Needed this earlier. Came in handy. Its stupid stuff, but i forget the switches half the time.

wget -r --no-parent --reject "index.html*" http://website.com/dir/

also tar zxvf files.tar.gz -C /anotherDirectory/

So your running an older version of mysql, such as 5.0. And you want to use innodb as your engine.

vi /etc/my.cnf

#skip-innodb


Comment out skip-innodb and you will have the option to use it.

IF you want to use innodb by default, add to my.cnf

default-table-type=innodb



Reasons you may still be using an older version of mysql include having too many databases that rely on the older code or myisam engine and don't want to mess it up.

Also in phpmyadmin to convert tables to innodb, once you have enabled it, click on "operations" and you can change it from there.

HP Microserver storage system.



http://www.homedepot.com/Featured-Products-Storage-Solutions-Crate-Bin-and-Cubbie-Storage/h_d1/N-5yc1vZc0wh/R-202104735/h_d2/ProductDisplay?langId=-1&storeId=10051&catalogId=10053&superSkuId=202858033

I bought this today, needed a way to organize some electronics, and what the heck stuff. Then when I got home I realized that the HP Microserver fits perfectly. With enough room around it for breathing. I used wood glue in the construction to make the build stronger. Habit, all cheap furniture, I use wood glue.

---> Package antlr.x86_64 0:2.7.6-4jpp.2 set to be updated
---> Package java-1.4.2-gcj-compat.x86_64 0:1.4.2.0-40jpp.115 set to be updated
--> Processing Dependency: /usr/bin/rebuild-security-providers for package: java-1.4.2-gcj-compat
--> Processing Dependency: /usr/bin/rebuild-security-providers for package: java-1.4.2-gcj-compat
--> Processing Dependency: /usr/bin/rebuild-security-providers for package: java-1.4.2-gcj-compat
--> Processing Dependency: /usr/bin/rebuild-security-providers for package: java-1.4.2-gcj-compat
--> Finished Dependency Resolution
java-1.4.2-gcj-compat-1.4.2.0-40jpp.115.x86_64 from base has depsolving problems
--> Missing Dependency: /usr/bin/rebuild-security-providers is needed by package java-1.4.2-gcj-compat-1.4.2.0-40jpp.115.x86_64 (base)
Error: Missing Dependency: /usr/bin/rebuild-security-providers is needed by package java-1.4.2-gcj-compat-1.4.2.0-40jpp.115.x86_64 (base)
You could try using --skip-broken to work around the problem
You could try running: package-cleanup --problems
package-cleanup --dupes
rpm -Va --nofiles --nodigest
The program package-cleanup is found in the yum-utils package.

I actually was trying to remove java and tomcat from the server, but this was giving me issues. So I ran:

rpm -Uvh http://plone.lucidsolutions.co.nz/linux/centos/images/jpackage-utils-compat-el5-0.0.1-1.noarch.rpm


yum update
To confirm that it had been resolved.

I wished I had posted the php issues I was having and how I resolved them, but deleted the notes.
Which installed what I needed to fix those issues, then removed the packages I didn't want such as java, tomcat, and eclipse.

HP ProLiant N40L Ultra Micro Tower Server System AMD Turion II Neo N40L

Wanted to post a picture of the motherboard in case anyone needed it.

To find the ssh port on server, with the help of whm.

http://ip:2086/xml-api/cpanel?user=cpanel&cpanel_xmlapi_apiversion=1&cpanel_xmlapi_module=SSH&cpanel_xmlapi_func=getport

Useful when people forget their ssh ports.

This is for vps, dedicated, etc. Wrote the howto about 10 mins ago.

Login to your server via SSH as root.

Then Type: cd /usr/local/src/

2. Download RKHunter Version 1.3.8

Type: wget http://sourceforge.net/projects/rkhunter/files/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz

3. Extract files

Type: tar -xzvf rkhunter-1.3.8.tar.gz

4. Type: cd rkhunter-1.3.8

5. Type: ./installer.sh --install

6. Setup RKHunter to e-mail you you daily scan reports.

Type: nano -w /etc/cron.daily/rkhunter.sh
Add The Following:
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "RKhunter Scan Details" name@domain.com < /var/log/rkhunter.log

Type: chmod +x /etc/cron.daily/rkhunter.sh

Stupid expression that comes in handy.

cat document |mail -s subject email@domain.com

What I tend to use if for is like nmap 192.168.0.1-254 >> file
Then email the document to myself. I could just probably do nmap IP's >>file|mail -s subject email@domain.com but I like to read through the file. But it comes in handy.

Ok, so a server was root kit'ed. Not mine, a client's. It was on a xenserver. All the /bin files hosed. Because of this (/bin/basename /bin/hostname /bin awk, etc) was out, I couldn't get the server back online to grab all the files off of it. I am grateful the client had a near identical build to one of mine. So I copied my /bin directory to a thumb drive, and copied the files over the /bin/ directory. reboot, and system came back online, then was able to use the rootkit checker to verify, and yes, there was a rootkit. The VM still has to be re-imaged, but because it could get online, we could then backup the server of its content, and re-import them when its done.

So, I was doing something stupid in debian. Going with the testing branch for a few files, and had an issue.

Setting up runit (2.1.1-6) ...
dpkg: error processing runit (--configure):
subprocess installed post-installation script returned error exit status 10
Errors were encountered while processing:
runit


How to fix? Easy.
Delete /var/lib/dpkg/info/runit* and /var/cache/apt/archives/runit* and it works fine.

I actually moved the files first, just to verify it.

and to get the list I did this.

ls /var/cache/apt/archives/ |grep runit >> /root/info

ls list screen |grep (search) the files that i am looking for, >> append it to this file. So I can look thru it later.

Debian 5.0 Grub issues I was having.

Debian showed grub was installed, but I still had to use a cd to boot to it, I was a bit confused. So what I did was

fdisk /dev/sda (boot drive)

p to show a list of partitions. I could see that my only partition was non-bootable,
a added boot options,
w save and exit. Machine booted right up. Now to fix my X issues.

I was curious with the new Blackberry 9300, what was the difference between it and the 8520, other than 3G and GPS. Found out the cpu's are different. and the 9300 supports Wifi N.

8520: 512MHz
9300: 624 MHz, Even better I have the exact chip. Marvell PXA930

I have a spare 8520 that I am supposed to send back this week. But I just got a copy of the 9300 BB os 6.0, So I am going to load it, and see.

Say you are running 64 bit Windows, and you install OpenVPN, and someone gives you a script that keeps failing. You can't figure it out. I will post an example, and show you the issue I was having.

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################

client
dev tap
proto udp
remote vpn.example.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server

pkcs12 "C:\\Program Files\\OpenVPN\\config\\foo.pfx"

reneg-sec 0
comp-lzo
verb 3
mute 20
#####

Ok, Heres where the problem lies.
pkcs12 "C:\\Program Files\\OpenVPN\\config\\foo.pfx"

Needs to be changed to

pkcs12 "C:\\Program Files (x86)\\OpenVPN\\config\\foo.pfx"

The (x86) makes all the difference in the world.

IPADDR_START=216.73.xxx.xxx
IPADDR_END=216.73.xxx.xxx
CLONENUM_START=0
NETMAST=255.255.255.0


Name file ifcfg-eth0-range0 (or whatever the nic card is)
Also The start IP address is the 2nd ip address in the list, the End is the last of them.

Yes I stole this script/borrowed from Calpop. Actually one of the most useful things I got out of there.

Scripts that come in handy.

Server e-mail every time someone logs in as root

To have the server e-mail you every time someone logs in as root, SSH into server and login as root.

At command prompt type: vi .bash_profile

Scroll down to the end of the file and add the following line:

echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com

Save and exit.

Install chkrootkit

To install chrootkit, SSH into server and login as root.

At command prompt type: cd /root/

At command prompt type: wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

At command prompt type: tar xvzf chkrootkit.tar.gz

At command prompt type: cd chkrootkit-0.44

At command prompt type: make sense


To run chkrootkit

At command prompt type: /root/chkrootkit-0.44/chkrootkit

Make sure you run it on a regular basis, perhaps including it in a cron job.
Chkrootkit is a program that scans for root kits.


To modify LogWatch, SSH into server and login as root.

At command prompt type: vi /etc/log.d/conf/logwatch.conf


Scroll down to

MailTo = root

and change to

Mailto = your@email.com

Note: Set the e-mail address to an offsite account incase you get hacked.


Now scroll down to

Detail = Low

Change that to Medium, or High...

Detail = 5 or Detail = 10

Note: High will give you more detailed logs with all actions.

LDAP error i was having.

root# nss_updatedb ldap passwd
Failed to enumerate nameservice: No such file or directory
passwd... nameservice unavailable.


go to /etc/ldap.conf and make sure

# Another way to specify your LDAP server is to this
uri ldapi:///example.com

to:
uri ldap://example.com

remove the i in ldap, and the / and your good to go.

Hmm strange issue, But I figured it out.

CRITICAL:yum.cli:Config Error: Parsing file failed: File contains parsing errors: file:///etc/yum.conf
[line 3]: mysql* nsd* proftpd* pure-ftpd* ruby* spamassassin* syslinux*

[line 4]: squirrelmail*

The problem is that line 3 and 4 are new lines, instead of a continuation of line 2. Fix that and it works, I figure someoneone will have that issue, since I googled it and nothing came up.

NIS INSTALL

I did not write this. but I used it a lot.

I wish I knew where I got the notes from, but I have kept them for a long time. I also used Yolinux.com for a lot of help.



NIS is a system which is designed to allow people to use the same username and password on a group of machines. (In NIS terms this group of machines is called a domain). This small introduction will guide you through setting up a central NIS server to centralise your logins, and a client to use it.

Of all the systems for sharing login details across multiple machines NIS is the oldest and possibly the most widely used. Other alternatives include database systems such as LDAP (OpenLDAP) and kerberos .

For NIS to work you need a single, central, machine which contains all the username and password pairs. Other machines will query this one when it comes to validating logins - so no local usernames and passwords need to exist.

For large systems this scales very well, when you wish to add a new user you only need to do it once on the central server rather than on each individual machine.

Installing the server is a simple matter:

name:~# apt-get install nis Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: portmap The following NEW packages will be installed: nis portmap 0 packages upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 190kB of archives. After unpacking 699kB will be used.

Once the packages have been downloaded and installed you will need to choose a name for the domain and set this up as a master server. (In NIS terms a domain is used to refer to a group of machines, it has no connection with DNS names, or WORKGROUP names).

Once you've installed the packages and given the system a domain name then you will need to set it up as a master server. You do this by editing the file /etc/defaults/nis making sure that you have the following lines:

NISSERVER=true NISCLIENT=false

Once this is done you need to control which machines are allowed to access the NIS server. Do this by editing the file /etc/ypserv.securenets as in the following example:

# Restrict to 192.168.1.x 255.255.255.0 192.168.1.0

Restart the server with /etc/init.d/nis restart and the server is ready.

This now has us running an NIS server, the next thing to do is initialise its maps. This is a simple process of running an init command and giving it the name of the servers you're using. In our case this is just the one server we've just setup:

root@sun:~# /usr/lib/yp/ypinit -m

Now we move on to setting up the clients.

Each client will also need the NIS package, so install that:

apt-get install nis

Enter the name of the domain you chose earlier (this is stored on the server in the file /etc/defaultdomain if ever you forget it).

Once this is done you will need to setup the server to authenticate against, place it's IP address in the file /etc/yp.conf, for example:

ypserver 192.168.1.1

Restart NIS with /etc/init.d/nis restart and test that this machine can access the client by running:

root@undecided:/etc# ypcat passwd mp3:x:1002:1002::/home/mp3: skx:x:1000:1000:Steve Kemp,,,:/home/skx:/bin/bash ipaudit:x:1001:100::/home/ipaudit:

Here we see that we've received some results so we're go to go on.

This is the most tricky step, upon this client you need to remove all user accounts from the password, shadow, group, and group shadow files. Here we really do mean users as people - say all the userid's above 1000. Leave the system accounts such as bin, bind, nobody alone.

(If you want a login to only be available on the local machine then leave it there - certainly leave the root account alone!)

For the /etc/passwd add +:::::: at the end.

For the file /etc/shadow add +::::::::, and for the other files /etc/group and /etc/gshadow add +:::.

Now try and login with a user!

When it comes to time to add a new user to your setup you should only need to add it upon the server, and all machines will benefit. You may need to rerun the ypinit command we gave earlier for it to take effect though.

IPtables. Preventing multiple failed logins


iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --rttl --name SSH -j DROP

Fairly easy to figure out. you fail 10 times in a min, you get booted. I should change that to much less now that I look at it.



IPtables Block

Iptables block info

-A INPUT -p tcp -m state --state NEW,ESTABLISHED -s 192.168.1.0/24 --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -d 192.168.2.0/24 --sport 22 -j ACCEPT

Actually this only allows listed ranges to login.

Java install notes:

export JAVA_HOME="/usr/java/jdk1.6.0_12/"
export JAVA_PATH="$JAVA_HOME"


/usr/sbin/alternatives --install /usr/bin/java java /usr/java/jre1.6.0_12
/usr/sbin/alternatives --config java

YEAH More notes.

So you want to ssh into boxes without typing in those pesky passwords every 2 mins.
SSHKeys can be your friend. I do this within a local environment.

user@localhost::~# ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:

DO NOT CREATE A PASSPHRASE

now Create a .ssh directory onto The other machine. SSH into the box, then SSH into something something else will create it for you.

Add key to MachineB .ssh/authorized_keys, enter in MachineB password.

user@localhost::~#cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
user@MachineB password:

now SSH into Machine B with fun!

Notes:

If something Fails, try this.

Put the public key in .ssh/authorized_keys2
Change the permissions of .ssh to 700
Change the permissions of .ssh/authorized_keys2 to 640

Eh, useful to have perl note.
(Sometimes I forget simple things.)


:/#perl -MCPAN -e shell

perl> install Bundle::CPAN

perl>reload cpan

Ok, stole these notes from OpenDNS. But I want my own copy of these notes that I can find when I need it.

To avoid having your settings get revoked after reboots, or after periods of inactivity you may need to make the following changes via the command line:

$ sudo cp /etc/resolv.conf /etc/resolv.conf.auto
$ gksudo gedit /etc/dhcp3/dhclient.conf
# append the following line to the document
prepend domain-name-servers 4.2.2.2,216.73.123.59;
# save and exit
$ sudo ifdown eth0 && sudo ifup eth0

You may be required to change eth0 to your own network device's name if it uses a non-standard name.

### Oh on the Prepend domain-name-servers. Please remember to change to your own DNS settings.

Eh, this is a line to a script, Useful as hell.

Say you want to have a cron job run all the time, and want each update to have its own folder, etc. Each labeled by the date.

backup_`date +"%Y-%m-%d"` > /backup_`date +"%Y-%m-%d_%Hh%Mm%Ss"`.log

## Guide for the use of the date function of bash. Case sensitive!!
## For use to perpend or append to a name.
## Use a % sign between each.
##
## Y = Year in 4-digit format (2006)
## M = Month number (06)
## d = Day of the month - 2 digits (05)
## T = Time in 24 hour format (17:45:52)
## H = Hour in 24-hour format (17)
## m = Minutes (35)
## S = Seconds (05)
##
## %Y%M%d%H%m%S = 20090209133424
## %Y-%M-%d_%Hh%mm%Ss = 2009-02-09_13h34m24s

Backup and Restore LDAP notes.

Maybe useful for you, but mostly they are notes for me.


Backups: Backup data with slapcat (e.g., slapcat -v -f /usr/local/etc/openldap/slapd.conf -l /path/to/backup/$(date +%Y%m%d).ldif). To ensure consistency, slapd should not be running during backups.

Restoration:To do a full restore from backup, first stop slapd and remove all ldap data (e.g., rm /usr/local/var/openldap-data/ for source installations or rm /var/lib/ldap/* for Debian installations). Then use slapadd to load data from the ldif backup (e.g., slapadd -v -c -l example.ldif -f /usr/local/etc/openldap/slapd.conf for source installations or slapadd -v -c -l backup.ldif -f /etc/ldap/slapd.conf for Debian installations). Then run slapindex and start slapd.

Clear Cache from a linux box.
Works only with Kernels 2.6.16 or newer

sync; echo 3 > /proc/sys/vm/drop_caches


Quick Script I use for the machine and cron jobs

Named: clean.sh
#!/bin/bash

###
### Shell script to clean the cache on the machine, it also lists current memory usage, and
### afterwards its cleared so I can compare.
###
### SimonTek April 16th, 2009
###
free -m
sync; echo 3 > /proc/sys/vm/drop_caches
free -m

I wrote this for a few co-workers today. We run linux, and giving options for people to fix stuff when I am late coming in.

Firefox or Thunderbird won't work. How to fix.

FIREFOX

user@host:~$ cd .mozilla/firefox/weirdstuff.default/
user@host:~$ rm .parentlock

Commands Meanings:

cd = Change Directory, also "cd ~" will put you back in your home directory.

ls = List Screen, remember DOS days of dir? same thing, dir will also work.

rm = remove. BE CAREFUL with that command.

pwd = print working directory. Basically lets you know where you are.

Also .file means hidden. you can type in ls -a for all files

Notes:

If you hit TAB while typing it will finish what your typing for each directory.

weirdstuff.default is your profile directory, it changes on each machine.


THUNDERBIRD EMAIL

cd .mozilla-thunderbird/weirdstuff.default/
rm .parentlock

example: cd .mozilla-thunderbird/nq92xeeb.default/

P.S.
Also If you have an issue where your bookmarks have dis-appeared and the buttons don't work, mv places.sqlite to places.sqlite2 (You can delete it, but I always like to keep it around just incase.)

Also Firefox Usually does backups everyday, so in 3 you can just roll back. But as always make backups.

Hello. Spent the past 2 hours having an Issue with MYSQL INNODB. So I figured to post the answer.

I was installing RT (Request Tracker) and any time it got to mysql it came up with INNODB not installed or turned off. I was going INSANE, looking through my.cnf and going its RIGHT THERE #### out and everything. Should work fine. No. I am like is this defined somewhere else? Nope.

Guess what the issue was. Permission as usual.

Chmod 777 /tmp and every thing went fine. I will go and tweak it after this blog, wanted people to have an answer available. It drove me nuts.


What it SHOULD Do.

:/etc/mysql# /usr/sbin/rt-setup-database-3.6 --action init --dba root --prompt-for-dba-password
In order to create or update your RT database,this script needs to connect to your mysql instance on localhost as root.
Please specify that user's database password below. If the user has no database
password, just press return.

Password:
Now creating a database for RT.
Creating mysql database rtdb.
Now populating database schema.
Creating database schema.
Done setting up database schema.
Now inserting database ACLs
Done setting up database ACLs.
Now inserting RT core system objects
Checking for existing system user...not found. This appears to be a new installation.
Creating system user...done.
Now inserting RT data
Creating Superuser ACL...done.
Creating groups...3.4.5.6.7.8.9.done.
Creating users...10.12.done.
Creating queues...1.2.done.
Creating ACL...2.3.done.
Creating ScripActions...1.2.3.4.5.6.7.8.9.10.11.12.13.14.15.16.17.done.
Creating ScripConditions...1.2.3.4.5.6.7.8.9.10.done.
Creating templates...1.2.3.4.5.6.7.8.9.10.11.12.done.
Creating scrips...1.2.3.4.5.6.7.8.9.10.11.12.13.14.done.
Creating predefined searches...1.2.3.done.
Done setting up database content.

Later today I will stop by Digi Comp on Santa Monica to pick up parts to explain my old apple airport hack. Its 4 years old, but i never showed pictures. or wrote how to get an orinoco card to show up as airport. ($20 parts vs $125 for used card)

Dlink DWL 520+
Wireless hack

I usually come up a quite a few hacks, but since it usually seems simple to me, i never publish them thinking others have done the same before. So i figured to start publishing them.

This Hack includes how to make the Dlink DWL-520+ a bit stronger, theoretically upto 600mw+.

First you will need a DWL-520+ card, another mini-pci wireless card, a phillips head screwdrivers, a soldering iron, new antenna wire, or adapter.


First unscrew the 2 screws (the red circles where i already removed them)


Now You will have access to the mini-pci card. Basically this entire card is a PCI to mini-pci adapter.

Lift the black tab up, and then press the release tabs of the mini-pci card. You can unsolder the wire from the card and add your own adapter to it. or just run a new antenna wire.

A card I would love to try with this is the Extreme Range2 card. Its a lovely 600mw card.

Once I get some new wireless cards to test more with I will update this.


******* Follow Up.

I borrowed the antenna lead off of a Linksys Wireless Cable Modem. It died, and I took it apart to see the motherboard. To my surprise it Uses a mini-pci card. And is easily upgrade-able. I swapped the card with an Intel card. Now have a neat toy. Required breaking off the old antenna post, but worth it.

ARGG Who the hell thinks that blogger captcha's are actually readable?