:00, on-board
Slot Entry 2: ID 00:02, on-board
Slot Entry 3: ID 00:03, on-board
Slot Entry 4: ID 00:04, on-board

The DMI table doesn’t only describe what the system is currently made of, it also can report the possible evolutions such as the fastest supported CPU or the maximal amount of memory supported.

# dmidecode -t processor 
# dmidecode 2.10
SMBIOS 2.5 present.

Handle 0x0032, DMI type 4, 40 bytes
Processor Information
Socket Designation: CPU1
Type: Central Processor
Family: Xeon
Manufacturer: Intel(R) Corporation
ID: 7A 06 01 00 FF FB EB BF
Signature: Type 0, Family 6, Model 23, Stepping 10
FPU (Floating-point unit on-chip)
VME (Virtual mode extension)
DE (Debugging extension)
PSE (Page size extension)
TSC (Time stamp counter)
MSR (Model specific registers)
PAE (Physical address extension)
MCE (Machine check exception)

# dmidecode -t memory

[ add comment ] ( 2 views )   |  [ 0 trackbacks ]   |  permalink
GPG cheatsheet 
Generate gey, info and export/import:

gpg --gen-key
gpg --list-keys
gpg --export "Test 1 <test1@test1>" -a
gpg --import public_key_pg2.key

Encrypt/decrypt secret message:

gpg -a --encrypt secret.txt
gpg --decrypt secret.txt.pgp

Encrypt and sign/Decrypt message:

gpg -s -a secret.txt
gpg --verify secret.txt.asc

Public key server store:

[ add comment ] ( 2 views )   |  [ 0 trackbacks ]   |  permalink
SSH push_key script and backup script 
HOSTNAME=`hostname --fqdn`
DATE=`date "+%d%m%Y"`
tar cvfz /var/backup/${HOSTNAME}_${DATE}.tar.gz /etc/
chown tech:tech /var/backup/${HOSTNAME}_${DATE}.tar.gz
scp -i /home/tech/.ssh/id_dsa_${HOSTNAME} /var/backup/${HOSTNAME}_${DATE}.tar.gz \

find /var/backup/ -type f -mtime +14 | xargs rm -rf

SSH push_key.sh:

while true
BOXNAME=`hostname --fqdn`
echo ${BOXNAME}
echo "--------------------"
echo "Generate key ... 1"
echo "Push key ... 2"
echo "Server connect ... 3"
echo "Exit ... x"
echo -n ": "
read option
case $option in
echo "Generatin key"
if [ -f ~/.ssh/id_dsa_${BOXNAME} ]
echo "WARNING: ~/.ssh/id_dsa_${BOXNAME} exists - giving up."
ssh-keygen -f ~/.ssh/id_dsa_${BOXNAME}
sleep 8
echo "Pushing key"
echo -n "Target srvr: "
read remotebox
echo -n "Target user: "
read user
echo "Using id_dsa.pub: id_dsa.pub_${BOXNAME}"
ls -la ~/.ssh/id_dsa_${BOXNAME}.pub 2> /dev/null
if [ $? != 0 ]
echo "Problem with a key"
cat ~/.ssh/id_dsa_${BOXNAME}.pub | ssh ${user}@${remotebox} \
"(mkdir .ssh&>/dev/null; chmod 700 .ssh && cat - >> .ssh/authorized_keys )&&chmod 600 .ssh/authorized_keys"
sleep 5
echo "Please edit the following options in /etc/ssh/sshd_config"
echo "AllowUsers $user"
echo "PermitRootLogin no"
echo "PubkeyAuthentication yes"
echo "PasswordAuthentication no"
echo "ChallengeResponseAuthentication no"
echo "X11Forwarding no"
echo "Press [enter]"
echo -n "Target srvr: "
read remotebox
echo -n "Target user: "
read user
ssh -l $user -i ~/.ssh/id_dsa_${BOXNAME} $remotebox
echo "Quit"
echo "Wrong"

[ add comment ] ( 2 views )   |  [ 0 trackbacks ]   |  permalink
Solaris: Increasing space, SVM 
http://blogs.sun.com/lewiz/entry/growin ... olume_with

TASK: Increase of fs

root@svg31n02:prod(global)# df -h /export/zones/embdbp02/root/opt/app/oracle
Filesystem size used avail capacity Mounted on
7.9G 5.0G 2.8G 64% /export/zones/embdbp02

# metastat -s embdbp02 -c
embdbp02/d0 p 8.0GB embdbp02/d1000 <----------- grow this soft partition
embdbp02/d1000 m 19GB embdbp02/d1003 embdbp02/d1004
embdbp02/d1003 s 20GB d337s0 <----------- fraHDS03
embdbp02/d1004 s 20GB d46s0 <----------- kelHDS03

new disks:
5 fraHDS03 132D /dev/did/rdsk/d5 5 GB - - -
13 kelHDS03 132D /dev/did/rdsk/d13 5 GB - - -


1. Grow submirrors: metattach <md_submirror> <new_disk_did/dnnns0>

# metattach -s embdbp02 d1003 /dev/did/rdsk/d5s0
embdbp02/d1003: component is attached

# metattach -s embdbp02 d1004 /dev/did/rdsk/d13s0
embdbp02/d1004: component is attached

# metastat -s embdbp02 -c
embdbp02/d3 p 4.0GB embdbp02/d1000
embdbp02/d2 p 4.0GB embdbp02/d1000
embdbp02/d1 p 4.0GB embdbp02/d1000
embdbp02/d0 p 8.0GB embdbp02/d1000
embdbp02/d1000 m 25GB embdbp02/d1003 embdbp02/d1004 <----- 25GB (before was 20GB)
embdbp02/d1003 s 25GB d337s0 d5s0
embdbp02/d1004 s 25GB d46s0 d13s0

2. Grow soft partition: metattach <softpart> <size>

# metattach -s embdbp02 d0 5g
embdbp02/d0: Soft Partition has been grown

# metastat -s embdbp02 -c
embdbp02/d0 p 13GB embdbp02/d1000 <----- 13GB (before was 8GB)
embdbp02/d1000 m 25GB embdbp02/d1003 embdbp02/d1004
embdbp02/d1003 s 25GB d337s0 d5s0
embdbp02/d1004 s 25GB d46s0 d13s0

# df -h /dev/md/embdbp02/dsk/d0
Filesystem size used avail capacity Mounted on
7.9G 5.0G 2.8G 64% /export/zones/embdbp02 <---- still 8GB

3. Grow fs: growfs -M <mounted_fs> /dev/md/<metaset>/rdsk/<md_mirror>

# growfs -M /export/zones/embdbp02 /dev/md/embdbp02/rdsk/d0

# df -h /dev/md/embdbp02/dsk/d0
Filesystem size used avail capacity Mounted on
13G 5.0G 7.7G 40% /export/zones/embdbp02 <----- 13GB (before was 8GB)

[ add comment ] ( 2 views )   |  [ 0 trackbacks ]   |  permalink
Remote backup via ssh 
Backup of the /dev/hda1 device with gzip to remote machine via ssh and restore:

[root@vm04]# dd if=/dev/hda1 | gzip -f | ssh -C vm05.domain.com dd of=/tmp/backup.tar.gz

[root@vm05]# gunzip -c backup.tar.gz | ssh -C vm04.domain.com dd of=/some/dev

Backup with tar:

[root@vm04]# tar cvfx - . | ssh -C vm05.domain.com dd of=/tmp/tar.tgz

tips from UNIX Cheatsheet

ssh option "-C"
     -C      Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP connections).  The compres-
sion algorithm is the same used by gzip(1), and the âlevelâCompressionLevel option for protocol version
1. Compression is desirable on modem lines and other slow connections, but will only slow down things on fast networks. The
default value can be set on a host-by-host basis in the configuration files; see the Compression option.

gunzip option "-c"
 -c --stdout --to-stdout
Write output on standard output; keep original files unchanged. If there are several input files, the output consists of a
sequence of independently compressed members. To obtain better compression, concatenate all input files before compressing them.

[ add comment ] ( 3 views )   |  [ 0 trackbacks ]   |  permalink
SSH port tunnel syntax 
To get access to vm05 smtp protocol by localhost's port 2525

vm04# ssh -L 2525:localhost:25 vm05.domain.com

[ add comment ] ( 2 views )   |  [ 0 trackbacks ]   |  permalink

<<First <Back | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | Next> Last>>