SSH short for Secure SHell is cryptographic network protocol. It is widely used in UNIX/Linux(but not limited to) world to allow clients to securely connect to a server. It is replacing older and insecure protocols like rsh and telnet. In addition to security it add tunneling for other protocols.

And since it is widely used it is often exploited to get unauthorized access to the system.

Enough general information. Back to the topic.

There are few simple rules on how to protect:

  • If you do not need it do not enable it
  • Restrict access
  • Change listening port
  • Use version 2 (if possible)
  • Disallow root access
  • Use strong passwords
  • Block access
  • Use key authentication
  • Use “One time passwords”
  • Show Warning message

Your comments are welcome.

If you finally decided to add protection to your valuable data by using software RAID 1 – congrats. You are on the right path. But do not forget that you still need good backup.
If you have only 1 additional drive the procedure is more difficult, but still possible.

Note1: Try following procedure on your own risk. Preferably testing it on non-prod machine.
Note2: /dev/sdb is secondary disk it could vary for you.

First you create degraded RAID 1
mdadm –create /dev/md0 -l raid1 -f -n 1 /dev/sdb1

Validate
cat /proc/mdstat

Add it to mdadm.conf
mdadm –detail –scan >> /etc/mdadm.conf

Inform it the there is second disc
mdadm –grow /dev/md0 -n 2

Here you create partition on degraded drive and copy data from first disk

Repartition first disk if needed and add it to the array.
mdadm –manage /dev/md1 –add /dev/sda1

Note that this is just skeleton of steps and not full step by step tutorial.

Recently Shorewall (Shoreline Firewall) released new version 4.5.0.

This version introduced new packing. From this version you have follwoing packages:

  • Shorewall Core – Core libraries installed in /usr/share/shorewall/
  • Shorewall – Requires Shorewall Core. Together with Shorewall Core, provides IPv4 firewalling.
  • Shorewall6 – Requires Shorewall. Provides IPv6 firewalling.
  • Shorewall Lite – Requires Shorewall Core. As before.
  • Shorewall6 Lite – Requires Shorewall Core. As before.
  • Shorewall Init – As before.

Since we have Core package now to upgrade from 4.4.x version you need to update at least 2 packages – core and shorewall.

To do that in CentOS 5 the spteps are follwoing (in your case probably versions will be different):

1. Download new packages

wget http://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-4.5.0.2-1.el5.noarch.rpm http://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-core-4.5.0.2-1.el5.noarch.rpm.

2. Upgrade shorewall

rpm -Uvh shorewall-core-4.5.0.2-1.el5.noarch.rpm shorewall-4.5.0.2-1.el5.noarch.rpm
error: Failed dependencies:
perl(Digest::SHA1) is needed by shorewall-4.5.0.2-1.el5.noarch

In my case additional package was required so I have to install it:

yum install perl-Digest-SHA1

and update again

3. Check configuration

shorewall check

4. Restart shorewall

shorewall restart

First what is IPMI?

IPMI stands for Intelligent Platform Management Interface standardized computer interface for administrators to manage computer system and monitor its operation.

It is supported by most major providers – Intel (of course), Dell, HP…

Installation

Installation is really simple:

yum install OpenIPMI OpenIPMI-tools
chkconfig ipmi on
service ipmi start

If you see error at last command check system log – it is possible that your hardware does not support IPMI.

Usage

To to see what you can do with it:

ipmitool help
man ipmitool

Enjoy:)

Recently I had to create a bash script to copy some files based on date.

The rule was copy yesterday’s files to …

But How to determine what was the yesterdays date?

The answer was in date man page.

Here are the parts from the script related to yesterday date:

$date -d '1 day ago' +'%Y/%m/%d'
2011/06/02

on Internet I’ve found also:

date --date='yesterday'
Thu Jun  2 14:01:28 EDT 2011

And (Bonus!!) if you want to go in future 😉

date --date='tomorrow'
Sat Jun  4 14:04:29 EDT 2011

Happy scripting…

After release of Debian 6.0 (squeeze) the question of how to upgrade from previous version to the latest.

It appears to be fairly simple process:

1. Edit sources.list

vi /etc/apt/sources.list

2. Replace distribution name (I appeared to have Lenny) with Squeeze.

%s/lenny/squeeze/g

Note: DebianVolatile has been superseded by squeeze-updates since Debian Squeeze.

To use squeeze-updates just add

deb http://mirrors.kernel.org/debian squeeze-updates main contrib

to sources.list

Then as usual:

apt-get update
apt-get dist-upgrade

When working from Linux to a windows machine via remote desktop the obvious choice is tsclient.

In windows you just move your cursor at the top of the screen to the control bar and there you can click the button for windowed mode.

But tsclient does not have that instead you can use following keyboard combination: “Ctrl-Alt-Enter”.

Tip: To improve tsclient performance just go to performance tab and check enable bitmap caching.

Recently I had to check DNS records on specific server from Debian.
Excellent tool for this job is dig – it allows you to see all DNS records like: A, MX, TXT…

Unfortunately the tool was not installed.
The proper way of installing it is:

apt-get update && apt-get install dnsutils

In case you did update recently you can skip the first command.

From long time I did not update KompoZer page, but there was no stable version.

Anyway I’ve decided to publish an updated (even it is considered
development) version.

And for those of you who do not know the program:

KompoZer is a complete web authoring system that combines web file management and easy-to-use WYSIWYG web page editing.

KompoZer is designed to be extremely easy to use, making it ideal for non-technical computer users who want to create an attractive, professional-looking web site without needing to know HTML or web coding.

Visit my Kompozer RPM package page to download.

I love screen – it allows you to detach you console and still have the program running.

For more info:
man screen

Recently I experienced following error:
$ screen -r
Cannot open your terminal '/dev/pts/0' - please check.

After searching for solution I found several instructing to change permissions etc.

But different solution, almost “hack” is the one I like.
Before starting screen type:
script /dev/null
And after that you can type:
screen -r
Only drawback is that you need to type one additional exit for script to terminate.

Credits for this to Harry Jackson. Unfortunately the resource was not available so i did to put a link to the site.

Next Page →