Proxy, proxy... Set http_proxy variable in shell. 
On a corporate LAN running yum which can't connect? Can't browse net, wget rejects to download? Yes, it is simple, proxy missing, but how the hell is the syntax to set the http_proxy shell value?

http_proxy=http://username:password@proxy.my.doma.in:8080/
https_proxy=http://username:password@proxy.my.doma.in:8080/

no_proxy=my.doma.in
export http_proxy https_proxy no_proxy



[ add comment ] ( 6 views )   |  [ 0 trackbacks ]   |  permalink
SSH 
Another thousand+ /var/log/messagess entries with brute force ssh re-tries. I was bothered with them since one of my servers got a 6Mbit line. To improve security I did configure the SSH the way it requires the private key and if you do not have it, just disconnects. Simply - the service is not asking for the keyboard-interactive password entry any more. You don't have a right private-key? Drop the session immediately. In the /etc/ssh/sshd_config change:


PubkeyAuthentication yes # allow login via keys (authorized_keys must be filled with public key)
PasswordAuthentication no # disallow users whose keys are not in the authorized_keys file
ChallengeResponseAuthentication no
# do not ask for keyboard-interactive login
# "keyboard-interactive" userauth method
# It allows for an arbitrary sequence of
# server prompts and typed user responses


Allow also only specific user/s to log via ssh. The interactive session for mail/pop/web user is too big deal. To allow only some users, put the directive

"AllowUsers only_my_allowd_ssh_user1 only_my_allowed_ssh_user2"

into sshd configuration file and restart the daemon. Also disable root login and use ordinary user for loggin-in.

AllowRootLogin no

Are you iptables user? Then you can also use the anti syn-flood feature of the iptables and limit number of requests for SSH sessions on time basis.


-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 2 --rttl --name SSH --rsource -j LOG --log-prefix SSH_brute_force
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 2 --rttl --name SSH --rsource -j REJECT --reject-with icmp-port-unreachable


Above: iptables will allow to open only three login session per minute, if the count is higher, the next syn packets are dropped until the counter clears itself - next minute.

Key management:

When I forgot again which key belongs to which server I realized it will be much easier to manage the keys with script. The following lines of shell do the job. Script generates key-pairs, distribute them to the server and allows you to connect to the server with appropriate key.


#!/bin/bash
while true
do
clear
echo "Generate key ... 1"
echo "Push key ... 2"
echo "Server connect ... 3"
echo "Exit ... x"
echo
echo -n ": "
read option
case $option in
1)
echo "Generatin key"
echo -n "Target srvr: "
read remotebox
if [ -f ~/.ssh/id_dsa_$remotebox ]
then
echo "WARNING: ~/.ssh/id_dsa_$remotebox exists - giving up."
else
ssh-keygen -f ~/.ssh/id_dsa_$remotebox
fi
sleep 8
;;
2)
echo "Pushing key"
echo -n "Target srvr: "
read remotebox
echo -n "Target user: "
read user
echo "Using id_dsa.pub: id_dsa.pub_$remotebox"
ls -la ~/.ssh/id_dsa_$remotebox.pub 2> /dev/null
if [ $? != 0 ]
then
echo "Problem with a key"
exit
fi
sleep 5
cat ~/.ssh/id_dsa_$remotebox.pub | ssh $user@$remotebox \
"(mkdir .ssh&>/dev/null; chmod 700 .ssh && cat - >> .ssh/authorized_keys )&&chmod 600 .ssh/authorized_keys"
sleep 5
echo
echo "Please edit the following options in /etc/ssh/sshd_config"
echo
echo "AllowUsers $user"
echo "PermitRootLogin no"
echo "PubkeyAuthentication yes"
echo "PasswordAuthentication no"
echo "ChallengeResponseAuthentication no"
echo "X11Forwarding no"
echo
echo "Press [enter]"
read
;;
3)
echo -n "Target srvr: "
read remotebox
echo -n "Target user: "
read user
ssh -l $user -i ~/.ssh/id_dsa_$remotebox $remotebox
;;
x)
echo "Quit"
exit
;;
*)
echo "Wrong"
;;
esac
done



[ add comment ] ( 7 views )   |  [ 0 trackbacks ]   |  permalink
Jumpstart Server setup for Solaris - DHCP Server 
DHCP Server

Start from scratch with clean DHCPd tables:

# dhcpconfig -Ux
Unconfigure will stop the DHCP service and remove the DHCP configuration file.
Are you SURE you want to unconfigure the DHCP service? ([Y]/N): Y
DHCP server shutdown.
Deleted the server macro from dhcptab.
Deleted table for network x.x.x.x.
Deleted the dhcptab.
Deleted the DHCP configuration file.


Create new tables:


# dhcpconfig -D -r SUNWbinfiles -p /var/dhcp
Created DHCP configuration file.
Created dhcptab.
Added "Locale" macro to dhcptab.
Added server macro to dhcptab.
DHCP server started.


Configure DHCPd for your LAN:


# dhcpconfig -N $NETWORK -m $NETMASK -t $GATEWAY
Added network macro to dhcptab.
Created network table.


My network is 10.186.66.0, I'll check the records:


# dhtadm -P | grep "10.186.66.0"
10.186.66.0 Macro :Subnet=255.255.255.0:Broadcst=10.186.66.255:Router=10.186.66.1:


Through the macro variables we will tell the client where to find the installation and configs. Define macro spaces:


# dhtadm -A -s SinstPTH -d 'Vendor=SUNW.i86pc,12,ASCII,1,0'
# dhtadm -A -s SbootURI -d 'Vendor=SUNW.i86pc,16,ASCII,1,0'
# dhtadm -A -s SsysidCF -d 'Vendor=SUNW.i86pc,13,ASCII,1,0'
# dhtadm -A -s SjumpsCF -d 'Vendor=SUNW.i86pc,14,ASCII,1,0'
# dhtadm -A -s SrootIP4 -d 'Vendor=SUNW.i86pc,2,IP,1,1'
# dhtadm -A -s SrootPTH -d 'Vendor=SUNW.i86pc,4,ASCII,1,0'
# dhtadm -A -s SrootNM -d 'Vendor=SUNW.i86pc,3,ASCII,1,0'
# dhtadm -A -s SinstIP4 -d 'Vendor=SUNW.i86pc,10,IP,1,1'
# dhtadm -A -s SinstNM -d 'Vendor=SUNW.i86pc,11,ASCII,1,0'


Here is a legend for the environment definitions:


Install server name (SinstNM)
Install server IP (SinstIP4)
Install server path (SinstPTH)
Root server name (SrootNM)
Root server IP (SrootIP4)
Root server path (SrootPTH)
Profile location (SjumpsCF)
sysidcfg location (SsysidCF)


x86 (AMD based SUN) Client identidfies itself to the DHCP server as under Class Identifier is PXEClient:Arch:00000:UNDI:002001.

For the installation we will need to create architecture specific macro. This will tell all the x86 (AMD based SUN) clients to boot our bootimage from the bootserver.


# dhtadm -A -m PXEClient:Arch:00000:UNDI:002001 -d :BootFile=":BootFile="pxegrub":BootSrvA=10.186.66.31:'


Check the settings:


# dhtadm -P | grep 2001
PXEClient:Arch:00000:UNDI:002001 Macro BootFile="pxegrub":BootSrvA=10.186.66.31:


Check if pxegrub exists.


# ls -l /tftpboot/pxegrub
lrwxrwxrwx 1 root root 26 Sep 21 15:59 /tftpboot/pxegrub -> pxegrub.I86PC.Solaris_10-4


Each client in DHCP should have its macro defined. To define macro:


# dhtadm -A -m your_client \
':SbootURI="tftp://10.186.66.31/pxegrub":\
SrootNM="rumburak":SrootIP4=10.186.66.31:\
SrootPTH="/opt/inst/SunOS-5.10-i386-2007-08/Solaris_10/Tools/Boot":\
SinstNM="rumburak":SinstIP4=10.186.66.31:\
SinstPTH="/opt/inst/SunOS-5.10-i386-2007-08":\
SjumpsCF="rumburak:/opt/inst/jumpstart":\
SsysidCF="rumburak:/opt/inst/jumpstart/SunOS-5.10.dhcp":'


Check:


# dhtadm -P | grep hotamanda
hotamanda :SbootURI="tftp://10.186.66.31/pxegrub":
SrootNM="rumburak":SrootIP4=10.186.66.31: SrootPTH="/opt/inst/SunOS-5.10-i386-2007-08/Solaris_10/Tools/Boot": SinstNM="rumburak":SinstIP4=10.186.66.31:SinstPTH="/opt/inst/SunOS-5.10-i386-2007-08": SjumpsCF="rumburak:/opt/inst/jumpstart": SsysidCF="rumburak:/opt/inst/jumpstart/SunOS-5.10.dhcp":


To correct only one parameter without removing a whole record:


# dhtadm -A -m macro_name -d':SomeVAR=new_value:'


Create lease record for hotamanda - client addres will be 10.186.66.21, the client mac addres is 00:14:4F:9A:8C:0A.

First, we will need to add prefix 01 for client definition as shown below. It's some Sun 'standard', do not ask me why.


# pntadm -A 10.186.66.21 -i 0100144F9A8C0A -m "0100144F9A8C0A" -h hotamanda 10.186.66.0


You can also check all the settings via X dhcpd manager. To do that, run:


$ su root –c /usr/sadm/admin/bin/dhcpmgr




[ add comment ] ( 5 views )   |  [ 0 trackbacks ]   |  permalink
All the shortcuts and STOP+A via SSH connection (SPARC SOLARIS) 
1) send break to console CR / ~ / cntl B or CR / ~ / break

2) break SSH connection (after issuing # console -C your-zone / ~ / .

3) "ESC" + "(" - to get into ILOM on AMD

CR=return


[ add comment ] ( 6 views )   |  [ 0 trackbacks ]   |  permalink
Check RBAC priviledges (Solaris) 
Not sure why the hell RBAC shit is not working? System tells you - not sufficient priviledges. Then try this to explore what's missing.

ppriv -D $$

enter your command

ppriv -N $$

if some priviledges are missing, this will tell you.

[ add comment ] ( 6 views )   |  [ 0 trackbacks ]   |  permalink
Veritas Expiration check script (Solaris) 
The script performs licence expiration check for VeritasFS. It allows you to check all your servers in one run and it should work with all major versions of the Veritas.

#!/bin/bash
#!/usr/bin/ksh
#
#---------------------------------------------------------------------------------
# Program : veritas_info
# Function : Performs veritas license check - several veritas version support
# Author : xxx xxx
# History : 11.09.2007 - alchy - new
#
#---------------------------------------------------------------------------------
LIST="/here/is/the/server/list"
echo "Output for list ${LIST} @ " `hostname`

for host in `cat ${LIST} | awk -F":" '{ print $1 }'`
do
VERITAS=`ssh $host "df -kl | grep dev | grep vx | wc -l"`
if [ ${VERITAS} ] # can we connect?
then

echo -n "host: $host vx_fs: ${VERITAS} "

if [ "${VERITAS}" -gt 0 ]; then

if [ `ssh $host 'ls /opt/VRTSvlic/bin/vxlicrep 2> /dev/null'` ]
then
echo "vxlicrep" > /tmp/veritas_${host}
ssh $host '/opt/VRTSvlic/bin/vxlicrep' >> /tmp/veritas_${host}

# PERMANENT
cat /tmp/veritas_${host} | grep "License Type" | grep "PERMANENT" > /dev/null
if [ $? -eq 0 ]
then
echo -n "license_permanent "
fi

# DEMO
cat /tmp/veritas_${host} | grep "License Type" | grep "DEMO" > /dev/null
if [ $? -eq 0 ]
then
echo -n "license_limit ("
cat /tmp/veritas_${host} | grep "Demo End Date" | while read license
do
END_DATE=`echo $license | awk -F" " '{ print " end: "$5 " " $6 " " $7 " " $9 }'`
echo -n " " ${END_DATE}
done
echo -n " )"
fi

elif [ `ssh $host 'ls /usr/sbin/vxserial 2> /dev/null'` ]; then
echo "vxserial" > /tmp/veritas_${host}
ssh $host "/usr/sbin/vxserial -p" >> /tmp/veritas_${host}

# DEMO
cat /tmp/veritas_${host} | grep "Expiration date" | grep "No expiration date" > /dev/null
if [ $? -eq 0 ]
then
echo -n "license_permanent "
else
# EXPIRATION
echo -n "license_limit ("
cat /tmp/veritas_${host} | grep "Expiration date" | while read license
do
END_DATE=`echo $license | awk -F" " '{ print " end: "$5 " " $6 " " $7 " " $9 }'`
echo -n " " ${END_DATE}
done
echo -n " )"
fi

elif [ `ssh $host 'ls /usr/sbin/vxlicense 2> /dev/null'` ]; then
echo "vxlicense" > /tmp/veritas_${host}
ssh $host "/usr/sbin/vxlicense -p" >> /tmp/veritas_${host}

# DEMO
cat /tmp/veritas_${host} | grep "Expiration date" | grep "No expiration date" > /dev/null
if [ $? -eq 0 ]
then
echo -n "license_permanent "
else
# EXPIRATION
echo -n "license_limit ("
cat /tmp/veritas_${host} | grep "Expiration date" | while read license
do
END_DATE=`echo $license | awk -F" " '{ print " end: "$5 " " $6 " " $7 " " $9 }'`
echo -n " " ${END_DATE}
done
echo -n " )"
fi

else
echo "No relevant method for finding the license information found!"
fi
else
echo -n "no_veritas_found"
fi
echo
fi
done




[ add comment ] ( 11 views )   |  [ 0 trackbacks ]   |  permalink
Show all the network interfaces (Solaris 10) 
Need to configure LAN interface on a new Solaris box and unsure about the name? The ifconfig command can't show you interfaces which are not plumbed yet. To discover all physical interfaces run dladm command as shown below:

# dladm show-dev 
ce0 link: unknown speed: 1000 Mbps duplex: full
ce1 link: unknown speed: 0 Mbps duplex: unknown



[ add comment ] ( 6 views )   |  [ 0 trackbacks ]   |  permalink
Tatry 07 


Prvni fotka, na ktere jsem zkousel HDR (high-dynamic-range). Film je naskenovany s korekci expozice -0.7/0/+0.7 EV, TIFFy v Photoshopu preveveny do "HDR" obrazku. Velmi pekny tutorial HDR. Dalsi informace o HDR.

[ add comment ] ( 7 views )   |  [ 0 trackbacks ]   |  permalink
Rhodos 07 


[ add comment ] ( 7 views )   |  [ 0 trackbacks ]   |  permalink
Santorini 06 


[ add comment ] ( 7 views )   |  [ 0 trackbacks ]   |  permalink

<<First <Back | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | Next> Last>>