Skip to content

using GPG to send an encrypted message

These steps will allow you to send a message to a user. Only that user will be able to decrypt it.
First acquire the users public key and create a text file with it.
#vi userName.pub
#gpg –import userName.pub
#gpg –list-keys

Now create a text file with your message and encrypt it
#vi lab_creds.txt
#gpg -se -a -r name@domain.com lab_creds.txt
enter your private key password
Now a file will be created called lab_creds.txt.asc, paste that into an email.

2011 09 29 admin Uncategorized Comments (0) Permalink

google adsense




2011 04 08 admin Uncategorized Comments (0) Permalink

scripting microsoft patch tuesday downloads

Just change the advisory name and a folder will be created with all the patches inside of it.
#!/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
answerFile=./advisories

for advisory in `cat $answerFile`
do
mkdir data
advisory_name=$advisory
advisory=`wget -qO- “http://www.microsoft.com/technet/security/Bulletin/”$advisory_name”.mspx”`
echo $advisory | sed ‘s/\”/\n/g’ > data/modified_advisory.txt
links=`cat data/modified_advisory.txt | grep “http://www.microsoft.com/downloads/details.aspx” | grep details.aspx`
mkdir $advisory_name
#Download main advisory page
wget -P $advisory_name -nc “http://www.microsoft.com/technet/security/Bulletin/”$advisory_name”.mspx”
#Download each binary from the avisory
for line in $links; do
download_page=`wget -qO- $line`
echo $download_page | sed ‘s/\”/\n/g’ > data/modified_download_page.txt
links2=`cat data/modified_download_page.txt | grep “/download.microsoft.com/download”`
#download_page2=`wget -qO- “http://www.microsoft.com/”$links2`
#echo $download_page2 | sed ‘s/\”/\n/g’ > data/modified_download_page2.txt
#cat data/modified_download_page2.txt | sed ‘s/=/\n/’ > data/modified_download_page3.txt
#links3=`cat data/modified_download_page3.txt | grep “/downloads/info”`
wget -P $advisory_name -nc $links2
done
done

2011 02 25 admin Uncategorized Comments (0) Permalink

embedding html 5 videos for universal consumption

This is surprisingly easy.
Throw your video into handbrake. I usually select ipod template, the video will end up 320 x 176.
Once that is done, covert the video using
# ffmpeg2theora videoName.m4v videoName.ogg
Check the video size by getting info in finder. Now you are ready to upload the videos and embed it using:

<video width=”320″ height=”176″ controls>
<source src=”videoName.m4v” type=’video/mp4; codecs=”avc1.42E01E, mp4a.40.2″‘>
<source src=”videoName.ogv” type=’video/ogg; codecs=”theora, vorbis”‘>
</video>
2011 02 18 admin software Comments (0) Permalink

extend full partitions on aix

By default AIX installs on several very small partitions, they fill up fast.

The good news is, they are easy to extend and no reboot or install media is required. Just use this to see what you have available:
# lspv hdisk0
# lspv hdisk1

Find out which partitions are full using:
# df -k
Filesystem    1024-blocks      Free %Used    Iused %Iused Mounted on
/dev/hd4           540672    0   100%     1622     1% /
/dev/hd2          2179072   0   100%    29351     6% /usr
/dev/hd9var        540672    0    100%      379     1% /var
/dev/hd3            32768     17188   48%       84     2% /tmp
/dev/hd1            16384     15820    4%       18     1% /home
/proc                   –         –    -         –     –  /proc
/dev/hd10opt        65536     11160   83%      856     6% /opt

Extend the partitions using:
# chfs -a size=1000M /dev/hd2 – Sets the size to 1000MB
# chfs -a size=+1G /dev/hd2 – Adds 1Gb to /dev/hd2
# chfs -a size=-1G /dev/hd2 – Removes 1Gb from /dev/hd2

Or set the partition size to a particular size (you can only increase sizes, not reduce):
# chfs -a size=500M /dev/hd4
# chfs -a size=1000M /dev/hd2
# chfs -a size=1000M /dev/hd9var
# chfs -a size=100M /dev/hd3
# chfs -a size=100M /dev/hd1
# chfs -a size=100M /dev/hd10opt

2010 12 21 admin software Comments (0) Permalink

allow root ssh login solaris 11 express

vi /etc/ssh/sshd_config
PermitRootLogin = yes

vi /etc/default/login
#CONSOLE =/dev/login

rolemod -K type=normal root

2010 12 20 admin software Comments (0) Permalink

iscsi ubuntu quick config

#apt-get install iscsitarget
#vi /etc/default/iscsitarget
SCSITARGET_ENABLE=true
#vgcreate iscsi /dev/sda
#lvcreate -L1500G -n jarfis_colder iscsi
#lvcreate -L1260G -n jarfis_warmer iscsi
#vi /etc/ietd.conf
Target iqn.2010-10.com.qualys.qa.vuln:jarfis.lun000
Lun 0 Path=/dev/iscsi/jarfis_colder,Type=blockio,ScsiSN=JARFIS-LUN000
Alias LUN000
Target iqn.2010-10.com.qualys.qa.vuln:jarfis.lun001
Lun 1 Path=/dev/iscsi/jarfis_warmer,Type=blockio,ScsiSN=JARFIS-LUN001
Alias LUN001
#/etc/init.d/iscsitarget restart
2010 12 17 admin Uncategorized Comments (0) Permalink

cisco IOS cheatsheat

quick IP config

>enable
#config t
(config)#interface FastEthernet 0
(config-if)#no shut
(config-if)#ip address 10.10.24.9 255.255.255.0
(config-if)#exit
(config)#ip default-gateway 10.10.24.1
(config)#ip route 0.0.0.0 0.0.0.0 10.10.24.1
(config)#exit
#ping 10.10.10.1 (should succeed)
#copy run start (dont forget!)
Setting up Services
>enable
#config t
(config)#enable secret abc123
(config)#hostname c1720-24-99
(config)#snmp-server community public RO
(config)#snmp-server community private RW
(config)#line vty 0
(config-line)#password somePasswordHere
(config)#username admin password somePasswordHere
(config)#ip domain-name some.domainHere.com
(config)#crypto key generate rsa
(config)#ip ssh time-out 120
(config)#ip ssh authentication-retries 4
(config)#line vty 0 4
(config-line)#transport input all
(config)#aaa new-model
(config)#aaa authentication login default local
aaa authorization exec default local if-authenticated
ipv6
for ipv6 use a firmware like advipservicesk9
(config)#ipv6 unicast-routing
(config)#interface fastEthernet 0/0
(config)##ipv6 route ::/0 2001:890:8118:A18::A
(config-if)#ipv6 address 2001:890:8118:A18::0A0A:180C/64
(config-if)#ipv6 nd suppress-ra
Upgrading IOS
Check ‘#show flash’ to make sure you have enough flash for your .bin file.<br>
Copy the .bin to /store/upload/tftp. Verify connectivity with a ping.<br>
Backup your current image with ‘copy flash tftp’, in case something goes wrong.<br>
Then use this guide
http://www.routergeek.net/content/view/33/37/ OR
#copy tftp flash
#config t
#config-register 0×2102
#no boot system
#boot system flash ios_image_name.bin
#copy run start
#reload
Password Recover
http://www.cisco.com/en/US/products/hw/routers/ps221/products_password_recovery09186a0080094773.shtml#ex_pass
Saving Configs to backup
copy running-config tftp
Booting from startup config
enable
config t
config-register 0×2102

Reset to defaults
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_tech_note09186a00802017a1.shtml

2010 11 30 admin hardware Comments (0) Permalink

disable RPC service via Group Policy

I found a great way to lock yourself out of every machine in your domain, just disable the RPC service.

Since the netlogon service relies on RPC, if you disable RPC on your domain you will no longer be able to log into a domain account. Furthermore, the client won’t be able to talk to the domain controller, so even if you re-enable it, the machine will never know.

The only fix I found is to boot off the windows CD into recovery mode and run “enable rpcss service_auto_start”

2010 08 05 admin software Comments (0) Permalink

convert a .vhd to vsphere virtual machine

Every quarter the Federal Desktop Core Configuration folks release new GPOs and VHD files which you can use to build machines which they deem ‘secure’. You can use these machines to test FDCC products (like Qualysguard). The machine they provide should show a ‘passing’ statement for each of the secure configuration items.

Once you’ve downloaded the VHD file, you’ll need a windows machine with Virtual PC 2007 installed. Create a new VPC machine and replace the VHD file of that machine with the one you downloaded. Then open VMWare converter and select “Backup image or third-party virtual machine”. Then browse to the VPC machine you recently created (for me its “\\10.10.10.92\c$\Documents and Settings\Administrator\My Documents\My Virtual Machines\win7alpha\win7alpha.vmc”). Select your vSphere host as your destination and let the conversion begin.

2010 07 13 admin software
virtualization Comments (0) Permalink

build a backup server with OpenDeDup

With this server you can backup large amounts of data (like VMWare VCB backups) and all duplicate data will be ignored. This will usually make 10 TB of backups less than 1TB.

First calculate how much memory you’ll need using this calculation:
<Size of your DeDup Volume in MB> / <blocksize (4 for VMWare images) * 33 = Amount of memory needed in MB

Install ubuntu 10.04 server with openssh server and samba server

scp jdk-7-ea-bin-b98-linux-x64-17_jun_2010.bin.sh root@dedup:~/
chmod 755 jdk-7-ea-bin-b98-linux-x64-17_jun_2010.bin.sh
./jdk-7-ea-bin-b98-linux-x64-17_jun_2010.bin.sh
mv jdk1.7.0 /opt/
add this to ~/.bashrc “export JAVA_HOME=/opt/jdk1.7.0/jre
source ~/.bashrc

sdfs-latest.tar.gz (0.9.2 at the moment)
tar -xvzf sdfs-latest.tar.gz

Create your volume
./mkfs.sdfs –volume-name=sdfs_vol1 –volume-capacity=800GB –io-chunk-size=4 –io-max-file-write-buffers=150

Mount your volume
change -Xmx2g to -Xmx8g for 8GB of memory (modify mount.sdfs)
./mount.sdfs -v sdfs_vol1 -m /dedup
If it hangs on “Mounting Filesystem” then you are in good shape, do some copies to /dedup to make sure java isn’t going to crash. If you don’t see any error messages then its working.

The cache will be located at /opt/sdfs/

OpenDeDup is a very new project, follow it at http://opendedup.org/

Now to setup the samba share, add this to /etc/samba/smb.conf

[dedup]
comment = dedup
path = /dedup
valid users = root
public = no
writable = yes
write list = root
printable = no
create mask = 0765
smbpasswd -a root
service smbd restart
You can verify the dedup is working by comparing du -sh to ls -alh or df -h
2010 06 22 admin software Comments (0) Permalink

configure a secondary dns (slave) server on linux

I have a master DNS server at 10.10.10.1 and a slave at 10.10.10.2
The master server needs this for each zone:

type master;
allow-transfer {10.10.10.2};
also-notify {10.10.10.2};
notify yes;

The slave server needs this for each zone:

type slave;
masters {10.10.10.1;};

Now whenever you modify a dns record on the master, increment the serial number and restart the service (or rndc reload) the changes will propagate to the slave. Note: the serial is generally the date but it doesn’t have to be, start it at 01 (before you setup your slave) and increment it if you like.

2010 06 15 admin software Comments (0) Permalink

create a linux logical volume

List out all your disks to see which ones are mapped to which /dev/sdx
#fdisk -l
Delete any existing partitions with fdisk  -> d -> w
#fdisk /dev/sda
Use pvcreate to prepare the disks
#pvcreate /dev/sda; pvcreate /dev/sdb; pvcreate /dev/sdc; pvcreate /dev/sdd
Create a volume group
#vgcreate VolGroup00 /dev/sda /dev/sdb /dev/sdc /dev/sdd
Check to see total size of volume group
#vgdisplay VolGroup00
Create a volume group spanning the entire space
#lvcreate VolGroup00 –size 3.63T -n LogVol00
Create the filesystem
#mkfs /dev/VolGroup00/LogVol00
Map the new filesystem to a folder
#mkdir /backup; mount /dev/VolGroup00/LogVol00 /backup

Thats it, modify your fstab if you want it to mount on boot.

If you need to remove a drive which has failed use this:
#vgreduce VolGroup00 –removemissing –force

2010 06 03 admin Uncategorized Comments (0) Permalink

Add a 5th drive to Dell PowerEdge R410

These servers are great if you only need 4 drives, but what if you want to LVM or RAID 4 of the drives and then have a 5th drive for the OS? There is no power available for a 5th drive, nor any space. Luckily there are 2 internal USB ports. You can use a thumbdrive but if you want better longevity or don’t want to have to tweak your OS for fewer writes, a 2.5″ hard drive will fit nicely, assuming you don’t have a DVD drive.

First, take a 2.5″ hard drive enclosure and remove the motherboard from the enclosure.

Then mount the drive where the DVD would be and run the cables to the USB port.

Now you can install your OS from a thumb drive or USB-CDROM. After that you can set the default boot device to “Internal USB: <drive serial number>”

2010 06 02 admin hacks
hardware Comments (0) Permalink

ubuntu 9.10 print server with mac 10.6 client

I have a Samsung ML-2010 connected to a ubuntu desktop. Sharing it with my macbook was surprisingly easy.

First make sure you can print locally on your ubuntu desktop.

Then go to System-> Administration-> Printing
Right click on the printer and check the box “Shared”
Then make go to Server -> Settings… and check the Publish.. and Allow… boxes.

Now your ready to configure your mac:
System Preferences -> Print & Fax -> + (to create a new printer)

Then go to advanced and put in the info from this picture. If advanced is missing, right click and customize the toolbar, then drag the advanced button to the toolbar.

If your printer isn’t available as a selection at the bottom, you’ll need to install the software.

2010 05 08 admin software Comments (0) Permalink

Setup an http load balancer in 20 seconds

Setup a http load balancer in about 20 seconds using pen.
First, make sure the server you are on is NOT running anything on port 80.
Next install pen with “yum install pen” (or apt-get install pen) and then you just start it using this:

# pen 80 web1.domain.com web2.domain.com web3.domain.com

Say you ran this command on the server web.domain.com, now when you access http://web.domain.com it will balance the request between web1 web2 and web3.  See the man page for more details.

Easy peasy.

2010 03 22 admin software Comments (0) Permalink

Query Disk and Memory Usage on all vSphere hosts

dm605_usage
dm605_usage

This one leverages the VMWare APIs and queries all your hosts. You’ll need the VMWare Perl APIs installed on the system. It outputs to a web page so you can crontab it to run once a day and then just check the website when you need to see what memory or disk space is available on each host.

For accurate memory usage, modify /usr/lib/vmware-viperl/apps/host/hostinfo.pl with however much memory you have installed. For example, if you have 6GB of memory then it would look like:

if (defined ($host_view->summary->quickStats->overallMemoryUsage)){
print_log(” “.(6000 – $host_view->summary->quickStats->overallMemoryUsage).” MB”,
“MemoryUsage”,”\tMemory Available”);
}
I’ve also modified dsbrowse.pl so it would come out a little better
Examples are available here: http://storage.the408.com/infinitedisorder/
Once you’ve modified that perl file, your ready for the good stuff. Make sure each host’s datastore has a unique name too.
#!/bin/bash
dm605_hostnames=(dm605-01.mooo.com dm605-02.mooo.com dm605-03.mooo.com dm605-04.mooo.com dm605-05.mooo.com dm605-06.mooo.com dm605-07.mooo.com dm605-08.mooo.com dm605-09.mooo.com dm605-10.mooo.com)
dm605_stores=(dm605-01:storage1 dm605-02:storage1 dm605-03:storage1 dm605-04:storage1 dm605-05:storage1 dm605-06:storage1 dm605-07:storage1 dm605-08:storage1 dm605-09:storage1 dm605-10:storage1)
DEST_FILE=”/var/www/lab2.mooo.com/htdocs/esx3/free_space/esx_free_disk_space.txt”
for (( c=0; c<10; c++ ))
do
perl /usr/lib/vmware-viperl/apps/host/dsbrowse_modified.pl –url https://virtcenter.mooo.com/sdk/vimService –username info –password info
–attributes freespace –name ${dm605_stores[$c]} >> $DEST_FILE
perl /usr/lib/vmware-viperl/apps/host/hostinfo_modified_16000.pl –url https://virtcenter.mooo.com/sdk/vimService –username info –password info –hostname ${dm605_hostnames[$c]} –fields memoryusage >> $DEST_FILE
done
echo ” ” >> /var/www/lab2.mooo.com/htdocs/esx3/free_space/esx_free_disk_space.txt
date >> /var/www/lab2.mooo.com/htdocs/esx3/free_space/esx_free_disk_space.txt
2010 03 01 admin virtualization Comments (0) Permalink

ipv6 default gateway on AIX

Configuring ipv6 with AIX was pretty easy, I used “smitty tcpip” to configure everything.
The challenge came when I attempted to configure a default gateway. I couldn’t find this on google. Through trial an error I found the answer:

Smitty tpcip -> IPV6 Configuration -> IPV6 Static Routes -> Add an IPV6 Static Route
Destination type: net
IPV6 Destination Address: ::
IPV6 Gateway Address: <your gateway>
Cost: 0
PrefixLength: <blank>
Network Interface: en0 (usually)
Enable active dead gateway?: no

Deleting routes is equally trick. To delete a route 2001:470:470:470::/64 -> 2001:470:470:470::1 use

# route delete -inet6 2001:470:470:470::

2010 01 07 admin software Comments (0) Permalink

Printing to Samsung ML-2010 via windows sharing

I couldn’t find a solution anywhere but here is how I got it working.
The printer is connected to windows 7 and shared with the name SAMSUNG.

I download the samsung drivers for OS X from support-us.samsung.com and install my Macbook. Then I go to
System Preferences -> Print&Fax -> (Plus Sign)
Tab -> Advanced
Type: Windows
Device: Another Device
URL: smb://user:password@<ip_address>/SAMSUNG
Name: SAMSUNG (doesnt matter)
Location:10.18.18.118(doesnt matter)
Print Using: Select Printer Software -> Samsung ML-2010
Click Add and you should be able to print from your Mac now.

2009 10 18 admin hardware Comments (0) Permalink

vCenter global search error and fix

vCenter_searchI wasn’t able to find this on google so here you go:

If you see “Could not acquire an authentication ticket for the query service: https://vcenter.example.com:8443/vms” try restarting the services VMWare VirtualCenter Management Webservices & VMWare vCenter Orchestrator Configuration.

This error is received when trying to use the new global search box located in the upper-right of the new vCenter.

Don’t forget to set the Orchestrator service to automatic if its set to manual, otherwise it wont start on boot.

2009 09 15 admin software
virtualization Comments (0) Permalink