what i learnt today - Linux & Open SourceRandom crap that I learn. No particular topic. Anything I feel I want to post and have the motivation to post, will be posted.2015-08-15T10:48:18+10:00fukawi2urn:md5:a865e0fca55289dd0bb01a2a26e97267DotclearPrepare RedHat / CentOS for Cloningurn:md5:262856786d0b7d26b50f63014a8c4ec62013-04-26T20:26:00+10:002015-08-15T21:48:18+10:00PhilLinux & Open Sourcecentoscloningredhatvirtualizationxenserver <p>To prepare a RHEL/CentOS/etc host for cloning (eg, duplicating a Virtual Machine or creating a VM Template), use the following commands as the last steps:
touch /.unconfigured
rm -f /etc/ssh/ssh_host_*
ifdown eth0
sed -i '/^HWADDR=.*$/d' /etc/sysconfig/network-scripts/ifcfg-eth0
ifup eth0
rm -f /etc/udev/rules.d/70-persistent-net.rules... <a href="http://www.wandin.net/dotclear/index.php?post/2013/04/26/Prepare-RedHat-/-CentOS-for-Cloning"><em>Read</em> Prepare RedHat / CentOS for Cloning</a></p>Installing ipset on CentOS 6urn:md5:cad667850b72832b503063dcea4ed0572012-05-26T10:00:00+10:002015-08-15T21:48:18+10:00PhilLinux & Open Sourcecentosguidehelphowtolinuxredhatsecurityservertechnologyvps <p>I assume this will work on RedHat 6 too:
# yum install http://people.redhat.com/twoerner/BZ/477115/ipset-6.7-2.el6.x86_64.rpm http://people.redhat.com/twoerner/BZ/477115/libmnl-1.0.1-1.el6.x86_64.rpm http://people.redhat.com/twoerner/BZ/477115/libmnl-devel-1.0.1-1.el6.x86_64.rpm
Yes, you can copy and paste.
Note that this isn't adding any... <a href="http://www.wandin.net/dotclear/index.php?post/2012/05/26/Installing-ipset-on-CentOS-6"><em>Read</em> Installing ipset on CentOS 6</a></p>Custom Actions with fail2banurn:md5:c6b2207cc6b500ad372b2b954707fbb22010-10-19T09:29:00+11:002010-10-19T09:32:57+11:00PhilLinux & Open Sourcearcharch linuxguidehelphowtolinuxsecurity<p>Most people are familiar with the <a href="http://www.fail2ban.org/wiki/index.php/Main_Page" hreflang="en">fail2ban</a> package available for protecting against brute-force password attacks against your servers.</p>
<blockquote><p>Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.</p></blockquote>
<p>What you might not have experimented with is it's ability to execute custom actions instead (or as well as) blocking the source IP in iptables.</p> <p>I have customised fail2ban to somewhat passively perform an nmap on the scanning host and email the results to me.
/etc/fail2ban/actions.d/mail-nmap.conf
actionban = nmap -sS -O <ip>|mail -s "[Fail2Ban]: nmap of <ip>" <dest>
/etc/fail2ban/jail.conf
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh,... <a href="http://www.wandin.net/dotclear/index.php?post/2010/10/19/Custom-Actions-with-fail2ban"><em>Read</em> Custom Actions with fail2ban</a></p>CentOS Installation without VGA Consoleurn:md5:0dfac545bc6136a98259cfb6cdc8c3ee2010-03-16T15:45:00+11:002015-08-15T21:48:18+10:00PhilLinux & Open Source<p>So I've spent the last day and a half, plus around $20 worth of DVD's, trying to get the CentOS Installer to boot and install on a headless machine. Here's the end result...</p> <p>The machine I'm trying to install to is a custom piece of hardware used by the company I work for. It has NO VGA console, NO keyboard and NO mouse. The only "out of band" access is via an RS232 serial console that the BIOS provides by redirecting the actual console to the serial console. This caused quite a few problems with the graphical nature of... <a href="http://www.wandin.net/dotclear/index.php?post/2010/03/16/CentOS-Installation-without-VGA-Console"><em>Read</em> CentOS Installation without VGA Console</a></p>Migrating Physical Machine to Virtual Machineurn:md5:d1116e9fbb1a117dc6cbfb586785171b2010-01-30T22:00:00+11:002010-01-30T22:03:05+11:00PhilLinux & Open Sourcearcharch linuxguidehelphowtolinuxpartitioningservertechnologyvirtual boxvirtualization<p>This a quick step-by-step for migrating a Physical computer to a Virtual Box instance. It was written for an Arch Linux based installation, and requires no special software except for an Arch Linux installation CD / ISO image.</p> <p>On the Physical Machine
Boot the Arch Linux installation CD.
Do whatever you need to in order to mount the existing hard drives to /mnt in the live environment. This may mean you need to load the LVM or Software RAID modules and assembling them.
Mount the existing disks to /mnt, including any separate partitions such as /home /boot or /var etc. I... <a href="http://www.wandin.net/dotclear/index.php?post/2010/01/30/Migrating-Physical-Machine-to-Virtual-Machine"><em>Read</em> Migrating Physical Machine to Virtual Machine</a></p>bind 'blackhole' option prevents *all* trafficurn:md5:dc2df6e8201449b76dff0b49cecfa3e62010-01-04T10:12:00+11:002010-01-04T10:13:04+11:00PhilLinux & Open Source<p>So, what's wrong with this named.conf file?</p> <p>### named / bind global configuration file
#############################
# ACL Configurations
acl me {
127.0.0.1/8; // Loopback
192.168.1.0/24; // Home
10.0.1.176; // Laptop on Work LAN
};
acl work {
!10.0.1.176; // Laptop on Work LAN
10.0.1.0/16; // Work LAN
};
#############################
# named options
options {... <a href="http://www.wandin.net/dotclear/index.php?post/2010/01/04/bind-blackhole-option-prevents-%2Aall%2A-traffic"><em>Read</em> bind 'blackhole' option prevents *all* traffic</a></p>Adding Swatch Internet Time to Gnomeurn:md5:57280fad2cba0c8faa7820aa309131672009-11-02T16:47:00+11:002009-11-02T16:48:09+11:00PhilLinux & Open Sourcearcharch linuxfunguidehelphowtolinuxtechnology<p>How to add an applet to your Gnome panel displaying <a href="http://en.wikipedia.org/wiki/Swatch_Internet_Time" hreflang="en">Swatch Internet Time</a></p> <p>Right-click your Gnome panel, and select 'Add to panel...'
Find the 'Clock' applet and either click "Add" or drag-and-drop it to the panel bar.
Press 'Alt' + F2 to open the 'Run' dialog, and start the 'gconf-editor' application.
Scroll down through the tree under apps > panel > applets. You need to find the folder in here that corresponds to your... <a href="http://www.wandin.net/dotclear/index.php?post/2009/11/02/Adding-Swatch-Internet-Time-to-Gnome"><em>Read</em> Adding Swatch Internet Time to Gnome</a></p>OpenVPN MTU Sizeurn:md5:36b424927a43182dc7aaee045662800b2009-01-08T09:34:00+11:002009-01-28T16:47:14+11:00PhilLinux & Open Sourcelinuxmtuopenvpn<p>I came across a problem recently while attempting to transfer a largish (23mb) file from my web server to my file server via my OpenVPN tunnel.</p>
<p>The tunnel has been working perfectly since it was first established. SSH and small file copies went fine. But this copy would get to 2,112kb and then stall. No matter how many times I attempted it. I attempted the same transfer using the public interwebs (I was scp'ing so it was encrypted anyway) and this worked perfectly, so there was obviously a problem with the OpenVPN tunnel.</p> <p>Doing a tcpdump on both ends, and the firewall where the tunnel terminates showed that the traffic would flow freely up to the 2,112kb mark, then you could see packets entering the tunnel at the web server end, but not exiting at the firewall end.
A quick Google and scan through the OpenVPN book pointed at using this command to test the maximum... <a href="http://www.wandin.net/dotclear/index.php?post/2009/01/08/OpenVPN-MTU-Size"><em>Read</em> OpenVPN MTU Size</a></p>