tom's blog » tom

Rebooting the hard way

tom — Tue, 23 Mar 2010 22:38:01 +0000

Because I always forget:

When a process is not responding or your harddrive(s) fail,
this is a fast way to reboot your system:
echo b > /proc/sysrq-trigger

as seen on:
http://www.linuxjournal.com/content/rebooting-magic-way

DNS-Server bei FRITZ!Box umstellen

tom — Fri, 05 Jun 2009 19:18:58 +0000

Getestet mit FRITZ!Box Fon WLAN 7170 & Firmware-Version 29.04.70

Wenn man etwas sucht, findet man schon einige Anleitungen, daher hier nur die Kurzfassung..

Telnet-Server auf der FRITZ!Box aktivieren (via Telefon):
#96*7* -> telnetd an

Via telnet konnektieren und mit dem Kennwort der Weboberfläche einloggen.
In der Konsole in das Verzeichnis /var/flash/ wechseln und mit nvi die Datei ar7.cfg bearbeiten.
Hier gibt es (bei meiner Box vier) Einträge für overwrite_dns.
Diese entsprechend anpassen (z.B. für OpenDNS):
overwrite_dns1 = 208.67.220.220; overwrite_dns2 = 208.67.222.222;

Speichern, beenden und anschliessend die Box mit reboot neustarten.

Aus Sicherheitsgründen Telnet-Server auf der Box wieder deaktivieren:
#96*8* -> telnetd aus

Ob das ganze geklappt hat, sieht man bei OpenDNS z.B. beim Aufruf der Startseite.
Hier sollte jetzt ein Hinweis “You’re using OpenDNS!” angezeigt werden.

PS: Basics über den Texteditor vim (oder dessen Ableger) sollten vorhanden sein.

CollegeHumor: We Didn’t Start the Flame War

tom — Sun, 26 Apr 2009 15:11:45 +0000

Found at http://www.youtube.com/watch?v=_QyYaPWasos

MySQL Replication Failed

tom — Sun, 26 Apr 2009 12:40:28 +0000

I wanted to replicate a MySQL-Database using the integrated Master -> Slave mechanism.

Master-System: openSUSE 10.2, MySQL 5.0.26
The Slave-Setup: openSUSE 11.1, MySQL 5.0.67

This is quite easy to setup usually. This time, I almost had a nervous breakdown.
On the slave side the replication just didn’t start. The logfile showed these errors:
090421 20:49:28 [ERROR] Slave: Error 'Duplicate entry '790233' for key 1' on query. ... 090421 20:49:28 [ERROR] Error running query, slave SQL thread aborted. Fix the problem, and restart the slave SQL thread with "SLAVE START". We stopped at log 'mysql-bin.000008' position 30408893

As checking the database and making sure that there were no “duplicate entries”,
did not bring up any results, I found something curious (after hours and hours).

On the Master-System:

mysql> SHOW MASTER STATUS; +- - - - - - - - + - - - - - + - - - - - - - + - - - - - - - - -+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +- - - - - - - - + - - - - - + - - - - - - - + - - - - - - - - -+ | mysql-bin.0001 | 10034 | mydb,mydb | | +- - - - - - - - + - - - - - + - - - - - - - + - - - - - - - - -+
Why is the database listed two times? In the configuration it’s only used one time:

binlog-do-db = mydb

After spending some time on google, I found the reason:
http://bugs.mysql.com/bug.php?id=20748
It’s a bug : / MySQL (in that version) is reading the configuration file twice.

If installing a newer version is not possible, you can use this workaround:
Start MySQL with the option --defaults-file=/etc/my.cnf
This advices MySQL to ONLY use this config file.

Because it’s funny

tom — Thu, 23 Apr 2009 21:24:19 +0000

Found at http://pics.nase-bohren.de

Prevent SSH Brute Force attacks

tom — Sat, 28 Feb 2009 14:48:00 +0000

When checking logfiles, I often can see brute force attacks – especially against the ssh daemon.
Of course, best way would be to block all ssh traffic except from your office/home ip.
If this is not possible for various reasons, you can make life a little harder for “intruders” using iptables.

Aim:
If there are more than three connection attemps within 120 seconds,
all traffic from potential attacker to ssh port (tcp, 22) shall be blocked temporarily.

#!/bin/bash # IPTABLES=`which iptables` # ### if more than three new connections in 120 sec -> log $IPTABLES -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent \ --rcheck --seconds 120 --hitcount 3 --rttl --name SSH -j LOG --log-level 7 \ --log-prefix "Possible SSH breakin attemp: " # ### if more than three new connections in 120 sec -> drop requests $IPTABLES -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent \ --update --seconds 120 --hitcount 3 --rttl --name SSH -j DROP # ### remember new, established connections $IPTABLES -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent \ --set --name SSH -j ACCEPT # ### generally allow ssh connections $IPTABLES -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT # # --- # -I INPUT .. -> iptables chain # -i eth0 ... -> interface to apply rule to # -p tcp .... -> use tcp port # --dport ... -> destination port 22 (SSH) # -m recent . -> matching state # --state ... -> can be NEW, ESTABLISHED, RELATED or INVALID # -rcheck ... -> will check if the source address of the packet is currently in the list # ---

If it works, you should see entries like this in your firewall log
(i.e. in /var/log/firewall [ openSuSE ]):

Feb 28 15:14:20 cypher kernel: Possible SSH breakin attemp: IN=eth0 OUT= MAC=00:0c:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=123.xxx.xxx.xxx DST=223.xxx.xxx.xxx LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=52858 DF PROTO=TCP SPT=38220 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

Internet Stealing

tom — Wed, 25 Feb 2009 23:29:24 +0000

Found at http://pics.nase-bohren.de

exim graphs

tom — Wed, 25 Feb 2009 21:21:27 +0000

Because I did not found a tool to create graphs (the way I want it)
from exim logs, I wrote a little bash script that suits my needs.

Example graph:

Download: exim_rrd-0.9.5.1 (updated 2009-03-07 [bugfix])

I’m not a programmer, so the script can be improved – no question : )
If you have any hints, please tell me.

Usage: run as cronjob, i.e.
# mail statistic */5 * * * * /usr/local/bin/exim_rrd > /dev/null 2> /dev/null

dependencies:
rrdtool [ http://oss.oetiker.ch/rrdtool/ ] ^ thanks to Tobias Oetiker
(e)grep
- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – -
tested with:
rrdtool 1.2.23, rrdtool 1.2.27
openSUSE 10.3 (i586), exim 4.69 main log
openSUSE 11.0 (i586), exim 4.69 main log

More OpenSource virtualization

tom — Wed, 21 Jan 2009 23:56:42 +0000

Wow!
I just found Proxmox Virtual Environment (v1.1) which is kind of combination between VMware and OpenVZ.
There is the possibility to run Virtual “chrooted” Appliances and “real” Virtual Machines.
That means, you have your Linux boxes (OpenVZ style) and Windows machines (KVM virtualization).
-> (Almost) NO overhead, when running linux clients (because of chrooted environment)
-> Possibility to run Windows machines, etc., too

Features:
- Out-of-the-box installation (insert CD, [Enter], [Enter], ready)
- Web based management
- Cluster functionality
- Live migration
- Install clients from ISO files (full virtualization)
- Run (OpenVZ) templates (container virtualization)
- Backup / Restore (via LVM snapshots)
- Testing Proxmox VE in VMware
- ….

I think it’s worth to have a look at …

Note: 64bit CPU required; for full (KVM) virtualization, you need Intel VT / AMD-V support.

Online Whiteboard

tom — Tue, 13 Jan 2009 17:50:35 +0000

Nice!
At ScRiBLink you’ll find a free, powerful whiteboard where you and your colleagues can work on your ideas together.
No registration is required : )

Additional features like
- picture upload
- chat
- math functions
- multiple users
- ….
give you a good base to start sharing concepts online, etc..

Note: Maybe it’s not working behind corporate firewalls because it uses additional tcp ports.

If you know about alternatives, please comment.