Posts


New Container: Engage

Working in Kubernetes most of the time, I find myself doing tons of reconnaissance around the environment I’m in. This can involve understanding the networking structure, environment variables, or other aspects of a deployed container in a distributed architecture. Additionally, testing edge functionality and communication (i.e. http headers) is especially important to ensuring everything works as expected. With this in mind, I finally started down the path of creating my own “playground” container.

Continue reading ↦

Cloud Native Ambassadorship

In April, I became a CNCF Ambassador! For those who aren’t aware, the Cloud Native Computing Foundation is an open source body enabling communities around dedicated projects focused on container and microservice based architectures. With all of the exciting movement around projects like Kubernetes, Prometheus, and Envoy, its nice to have a vendor-neutral foundation backing the continued growth and stability of promising new open source projects. Through things like webinars, conferences, certifications, meetups, and other vessels are being bolstered by the CNCF to further people’s understanding and involvement with CNCF backed projects.

Continue reading ↦

Planned Spontaneity

Remember how I said I’m back? That also includes a new gig leading DevOps efforts at StockX, a new e-commerce platform changing the way people interact with secondary markets. StockX aims to provide a brand new buying and selling experience for the exact same secondary markets served by the likes of Ebay…with two core differences: Verification of products and a live bid/ask (stock) market for all items. This system is applied to high demand products usually with small supply i.

Continue reading ↦

Offline Congregation

As I’ve grown, I’ve increasingly realized the importance of making strong, solid connections with people. My extroversion has paid off many times already, and will even more in the future. It has constantly been a joy to interact with and be involved in tech-focused Meetups and Conferences around southern Michigan. Early last year, I founded Orchestructure, an Ann Arbor meetup group focused on DevOps and Infrastructure topics (the Orchestration of Infrastructure).

Continue reading ↦

Snaps and Devices

For a linux desktop, I’ve emigrated from Linux Mint over to the latest Ubuntu release in my “I’d like everything to work” kick. The older I get, the more I find myself growing in sharp disdain with flakey compatibility or busted scripts making a modern linux desktop more of a chore than I’d like it to be. In this realm, I have to tip my hat to Ubuntu for continuing to be as quick and easy as possible.

Continue reading ↦

Enter Stage Right

It’s back. Me. This website. My drive to write. The continued existence of my technological journey through a wide spectrum of challenging endeavours. It’s back and better than ever. Moving forward, a few things will be different. First off, this is no longer my personal outlet for internal thoughts and happenings: instead, you’ll be able to find those elsewhere (more later). Second, future posts will touch on everything from Python semantics, CI/CD, microservices, hacky one-liners, and every real approach to challenges many will encounter through their career in computing (as I have).

Continue reading ↦

Changing UUID's on LUKS Encrypted Partitions

I recently obtained a disk dock and cloning unit (StarTech.com) for working with some of my internal drives (I have too many). This unit does a bit-by-bit clone of one disk to another, which is really useful! The problem with this is that each disk now looks exactly the same to your Operating System, meaning there is no way to mount them both at the same time! Furthermore, I decided to create a LUKS encrypted drive protecting an ext4 partition.

Continue reading ↦

We've Only Just Begun

I just wanted to give a quick update on what my company, Arroyo Networks, is up to! Arroyo is moving forward with a brand new product in a brand new market with a brand new purpose. Over the next few months, we plan to offer a private beta of our prototype with an open beta shortly after that. Be sure to look for more announcements, a brand new website, and much more in the coming weeks!

Continue reading ↦

Part Deux: The Fine Tuning

This is a continuation of my original article on our New Dell XPS 15’s. This article will cover my “moving in” experience getting used to Gnome 3, and tuning Arch just the way I like it ;) That cool dude over at geeketeer.net has also written about his experiences and mods! Bootloader fun! Most people don’t know but GRUB has a multitude of theme customization options available. We use a set made around Arch Linux located here.

Continue reading ↦

Our new Thick Clients: Journey to the Dell XPS 15

Introduction Both myself and co-founder, @seglberg, decided early in 2016 that it was time to rethink our workstations. We both had Thinkpad’s which were alright but lacked in performance and weren’t ready for the workload we presently required. While they’ve treated us well, we decided to look around and see what’s fresh in the laptop market, especially with the new Intel Skylake architecture available! With the new things we’re working on, it’s essential that we can quickly run compression, encryption, docker builds, and virtual machines, etc.

Continue reading ↦

Going public, converting to Arch, and being more Social

Going Public… Just over a week ago, my company rolled out our public presence: A fresh web site, LinkedIn profile, and even Twitter. I want to also thank all the wonderful people who have sent luck our way and those who have supported us thus far…you are awesome! Distro Change Moving on, I wanted to make mention of my recent decision to move to Arch Linux, an amazingly light, responsive, and elegant linux distribution.

Continue reading ↦

Hunky Dory

Late last week, I resigned from my position at Arbor Networks in order to join a stealth startup. Unfortunately, I didn’t get to say goodbye to any coworkers because of my discretion around details of the new company. Either way, I’m hitting the ground running at my new gig and having a blast! Don’t worry, we’ll be going public pretty soon so keep an eye out! I want to thank all the people who have already shown their support and reached out wishing me luck.

Continue reading ↦

Streaming large amounts of data!

I recently ran into a situation where I needed to copy a large amount of data from one box to another in a LAN environment. In a situation like this, the following things are usually true, at least for this project they were: Just creating a Tar archive on the source box and transferring it over isn’t gonna fly. The source contains many files and directories (in the millions); enough that its not even practical to use file based methods to move data over The Disk which data resides on is not exactly very “fast” and may be exceptionally “old” We need to maximize transfer speed and we don’t care about “syncing”; we just want a raw dump of the data from one place to another.

Continue reading ↦

Backing up to S3: The Containerized Way

I recently decided to jump into the object storage revolution (yeah, I’m a little late). This drive comes from my very old archives I’d like to store offsite but also to more easily streamline how I deploy applications which have things like data directories and databases that need to be backed up. The Customary Lately, through my work at Arbor and my own personal dabbling, I’ve come to love the idea that a service may depend on one or more containers to function.

Continue reading ↦

Handling Cron inside your container

Sometimes, you need an application to run at a scheduled time. Ideally, it would be a really cool feature if you could merely tell the docker daemon to do this via some sort of schedule: * 1 * * * in your docker-compose.yml. Sadly this isn’t really possible. So you have two options: Source your image from a container which has cron installed. Merely install cron yourself. Either way, there are a few things you need to watch out for.

Continue reading ↦

Redirection in HAProxy

I wanted to mention something I just setup at work. The just of this involves the need to support shortnames/searchdomains. This allows a user to type in “bugzilla/” in their browser instead of a FQDN i.e. “bugzilla.example.com”. Of course, the DNS search domain of “example.com” must be configured (either manually or via DHCP). Enter hdr_beg(host) Using HAProxy, we can actually do one of three things relating to the host header (there are more, but these are the ones we care about):

Continue reading ↦

Superfast NFS Tuning

In the past week at work, I’ve had a need to utilize some directly attached boxes working over NFS to share a storage array, the backblaze storage pod actually. This was necessary as the pods don’t have many compute resources to handle the load required to backup our datasets. Looking into this, I realized that optimizing NFS was an easy and surefire way to ensure it wasn’t taking extra resources on my pod.

Continue reading ↦

If you don't enable CDP, there's something wrong with you.

Hmmm….I wonder what switch port this box is connected to??? [~]> apt-get install cdpr Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: cdpr 0 upgraded, 1 newly installed, 0 to remove and 31 not upgraded. Need to get 17.4 kB of archives. After this operation, 102 kB of additional disk space will be used. Get:1 http://us.archive.ubuntu.com/ubuntu/ trusty/universe cdpr amd64 2.

Continue reading ↦

My First ZFS Experience: Taming 45 drives

At work, we have a couple Backblaze storage pods (version 3 with 4TB drives) that we use for backup purposes. They were obtained before my time because quick, bulk storage was necessary to backup our object storage platform, Swift. Sadly, the boxes were deployed in an unsatisfactory manner whereas all 45 drives were pooled together in one gigantic LVM formation, meaning any one disk could die and data loss would occur.

Continue reading ↦

The proper way to configure interfaces on Ubuntu

Discovered that in recent Ubuntu versions, the following is the “official” way to up and down interfaces cleanly. Edit /etc/network/interfaces adding your entry similar to below: # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 10.1.24.30 netmask 255.255.254.0 network 10.1.24.0 broadcast 10.1.25.255 gateway 10.1.24.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 10.

Continue reading ↦

Head first into Ansible, or: How I learned to cfgmgmt

I now run an entire Openstack Swift cluster that of course, is in production. The way its currently setup calls for for loops to be used to easily manage it. Of course, those get lame after a “quick” while. So I decided to take my second (the first was pretty bad, it was a Monday) plunge into Ansible. These are the voyages of the Ansible Noobcake. Its five-hour mission: to automate configuration parameters across all swift nodes, to boldly cfg like no man has cfg’ed before.

Continue reading ↦

Handy DNS response filtering with pdns-recursor

In our quest to roll out IPv6 intranet-wide, we ran into a weird issue with how we do VPN requiring us to filter out AAAA records being served to VPN connected clients. At first, this didn’t seem very easy. Then, pdns-recursor to the rescue! On more recent (>=3.1.7 versions), pdns-recursor can take in scripts (in real time, btw) to modify the way it operates. This is super handy and luckily, there is a filter-aaaa script available on github that does exactly what we want!

Continue reading ↦

Roku Streaming Stick and Comcast Gateways

I just bought the Roku streaming stick for my parents place to supplement the cable box on one of the tv’s. The idea was that they would be able to easily connect it to the network and watch plex, netflix, etc.. in the course of under 10 minutes. That was not the case…. First, I plugged this guy in. It’s boot time was over a minute, roughly 2-3 minutes actually. The Roku then first takes you through the prompts to setup your Wi-Fi network and update itself.

Continue reading ↦

Handling InnoDB Corruption

Having your storage ripped from out from under your database is never good. I recently had to go through this where our iscsi storage backend powering our virtual machine vmdk’s magically died and even worse, its write cache was completely cleared out. Upon things coming back, mysqld was in a reboot loop which could only be stopped by enabling a innodb_force_recovery option in my.conf. Here’s some of the output starting up with recovery on:

Continue reading ↦

Encrypted Time Machine Backups on a separate partition

Trying to setup my external with a couple partitions, one for encrypted Time Machine backups, and the other as ext4 for linux stuffs, yielded a no-go. In short, Time Machine wouldn’t let me encrypt my backups which I dumped on the first partition of my disk. Turns out this is because I used the older MBR partition scheme. These are the requirements in order for that check box to be clickable:

Continue reading ↦

Fixing Backupninja: Or how I learned to stop worrying and build from source

I’m tired. So I’m going to make this as short and clear-cut as possible: backupninja is a pretty nice backup program for linux which supports rdiff-backup, rsync, and duplicity. backupninja exists as version 1.0.1 for the latest stable ubuntu and debian packages. There exists a bug in this version of backupninja which disables it from rsyncing. This is a critical bug which disables you from using any host.

Continue reading ↦

Pass-through SSL with HAProxy

As I’ve started to containerize, certain webapps of mine utilize SSL for secure communication. Hence, I usually combine everything the resulting webapp needs to serve the app using SSL, including certificates and keys. HAProxy provides the ability to pass-through SSL via using tcp proxy mode. This is awesome, except you can forget about serving multiple domains/vhosts in this basic configuration. However, SNI to the rescue! From the HAProxy blog, there is indeed a way for HAProxy to inspect the SSL negotiation and find the hostname, sent via the client through SNI:

Continue reading ↦

autofs in docker containers

Today I started writing up a backupninja container for work. This container needs to be able to: Login into some of our prod boxes Store backup data on an NFS share The logical choice for handling the back-end was to use autofs because of its ability to handle mounts that may drop out for whatever reason, and since we really need our storage available, doing a plain mount is just not going to cut it.

Continue reading ↦

Welcome to Ghost: A New Chapter

I’ve decided its time to make life easier. With markdown entering my work environment last year, I’ve become pretty confident that it is as viable a text markup solution as any other formatting solution out there. And of course, the logical choice is Ghost :) Frankly, I love this. It’s simple, elegant, and forward. Right now, a lot of the older posts will look garbled. Unfortunately, formatting of code blocks didn’t carry over well using the Ghost Wordpress plugin.

Continue reading ↦

Command Redirection >&-

Bet you don’t know what >&- does? According to Jeff @ stackoverflow: /your/first/command >&- 2>&- Be careful to note the order: >&- closes stdout, which is what you want to do; &>- redirects stdout and stderr to a file named - (hyphen), which is not what what you want to do. It’ll look the same at first, but the latter creates a stray file in your working directory. It’s easy to remember: >&2 redirects stdout to descriptor 2 (stderr), >&3 redirects stdout to descriptor 3, and >&- redirects stdout to a dead end (i.

Continue reading ↦

Difference between ENTRYPOINT and CMD in Dockerfiles

A lot of people don’t get the difference to this and I think creack over at stackoverflow did a great job explaining this: Docker has a default entrypoint which is /bin/sh -c but does not have a default command. The command is run via the entrypoint. i.e., the actual thing that gets executed is /bin/sh -c bash. This allowed docker to implement RUN quickly by relying on the shell’s parser.

Continue reading ↦

Customizing your zsh prompt via themes

This post intends to give a great start to customizing your prompt, that thing you’re looking at all day whilst cruising the depths of linux ;P If you use oh-my-zsh or any one of the other frameworks, it’s quite easy to not care and just chose one of the provided themes. Below I’ll talk about some cool projects and sources of content for managing themes in your prompt. Antigen It’s even easier to dynamically switch themes using antigen, an open-source project which manages grabbing plugins and themes from github.

Continue reading ↦

Easily add aliases on the fly

Recently, I’ve done a lot of work on my dotfiles. One thing that always bothers me is the sheer amount of aliases I have laying around everywhere. Kinda frustrating. Additionally, I have a set of scripts I in my env which I’d really like to automatically set aliases to easily. A commonly accepted idea is to separate all your aliases out into something like an .aliasrc file. This is definitely very helpful.

Continue reading ↦

Changing your iTerm2 window title

For zsh, I decided I wanted to simply add a line to my zshrc file to set the window title for iTerm2 to $(hostname) of the box I was currently logged in to: echo -ne "\e]1;${(hostname)}\a" Yes, its that easy:) Looking a little further into the superuser question. it appears theres another way that works for both bash and zsh and, by the author’s note: This way you can immediately see what host you’re connected to in what window, and the window title for each tab shows user & CWD.

Continue reading ↦

Giving non-root users' power over <1024

I needed a quick and dirty way to allow a non-root user to use lower ports. This is because I’m starting to launch docker containers where the CMD process is run as a non-root user. The first container I thought this might work well for is my docker-ncat-proxy container which runs ncat as the nobody user. Using linux capabilities, we can set a binary to be launched without locking its binding capabilities using the setcap command.

Continue reading ↦

SSH Identity Management: Multi-key fallacies

This post will talk about how SSH handles private key forwarding and how to utilize it in a common use case for a more secure and seamless experience. You may want to study up a bit before reading on.. The Variables: client/local = host0 (i.e. my laptop) remote host = host1 (my server) secondary host = host2 (another server) ssh-agent = keychain (Keychain Access, gnome-keychain, etc..) tried/sent = offered for authentication The Facts:

Continue reading ↦

.gitignore ignore all except

For certain configuration directories in my home dir, I sometimes want multiple files pushed to my dotfiles repo, but the majority of them not to be cared for (.env, .log, etc..) so I needed a way to use gitignore the opposite way: block everything and only allow some things: # Ignore everything * # But not these files... !.gitignore !script.pl !template.latex # etc... # ...even if they are in subdirectories !

Continue reading ↦

Windows: Enable AHCI mode

If you install windows on an IDE mode enabled storage bus, and then try to, say, do a clonezilla disk-to-disk copy to a ssd or other SATA hard drive and boot into windows, it will BSOD. This is because Windows won’t enable AHCI support if it doesn’t find it needs it. But, if you can boot into IDE mode still, you can fix that:) Startup “Regedit Open HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlset / Services Open msahci In the right field, right click on “start” and go to Modify 5.

Continue reading ↦

ZSH Arrays and you

So after fighting with zsh for a bit, it seems there is never, ever, a 0 element in zsh arrays. All arrays start populating at element 1 i.e $array[1] Here is some example code to help ya populate and pilfer through an array of elements if its got at least one element: # the following ssh command will return location of each loaded key. for this example, we only have one key loaded.

Continue reading ↦

Change an email address across multiple files in an svn directory

This one is quite easy, but a little tricky. Had to do this for work as one of our groups was changing their email address and a few of the repo’s they used had files that depended on that email. A couple requirements to keep in mind: Had to be recursive Had to excude certain file types Had to do the replacement in an svn repository, which apparantly is difficult.

Continue reading ↦

GPG to encrypt files and handle private keys

GPG is quite nice. I’ve only come to really appreciate it more recently with my delvation into Keybase.io and all the small, unimportant messages i can send to my friends:) Here are some examples of using symmetric enc on single files. Encrypting a file using AES256: gpg --pgp7 --cipher-algo AES256 -c wallet.dat Use/Load an encrypted private key in ssh-agent for 12 hours (without leaving an unencrypted copy on the fs):

Continue reading ↦

Keeping Dockerfiles sane: Some important tips

An excellent article sent to me by a friend pointing out some of the important things to do/remember when creating Dockerfiles. You should also check out: Official Docker documentation best practices Michael Crosby’s take 2 Some key things to remember from a top level standpoint whilst getting started: Try to be “lean”. Your app is just that, your app, and usually, it should be the only thing running inside a container.

Continue reading ↦

Unzip multiple archives in a single directory

And yes, this handles file names with spaces and other weird characters…ohh the joys of double quotes. ls *.zip | while read i; do IFS="\n" echo "Starting on $i"; unzip -d "$i-extracted" "$i"; echo -en "Finished $i..\n"; done



Upgrading Linux Mint to 17

This was fairly easy to do: Edit the sources.list or necessary file in sources.list.d to use the new version “qiana” and also utilize “trusty” ubuntu packages: 2. ` apt-get update apt-get dist-upgrade apt-get upgrade ??? Profit! Thanks tecmint!



Ensuring your website is secure: Using strong ciphers

This new site, Cipherli.st, allows you to get configurations for the major web server and proxy software suites to ensure they are using the most secure ssl/tls cipher settings for serving out sensitive content, or anything on port 443. The configs are copy/pastable into your web server configuration. Be sure to check there for the latest, most secure confs. Example for nginx: ssl_ciphers "AES256+EECDH:AES256+EDH"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; add_header X-Frame-Options DENY; ssl_stapling on; # Requires nginx >= 1.

Continue reading ↦

My jump into coreos, the tiny, docker-centric distribution:)

Booting into the livecd, its pretty basic: Setup networking with “ip addr add” etc.. commands: # ip addr add <address>/<masklen> dev eth0 # ip link set dev eth0 up # ip route add default via <default gw> Set root user password and log in via ssh Do something similar to below, basically create a cloud-config, and call the coreos-install command. ?[~]> sh [email protected] [email protected]'s password: [email protected]'s password: CoreOS (stable) Update Strategy: No Reboots [email protected] ~ # export http_proxy=http://proxy.

Continue reading ↦

Figure out the total space used by docker

This isn’t as easy as you think…a normal du -h doesn’t work on /var/lib/docker. This is because of the aufs filesystem docker uses that du by default skips. The proper way to figure out how much space is actually being used involves a few more arguments: docker -shx /var/lib/docker




Understanding Docker Images

So besides how great it is to be able to just pull down a docker image, theres actually a bit more advanced things you can do in terms of manipulating an image. The following points will give you a better understanding of how to work with, create, and modify images for your own projects:) The two ways to get an image… A registry. A docker registry (i.e. registry.hub.docker.com) allows you to easily pull an entire image locally for utilizing to create other images or just start a container.

Continue reading ↦

Getting a GUI on RHEL 6.3 Server

Fortunately, could only get server via the eval program….btw, I strongly dislike rhel. Via RedHat: yum groupinstall "X Window System" Desktop Edit /etc/inittab for runlevel 5 (change the 3 to a 5) /etc/sysconfig/desktop needs to contain: DISPLAYMANAGER=GNOME DESKTOP=GNOME Install vmware-tools (can do this via cli), mainly ./vmware*.pl (read the INSTALL) Enjoy?



Overview of architecture names for x86 systems

A quick overview of architecture names for x86 systems: i386: The 80386 CPU has historically been the bare minimum for running Linux on a PC-compatible system. Consequently, a package for “i386? is designed for maximum compatibility and can run on any x86-like system; a system that describes itself as “i386? is either ancient or exotic, and can only be counted on to run i386 packages. i485, i586: Rarely-seen, these refer to the 80486 and Pentium (80586) CPUs.

Continue reading ↦

Configuring network interfaces on RHEL

So I don’t usually use a RHEL based machine, but recently was tasked with deploying one on our network. After the normal install process, which I decided to do text based via adding the following to the boot statement for the default installer option (push “e” when it appears): linux text I decided to setup networking later, after the machine was fully installed. On ubuntu/debian based systems, /etc/network/interfaces defines the configuration for interfaces on the system.

Continue reading ↦

Backing up MySQL privileges/users

When migrating from one server to another, migrating the sql database is usually advantageous. There are two ways to do this, dumping the old database to a file(s) and re-importing that file to the new server, or, copy the database files themselves over to the new server (/var/lib/mysql) making sure they are owned by the new mysql user! If you perform the first method for migration/backup, it may be advantageous to also back up the mysql users you’ve created and granted access to certain db’s for.

Continue reading ↦

Tuxboot > unetbootin

Just a quick note, I found a fork of unetbootin called TuxBoot. I highly recommend it as it actually launched in Mint, unlike the latest unetbootin which: Doesn’t find usb devices on osx. Won’t even launch on certain linux distros for whatever reason? Tuxboot supports Linux and Windows….and worked for me the first time around:)



Using docker: An Introductory guide (Part 1)

Docker gives you the ability to run linux containers or “chroot on steroids” which utilize a layered approach using device-mappper or aufs to enable users to create images, build containers off of them, and deploy applications quickly for both development and production (and maintain uniformity!) Before we start, virtually any major service/application has been “*dockerized*” meaning at least one person has made a docker repo for it! For examples, just do searches like “*docker-nginx*” or “*docker-powerdns*”.

Continue reading ↦

Reverse DNS lookup with Dig

Hmm, I kind of want to play digdug now:( If you have an IP you’d like to perform a reverse lookup on to find the domain associated with it, look no further than the very light and informational dig program: dig +noall +answer -x 199.232.41.10 Note that PTR records are not required for IP addresses. If a PTR record is not defined for an IP address, you cannot do a remote DNS lookup.

Continue reading ↦

Blogception

Hackedserver is now blogging. Please Disregard.



Taking multline input from a user

So I needed to take in a pasted stdin that was multiple lines. Using just read or any of the flags it provides don’t give a nice clean way to do this. However, using cat and sed, you can provide a few nice ways to allow a user to end the input stream and submit their entry: Ctrl+d: #!/bin/bash echo "Pipe in certificate, or paste and it ctrl-d when done" keyvariable=$(cat) Blank Line:

Continue reading ↦

Keeping NFS from crashing hard

Recently, it seems my NFS connections have been crashing hard, most recently, a saved file from my browser to my servers’ mount point via NFS which caused the VM I was using to completely lock up:( So I did some quick searching and found these options which you should use when mounting any NFS shares: bg If the first NFS mount attempt times out, retry the mount in the background.

Continue reading ↦

Compress a MySQL database table

MySQL InnoDB engine based databases support compression of table data using zlib compression algorithm. From the official documentation, it is quite easy to create or alter a table to support compression! It of course helps quite a bit with column’s you might plan to use which contain a lot of text (using the TEXT, MEDIUMTEXT, LONGTEXT column formats). Here is how I altered my table using phpmyadmin (since I didn’t see an obvious place in the GUI to do it, I just ran the following SQL statements on the DB):

Continue reading ↦

Extract only a single file/dir from an archive

Using 7z: 7z l file.7z 7z x file.7z directory/neededfile.txt Using Tar: tar ztvf file.tgz tar xzvf file.tgz directory/neededfile.txt Note the “*t*” is the argument telling tar to list files, so you could do “*jtvf*” for a bz2 archive, etc…



Some information regarding RAID striping and performance

So i’ve recently done more research into raid array performance and the variables that impact speed. I’ve found some really good articles regarding this discussing mainly chunk size but also stripe width, strides, and all kinds of fun terms you didn’t know existed. Plus, I found some useful info on how to properly format a raid array for optimaal perf! Disk Performance, Part 2: RAID Layouts and Stripe Sizing

Continue reading ↦

Start a docker container to play with, then save it!

docker run --rm -t -i phusion/baseimage:0.9.11 /bin/bash I use the baseimage-docker distro from phusion…its quite nice…includes bash, runit, and a few other nice features that make it feel like a full featured install that will work properly with docker (i.e. docker stop works correctly) The “*–rm*” will remove the container after you leave it. This is generally preferred. We just launch bash in this example. You could make your own image and launch it with zsh or the like:)

Continue reading ↦

Finding a needle in a haystack: SQL with regex

So I run multiple pastebin services. One day, a friend needed a paste from weeks ago and so to the database I went (using stikked). I needed to search the paste content, known as column “*raw*” and pull out the record corresponding to the content (date, id, etc..). What’s awesome is you can use regex in all of your sql statements when searching anywhere in the db. So I just did this:

Continue reading ↦

Making ssh keys work: Permissions

Setting up ssh keys is effectively very easy. You throw your pubkey in its own line in your $HOME/.ssh/authorized_keys file. However, you may not know that it matters very much the permissions that the following files have set: home directory .ssh directory your authorized_keys file After doing this multiple times, here is the corresponding combination that works for me: 755, 750, or 700 (grp and other should have no write perms)

Continue reading ↦

Saving docker images without a registry

There is a pretty convienient way to save your docker images you build without needing to commit them to a registry: docker save mynewimage > /tmp/mynewimage.tar Then, to use it on a new host: docker load < /tmp/mynewimage.tar Thanks James!



Listing out your drives, the pretty way

Just found the command I’ve forever been looking for: goliath# blkid -o list device fs_type label mount point UUID -------------------------------------------------------------------------------------------------------- /dev/sda2 ext4 golvm /mnt/ssd2 158dac38-a368-4a37-983e-8e4b63cc838f /dev/sdd linux_raid_member goliath:1 (in use) 4c9df4da-6def-7a1b-f269-1137c0c49112 /dev/sdb1 ext4 / d288026a-a2d2-45c0-b848-3ac032909b33 /dev/md0 ext4 /mnt/raid 5193fa69-3c56-46cd-90bd-31036c931f5e /dev/sda1 ext4 /mnt/ssd1 bc2503ac-ad7a-4c70-8127-6ed37c96548f /dev/sdl1 ext4 /mnt/usb becc31d7-35ff-4145-876a-2520460ff532 /dev/sdi linux_raid_member goliath:1 (in use) 4c9df4da-6def-7a1b-f269-1137c0c49112 /dev/sdk linux_raid_member goliath:1 (in use) 4c9df4da-6def-7a1b-f269-1137c0c49112 /dev/sdh linux_raid_member goliath:1 (in use) 4c9df4da-6def-7a1b-f269-1137c0c49112 /dev/sdj linux_raid_member goliath:1 (in use) 4c9df4da-6def-7a1b-f269-1137c0c49112 /dev/sdf linux_raid_member (in use) c2e53423-5bc2-a1e6-fcbf-496432a662fa /dev/sdc1 ext4 /mnt/500dump 05fe6113-5433-45b1-9fb6-2346d94534b0 /dev/md1 jfs (not mounted) 9413d08a-fd5d-4f26-a876-198565f5e392 goliath#



Setting up a hard quota with a directory (on XFS)

So I needed to do per-directory hard quotas for my users. Luckily, xfs supports “project” quotas which allow a directory hierarchy to be soft or hard limited. To set this up for a user, lets call him derpface: Add the option “*pquota*” to fstab so the xfs partition gets mounted with project quotas enabled. Run the following commands to setup the project and directory declarations: mkdir /srv/derpface echo 1600:/srv/derpface >> /etc/projects echo derpface:1600 >> /etc/projid Note that the “1600?

Continue reading ↦


What happens when you bork sudo?

Made a change to sudo and fudged up the line where I give myself certain permissions… This caused a fun parse error that wouldn’t let me continue my “*sudo su*” Its ok though, just run: pkexec visudo type your pass, and you’ll be dumped into the sudoers file for fixing! Thanks, askubuntu!




NFS username mapping even with same uid

Ran into this with my internal testing boxes. Basically, I would mount a simple insecure uid/gid mapped share: /mnt 192.168.1.0/24(rw,all_squash,insecure,no_subtree_check,anonuid=1000,anongid=1000) on a testbox with a username different from the one of the server. But, the uid was the same (1000). With NFSv3, this would have been fine. With NFSv4, there are some differences. Hence things like ssh keys would not work because while I could remove and create new files, the files that existed there were still not technically mine?

Continue reading ↦

Re-defining a variable composed of dynamic variables

In one of my scripts, I wanted to create a log file that was dynamic based on how the script was running. For example, if the script was doing something like waiting on another script or generated an error for whatever reason, I wanted the log file name to change to reflect that. I started with this. I used the $STATUS as the switch and called a function (setstatus) to change that based on what was passed (by another function or whatever etc.

Continue reading ↦

Reload rtorrent configuration without restart

You might want to get in the habit of doing this so you don’t have to restart rtorrent all the time. Ctrl + x, import=~/.rtorrent.rc If you are only adding a few lines, you can just Ctrl + x and paste/enter them for them to be loaded. Thanks, http://rakshasa.no/pipermail/libtorrent-devel/2008-January/001476.html



I really wanted terminal printing to be in color

Yeah. ccze. is awesome! I really wanted to use it across my systems and with all applicable commands like head, tail, cat, etc.. So I wrote a zsh function to check if the command exists and utilize it. This was kind of a pain because of the corner cases (people using pipes or redirection with the command etc..) Through it all, I created two new commands, catless and tacless. Read some of the comments to find why.

Continue reading ↦

Changing your repos` remote origin

The server I usually use to store my repo is going to go offline soon. So I decided to just move it to bitbucket (love the free private repos:) $ git remote origin So obviously we only have our remote origin. git remote remove origin git remote add origin [email protected]:username/repo.git Then, lets push up our repo and all associated data with it (i.e. your commits) git push -u origin --all # pushes up the repo and its refs for the first time git push -u origin --tags # pushes up any tags And thats it!

Continue reading ↦

Migrating from Maildir to Gmail

delete old emails if necessary, turn off convo view (Settings > General) since this lumps everything together. (note, you can do things like “before:2014/4/29?) Use getmail to pull all emails as mbox or Maildir format from your old email account. I initially did maildir hence why below I convert them to mbox for thunderbird. I configured like this for pulling from our corporate exchange server: [retriever] type = SimpleIMAPSSLRetriever server = exchange.

Continue reading ↦

Dealing with VPN on Linux Mint

Setting up VPN via NetworkManager in Linux Mint was actually really simple. But I kept having issues with DNS. I set up my VPN server to push down itself as the dns server to use and a domain-search domain. The domain search domain from vpn was getting mixed in with the other search domains from the local dhcp server when the connection was on eth0. NetworkManager launches dnsmasq when it starts.

Continue reading ↦

Making your client send all traffic through the VPN

This hack will enable your client machines to basically use the internet entirely through the vpn. On the server add the following to your openvpn config file: push "redirect-gateway def1" push "dhcp-option DNS 192.168.1.1" If your vpn is for example your home gateway, you’ll definitely want to use the gateway address. If your vpn server is on a remote server somewhere and it doesn’t run its own dns server or you don’t have a dns server running on the vpn network, you’ll want to just use a public dns server address such as Google’s 8.

Continue reading ↦


Hardening your SSH private keys

You probably have your ssh private key password protected. However, are you encrypting them with the more secure PKCS#8 standard, or the default that ssh-keygen for some reason still uses? The following articles help explain this whole idea that using PKCS#8 (which is a part of OpenSSL, hence can be used with OpenSSH) is a much stronger format for encrypt your keys with. I recommend you read them in this order:

Continue reading ↦

Decrypting a hard disk on Mac OSX

From apple discussions: (note this relates to time machine as I wanted to decrpyt since I’m moving to linux. Once on linux, this script seems to be necessary) — I too was under the mistaken belief that I would be able to turn off encryption the same place that I turned it on. This cannot be done from within Time Machine (at least not in OS X 10.9) – you need to do it from within the Disk Utility:

Continue reading ↦

Setting up /etc/security/access.conf on ubuntu

So I already describe this in another post and there are various guides on the intarwebz: 1, 2. But I wanted to point out one thing. For ubuntu, the pam_access line wasn’t working in pam.d/common-auth, where I usually put it, nor was it working in pam.d/login. But, it worked in /etc/pam.d/common-account !!! Just throw it below the pam_deny.so, account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so account requisite pam_deny.so account required pam_access.so account required pam_permit.

Continue reading ↦

Adding a new service/daemon manually on ubuntu

So I added a shiny new znc init script to /etc/init.d/ and I want to enable it so I can use upstart to start and stop the service and control it at different runlevels. First, ensure the script is 755, then lets use chkconfig to get this loaded up! If you don’t already have it: apt-get install chkconfig then do the following: chkconfig –add znc chkconfig –level 2345 znc on service znc start

Continue reading ↦

Fixing perl locale settings

See something like this: perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LC_CTYPE = “en_US.UTF-8”, LANG = “en_US.UTF-8” are supported and installed on your system. perl: warning: Falling back to the standard locale (“C”). everytime you run something perl dependent? Fix it! sudo locale-gen en_US.UTF-8 Thanks ubuntuforums, your amazing!



Heartbleed...how to upgrade OpenSSL and protect yourself

From askubuntu: Security updates are available for 12.04, 12.10 and 13.10, see Ubuntu Security Notice USN-2165-1. So first you need to apply the available security updates, for example by running: sudo apt-get update sudo apt-get upgrade from the command line. Do not forget to restart the services (HTTP, SMTP, etc.) that use the affected OpenSSL version, otherwise you are still vulnerable. See also Heartbleed: What is it and what are options to mitigate it?

Continue reading ↦

Get an "Open NAT" without using DMZ or enabling UPnP

So this is something many people have had to deal with since the inception of online gaming (generally on consoles). If you were to go through the NAT error solution troubleshooting steps on xbox.com, you would get recommendations to: Enable UPnP on your router….on the WAN side…NOPE. This is a security risk. Don’t do it. Utilize a DMZ setup. No. This is stupid and unnecessary. Although it is the easy way out…

Continue reading ↦

Find command multiple -name declarations

A fancy little trick with the find command, you can do -name or declarations with the find command! find . ( -name “.sh” -o -name “.pl” -o -name “*.php” ) -mtime +20 ^that command will find (recursively) any php, pl, and sh files older than 20 days in the current directory. Thanks, unixtips.



Removing older tv show episodes and telling Sickbeard about it

This is really useful if your in a predicament where you get a show that has constant releases…they can be overwhelming! It depends on your Sickbeard running and needs very little to do its work. #!/bin/bash : <<‘END’ This script allows you to remove tv shows that have lived on your filesystem over x amount of days. It will also remove any nfo/tbn files associated with the episode if you are telling Sickbeard to populate them (I use the xbmc profile).

Continue reading ↦

Using sed to print out part of a string

This is a little tricky and a lot of people don’t use sed like this. But its actually not too hard to get a piece of a string. Lets say we have: herpderp.S14E90.tbn We want the “14? and thats it. Here is a sed that will print that out. What we are doing is telling sed about the area around the 14 so it properly matches it and then using parenthesees to indicate what we want:

Continue reading ↦

An outstanding introduction to Docker

http://serversforhackers.com/articles/2014/03/20/getting-started-with-docker/ Just wanted to note that this tutorial/intro on Docker does a great job of opening the door for this fantastic creation which has been extremely beneficial to many sysadmins already. I highly recommend you take a gander at the power of docker and how easy it can be to install/configure/implement into whatever your doing!



I've solved it! How to ensure your local repo is a exact 1:1 copy of its remote!

git fetch origin git reset --hard origin/master git clean -dffx If you run the above commands instead of just a git pull, your repo will be synced exactly (1:1) with its remote. This means: Any new files/folders you created will be removed, including sub-repositories. Any files you’ve changed that already existed in the repo will NOT have their changes stashed/saved. Any .gitignore files are not followed! Meaning any ignored files in a particular directory that were added by a program/script will be removed!

Continue reading ↦


How zsh handles a command returning with no newline

73387# ^Looks something like that. The actual data are the numbers, with the ‘#’ added (with inverse coloring b/w fg and bg colors) and my shell newlined. This is an intended zsh feature, not a problem. PROMPT_SP Attempt to preserve a partial line (i.e. a line that did not end with a newline) that would otherwise be covered up by the command prompt due to the PROMPT_CR option. This works by outputting some cursor-control characters, including a series of spaces, that should make the terminal wrap to the next line when a partial line is present (note that this is only successful if your terminal has automatic margins, which is typical).

Continue reading ↦

Help me choose a keyboard color layout!

wasdkeyboards.com is an epic site with awesome stuff. And one thing I love the most is having customization options at my disposal. Tell me which one of these you like! #1: #2: #3: #4:



Convert a Digital Ocean droplet to a VMware VM

The following guide explains a method for converting a Digital Ocean Droplet to a VMDK which can be used under VMware ESXi Hypervisor or other virtualization software. This process is one way. It is currently impossible to convert a VMDK to a Digital Ocean Droplet. View it here (pdf)!



Changing your irssi config when using znc

So I had the normal irssi config stuff all defined and all setup from my non-bouncer days. So I figured, with the bouncer, it shouldn’t be hard to get changed over etc.. Here is what I had pre-bouncer: servers= { { address = “server.com”; chatnet = “derp”; port = “1820”; use_ssl = “yes”; ssl_verify = “no”; autoconnect = “Yes”; }, ); chatnets = { derp = { type = “IRC”; nick = “username”; };

Continue reading ↦

A zsh function for saving your ass during iptables hacking

What this does is allow you to easily work with iptables without the fear of ever being locked out of a remote box. Trust me, when it happens, you’ll wish you had something like this. All you really would need to change to use this yourself is the FLUSH_WAIT timer and maybe some of the print’s. Otherwise, this should work across pretty much all systems. Read the comments to learn more about what this does.

Continue reading ↦

Using Hping

hping is nice for sending a bunch of traffic just to test certain reactions of remote machines etc.. Here are some cool ways to use it and some useful links on more info. Start a flood of icmp packets with a rand src: hping 16.0.24.2 –rand-source –flood –icmp -V Do 500pps with just one src: hping 16.0.24.2 -i u2000 –icmp -V Here, we use the -i u2000 which tells hping to send a packet every 2000us which is 500 packets per second.

Continue reading ↦

Setup static route and arp entries on a linux box

Want all traffic destined for 16.0.24.0/24 to go through your interface with ip 192.168.192.7? route add -net 16.0.24.0 netmask 255.255.255.0 gw 192.168.192.7 To delete this route, route del -net 16.0.24.0/24 Ohh and static arp to one of the hosts in that network? arp -s 16.0.24.2 00:50:49:A0:9E:E0 It’s so easy! More info here and here.



Dealing with Bash/zsh coloring and prompting users

http://misc.flogisoft.com/bash/tip_colors_and_formatting Also, see this archlinux wiki page. ^An extremely reliable and helpful source! Note if doing echo’s, be sure to do an echo -e “stuff” instead of just echo “stuff”. In zsh (maybe bash too), I like to do the following for prompts: (gold asking text, cyan (underlined) link, newline and white ‘>’ character waiting for user input) print -nP “\e[0;33mAre you sure you want to do this?, y|n? If not, go here:\e[0m \e[4;36mhttps://randonplace.

Continue reading ↦

Use a proxy with Plex/plexweb using ncat

So we needed to proxy our plex server through another box. That part was easy enough with a nice little ncat socket running on the proxy: ncat -k -l 32400 –sh-exec “ncat server.com 32400” Now we can access through the proxy address proxy.com:32400/web which is great and all. However, to get our devices/plexweb to use the new address, some kung fu’ery is needed. Basically, your PMS install goes out and uses plex servers to figure out its external ip address.

Continue reading ↦

Block comments in Bash

#!/bin/bash echo before comment : <<‘END’ bla bla blurfl END echo after comment From http://stackoverflow.com/questions/947897/block-comments-in-a-shell-script



Create VirtualEnv and install Pyramid!

On ubuntu 13.10: (you should have python3.3 installed already, it comes default) wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py -O - | sudo python3.3 2. easy_install-3.3 virtualenv 3. virtualenv –no-setuptools –always-copy virtrepo/ 4. wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py -O - | virtrepo/bin/python3.3 5. cd virtrepo/ 6. ./easy-install pip 7. ./pip install Pyramid==1.5a4 8. virtualenv-3.3 –relocatable ../ Breakdown: We get the latest easy-setup, install it, install the virtualenv package, create our virtualenv in a directory “virtrepo”, grab easy-setup for this new env, install pip in it, and use pip to install pyramid.

Continue reading ↦

Mount disk in two locations, one being read only.

So most people know that to mount a disk to two different locations, they can do a simple mount –bind like: mount –bind /origlocation /newlocation However, what if you want that second location to be a read-only location to the filesystem? Try this: mount –bind /origlocation /newlocation mount -o remount,ro /newlocation ^that should properly work! More reasoning for this here.



Create iso and burn dvd via the cli

Assuming you have your VIDEO_TS folder in /mnt/data/dvd Create iso image: genisoimage -o /mnt/data/dvd.iso /mnt/data/dvd/ Burn iso image: growisofs -dvd-compat -Z /dev/sr0=/mnt/data/dvd.iso Note you may need to apt-get install these utils…I did.



sudo wont honor my aliases

To counteract this behavior, run it with a space after it. For instance, I have an alias like this: <br></br> alias sudo='sudo '<br></br> That way, whenever you type sudo, you are actually adding that extra space which enables aliases to be expanded in your current env!!!! More here!



lftp is great, except you can't mirror individual files

That’s why you have to use mget in place of mirror! Kinda annoying but it must be done….ohhh and the other downside is you lose any segmented downloading with mget as only mirror can do that. I posted a little snipped on this answering a question on stackoverflow.



A note on smartctl and how to interpret smart results

apt-get install smartmontools smartctl –all /dev/sdk RAW_VALUE: this is the only thing with real or physical meaning, generally these are the counts or the measurements VALUE, WORST and THRESH are all reported in the same arbitrary units, which normalize the raw value to 0-255, where bigger is better. VALUE is the current value, WORST is the worst that has been recorded while the disk is functioning, and THRESH is the floor that you want to stay above.

Continue reading ↦

Quickly create hard links for directories!

So that title isn’t exact…as most of you should know, you cant create hard links for directories…you also can’t create hard links across filesystems….there are pretty obvious and more technical reasons for that. So the alternative is to create the dirs and hard link the files in the dirs…which if done manually using ln continuously, would be painful. However, the cp command can do it for you in one fell swoop!

Continue reading ↦

Make alphabetical directories based on the files/folders in them

for i in $(ls | cut -c 1 | grep -v ‘[0-9]’ | uniq); do mkdir “$i”; done EDIT: So that ^ was my first thing. Then I decided to take this further…one line to rule them all and both create the single letter directory and then continue to move every other folder into the single letter directory: for i in $(ls | cut -c 1 | grep -v ‘[0-9]’ | uniq); do mkdir “$i” && for j in $(ls | grep ‘^’$i’.

Continue reading ↦

The story of defaulting to /dev/md127

So even after configuring my /etc/mdadm/mdadm.conf (im using ubuntu, its /etc/mdadm.conf if on deb), for some reason, at system boot, I was still getting a device name of /dev/md127. As per the ubuntu forums, this is a common problem with a change made in newer kernels. Here is my mdadm.conf: # mdadm.conf # # Please refer to mdadm.conf(5) for information about this file. # # by default (built-in), scan all partitions (/proc/partitions) and all # containers for MD superblocks.

Continue reading ↦

So grub stops autobooting if any previous shutdown errors occur

Meaning if you hard shutdown your machine while testing etc.., when you reboot, grub will actually just stop and sit there. Which is totally what I want all the time…certainly don’t want to boot into that OPERATING SYSTEM that gets me and IP ADDRESS so I can remotely log into my BOX! I used the method described here to disable this. Basically, you disable the check from matering when the timeout decision is made in the make_timeout function.

Continue reading ↦

Make a VMware ESXi (Vsphere Hypervisor) USB Bootdisk

So this works the same way you do it for normal Linux distros….with one catch. Use Rufus, unetbootin (what we used) LiLi, etc… to actually write the iso properly to the usb key. Edit your BOOT.CFG file and add “ks=usb” directly after “b.b00? so it should very similar to: modules=/b.b00 ks=usb — /useropts.gz Boot with the USB and love me forever.



I seriously need a UPS…mdadm resync explanation

There were intermittent storms and wind around me last night causing not full on power outtages but instead, dreadful power dips! So my server went down. Waited a bit until things seemed to be normal. Brought it back up. About 2 minutes later, power dip (im thinking now that it was really only a problem for devices taking a ton of power/voltage, aka, my server). So I said screw it. Shut everything down.

Continue reading ↦

Flashing different LSI firmware on the M1015…on a UEFI bios!

Not fun. I just spent like 1.5-2 hrs messing around with this pulling my hair out. So I have an asus p8z77 which supports uefi. I just recently acquired a IBM Serveraid M1015 and read this awesome post about flashing different LSI firmwares to the card to enable pass-through etc.. I decided I wanted to flash the “IR” firmware to get the best of both worlds. So I made my usb boot key:

Continue reading ↦

So we lost power during an mdadm reshape/rebuild…yeah.

Yeah…try to mitigate against this in the future. We basically were doing a reshape to grow the array using these commands: # mdadm –add /dev/md0 /dev/sdfp1 # mdadm –add /dev/md0 /dev/sdgp1 # mdadm –grow /dev/md0 –raid-devices=9 So what initially happened is the box lost power and then the power came back the box automatically restarted… With this, mdadm actually assembled the array in a read-only mode and saw the array as the new number of devices:

Continue reading ↦

Using dd on mac osx

UPDATE – So a friend just turned me on to the fact that you can actually talk to a drive via a raw path in OSX. Using a device name like /dev/rdisk2 bypasses any extra buffer cache in between you and the raw disk. So in the example below, the entire operation would move much faster by using /dev/rdisk2 instead of just /dev/disk2. Thanks to Jared for notifying me of this and superuser.

Continue reading ↦

Disabling and re-enabling a daemon

So I’m doing some server/hdd moves etc.. that will be temporary. So I wanted to disable some of my services that rely on those mounts etc.. Rather than completely change runlevels the daemon starts and stops on (update-rc.d) or messing with symlinks in /etc/rc2.d, I found a much easier way: Disable daemon from any runlevels: # insserv -r Enable daemon again. It will keep any runlevels it previously had. # insserv

Continue reading ↦

htaccess with nginx

sudo apt-get install apache2-utils sudo htpasswd -c /var/www/mywebsite.com/.htpasswd exampleuser Put the following in your nginx conf file for the given server block you want this to apply to: auth_basic “Restricted”; auth_basic_user_file /var/www/mywwebsite.com/.htpasswd; Thanks DO!



Using find regex to remove specific files in a directory

So working with the ALU chassis, its totally the most fun time of my life (scp locally doesn’t support wildcards or directories, thank god I could initiate it remotely). I scp’ed over a bunch of files, cores, diags, and backups all with an awesome naming convention like so: 9-2_backup-alu2.0_2001-10-18_16-48-03-gmt.tgz 9-2_backup-alu2.0_2001-10-18_17-48-03-gmt.tgz 9-2_backup-alu-core1.0_2001-10-09_14-21-14-gmt.tgz 9-2_backup-alu-core1.0_2001-10-09_14-23-09-gmt.tgz 9-2_backup-alu-diag1.0_2001-10-09_14-22-05-gmt.tgz Where the basic number after “alu” is a backup, the core is a core, and the diag is a diag.

Continue reading ↦

The perfect mysqldump command

So this is how I recommend everyone backup their database…It basically provides for any mucked database you might have by adding remove statements before the create statements. And it back’s up all the databases you have for a given MySQL instance…which makes life easier! mysqldump -uroot -pawesomepassword –all-databases –add-drop-database –add-drop-table > db.sql



Migrating my Inspircd server

0) Install inspircd on newbox 1) from oldbox: scp -r /etc/inspircd [email protected]:/etc 2) from oldbox: scp -r /home/irc [email protected]:/home 3) on the newbox: chown -R irc /home/irc 4) edit the motd to make it unique 5) Install gnutls-bin libcurl3-gnutls libgnutls26 libgnutls-dev libneon27-gnutls 6) Copy over the old m_ssl_gnutls.so file because apparantly the new one doesn’t work. (this is more for my own personal thing…not for you exactly.)



Because we can...

telnet towel.blinkenlights.nl dig ch whois.cloudflare @emma.ns.cloudflare.com traceroute 216.81.59.173



Fixing nodejs packages from cloned repo

Went through this with Dillinger, a live markdown converter that makes it easy to write markdown! cd rm -rf node_modules npm install Here’s where I found the fix: https://github.com/lefnire/habitrpg/issues/781



Trying to flash your NAND by booting to Xell/Xellous

Just dump your updflash.bin at the root a fat32 (msdos) formatted usb stick and do the following….this should work with any version of xell/xellous:: For best results of getting the usb device detected. Remove the power plug from the console after running the MS dashboard. Then reinsert the power plug, insert usb device and then boot into XeLLous. More on this whole Xell process stuff here from xbox scene



Understanding sessions/windows/panes in tmux

OK YOU READY?!??? When you run tmux, you create a new Session. In that session, you are put into a Window (usually 0) In that window, you can create panes (usually [prefix]+” and [prefix]+% depending on horizonal or vertical) To create a new window, [prefix] + c So each window will have a statusbar at the bottom, yet each window will share the same list of available windows in the session looking like:

Continue reading ↦

iTerm2 tmux integration

So I experienced tmux last week for not the first time but the “definitive time” where I actually played/studied it and configured it to my liking. One of the key things I loved about it was the epic mouse integration for scrolling, selecting panes, and resizing panes: #enable mouse support setw -g mode-mouse on set -g mouse-select-pane on set -g mouse-resize-pane on set -g mouse-select-window on I also enabled the tmux plugin for oh-my-zsh which adds a few nice features, primarily allowing you to not have to type “attach”.

Continue reading ↦

Seriously managing ssh forwarding in virtual terminals and beyond...

Ok so this gets a little intense to think about but its something you might run into if you are using virtual terminals with ssh keys and agent forwarding etc.. NOTE: All code involved here is stored and updated at my github here!! for all intents and purposes, tmux = screen for the rest of the article. My first problem: When leaving a tmux session running on a server, logging out of that server and going home, logging back in and pulling up my tmux session (tmux attach), my key forwarding doesn’t work anymore.

Continue reading ↦

Multiple expression if statements in bash

Because I always forget how to do this: if [ “$1” == “help” -o “$1” == “-h” -o “$1” == “?” ]; then echo “don’t forget!” else echo “aww dude you forgot” fi thanks crazed monkey



Utilizing lftp for super fast sftp downloads (parallel and segmented!!)

Don’t know what lftp is? Look here. (it’s only the most feature rich, fastest, most epic file transfer program for linux:) So lftp is a little tricky when trying to use it in scripts etc.. since its meant as an interactive ftp application/client. However, it is possible to use it with one command and also to utilize ssh keys. Here’s an example: lftp -u username,placeholder -e “set sftp:connect-program ‘ssh -a -x -i /home/username/id_rsa.

Continue reading ↦

Automatically providing ssh with a password

So at work, I log into a lot of test boxes that share a common password (most of the time). Now while the password isn’t too long, I still would prefer to not type it every single time i log in to these boxes. Ohh and the installed OS is always changing (part of our testing) so ssh keys isn’t an option. So I needed a way to ssh via providing a plaintext password on the cli (or through a variable/file, etc.

Continue reading ↦

All the Bootstrap tools you could ever need

http://speckyboy.com/2013/05/01/bootstrap-toolbox/ has pretty much every Twitter bootstrap tool you could ever see yourself needing. I mostly appreciate the bootbox and hover dropdown projects listed there. There are also some customizers which are quite useful!



Redirect all http port 80 traffic to a different port

This applies to a local port on localhost that your destined port 80 traffic will be routed too instead: iptables -t nat -I OUTPUT -p tcp –dport 80 -j REDIRECT –to-ports 8123 Make sure you do something like the following (where you specify the interface) if you don’t want requuests to localhost also sent out the proxy: iptables -t nat -I OUTPUT -o eth0 -p tcp –dport 80 -j REDIRECT –to-ports 8123



Increase PHP file upload size allowance

from here Basically, you need to increase the size of the following values above what you want your maximum value to be (except for upload_max_filesize which you can keep at exactly what you want the limit to be). Here, we want our max file size to be 10MB. memory_limit = 32M upload_max_filesize = 10M post_max_size = 20MOf course these go in your php.ini file which is usually in something like “/etc/php5/apache2/php.

Continue reading ↦

Grep Recursively

So damn useful: grep -r “texthere” . from [](http://stackoverflow.com/questions/1987926/how-do-i-grep-recursively)



Run a script after tunnel has connected/disconnected

Add something like the following to your client.conf file: script-security 2 # run /etc/openvpn/up.sh when the connection is set up up /etc/openvpn/up.sh Obviously, up.sh must be executable. Also, if you expect the command to fail but still want Openvpn to start correctly (it will die if the script returns anything other than 0), then tack on an “exit 0? at the end of your script. Thx to askubuntu.



Bind an address to your loopback (like its actually there!!!)

To set bind an addy to loopback (any incoming traffic destined for that ip address (in this case, 80.0.2.1) get pushed to lo: ip addr add 80.0.2.1⁄32 broadcast + dev lo Now when you ping for that host, your loopback will actually be the one responding. For work, I’m actually on a client machine that knows about a server (has it in its routing table) which needs to have this set up in order to respond.

Continue reading ↦

Upgrading to CM 10.1.2 (from 10.0.0) aka Android 4.2.2 on my Skyrocket

1) Download the new CM rls, new radio for ATT (UCMC1 for jb), and new gapps. 2) Install all of them with recovery software (I did CM, Radio, Gapps in that order) 3) A few apps like Gmail and Google Music had problems launching so I uninstalled and reinstalled from Google Play. 4) ???? 5) Profit. Some links that help: http://forum.cyanogenmod.com/topic/75214-cm-1012/ http://forum.xda-developers.com/showthread.php?t=1785999 http://forum.xda-developers.com/showthread.php?t=2228292



Change a string in a directory full of files

grep -rl matchstring somedir/ | xargs sed -i ’s/string1/string2/g’ Ok so yeah. This uses grep to find a string in files in a directory and then executes sed to change a string in all of them. A beautiful super simple command…thx vasir!



Converting a diff to a proper script

Have a file on reviewboard that you want to download and run? 1) Go to download diff. Either copy the contents (with a bunch of +’s in front of everyline) to a file called “code.diff” or pastie the contents and grab them with wget. 2) Run the following…you may need to check that there are no empty lines without a + in front of them (possibly at the end of the fle)

Continue reading ↦

Keep a ssh session/tunnel open forever

The following command will initiate a ssh tunnel and daemonize itself restarting the connection if it drops for any reason: autossh -f -M 20000 -i /home/user/id_rsa -D 12345 [email protected] -N More examples of using autossh to do this can be found here



Mount NFS in Winblows (Windows)

0) Make sure you have Windows 7 Enterprise or Ultimate. The others won’t work. 1) Add the “Services for NFS” feature throguh the Program and Features thing in Control Panel 2) run something like: mount -o anon \192.168.1.101\mnt h: where h: is the drive letter the mount will be mounted to. Pretty awesome. This should probably work for directories as well. More here.



Proxying Linux through SOCKS with tsocks

tsocks provides a way to tunnel individual tty sessions or everything on a linux box through a SOCKS 4⁄5 proxy. What this enables you to do is use a SSH tunnel to proxy programs and applications through etc.. What do you need? apt-get install tsocks edit /etc/tsocks.conf local = 192.168.0.0/255.255.255.0 server = 127.0.0.1 server_type = 5 server_port = 12345 Here, we assume we have created a dynamic ssh tunnel using lets say the following command:

Continue reading ↦

Install only the dependencies for a package via Apt

sudo apt-get install $(apt-cache depends | grep Depends | sed “s/.*ends:\ //” | tr ‘\n’ ‘ ‘) Where is the name of the package you want to install the dependencies for. A very cool command indeed especially when you want to build something from src instead of having your package manager download it. From here.



Creating an automated "torrentflow" with rutorrent/rtorrent

For a long time, I have been wishing for an easier way to get torrents added to a remote box, download there, and then securely transfer them to my home server. There are multiple things to think about when doing this like the following: 1) The torrents must stay on the remote box and continue seeding. 2) They must be unrared when i go to view them on my home server.

Continue reading ↦

A proper "filemanager" for rutorrent

Been doing a lot of rutorrent stuff lately since I decided its finally time to tune this to my liking for easily managing files and transfers to other servers etc.. I’ve known about this plugin for a while. It’s called filemanager and it’s extremely useful as a file browser right in rutorrent hence you don’t need to ssh in or ftp to manage directories and files. It has a bunch of other features like compression, deletion, and virtually anything else you could think of.

Continue reading ↦

Titlebar DL/UL details for rutorrent

A nifty little plugin that displays the current dl and ul speeds on your title bar: https://github.com/SanKen/rutorrent-titlebar



lftp not following symlinks through sftp

Yeah I sat on this issue for a little while. I was running it like this: lftp -u user,pass -e “mirror –parallel=10 -La /derp /herp; quit” sftp://awesomename.com:2343 as I wanted to do a mirror from a remote sftp server to my local /herp directory with some awesome parallel downloading!!! However, the remote directory has symlinks that I expected lftp to actually follow and download…but it wasn’t (note that I double checked perms and everything was fine).

Continue reading ↦

"Mark for Rsync" symlink creating rutorrent plugin

So I’m developing a setup that involves my server at home to pull on the fly downloads on a remote box. The idea is that I want to be able to mark a certain torrent for rsync/tranfer down to my home machine by having it watch a directory on the remote server called “ready”. In this directory should be symlinks made by a rutorrent plugin that I call by right clicking the torrent I want transfered and just selecting “Mark for Rsync” or the like.

Continue reading ↦

Flushing DNS caches

In Linux, there are multiple ways to do this depending on the caching daemon you’re running (nscd, dnsmasq, etc..). I will defer to this askubuntu question for the best explanation of all scenarios but will outline the most common below: sudo /etc/init.d/dns-clean restart OR sudo service dns-clean restart Mac OS X dscacheutil -flushcache Windows (pretty much all of them): ipconfig /flushdns



Mapping UID/GID with NFS exports (and multiple filesystems)

So I recently had to share out NFS shares which needed to be readable and writeable by the user mounting them. This is actually quite easy with NFS. Essentially, you are telling nfs that any changes by any client user are mapped to a single user on the server: /mnt 192.168.1.0/24(rw,all_squash,insecure,no_subtree_check,anonuid=1000,anongid=1000) I obviously don’t have to tell you how dangerous this can be…so unless you are sure you want to do this aka you trust everyone on the network you are sharing this out to, don’t do it.

Continue reading ↦

Setup a public samba share

Something like this is easy to find on google but just a note to myself: 1) Set security = share 2) Make a share like so: [mnt] path = /mnt comment = mntroot browseable = yes guest ok = yes read only = no #set to yes most likely, this will allow rw in its current state using the nobody user write list = john # or you can do this public = yes

Continue reading ↦

Installing Xen (XCP) on Debian 7

UPDATE – The Purge… So following instructions isn’t enough apparantly. Connecting to the server with XenCenter opened my eyes. A) To use local disks, you have to use a cli utility that doesn’t seem to work properly for me (thinks /dev/sda1 is for sure in use when it actually is not) and seems to not understand anything but an LVM setup. Now yes, I didn’t do LVM when I installed Xen but seriously?

Continue reading ↦

Add ~/Library shortcut to Finder

Yeah for some reason, by default, this is like a hidden folder in Finder. Here is how to get it in your side bar: 1) Open Finder 2) Click , Go > Go To Folder, enter in the full path to the ~/Library directory 3) It should open in Finder. Now, drag the blue folder icon in the title bar and place it anywhere you’d like in the sidebar. 4) Done.

Continue reading ↦

Don't trust the support downloads

I recently just bought a usb gigabit ethernet adapter for my macbook pro. I got it from monoprice.com, the greatest place for anything cable/connector related. It came with a driver disk which I promptly set aside expecting to throw away when I next walked by the trash can. I went onto the monoprice driver page and looked for the product I just bought, and clicled download: PID 5345 USB 2.0 Gigabit Ethernet Adapter Drivers

Continue reading ↦

The Gentoo DNS/GW Conspiracy

Alright heres what I needed to do. I have a gentoo vm on my mac. The Gentoo vm has two interfaces, eth0 which is bridged and eth1 which is shared with my mac. Upon boot, both interfaces become “UG” status (in a netstat -rn) meaning they are both default gateways. This works while I’m at work since I’m on the comapny lan anyway so either way, stuff is going the right way.

Continue reading ↦

Change a users UID

1) Make sure all of the users processes are dead. ps -u username ^will show you everything that user is running. Then to kill all of their processes: ps -ef | grep admin | awk ‘{ print $2 }’ | xargs kill -9 (or you can su to them and run “kill -9 -1?) 2) Obviously as root, run the following: usermod -u NEWUID username 3) Or, you could just edit passwd.

Continue reading ↦

Securing your public key logins through authorized_keys

It a good idea, especially if you making keys just for automated processes to run like an rsync for instance, to tell the remote end to only allow certain clients to do certain things. Here’s a few tips on things to add to the beginning of your public key in authorized_keys: 1) Lets only allow from a specific host or set of hosts: from=”*.ac.uk” 2) Let’s not allow anything else at all, not even a tty or forwarding etc.

Continue reading ↦

Stop Sudo from asking for a password everytime

If the user doesn’t have a password set or your just tired of being prompted everytime you use sudo, heres the solution. Edit the line that defines the group/user in the sudoers file to look like this (more here): username ALL=(ALL) NOPASSWD: ALL This might be nice if your are using only public/private keys for your users and so a: passwd -l username can be used to disable/lock the users’ password (this only means they can’t possibly use a password to login, it does not mean they can’t log in).

Continue reading ↦

How to use a Tunnel with SSH

So I ran into a situation where I needed to tunnel my SSH connections through a SOCKS5 proxy. I discovered through the googles that this is actually possible right through SSH itself meaning no jenky hack arounds. All you need to do is ensure you have “nc” installed (netcat) and add the following to either your command or config file: CLI: -o ‘ProxyCommand /usr/bin/nc -x localhost:3128 %h %p’ Config: ProxyCommand /usr/bin/nc -x localhost:3128 %h %p

Continue reading ↦

Installing Xcode and the Command Line Tools

So. You will find when using a mac that you need Xcode to run a lot of certain types of applications. I guess you could maybe think about it as .NET on windows (im not really for sure, i could be completely wrong). To install Xcode and the underlying command-line tools which are used by homebrew (something I’ll mention later in another post), do the following: 1) Install xcode from the app store.

Continue reading ↦

A quick note on rc.local

Learned this a few days ago…If your having troubles with your rc.local running through everything you’ve put in it, you might want to take out the top part saying: #!/bin/sh -e as the -e dictates that the shell exit on any of the commands return a nonzero status. Now, your commands really shouldn’t be doing this (hopefully) but if they are, taking out the “-e” can fix the problem and allow later commands to run without problems.

Continue reading ↦

Using Automounter on osx

Ok. So. I have a gentoo vm that I share files with through to my host os, osx (i know, please help me). Since I didn’t really seem to see any sort of fstab variant for osx, i found out that auto mounter is available and quite awesome for ensuring that things stay mounted whether it be at boot, during a network outtage, or whatever. So let me outline a very simple way to do this with links with more detail below:

Continue reading ↦

Seriously Mac OS X…how to reclaim /home

So as you probably know if you use a Mac (yes I use a Mac now, its for work, don’t make fun of me), /Users has replaced /home as the default place your home dir sits. However, /home still exists but it is not usable (you’ll get permission denied even as root) and seems to be mounted by some “map auto_thing” in order to keep people from using it (its actually a part of the auto mounter app).

Continue reading ↦

Make a public key from just your private key

So I was on my main system which only has my private keys for some remote servers….and I’m lazy soo, since I needed to deploy a new server, I just used the following command to make a public key from my already existing private key… ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub  NOTE: You can only go private > public, not the other way around. Found here: encryption – Create a public SSH key from the private key?

Continue reading ↦

A check script to start a process if it dies

I’ve done this plenty of other times, just never posted it here. Here’s one I just finished real quick for starting my rtorrent (which likes to die every so often, i think its rutorrent causing it) when it dies. This one is unique in that it must be run in a screen session and like everything else, I tack on the “nohup command &” to ensure it starts in the background…but tbh, now that I look at it, you don’t actually need that since that screen will obviously live on when created whether or not that shell is still alive or not.

Continue reading ↦

distmap - Viewing the world that views your files

Made by a recent Michigan Technological University grad, distmap is a python script that uses google maps to display points on a world map showing the origin of users who have accessed your files/distributions. This script is extremely useful for mirrors like how it is currently used over at the Linux Users Group of MTU. Dependencies: GeoIP, PyMaps, and apachelog. Download: Github Notes: Set your mirrors and any other settings toward the top of the file.

Continue reading ↦

Thank you Randy Hunt

For too long have I src’ed images from other sites on this blog and it needs to stop. I’m tired of worrying if my users will see little image placeholders which makes everything look gross. So after doing some searching, I’ve found the perfect plug in to remedy this: Add Linked Images To Gallery For every new post you make (or old one you edit and click “update”), this plug in will search for !

Continue reading ↦

Some new shirts...

I decided that I needed some new work shirts for my job starting in June (and maybe my senior barrel in a few weeks)! These shirts needed to be funny and comfortable. Using funnyshirts.org, a place with one of the best shirt customizers I’ve seen, I made/found 3 awesome shirts! Here are the fronts of the 3 I made. Clicking the shirt takes you to the details page for it!

Continue reading ↦

Auto-login on Windows

WOAH WOAH WOAH!!! Mario, why would you want to auto login to a system without at least user credentials? Well I’ll tell you trusty reader…its an HTPC with nothing important on it! In the event something happens and a reboot is necessary, I want to be automatically logged in and XBMC to auto load! Now keep in mind, I have enabled the Administrator account on this setup (Local Users and Groups from the Computer Management menu) for other purposes as well as not set a password for the main user account (playme) which is what needs to auto login.

Continue reading ↦

Enabling WoL

1) Find the necessary option in your BIOS and enable. It may be under power management or south bridge settings or the like. For me, I just did this on my HTPC (which I will talk more about in later posts) which is a Zotac Zbox id80..which didn’t have the option in the BIOS because it is enabled in the BIOS by default (pretty cool uh?) 2) In Windows 7, I double clicked my adapter in Device Manager and on the resulting window, clicked the Power Management tab.

Continue reading ↦

The End of Reader and The Google Graveyard

With the ending of Google Reader, this past few weeks has seen many users fleeing to other sources to provide them with their aggregated news content. Here are a couple great alternatives: The Old Reader TinyTinyRSS While reading about Google Reader, I came upon a few pages that were quite interesting: What is Google doing? (an opinion piece from Reuters) The Google Graveyard (leave flowers on the grave of your favorite deceased Google services)



Game of Thrones: You Win or you Die...

Since I’m super hyped for the March 31st return of Game of Thrones: Season 3, I’ve been digging for some super awesome art to commemorate the occasion. One of the cool things is that there are different versions of House/Sigil art out there and they all look extremely classy. Here are a few links to keep handy!! Official HBO GoT Downloads Custom from Thomas Gateley in the UK TheTVDB Posters, Fanart, and Banners

Continue reading ↦

Online Password Cracking!

I assume you are reading this because you have a legitimate reason to be cracking passwords (to ensure your infrastructure is as secure as possible, of course!). Over the years, I haven’t really had to use online password cracking but I did do some Windows NTLM hash recovery in the past and had a great experience without paying (albeit I had to wait a few days). Here are a few sites offering this service.

Continue reading ↦

All about PuTTY (and it's mods...)

Since I’m stuck at home with my crappy lappy which Ubuntu likes to run horribly on, I decided to do a fresh (it feels so good) install of win7 and get comfortable. One key thing I wanted to do differently this time around was the way I emulate my terminals. I’m tired of the normal “install putty and make some basic profiles” setup. So I did some research to make everything all better!

Continue reading ↦

Mounting an FTP/FTPes server on Linux

So I have a friend that I needed some data from and lets just say the data was “fragile” so we obviously wanted to transfer it in a secure anonymous way (didn’t feel like making an account just for a few things). On my own server, all I had to do was mount his FTPes share using curlftpfs. Normal Usage (normal ftp server): curlftpfs ftp://ftp.lolcakes.com /mnt/ftp FTPes Server: curlftpfs -o tlsv1 -o ssl_control -o no_verify_hostname -o no_verify_peer -o allow_other ftp.

Continue reading ↦

Find all directories that dont contain certain file/folder

So I needed to find all my movie directories that didn’t contain fanart so I could fill the void and find some for em’! Here’s how: find . -type d | while read line; do if [ ! -f “$line/fanart.jpg” ]; then echo “$line”; fi; done; Thanks unix.com



Rooting ma' Phone: Jumping through hoops for more Ctrl

So for someone who has no clue how this goes, on the android platform, you can do something called rooting your phone. This enables you to have pretty much full control over what you do with it at a software level. For most people, this means putting on a custom rom (think operating system) built off of the stock/base android releases (currently Jelly Bean) with more or less features and flexibility depending on what your looking for.

Continue reading ↦

Mirroring on HTTP/FTP: Because sometimes you have to

This example shows an FTP server but the same works for HTTP server /usr/bin/wget \ –verbose \ –mirror \ –wait=2 \ –random-wait \ –no-host-directories \ –cut-dirs=3 \ –directory-prefix=/home/ftp/doom/idgames_mirror \ –dot-style=binary \ ftp://ftp.fu-berlin.de/pc/games/idgames/ So ^that is how you can efficiently download all the things from a HTTP/FTP mirror (only if you have permission now!!). This is what I used to copy the idgames archive to my mirror at Michigan Tech, PSGNet.

Continue reading ↦

The Backblaze Post!

So Backblaze is a company that prides themselves on crap tons of cheap storage to fuel their business of providing customers unlimited storage for $5 a month!! What I like about them is that they post their approaches to certain challenges they run into on their blog. For the past few years, they have posted about their amazingly popular and awesome “storage pods” which make up the majority of their infrastructure.

Continue reading ↦

Disable SSH Host key verification

NOTE: I do not recommend this but it may be necessary for some sort of backup or pull system. Please only do this if you absolutely have to. It’s kind of like taking down your fire alarm in the kitchen!! Option 1: On the CLI $ ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no [email protected] Option 2: In your config file (the .ssh/config or /etc/ssh/ssh_config ): StrictHostKeyChecking no UserKnownHostsFile=/dev/null More from here.



A noobs quick tut to git and github

So I just started using git and github for some of my scripts and such (figured its time to get organized) and I learned for the first time how to actually use git properly. It’s pretty simple actually. 1) Create a repo on github. 2) Go to the folder where the code you intend to share is stored. Run the following: a) git init (initialize this directory as a git repo) b) git add .

Continue reading ↦

Backupninja or: how I leaned to stop worrying and act like a ninja

If you don’t know the reference, here. So I needed something new. I originally had a separate backup script on each server and it was set to run and backup to a “backup server.” That worked great for not very long plus it was hard to manage. So instead of a push system, I opted this time around to go the pull route. It makes things a lot easier on me and allows one centralized place for everything.

Continue reading ↦

Type II Virtualization on Linux with KVM

Literally for squeeze, apt-get install qemu-kvm libvirt-bin To manage vm’s as a normal user, add that user to the libvirt group. More on KVM here. Then you can use virsh to manage vm’s on the command line! But since that can be a pain, I highly recommend using virt-manager (a gnome gui utility) or some other gui (web/desktop) utility which can connect to libvirt remotely and manage your KVM Server.

Continue reading ↦

Upgrading python packages using setuptools

So I really like that I can use my package manager to install python packages (e.x. python-django).. The only problem with this? They can sometimes be really old which causes problems when I try to run said application. If you have setuptools installed (apt-get install setuptools), use easy-install! sudo easy_install –upgrade django YAY!



Mount UFS FreeNAS partitions!

modprobe ufs apt-get install ufsutils mount -r -t ufs -o ufstype=ufs2,ro /dev/sdb2 /mnt/ufsdrive The above is what I did to get a ufs partition mounted read-only (best I could get). Now sure why I had to mount it only read-only or why it was the second partition (it was a fresh format on FreeNAS’es part) but yeah.. Here’s more: http://askubuntu.com/questions/85154/mount-ufs-filesystem



Find Operating System Version in Linux

Obviously, there is the awesome uname -a command to tell you kernel specific info. But that doesn’t tell you exactly what distro version you are running…Here’s how Debian: Look in /etc/debian_version Ubuntu: Look at /etc/issue OR /etc/lsb-release More here. RHEL/CentOS/Fed: Look at /etc/redhat-release More here.



The little System Reserved Partition

I’ve always wondered why the hell Microsoft needs their own version of a “/boot” partition they call “System Reserved” which takes up hundreds of Megabytes of space right at the beginning of your disk.. Here’s the answer. Apparently, it’s used for Bitlocker and boot manager code/database contents. Note that this partition only shows up when you install windows on a clean drive with no existing partitions. The more you know….



Gifs to make you LUL

http://securityreactions.tumblr.com/ Friend of mine showed me this amazing site that will have you on the floor in minutes. It applies hilarious gifs to common head in hand security situations Enjoy!



DICKS - The Nmap Article by the Nmap Creators...for lulz

http://nmap.org/misc/hakin9-nmap-ebook-ch1.pdf That pdf contains an article written for hakin9?s publication by the creators of nmap, the network sec vulnerability testing application… They wrote it in response to Hakin9?s nagging for people to write articles for them…More here. Trollz hurt bad>>



Setting up NFSd real quick!

apt-get install portmap nfs-common nfs-kernel-server edit /etc/exports with something like (for lets say a public share): /srv 10.0.0.0/24(ro,no_root_squash,no_subtree_check,insecure) After saving, import the shares using: exportfs -a OR /etc/init.d/nfs-kernel-server restart DONE!



How Hardforum saved my life...

So with my new build that is super duper awesome (view here), I have 32GBs of shiny blue ram to match my sexy motherboard. Upon installing the necessary drivers and getting my Windows image all set up, I noticed that it only noticed 16GBs of my ram…I mean SPD info showed they were all there and EVERYTHING!!! it just didn’t want to process the extra as usable;( What changed.? I had performed a BIOS upgrade the night before to make sure everything was cozy and working just right.

Continue reading ↦

Migrate VM's to another Datastore

So I just launched an ESXi box at work and put in drives after installing vmware and creating 4 virtual machines. I then wanted to move some of the vm’s to a different (bigger) hdd. Here’s how: 1) In vsphere, right click each VM and select “remove from inventory”. 2) Enable SSH login to ESXi by selecting the server, selecting the “Configruation” tab and selecting “Security Profile” in the Software box.

Continue reading ↦

A beautiful command....

Need to rename files recursively using regex? Thanks to commandlinefu and awesome people, you now can: find . -depth -type f -execdir bash -c ‘a=“{}”;mv -f “$a” ${a//REPLACEME/WITHME}’ \; END OF POST



A world of Possibilities with Xscreensaver..

So do this: apt-get install xscreensaver xscreensaver-screensaver-bsod This will install the amazing xscreensaver daemon and a crapton of extra awesome screensavers including the BSOD and XMatrix ones. Run “xscreensaver-demo” to load the config dialog box and set your awesome screensavers!! Xscreensaver Manual Then you can make a keyboard short-cut for Super+L that runs “xscreensaver-command -lock” and locks your computer and starts the screensaver!!! (basically what I did as I like Mod4+L (the windows key and L that are closest to each other) to be my shortcut just like in winblows!

Continue reading ↦

A shell from a tab

So this summer was fun. During my internship at Sentry, I found out that I had no access out on non-default ports. This makes me a sad panda as I use non-standard ports over 1024 for all my ssh servers:( However, the fix is nice and awesome. There is one program I have found that enable you to grab a shell on your server through your web browser. And you don’t need any special plugins or crap like that!

Continue reading ↦

Create an archive without topdirs from your path

So the title might be misleading but picture this: tar czvf lol.tgz /home/lol/omnom When you run that, it will tar up that directory. It will also put leading directories up to the actual data in the directory you’ve specified. So when you go to extract it to lets say /extract, you’ll get: /home/extract/home/lol/omnom Here is how to avoid that straight from one of my favorite sites: stackoverflow tar -czvf lol.tgz -C /home/lol/omnom .

Continue reading ↦

Multi-line spacing in Bash

Multiple line spaces in your bash programming can come in handy. Here’s how straight from the awesome that is cyberciti! #!/bin/bash echo “Say Something” <<COMMENT1 your comment 1 comment 2 blah COMMENT1 echo “Do something else”



passwd command problems with LDAP clients

So my users weren’t able to use the passwd command after I implemented LDAP auth on a specific client. Here’s a quick fix to /etc/pam.d/common-password password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass Needs to become….. password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass Basically, removing the use*authtok enables the try*first*pass to successfully get processed (i believe, more) *and therefore the passwd command can then properly check the first password you type unlike the error users got before:

Continue reading ↦

The USB wake up problem

I recently moved into a house and have had to watch my power. So obviously standby mode is a big deal in these parts where college students pay the electric bill with the small amounts of nothing they seem to find themselves holding. In linux, this is not hard to do at all especially since I have ubuntu 12.04 which seems to work great with my hardware. However, I am not able to wake the computer back up with my wireless logitech keyboard or mouse!

Continue reading ↦

A weird Scheme: sharing a server in a duplex housing unit

Challenge: 1 House (Duplex) 2 Sides 1 Hole in the Basement 2 Different Groups of College students 11 People wanting access 4 Network Ports 1 Server So I live in a duplex and both sides of the house are friends with each other. We all need access to one central server to share certain files as well as stream content etc… Here are some obstacles: 1) both have separate Charter internet connections

Continue reading ↦

Sending email with exim4 from a gmail account

So I want my servers to email me when there’s problems or when I just need to feel like I matter and someone cares about emailing me. Unfortunately, my university (MTU) blocks outgoing smtp on the default port (25) hence I need to use an external service like gmail to send email. How do we do this? 1) setup a gmail account (or use a current one, whereever you want your emails to come from)

Continue reading ↦

Test out your server sent emails..

So I setup some automated emails to my housemates to remind them to PAY THEIR RENT! I ended up doing this via exim4 using this method by using a gmail account to send the mail instead of sending it straight from the system itself. (MTU blocks outgoing smtp)  To ensure that the message wasn’t getting flagged as spam and html formatting was working correctly, I used a really great email test page by Brandon Checketts

Continue reading ↦

Why PS3 Media Server is seriously the most awesome piece of greatness to ever roam the media streaming suburbs

Ridiculously long titles are fun…Now on to other things… One of the latest things I’ve done is look into streaming media to my newly bought PS3 and/or Xbox that I have lying around. Obviously, because of certain companies (cough MS and Sony cough), these “media” devices don’t support all the formats they should hence requiring users to at some cases find upnp serving applications that can remux and re-encode content on the fly if need be.

Continue reading ↦

Blogging from not wp-admin

So there’s no way I’m going to blog if I have to log into wp-admin everytime. Luckily you have a few alternatives thanks to WordPress and its awesomeness..  1) Email blogging…Send an email to an account watched by your wordpress install. When it sees a new email, it will post the contents as a new post. This is already built into WordPress but its in a minimal manner. I suggest the WordPress plugin, Postie which allows more fine grained options supporting categories and specific address filtering!

Continue reading ↦

Fixing VMware on newer kernels (most notably, 3.2.x and up)

So yeah VMware is not liking the new kernel versions Linus and company are pushing. As a result, it has become necessary to patch your installs of 7.1.5 and 8.0.2 of Vmware workstation, a piece of software I can’t live without. Luckily a very sweet person named Weltall has this handy dandy blog that provides patches for this! I have tested on latest ubuntu 12.04 with 8.0.2 and all is well.

Continue reading ↦

Managing SSH Tunnels with client apps!

Aww. this is nice…. 1) Putty Tunnel Manager - A beautiful things that lets you setup and forget your tunnels from the task bar. Supports reconnections and ensures they don’t overlap on ports.. Forced to used Windows? This is necessary. 2) Gnome SSH Tunnel Manager – If you’re like me, classic gnome (version 2) is where it’s at. gSTM is an app that allows you to manage your tunnels easily with a nice gui and configuration utility.

Continue reading ↦

Managing LDAP login's on LDAP Client's

A few of my machines authenticate to my central LDAP server and allow LDAP users to log in. However, I don’t want every user in LDAP to be able to log into every single one of those machines; rather, I would like to make a posix group in LDAP and when I put a user in that group, they will get access to the given host. This guide will describe how to accomplish this task using PAM.

Continue reading ↦

Installing OpenLDAP Server

Here is an updated tutorial on installing OpenLDAP server on your box. These instructions were done on Debian 6 Squeeze apt-get install slapd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev libnet-ldap-perl libnss-ldap libpam-ldap phpldapadmin Configure slapd – Enter the Administrator password to use confirm Configure libnss-ldap – Enter the ldap server URI – the hostname to connect to the server This should be localhost so…ldap://127.0.0.1 -Enter Distinguished Name of the search base.

Continue reading ↦

lzma2 and you...compression with 7zip

I recently needed to compress images using one of the best compression types available, lzma. I did some research and with the help of commandlinefu and google, I was able to find what I was looking for. 7z a -t7z -m0=lzma -mx=9 -ms=on file.7z file.img The above uses lzma with the best compression selected. “file.7z” is the resulting file while “file.img” is the source file to compress. 7z a -t7z -m0=lzma2 -mx=9 -ms=on file.

Continue reading ↦

Disable Password authentication via SSH or Linux Accounts

I have a few administrative accounts that I do not want accessible via a password, only ssh keys. There are two ways to disable password authentication on a linux system: 1) Lock the password if using linux user accts, ldap, or whatever your using. 2) Tell ssh to not allow authentication with a password in your sshd_config file. For method 1: # passwd –lock username Note this won’t lock the user out of the account but rather lock their password so they cannot use one.

Continue reading ↦

Virtual Sessions for other users!

As an admin, you love to automate things. Lets say other users you have setup on your system run certain applications that may need to run in their own little shell. Instead of having to log into the server as that user (su’ing into a user and trying to create screen sessions doesn’t work very well) and making more work for yourself, you can actually (as root) start a screen session for the other user and define a command to run in the virtual terminal.

Continue reading ↦

Setting up a multi-user Screen environment

I have recently ventured into using screen (a virtual terminal in linux) in a multiuser setting. This is necessary when users need to collaborate on a project or for server which run their console in a “not” daemon sort of way. Basically, you can setup a virtual terminal and allow other people to access it. You can even be in the same shell as someone else which is extremely useful for helping other configure settings or program.

Continue reading ↦

One line to rule them all..Tar, gzip, and encrypt!

So I have for a long time had a backup script that copies the essential files to a directory in /home, and then tars, gzips, and encrypts /home so I can save all my home dirs + important things living on the root filesystem. But the way I used to do it before was really stupid and involved creating a tar, gzipping it, and then encrypting that and making another file of it…basically a bunch of unnecessary read and writes happening on the hard disk.

Continue reading ↦

Grub...The Final Boss...

For years I have stayed away from ever wanting to mess with grub hoping that with each no os re-install, everything would just work. However, I recently had to face the facts and realize that there is no way for things to just work especially when adding a new 500GB hard drive with windows into the mix. The basic idea of just editing your menu entries just does not seem to be cutting it for me.

Continue reading ↦

Create a ramdisk!

So you want to host your website in RAM? It will certainly help if you a database or very large flat files and I recently decided our sqlite database and the tons of images we have should probably be hosted in RAM since I certainly have plenty of it (24GB’s). On linux, you can use pretty much one command to do this by using tmpfs which will manage the memory usage for you based on what files you decide to put in ram.

Continue reading ↦

Make your own Chain in iptables

IPTables provides you a way to make your own chains. A chain in iptables is a section of rules that iptables will run through whenever you specify. The main chain for input is the INPUT chain. I recently needed to start blacklisting ip addresses trying to attack us and it was necessary to create a new chain where I could store those ip’s instead of throwing them on the default INPUT chain which would be messy and stupid.

Continue reading ↦

Meme101.com - A new place for College Memes!

EDIT: Meme101 now runs from http://meme101.tty0.in/. It is no longer being updated and is kind of stagnant/dead.:( Some close friends and I have created a new site that contains memes pertaining to a bunch of different colleges and universities. If you have some free time or feel like wasting time, Please check it out. There’s anonymous upload too!



SCP using spaces or other weird characters in paths

I use scp quite a bit. But I never had to use it with directory paths involving spaces until now (for some odd reason, I must be good at naming things as simple as possible, a good habit by the way). In order to use spaces, as per this article, it is necessary to add three back slashes and the space. At least that is the easiest way. Take a look at the linked article for more about it.

Continue reading ↦

Installing rtorrent with the rutorrent web based front-end

The following instructions have been tried on multiple Debian systems and should work perfectly for you. apt-get install subversion apache2 libapach2-mod-scgi php5 php5-cli php5-cgi php5-curl mktorrent unrar unzip php5-geoip curl libncurses5-dev pkg-config libcurl4-openssl-dev libsigc++-2.0-dev libterm-readline-gnu-perl automake libapache2-mod-php5 php5-xmlrpc libtool NOTE: If you have run an “apt-get install rtorrent”, you MUST run the following before installing from source or rtorrent will crash when you try to use rutorrent. apt-get remove libxmlrpc-c3 rtorrent

Continue reading ↦

LDAP Authentication in Apache

This is very useful if you have to use authentication on some web pages but want to use an ldap server you already have running instead of having to migrate or make different users in an htpasswd file. My example is doing this on a remote client machine that will be connecting to a remote ldap server. a2enmod ldap a2enmod authnz_ldap Add the following to enable auth on the /var/www/secure directory.

Continue reading ↦

Rescan SCSI devices connected to your system

So I have an Areca 1680ix raid card which I use to interface all of my disks with my operating system (usually pass-through). Since I do a lot of hot-swapping, it is necessary for me to rescan the scsi devices connected for the operating system to recognize them and give them a drive letter. Additionally, you don’t want this to disable any of your currently mounted drives. A lot of sites tell you to unload and relaod the kernel module that represents your raid card driver.

Continue reading ↦

Installing your Kernel Headers in a Debian and RHEL based OS

So I wanted to install my NVIDIA drivers and I knew it would ask for some awesome kernel headers. In operating systems that use yum, you could use: <pre class="wp-code-highlight prettyprint">yum install kernel-headers</pre><p></p> You may also want to try: <pre class="wp-code-highlight prettyprint">yum groupinstall "Development Tools"</pre><p></p> ..which will install development tools on your system. But in Debian/Ubuntu based distributions, you should use the following which installs “build-essential” packages which will help provide NVIDIA and other driver based installers everything they need to tailor the driver for your system including gcc, make, and dpkg-dev.

Continue reading ↦

Controlling your Android phone from your web browser!?

\Intro// So I have some womanly type friends who like to carry on long conversations with me via text messaging. Now I don’t have a problem with texting and i dont have a problem with long conversations but I do have a problem with picking up my phone every other minute to answer a text. It gets annoying especially when I’m sitting in front of a computer with a nice beautiful keyboard that isn’t 4 inches.

Continue reading ↦

Ice Cream Sandwich and you..

So Ice Cream Sandwich is the new Operating System rolling out on the Android assembly line in the first quarter of this new year. It has a lot of new features and looks to add some very exciting features. A lot of people are wondering though when or if their device will be getting it. I have found an amazing up-to-date resource outlining details concerning your device and whether or not it will get the update and if so, when.

Continue reading ↦

Redirect Loop Error in Google Chrome

So one of the academic sites we use called Blackboard causes some people to get redirect loop errors in google chrome while others not really. The error looks similar to the following: Error 310 (net::ERR_TOO_MANY_REDIRECTS) This is caused because aparantly the site you are going to has a redirect to the same site again. The following are steps you can take to try and fix this issue. Some sounds really weird and out there but they have worked for various people (dont ask me why or how, just try em.

Continue reading ↦

Mass Renaming on the Command Line

With a little for loop and some magical sed, I was able to figure out a quick line to help me rename all the files in a specific folder that have characters I don’t want there. This line will look at all the .jpg’s in the current directory and rename them taking out any instance of “( ” and replacing it with ” – “. I’m sure you can figure out how to tailor this to your liking by editing the type of file extension and putting in your own sed statements.

Continue reading ↦


Migrate LDAP from one server to another

So I’m migrating to a new server and needed to move all my users and groups over to my new machine. Here’s how I did it: 1) I installed everything and got the server (slapd) running. Refer to another guide on here that tells you how to do this. 2) use slapcat on old machine to export the database: slapcat -n 1 > /root/slapcat.dump 3) scp that over to the new machine.

Continue reading ↦

Setup VNC on your linux box (without having to launch another session!)

So my main problem with most vnc servers available for linux is their ability to log me into my machine with a completely different environment than what I am already logged into. This makes me mad. On windows, by default, you log into your main profile, end of story. This is how I like it. Using x11vnc, we can log into our current session without any problems! Heres How:: <br></br> apt-get install x11vnc<br></br> mkdir ~/.

Continue reading ↦

Problems with Alsa Audio and setting your default device

So i installed debian 6 and i have an external soundblaster usb device as my soundcard. Now Debian picks it up fine using the alsamixer software yet this device does not get set as the default device automatically. meaning firefox and other sound programs where i cant change the mixer to use have problems playing audio. Using this page: http://www.seehuhn.de/pages/alsa and my brain, I was able to create a /etc/asound.conf file and put the lines in it that this guide specified:

Continue reading ↦

Reset your MySQL root password!

So i accidentally changed my password for my root account like a year ago and forgot what it was when I needed to add a new database. Very bad for a sysadmin I know but it will probably happen to you at some point in your career if it has not already! Here’s how to reset it: 1) Stop mysqld and restart it with the –skip-grant-tables option. mysqld –skip-grant-tables 2) Connect to the mysqld server with this command:

Continue reading ↦

Port forwarding to internal clients via IPtables

I finally took the venture into natting/masquerading my traffic to allow my internal boxes to be accesed from the outside world. It is really quite easy actually. As long as you are using static addressing on the private lan or set your dhcp server to always give the box u want to access the same ip, you are all set. Add the following rules to iptables and you’re golden: -A PREROUTING -p tcp -d 141.

Continue reading ↦

Need to record all input and output of your tty session?

An easy way to do this is start a “script” session using a nifty program called script. It basically puts you in a virtual terminal and records everything you type and the corresponding output. script -a /home/user/bashlog.txt Then just type exit when you want to stop logging.



Setting up your LDAP Clients..

NOTE: This was done on Debian 5 Lenny. This does not apply to Squeeze. A new guide will be released shortly. Generally your LDAP clients will connect to the ldap server to get user details and authentication. A lot of people will have the ldap server and client run on the same machine which is probably your setup. Here is how to install the necessary software and configure it so that your server can contact the ldap server and users can authenticate with ease.

Continue reading ↦

Migrating Users from /etc/passwd to LDAP

Most people just use the normal linux user system /etc/passwd and shadow files for their users. But migrating this can be a good thing as you can centralize your users and have more fine-tuned control over them. (online ldap configuration anybody?) Here’s my guide on how to migrate your linux users to your ldap database. It was done on debian lenny with a lot of ache and pain. Hopefully this will make it easier for you.

Continue reading ↦

Setting Up An LDAP Server!

NOTE: This was done on Debian 5 Lenny. This does not apply to Squeeze. A new guide will be released shortly. By the ! I mean get ready to dedicate some time. This might take a while and might not work perfectly when you first install it. First install the software. It will then ask you some questions. # apt-get install slapd ldap-utils migrationtools (only install migrationtools if moving user accounts from local /etc/passwd file)

Continue reading ↦

Enable Internet Connection Sharing Through Linux w/DHCP

1) edit /proc/sys/net/ipv4/ip_forward to contain the value of 1 instead of 0. 2) modprobe iptable_nat 3) make a bash script containing the following: NOTE: Change anywhere it says “eth3? to the interface where your internet connection is coming in from. edit the -s statement to the network and netmask of the private network you plan on creating. #!/bin/bash if [ “$1” == “enable” ]; then iptables -A POSTROUTING -t nat -o eth3 -s 10.

Continue reading ↦

802.1X + EAP-PEAP + MS-CHAPv2 + A Linux Terminal

So my campus decided to employ 802.1X protocol for authentication over the wired network in the dormatories at Michigan Tech. This is all great except for the part that normal switches can’t participate in the authentication because of the EAPOL frames exchanged before DHCP at layer 2. What we will need to do is connect directly to the wall port while running a program called wpa_supplicant which will take care of the authentication then we will use dhclient to talk to a dhcp server and get an IP addy.

Continue reading ↦

Rtorrent and Watch Directories

I needed to download a bunch of torrents at one time but I didn’t want them to go to the same default dir as all my other downloads. So I used this line in my .rtorrent.rc file to set my watch dir and then the download dir for those torrents. NOTE: ~/files is my default dir. In this case I made a dir called ubuntu and want anything I put into the ~/watch dir to be downloaded to ~files/ubuntu

Continue reading ↦

Multiple Sites on One Host with Apache

Like a lot of people, I have one server. Its quite a powerful box and I do pretty much everything on it. I recently needed to run another site with its own domain name on the same box which has only one ip address (obviously). Using virtual hosts with apache is really easy and allows you to host two completely different directories anywhere on your server as long as the www-data user is able to read the files, you’re good to go.

Continue reading ↦

Bitcoins? wtf!?

So I stumbled upon some guy in some forums on some website who posted a thread requesting a web site that sold bitcoins… I know I was wondering the same thing.. After some research, it seems as though bitcoins are the first anonymous, virtual online currency that has no central control. Which means transactions are directly peer to peer. You can even mine for your own using a powerful machine and either going solo or joining a pool of people donating system resources where the resulting coins are spread amongst everyone who participated.

Continue reading ↦

Hardlink files you want to backup to Dropbox!

I recently discovered the power of dropbox. (2GB for free!) and decided I would deploy it to backup all my school documents and files from my H drive (aka my home directory) that resides on my school’s servers. I have access to my department server via a bash shell and decided I would install dropbox (it runs out of a directory) and sync certain directories residing in my home drive with it.

Continue reading ↦

BluRay vs DVD Technical Specs

Here is a table which clearly shows the differences between Blu-Ray and DVD mediums. It is important to remember that these are standards. You can really put any type of video you want on a blu-ray disk but your blu-ray player most likely won’t be able to play it.



Keyboard Problems with VMWare Workstation on Linux

I have been using VMWare workstation (7.1.4 x64) a lot in the previous weeks and have had a few minor problems crop up lately especially with my windows xp vm. About 5 minutes ago, the vm crashed for some unknown reason (which I still am not sure why). After it did this, my control, shift, and num lock keys didn’t work properly on my host machine (Fedora 14 x64). Shift and control didn’t work at all

Continue reading ↦

Modify your network card's options

So you have multiple options your network card supports such as auto-negotiation, different speeds, and half or full duplexing. To set these options in linux, you can use the ethtool utility. Here is an example output about one of my interfaces: # ethtool eth1 Settings for eth1: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: No Advertised auto-negotiation: Yes Speed: 1000Mb/s Duplex: Full Port: Twisted Pair PHYAD: 1 Transceiver: internal Auto-negotiation: on MDI-X: off Supports Wake-on: pumbag Wake-on: g Current message level: 0x00000001 (1) Link detected: yes

Continue reading ↦

Set a static IP with ifconfig

So I needed to setup a crossover connection and set a static ip. Here are the settings i decided upon. ip: 192.168.0.1 network: 192.168.0.0 netmask: 255.255.255.0 broadcast: 192.168.0.255 So to set this with ifconfig you don’t really need the broadcast entry but the following will work sufficiently: ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up This will setup the interface and bring it up. Then just set the other interface on the other end of the crossover cable to another available ip in the range (.

Continue reading ↦

Filenames with spaces at beginning?

This should fix it! Written by the greatest coder I know…Fuzzy!: perl -e ‘opendir(DIR, “.”);@files=readdir(DIR);foreach $file(@files){next if($file eq “.” or $file eq “..”); $newfile=$file; $newfile=~s/\s+(.+)/$1/;rename($file, $newfile);}’



Run bash scripts at system start

So basically I needed to run a few commands at system start for a few of my debian vm’s who felt it would be a go idea to not start the system with my networking enabled @ run level 2… I want to just be able to start the vm, wait for it to boot, and login via ssh remotely. So… 1. Make your bash script. Here’s mine: #!/bin/bash ifconfig eth0 up dhclient -nw eth0

Continue reading ↦

Directories inside directories. All I need is the files!!

So I have a slight problem…I unrared a crapton if files which are now all in their own directories and those directories are inside other directories. Main/file1/file1unrared/file1.txt So I want all those text file to just sit in Main not 2 dirs down from there. If my current directory is Main, I can do this: find . -type f -iname ‘*.txt’ -exec mv ‘{}’ . \; find . -type d -exec rm -rf ‘{}’ .

Continue reading ↦

A little note on iptables-save

Just so I would remember, I just installed a debian vm and came across a problem I’ve never seen before. # iptables-save > iptables.rules Unable to open /proc/net/ip_tables_names: No such file or directory. It seems that the module needs to be loaded before you can use iptables-save. To fix this, run the command “modprobe ip_tables” and everything should work fine. weird..



Using sed to mass change folder or file names

So I was in a dilemma. I have a gazillion files that have spaces. Spaces in linux = really annoying to work with mainly in the shell. *A quick explanation of sed (needed to understand these scripts):* sed ’s/thingtoreplace/replacewith/g’ This will replace any instance of “thingtoreplace” with “replacewith” in a whole line of text. you must remember that sed works on a line by line basis, not file by file.

Continue reading ↦

Mounting Remote Shares in linux (sftp, smb/cifs)

So not everyone uses NFS. Actually most use sftp on linux since they can just use already existing open ssh ports to transfer data encrypted. The other problem is that many of us need to access smb/cifs shares on our linux boxes as well in an easy and simple fashion. So here’s a little insight into how to do this. I like to mount sftp shares to my home dir in linux.

Continue reading ↦

Hitachi with a 3TB and 2 million MTBF!

So Hitachi has this new Enterprise grade drive with a 2 million MTBF (Mean time before failure) rating and 3TB storage capacity. I must say, this is pretty epic. Plus, I just learned that their storage part of the company bought the IBM storage division in the early 2000?s. 1up for Hitachi. Never really took them seriously but they have good reviews on newegg and seem to be actually innovating. I’m impressed.

Continue reading ↦

SSH Keys!!

OMFG I AM TIRED OF typing MY [email protected]#$^@#%^#@$^ Here’s how to generate ssh keys you can use to automatically login to a remote server. 1: First, on either machine, create the keys. a) Run the command, “ssh-keygen -t rsa” b) Accept the default options by basically pushing enter through them 2: Now you should have a id_rsa file and an id_rsa.pub file. a) Move the id_rsa (your private key file) to the client computer in the ~/.

Continue reading ↦

Disabling iptables completely

Lets say you have a bunch of sweet rules in iptables but there’s an application you are trying to install and it just will not work. You think it might be the restriction’s in your firewall but you don’t feel like toying with it right now. Easiest thing to do? Just clear out everything and allow all traffic for the time being (until you can get that damn application to work) Here’s a script that will help you do just that.

Continue reading ↦

The power of Crond

Some quick info about cron and how to setup jobs etc.. crontab -e Edit your crontab file, or create one if it doesn’t already exist. Each user has their own cron jobs they can setup and specify. There is not just one crontab for all users on the machine. crontab -l Display your crontab file. crontab -r Remove your crontab file. Each entry in a crontab file consists of six fields, specifying in the following order:

Continue reading ↦

Disable IPv6 support in Debian

So on the network that I use, the admin’s like to use IPv4 but have support for IPv6 as well. So there’s always a bunch of IPv6 addresses that my NIC’s get attacked with every time they contact the DHCP server. I really don’t need all that crap and I would like to speed up my DNS queries by not worrying about IPv6. So here’s how to disable it…. 1: Open your /etc/modprobe.

Continue reading ↦

How to install rtorrent on Debian Lenny

In the past, I’ve had different run in’s with installing rtorrent on different linux distro’s. But I eventually found a surefire way to install it on Debian. Your working directory doesn’t really matter. I would suggest /tmp or your ~. I also recommend not installing this as root. It’s just a bad idea. FIRST: sudo apt-get install build-essential libsigc++-2.0-dev pkg-config comerr-dev libcurl4-openssl-dev libidn11-dev libkadm55 libkrb5-dev libssl-dev zlib1g-dev libncurses5 libncurses5-dev THEN :

Continue reading ↦

So you want to chroot someone and take away their shell?

It is completely unnecessary to give someone a shell on your server. A shell should only be given out to administrators of that server (and others that perform maintanance on it). Therefore, in this guide, using OpenSSHd, I will show you what you need to add to your sshd_config file to make the magic happen. First off, you need to understand that you can designate what kind of shell a user has by using the “usermod -s /bin/lolcakes user1?

Continue reading ↦

Adding Drives to your already existing RAID Array

This is a continuation of the “Setting up a RAID Array with mdadm” In this article, I will show you how to add two more drives (in my case, two more 1.5TB drives) and expand the array to use the new space. So I’ve got my two new drives, /dev/sdf and /dev/sdg 1: Use fdisk to partition them with one single partition using the “Linux Raid Autodetect” option. Make sure to use “w” to write the options to the drive.

Continue reading ↦

Interact with and Backup All your Google Docs

I’ve been using Google Docs for a few months and I love it. I can access everything from everywhere. No worrying about something being on a box that I can’t get to for some unknown reason. Whats even better is that Google has released GoogleCL, a command line utility for linux that lets you interact with many of google’s services, especially google docs. So I figured, I’m a paranoid kid who would do RAID 1+1 if he had the money.

Continue reading ↦

Backup a Locally mounted Remote Share

I mount a few shares using sshfs and I like to make sure they are synced with my local raid 1 array for backup. So how can I run rsync making sure the share is mounted already? What I do below is, using the mount command, check to see if the sshfs share is mounted to /mnt/login and if it is, it syncs with a directory on my local machine and puts the date into a file so I know when the last sync was run.

Continue reading ↦

Script to automate permission setting

Got a bunch of public directories you need to set permissions on? Here ya go… #!/bin/bash<br></br> #set the owner and group for these directories recursively<br></br> chown -R bill:noobs /pub/this<br></br> chown -R bill:noobs /pub/that<br></br> chown -R bill:noobs /pub/theotherthing<br></br> #set perms for all sub-directories<br></br> find /pub/this -type d | xargs -d"\n" chmod 755<br></br> find /pub/that -type d | xargs -d"\n" chmod 755<br></br> find /pub/theotherthing -type d | xargs -d"\n" chmod 755<br></br> #set perms for all files<br></br> find /pub/this -type f | xargs -d"\n" chmod 644<br></br> find /pub/that -type f | xargs -d"\n" chmod 644<br></br> find /pub/theotherthing -type f | xargs -d"\n" chmod 644

Continue reading ↦

Cron to change an image on your webpage

Lets say you had a web page and you wanted to change the css at certain times to show a new picture. Here’s some sed regexp’s to do it for ya. In this example, I am picking a random image from a directory of approved images and switching out the old whatever.jpg with newstuff.jpg ______________________backchange.sh #!/bin/bash<br></br> #heres the line i am going to be editing (actually the background of my site):<br></br> #background-image: url(https://website.

Continue reading ↦

Update the Last Updated time on a Web Page

So I created this little guy to help me out. Whenever run, he generates a date line in html that looks like this on a web page: Last updated Wednesday December 15 2010 and updates a footer file I’ve called foot.tpl _________update.sh #!/bin/bash<br></br> #change the Last updated part of foot.tpl<br></br> cd /var/www/<br></br> #generate nice looking date command<br></br> DATE="$(date "+%A %B %e %Y")"<br></br> MYVAR="<p>Last updated"<br></br> END="</p>"<br></br> FINAL="$(echo $MYVAR $DATE $END)"<br></br> #we are going to look for any line that has the word updated and replace that whole line with our new one now contained in the variable FINAL<br></br> sed "<br></br> /updated/ c\<br></br> $FINAL<br></br> " foot.

Continue reading ↦

The Need to backup Minecraft

So I run this minecraft server. And the users that play on it are always creating and developing new things constantly a.k.a. Michigan Tech University out of blocks!! So there was a big need to backup the map directory quite a bit. Right now its only about 50MB’s or so but I know it will get bigger as more and more elements are added. So we decided that everyday backups should be sufficient.

Continue reading ↦

Setting up a RAID Array using mdadm

mdadm is a command line software raid tool for raid’ing multiple partitions/disks together without worrying about any hardware devices or drivers. With mdadm, you can do any type of raid you like as well as monitor and recover from drive losses etc.. Its pretty much the ultimate tool for anything raid on linux! In my situation, I wanted to create a sweet media server for high definition movies and media without having to spend a fortune on hardware raid devices.

Continue reading ↦

Welcome to scriptthe.net

I have established this site for the wealth of system administrators out there that love to explore, create, and discover new types of things they can do to their systems. The purpose of this site is to provide everyone with some of the scripts, guides, and commands I have used in my journey through system administration throughout the past several years. Every guide or script posted on this site has been tested by me on the Debian distribution (64-bit) and should work for you given you follow the instructions, have a pretty decent understanding of the Linux operating system (+ command line) and are willing to learn.

Continue reading ↦