This blog is a collection of knowledge from the internet and books that I have had to put into production or lab use. My goal is to get my findings on search engines so that people needing to work on common topics can find the information without searching multiple websites.
This blog is built on the belief that Linux has very dynamic uses and should be used as a replacement for products that you would normally have to pay a premium for (Windows Server, Load Balancers, Enterprise Firewall/Routers).
Recently the Gentoo hardened project seems to have some serious bugs, particularly with the grsec kernel. I have been forced to switch to CentOS 6 and configure it to act similarly to Gentoo/grsec.
One of the biggest draws to grsec is the process hiding feature. CentOS 6 uses selinux and I decided to stay with it. Lucky for me, support for process hiding was added around kernel version 3.3.X
Mount /proc with the hidepid option.
I will show you the steps required to use hidepid with CentOS 6. These directions may not translate easily to other distributions of Linux.
The 9265-8i happens to be an awesome card for RAID0 SSD but it is not without tons of problems.
I've had to RMA two of them so far because of failing memory or stupid firmware issues.
I am using it with a EVGA X58 FTW3 and noticed the following things:
- Card BIOS does not display any video output but will show virtual drive count
- Card BIOS mouse works for only a few seconds before freezing
- Card firmware updates may fail and/or not work as intended
This seems to be a conflict with the on-board Marvell mv91xx SATAIII controller. Disabling this in the BIOS will cause the 9265-8i to act like it should. And by "act like it should" I mean:
- Card BIOS displays full video output (BIOS version, disk scan, warnings, etc)
- Card firmware updates seem to work fine
- Card actually seems to perform much faster
Unfortunately you loose two on-board SATAIII ports but who the hell cares, you have a FAST raid controller!
I cant find a fix for the mouse freezing though...
My current job requires me to repair and install a wide variety of operating systems (Linux, Unix, Windows). Right now we deal with a crappy netboot system (don't tell its maintainers! :X) which also happens to be wireless.
Tip #1: Wireless in a large datacenter room sucks!
I could rant all day about why I hate netbooting and would rather burn 1,000 CD's, but I decided to attempt to make a solution where any staff member could take a special USB disk containing a bootloader such as isolinux or grub4dos and just drop regular ISOs right into the disk without the hassle of using a Windows app to modify the drive.
The reason I am writing this post is because I want to share the method I used to get a prototype working. If you are reading this expecting to have a dream boot device like mine, stop now. It doesn't fully work for installers.
You'll want to first prep a USB drive by removing all partitions with the Linux fdisk utility and format the drive as FAT32. After, follow the guide to install Grub4dos to the MBR of the drive.
I transferred a Windows ISO to the drive root and then booted to a grub4dos boot prompt (grub> ). The following commands worked for me:
grub> map (hd0,0)/windows.iso (0xFF) grub> map --hook grub> root (0xFF) grub> chainloader (0xFF) grub> boot
So anyway: this booted all the way into the Windows installer and once it attempts to find media, everything falls apart. Google says there is no method to get this working due to cdrom emulation issues and protected drivers.
I will have to find a more creative method to get my multiboot working without much work.
If you have a creative solution, let me know!
The Gentoo project has decided to unmask openrc and push it to people not running bleeding edge installations. Unfortunately, I have found that it breaks networking more than half of the time. "How?" you might ask... well, if you're reading this you've probably already found out the hard way.
This wont be much of an explanation article as most are. Instead, I will reveal the problem and a solution with little explanation. At this time, I just wanted to fix my boxes and get facts later
Once you fully completed the install of openrc, a few things happen depending on the system. I have had some systems reboot flawless and some reboot broken. Please note: some systems using more than one network interface may have one of them start while the others wont.
Please read all suggestions carefully, as multiple things can seem correct with your system and the interface startup still will fail.
Recently, I have found myself facing remote hands issues where customers need a root password to run fsck because the system wont boot into single user mode (or runlevel 3). The problem is, they don't remember the password and need to recover it.
Why is this a problem and how does it hurt recovery of the system? Well... when the conditions above are met, the system will refuse to mount the bad filesystem as read/write (rw). This will prevent modification of /etc/shadow.
Use: mount -n -o remount,rw /path/to/mount/rw
You could use a live cd and manually mount the root (or /etc) partition as read/write.. but why go through the hassle of burning a disc when this can be done quickly using the corrupted system?
IPv6 is an upcoming address change that will solve the scarcity of addresses in this new era of mobile internet phones and home appliances requiring internet connections. But how do you know if you are ready for IPv6? What if you want to try IPv6 but have an ISP who is too slow to adopt?
I will show you how to set up a free IPv6 tunnel so that you may use or test out this new addressing scheme. You will also be shown how to configure reverse DNS if you with to use your IP blocks for vhosting on IRC.
This article will only cover Linux.
What is VMDirectPath?
VMDirectPath simply allows you to assign real devices on the PCI bus to a VM (thus bypassing the need to virtualize hardware).
What is USB Passthrough?
USB passthrough virtually connects a USB device to a VM. Unlike VMDirectPath, the connection uses the virtualization layer.
Using ESXi with Redundant Routers and no Switch
When you think of "switching" and "vSwitching", as well as the way ESXi's network functions are laid out, you might get the idea that you can dump 2 or more interfaces on a virtual switch and have traffic pass like it would on a real switch.
I've got some bad news: Despite the fact that the physical NICs operate as a physical port on a virtual switch, ESXi will NOT pass incoming traffic from one physical NIC out another physical NIC.
From what I read, this is a security feature due to the fact that ESXi does not have an implementation of Spanning Tree Protocol (STP). This can toss a wrench into some specialized setups where redundant routers need to pass VRRP traffic or when ESXi needs to send beacon probes between interfaces attached to redundant routers.
Dynamic websites driven by technologies such as PHP and MySQL, such as this blog, are powerful tools to display and organize a variety of content. High volume websites need a solution to help scale them. Using multiple HTTP servers and load balancing between them is one of many steps a web administrator may take to scale a high volume website.
There are multiple ways to deal with splitting up load. A few notable ones are:
- Static Delivery Services (Amazon S3, Akamai, CacheFly)
- Splitting static and dynamic content up locally through multiple servers
- Load balancing multiple servers in a standard configuration
In this article, we will review how you can load balance multiple servers using a standard configuration with no split content delivery.
An MOTD is a great way to display relevant messages to users when they connect. But what if you wish to have the MOTD display messages relevant to the specific user or system? What if you want a dynamic MOTD that you can copy to multiple servers with little to no editing of the script?
Create a custom shell script that will run once a user successfully logs into the system. There are multiple ways to create dynamic MOTDs.
The Ubuntu team had the right idea behind their update-motd service, which reads instructions from /etc/update-motd.d in a specific order (much like the rc.d script order) and then updates /etc/motd with fresh information at a regular interval. As cool as that is, it cannot feed specific information that is relevant to each user, because it is an MOTD that is shown to everyone.
I will show you the steps required to create a basic MOTD script that will completely replace the /etc/motd file.