…Details…

Icon

Thoughts that's escape, only details.

XFCE – Screen lock using LightGDM

/usr/bin/xflock4

#

PATH=/bin:/usr/bin
export PATH

# Lock by xscreensaver or gnome-screensaver, if a respective daemon is running
#for lock_cmd in \
# "xscreensaver-command -lock" \
# "gnome-screensaver-command --lock"
#do
# $lock_cmd >/dev/null 2>&1 && exit
#done

for lock_cmd in \
"dm-tool lock"
do
$lock_cmd >/dev/null 2>&1 && exit
done

# else run another access locking utility, if installed
for lock_cmd in \

XFCE – Desktop Icons

[[email protected] ~]$ cat .gtkrc-2.0
style "xfdesktop-icon-view" {
XfdesktopIconView::label-alpha = 0
XfdesktopIconView::selected-label-alpha = 170
XfdesktopIconView::ellipsize-icon-labels = 0

XfdesktopIconView::shadow-x-offset = 0
XfdesktopIconView::shadow-y-offset = 0
XfdesktopIconView::shadow-color = "#000000"
XfdesktopIconView::selected-shadow-x-offset = 0
XfdesktopIconView::selected-shadow-y-offset = 0
XfdesktopIconView::selected-shadow-color = "#ffffff"

XfdesktopIconVIew::cell-spacing = 6
XfdesktopIconView::cell-padding = 6
XfdesktopIconView::cell-text-width-proportion = 2.5

base[NORMAL] = "#cccccc"
base[SELECTED] = "#cccccc"
base[ACTIVE] = "#cccccc"

fg[NORMAL] = "#ffffff"
fg[SELECTED] = "#000000"
fg[ACTIVE] = "#000000"
}
widget_class "*XfdesktopIconView*" style "xfdesktop-icon-view"
[[email protected] ~]$

XFCE – Dropbox


[[email protected] ~]# yum install Thunar-devel thunarx-python

wget http://softwarebakery.com/maato/files/thunar-dropbox/thunar-dropbox-0.2.0.tar.bz2

[[email protected] thunar-dropbox-0.2.0]$ ./waf configure --prefix=/usr
Checking for program gcc or cc : /usr/bin/gcc
Checking for program cpp : /usr/bin/cpp
Checking for program ar : /usr/bin/ar
Checking for program ranlib : /usr/bin/ranlib
Checking for gcc : ok
Checking for thunarx-2 : yes
Checking for gio-2.0 : yes
'configure' finished successfully (0.230s)

[[email protected] thunar-dropbox-0.2.0]$ ./waf build
Waf: Entering directory `/home/leo/Downloads/thunar-dropbox-0.2.0/build'
[1/4] cc: src/dropbox-communication.c -> build/default/src/dropbox-communication_1.o
[2/4] cc: src/tdp-provider.c -> build/default/src/tdp-provider_1.o
[3/4] cc: src/thunar-dropbox-plugin.c -> build/default/src/thunar-dropbox-plugin_1.o
[4/4] cc_link: build/default/src/dropbox-communication_1.o build/default/src/tdp-provider_1.o build/default/src/thunar-dropbox-plugin_1.o -> build/default/libthunar-dropbox.so
Waf: Leaving directory `/home/leo/Downloads/thunar-dropbox-0.2.0/build'
'build' finished successfully (1.990s)

[[email protected] thunar-dropbox-0.2.0]$ sudo ./waf install
Waf: Entering directory `/home/leo/Downloads/thunar-dropbox-0.2.0/build'
* installing data/icons/hicolor/16x16/apps/thunar-dropbox.png as /usr/share/icons/hicolor/16x16/apps/thunar-dropbox.png
* installing build/default/libthunar-dropbox.so as /usr/lib/thunarx-2/thunar-dropbox.so
Waf: Leaving directory `/home/leo/Downloads/thunar-dropbox-0.2.0/build'
'install' finished successfully (0.006s)

[[email protected] thunar-dropbox-0.2.0]$ sudo mv /usr/lib/thunarx-2/thunar-dropbox.so /usr/lib64/thunarx-2/
[[email protected] thunar-dropbox-0.2.0]$

Switch to XFCE

As I wrote in some previous posts I’ve replaced my old thinkpad with a new one, the deal was to find a Linux operating system with a full support of my hardware. I just tried to migrate my trusty Redhat 6, and after some rebuild I get a “well” working system.
I love the legacy system you can always know where to find the things you need and generally they works more better than new one, but for desktop use sometimes is necessary something a little modern (kernel, lib, etc.).

So I’ve installed Fedora 19, I already used this distribution in the past till version 14 (the last release with Gnome 2), the installer is great and after reboot surprise, my notebook hardware are fully supported even HSPA/GPS card, fingerprint reader and TPM chip, awesome!!
At this point the problem begin.. and the name is Gnome 3, Shell or whatever they wanna call that crap, I even found a very disappointed twit dated 11/06/11 wrote by me about that, when I’ve tried Fedora 15 for the first time and the complaints were to Gnome 3..
By the way I decided to give it a chance, I spent 2 days, days of terrific pain, patch and random code to fix bugs (or trying to do) just for made it a little usable and finally I figured out: after more than two years still is a bunch of buggy crap.

I can only describe it as The worst user experience ever, I don’t want a stupid smartphone/tablet or clone of clone of clone of other worst user interfaces.

So I took a look of alternatives and I’ve tried Xfce: it’s light, simple and stable.

The next post will be related to the optimization and integration of Xfce.

Linux – KVM Guest LVM Disk Resize


[[email protected] ~]# df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
1779856   1553320    138068  92% /
/dev/vda1               101086     40798     55069  43% /boot
tmpfs                   513060         0    513060   0% /dev/shm
[[email protected] ~]# vgscan
Reading all physical volumes.  This may take a while...
Found volume group "VolGroup00" using metadata type lvm2
[[email protected] ~]# fdisk /dev/vda
vda   vda1  vda2
[[email protected] ~]# fdisk /dev/vda

Command (m for help): p

Disk /dev/vda: 4219 MB, 4219469824 bytes
255 heads, 63 sectors/track, 512 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot      Start         End      Blocks   Id  System
/dev/vda1   *           1          13      104391   83  Linux
/dev/vda2              14         382     2963992+  8e  Linux LVM

Command (m for help): d
Partition number (1-4): 2

Command (m for help): p

Disk /dev/vda: 4219 MB, 4219469824 bytes
255 heads, 63 sectors/track, 512 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot      Start         End      Blocks   Id  System
/dev/vda1   *           1          13      104391   83  Linux

Command (m for help): n
Command action
e   extended
p   primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (14-512, default 14):
Using default value 14
Last cylinder or +size or +sizeM or +sizeK (14-512, default 512):
Using default value 512

Command (m for help): p

Disk /dev/vda: 4219 MB, 4219469824 bytes
255 heads, 63 sectors/track, 512 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot      Start         End      Blocks   Id  System
/dev/vda1   *           1          13      104391   83  Linux
/dev/vda2              14         512     4008217+  83  Linux

Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 8e
Changed system type of partition 2 to 8e (Linux LVM)

Command (m for help): p

Disk /dev/vda: 4219 MB, 4219469824 bytes
255 heads, 63 sectors/track, 512 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot      Start         End      Blocks   Id  System
/dev/vda1   *           1          13      104391   83  Linux
/dev/vda2              14         512     4008217+  8e  Linux LVM

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table.
The new table will be used at the next reboot.
Syncing disks.
[[email protected] ~]# reboot

Broadcast message from root (pts/0) (Sat Sep 15 23:36:59 2012):

The system is going down for reboot NOW!
[[email protected] ~]# Connection to pbx01.mil1.wide-net.org closed by remote host.
Connection to pbx01.mil1.wide-net.org closed.
[[email protected] ~]$

 

 

[[email protected] ~]# pvdisplay
--- Physical volume ---
PV Name               /dev/vda2
VG Name               VolGroup00
PV Size               2.83 GB / not usable 14.52 MB
Allocatable           yes
PE Size (KByte)       32768
Total PE              90
Free PE               26
Allocated PE          64
PV UUID               3KFfOG-kfJZ-hNtT-0vo5-Lpzk-4iMR-rMmLzH

[[email protected] ~]# pvresize /dev/vda2
Physical volume "/dev/vda2" changed
1 physical volume(s) resized / 0 physical volume(s) not resized
[[email protected] ~]# pvdisplay
--- Physical volume ---
PV Name               /dev/vda2
VG Name               VolGroup00
PV Size               3.82 GB / not usable 10.09 MB
Allocatable           yes
PE Size (KByte)       32768
Total PE              122
Free PE               58
Allocated PE          64
PV UUID               3KFfOG-kfJZ-hNtT-0vo5-Lpzk-4iMR-rMmLzH

[[email protected] ~]# lvdisplay
--- Logical volume ---
LV Name                /dev/VolGroup00/LogVol00
VG Name                VolGroup00
LV UUID                f134eo-A1TY-mj72-g16E-oBnl-fnNM-4hULDC
LV Write Access        read/write
LV Status              available
# open                 1
LV Size                1.75 GB
Current LE             56
Segments               2
Allocation             inherit
Read ahead sectors     auto
- currently set to     256
Block device           252:0

--- Logical volume ---
LV Name                /dev/VolGroup00/LogVol01
VG Name                VolGroup00
LV UUID                1gNpNl-ypNO-bj4a-Gsyb-eGnS-UcFh-Rbocfj
LV Write Access        read/write
LV Status              available
# open                 1
LV Size                256.00 MB
Current LE             8
Segments               1
Allocation             inherit
Read ahead sectors     auto
- currently set to     256
Block device           252:1

[[email protected] ~]# lvresize /dev/VolGroup00/LogVol00 -l +1
Extending logical volume LogVol00 to 3.59 GB
Insufficient free space: 1 extents needed, but only 0 available
[[email protected] ~]# resize2fs /dev/VolGroup00/LogVol00
resize2fs 1.39 (29-May-2006)
Filesystem at /dev/VolGroup00/LogVol00 is mounted on /; on-line resizing required
Performing an on-line resize of /dev/VolGroup00/LogVol00 to 933888 (4k) blocks.
The filesystem on /dev/VolGroup00/LogVol00 is now 933888 blocks long.

[[email protected] ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
3.5G  1.5G  1.8G  46% /
/dev/vda1              99M   40M   54M  43% /boot
tmpfs                 502M     0  502M   0% /dev/shm
[[email protected] ~]# reboot

Broadcast message from root (pts/0) (Sat Sep 15 23:43:32 2012):

The system is going down for reboot NOW!
[[email protected] ~]#

Lotus Domino server linux process 100% CPU usage

There was a kernel change from version 2.6.x that causes statistics to suck 100% of CPU, even though the system is lightly loaded, that cause a server crash when loading platform statistics

You can disable this feature by adding this to your notes.ini and restarting the Domino server.
PLATFORM_STATISTICS_DISABLED=1

OpenSSL – client connect

Memo for testing ssl/startls connection:

StarTLS:

[[email protected] ~]$ openssl s_client -connect mail.wide-net.org:25 -starttls smtp
CONNECTED(00000003)

[...]

Verify return code: 0 (ok)
---
220 srv01.mil1.wide-net.org ESMTP - Life is short talk fast!

SSL:

[[email protected] ~]$ openssl s_client -connect mail.wide-net.org:465

CONNECTED(00000003)

[...]

Verify return code: 0 (ok)
---
220 srv01.mil1.wide-net.org ESMTP - Life is short talk fast!

Linux RHEL – Change hostname

3 step for change hostname to RHEL Linux:

1. edit: /etc/hosts
127.0.0.1 srv03.mil1.wide-net.org localhost.localdomain localhost

2. edit: /etc/sysconfig/network
HOSTNAME=srv03.mil11.wide-net.org

3. past into kernel new hostname
echo "srv03.mil1.wide-net.org" > /proc/sys/kernel/hostname

Or

sysctl kernel.hostname=srv03.mil1.wide-net.org

Consider a restart net services /etc/init.d/network restart but is not strictly required.

Stupid Ubuntu – Grub recovery on RAID

I definitely hate Ubuntu, is not linux.

[email protected]:~# cd /mnt
[email protected]:/mnt# mkdir md1
[email protected]:/mnt# mount /dev/md1 /mnt/md1/
[email protected]:~# mount -o bind /sys /mnt/md1/sys
[email protected]:~# mount -o bind /dev /mnt/md1/dev
[email protected]:~# mount -o bind /proc /mnt/md1/proc
[email protected]:~# chroot /mnt/md1 /bin/bash

[email protected]:~# ls -l /dev/disk/by-uuid/
total 0
lrwxrwxrwx 1 root root 9 2012-02-05 11:00 455c4bdc-37d5-46ef-bb8b-d5b50c9e4e9a -> ../../md1

[email protected]:/# vim /boot/grub/grub.cfg

[email protected]:/# update-grub
Generating grub.cfg ...
Found linux image: /boot/vmlinuz-2.6.32-33-generic-pae
Found initrd image: /boot/initrd.img-2.6.32-33-generic-pae
Found linux image: /boot/vmlinuz-2.6.32-28-generic-pae
Found initrd image: /boot/initrd.img-2.6.32-28-generic-pae
Found memtest86+ image: /boot/memtest86+.bin
done
[email protected]:/# grub-install /dev/sda
Installation finished. No error reported.
[email protected]:/# grub-install --recheck /dev/sda
Installation finished. No error reported.

[email protected]:/# cfdisk /dev/sda

Linux – Google Earth

[[email protected] ~]$ /opt/google/earth/free/google-earth
Google Earth appears to be running already. Please kill the
existing process, or delete /home/leo/.googleearth/instance-running-lock if this is an error.
[[email protected] ~]$ rm /home/leo/.googleearth/instance-running-lock
[[email protected] ~]$ /opt/google/earth/free/google-earth

Linux – IBM LinTape driver

If you need to user ibm lto tape drive inside IBM, Adic, Dell tapelibrary, with Tivoli Storage Manager is necessary to use

Download latest driver from IBM Fixcentral:
Storage Systems => Tape Systems => Tape device drivers and software => Linux

Get two two RPMs (my system is an RHEL 5 on 32bit hardware) :
lin_tape-1.61.0-1.src.rpm <== Kernel module
lin_taped-1.61.0-rhel5.i386.rpm <== Binary services

First step, rebuild the source:

# rpmbuild --rebuild lin_tape-1.61.0-1.src.rpm

Installing lin_tape-1.61.0-1.src.rpm
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.625
+ umask 022
+ cd /usr/src/redhat/BUILD
+ cd /usr/src/redhat/BUILD
+ rm -rf lin_tape-1.61.0
+ /bin/gzip -dc /usr/src/redhat/SOURCES/lin_tape-1.61.0.tgz
[cut]
Wrote: /usr/src/redhat/RPMS/i386/lin_tape-1.61.0-1.i386.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.18792
+ umask 022
+ cd /usr/src/redhat/BUILD
+ cd lin_tape-1.61.0
+ rm -rf /var/tmp/lin_tape-1.61.0-1-root-root
+ exit 0
Executing(--clean): /bin/sh -e /var/tmp/rpm-tmp.18792
+ umask 022
+ cd /usr/src/redhat/BUILD
+ rm -rf lin_tape-1.61.0
+ exit 0

Second step, install all:

# rpm -Uhv /usr/src/redhat/RPMS/i386/lin_tape-1.61.0-1.i386.rpm
# rpm -Uhv lin_taped-1.61.0-rhel5.i386.rpm

Last step, start service and check for the probed devices:

# /etc/init.d/lin_tape start

# cat /proc/scsi/IBM*
lin_tape version: 1.61.0
lin_tape major number: 253
Attached Changer Devices:
Number model SN HBA SCSI FO Path
lin_tape version: 1.61.0
lin_tape major number: 253
Attached Tape Devices:
Number model SN HBA SCSI FO Path
0 ULTRIUM-TD2 1110274799 Adaptec 29160B Ultra160 SCSI 2:0:1:0 NA
1 ULTRIUM-TD2 1110275058 Adaptec 29160B Ultra160 SCSI 2:0:2:0 NA

NetworkManager modifies /etc/hosts

There is an annoying bug (or feature depends on point of view) every restart/reconnect managed by NetworkManager, restore the original /etc/hosts loaded on startup. I’ve made a 3 line script inspired by visudo to manual edit the hosts file and prevent the other unexpected modifies:

File like (with +x attribute): /usr/sbin/vihosts

#!/bin/sh
sudo chattr -i /etc/hosts
sudo vim /etc/hosts
sudo chattr +i /etc/hosts

Citrix – ICAClient issue on Linux REHL6

Another stupid Citrix ICAClient issue on Redhat linux:

[[email protected] ~]$ /usr/lib/ICAClient/wfcmgr -icaroot /usr/lib/ICAClient
Warning: Missing charsets in String to FontSet conversion
Warning: Missing charsets in String to FontSet conversion
Warning: Unable to load any usable fontset
Error: Aborting: no fontset found

Solution 1 force language C (my favourite for any lang problems):

[[email protected] ~]$ export LANG=C

Solution 2 remove charset cjkuni:

[[email protected] ~]$ sudo yum remove cjkuni*
Loaded plugins: priorities, product-id, refresh-packagekit, rhnplugin, subscription-manager
Updating Red Hat repositories.
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package cjkuni-fonts-common.noarch 0:0.2.20080216.1-34.el6 will be erased
---> Package cjkuni-fonts-ghostscript.noarch 0:0.2.20080216.1-34.el6 will be erased
---> Package cjkuni-ukai-fonts.noarch 0:0.2.20080216.1-34.el6 will be erased
---> Package cjkuni-uming-fonts.noarch 0:0.2.20080216.1-34.el6 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================
Removing:
cjkuni-fonts-common noarch 0.2.20080216.1-34.el6 @anaconda-RedHatEnterpriseLinux-201105101829.i386/6.1 0.0
cjkuni-fonts-ghostscript noarch 0.2.20080216.1-34.el6 @rhel-i386-workstation-6 6.2 k
cjkuni-ukai-fonts noarch 0.2.20080216.1-34.el6 @rhel-i386-workstation-6 17 M
cjkuni-uming-fonts noarch 0.2.20080216.1-34.el6 @anaconda-RedHatEnterpriseLinux-201105101829.i386/6.1 21 M

Transaction Summary
=============================================================================================================================
Remove 4 Package(s)

Installed size: 37 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Erasing : cjkuni-fonts-ghostscript-0.2.20080216.1-34.el6.noarch 1/4
Erasing : cjkuni-ukai-fonts-0.2.20080216.1-34.el6.noarch 2/4
Erasing : cjkuni-uming-fonts-0.2.20080216.1-34.el6.noarch 3/4
Erasing : cjkuni-fonts-common-0.2.20080216.1-34.el6.noarch 4/4

duration: 336(ms)
Installed products updated.

Removed:
cjkuni-fonts-common.noarch 0:0.2.20080216.1-34.el6 cjkuni-fonts-ghostscript.noarch 0:0.2.20080216.1-34.el6
cjkuni-ukai-fonts.noarch 0:0.2.20080216.1-34.el6 cjkuni-uming-fonts.noarch 0:0.2.20080216.1-34.el6

Complete!
[[email protected] ~]$

Linux – Multicast DVB-S router for EUMETCast

This simple script transform a linux box into a DVB-S Satellite router to receive data from Eurobird 9E used by EUMETSAT to redistribute weather satellite image.

REQUIRE:
DVB Tools
SMCroute
PCI Card supported by Linux/DVB Tools (ex. Skystar 2)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
#!/bin/bash
####################################################################
#								   #	
# Leonardo Rizzi 						   #
# Late night 24/04/2010						   #
# Revision 1.0							   #
# Tune DVB-S pci card for Eurobird 9E shifted from 13E Hotbird     #
# Tune, set net PID, Enable multicasting ecc. ecc. blah blah buuuu #
#								   #	
####################################################################
 
#Globalvar
DTUNE="/usr/bin/dvbtune"
DNET="/usr/bin/dvbnet"
MROUTE="/usr/sbin/smcroute"
IFCONFIG="/sbin/ifconfig"
 
SERVICE="eumetsat"
 
#Set dvbcard 0-3
INT="0"
 
#Set multicast forwarding interface and ip (by default TelliCast bind on 192.168.238.238)
MINT="eth1"
MIP="192.168.238.238"
 
#Set absolute frequency in Hz
FREQ=11977000
 
#Set polarization
POL=H
 
#Set symbol rate
SYR=27500
 
#Set PID one space for value separation
PID="100 300 301 302 500 509 510 511"
 
 
#Begin start!!
 
case "$1" in
  start)
  	# Pre-Start check
 
  	test -x $DTUNE || { echo "$DTUNE not installed or not configured properly";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 5; fi; }
 
        test -x $DNET || { echo "$DNET not installed or not configured properly";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 5; fi; }
 
        test -x $MROUTE || { echo "$MROUTE not installed or not configured properly";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 5; fi; }
 
        test -x $IFCONFIG || { echo "$IFCONFIG not installed or not configured properly";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 5; fi; }
 
        test -d /dev/dvb/adapter$INT || { echo "DVB$INT device not installed or not configured properly";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 5; fi; }
 
 
	# Tuning the dvb frequency 
	echo ""
	echo "Tune the satellite donwlink on interface ${INT}"
	${DTUNE} -c ${INT} -f ${FREQ} -p ${POL} -s ${SYR} -m >/dev/null 2>&1 &
 
	# Set address on local forwarding interface and bring it up
	echo ""
	echo "Set multicast forwarding interface ${MINT}"
	${IFCONFIG} ${MINT} ${MIP} multicast up
 
	# Set PID on active dvb interface
	echo ""
	echo "Set net interface for listed PID:"
	for i in ${PID}
	do
	echo "Bring up PID $i"
	${DNET} -a ${INT} -p $i>/dev/null 2>&1
	done
 
	# Set address on dvbs interfaces and bring it up
	echo ""
	echo "Set net interface up:"
	for ii in {0..7}
	do
	echo "Bring up dvb net interface $ii"
	${IFCONFIG} dvb${INT}_$ii 192.168.22$ii.238 up >/dev/null 2>&1
	done
 
	# Start multicast router
	echo ""
	echo "Enable Multicast Router"
	${MROUTE} -d
 
	#PID 100 multicast forward
	echo "Set multicast for PID 100"
	${MROUTE} -a dvb0_0 192.168.1.1 224.223.222.34 ${MINT}
	${MROUTE} -a dvb0_0 192.168.1.1 224.223.222.36 ${MINT}
	${MROUTE} -a dvb0_0 192.168.1.1 224.223.222.40 ${MINT}
	${MROUTE} -a dvb0_0 192.168.1.1 224.223.222.223 ${MINT}
 
	#PID 300 multicast forward
	echo "Set multicast for PID 300"
	${MROUTE} -a dvb0_1 192.168.1.1 224.223.222.21 ${MINT}
	${MROUTE} -a dvb0_1 192.168.1.1 224.223.222.31 ${MINT}
	${MROUTE} -a dvb0_1 192.168.1.1 224.223.222.32 ${MINT}
	${MROUTE} -a dvb0_1 192.168.1.1 224.223.222.37 ${MINT}
	${MROUTE} -a dvb0_1 192.168.1.1 224.223.222.226 ${MINT}
	${MROUTE} -a dvb0_1 192.168.1.1 224.223.222.252 ${MINT}
	${MROUTE} -a dvb0_1 192.168.1.1 224.223.222.253 ${MINT}
 
	#PID 301 multicast forward
	echo "Set multicast for PID 301"
	${MROUTE} -a dvb0_2 192.168.1.1 224.223.222.23 ${MINT}
	${MROUTE} -a dvb0_2 192.168.1.1 224.223.222.33 ${MINT}
	${MROUTE} -a dvb0_2 192.168.1.1 224.223.222.38 ${MINT}
	${MROUTE} -a dvb0_2 192.168.1.1 224.223.222.39 ${MINT}
	${MROUTE} -a dvb0_2 192.168.1.1 224.223.222.35 ${MINT}
	${MROUTE} -a dvb0_2 192.168.1.1 224.223.222.227 ${MINT}
	${MROUTE} -a dvb0_2 192.168.1.1 224.223.222.251 ${MINT}
 
	#PID 302 multicast forward
	echo "Set multicast for PID 302"
	${MROUTE} -a dvb0_3 192.168.1.1 224.223.222.25 ${MINT}
 
	#PID 500 multicast forward
	echo "Set multicast for PID 500"
	${MROUTE} -a dvb0_4 192.168.1.1 224.223.222.1 ${MINT}
	${MROUTE} -a dvb0_4 192.168.1.1 224.223.222.22 ${MINT}
	${MROUTE} -a dvb0_4 192.168.1.1 224.223.222.28 ${MINT}
	${MROUTE} -a dvb0_4 192.168.1.1 224.223.222.27 ${MINT}
	${MROUTE} -a dvb0_4 192.168.1.1 224.223.222.29 ${MINT}
	${MROUTE} -a dvb0_4 192.168.1.1 224.223.222.30 ${MINT}
 
	#PID 509 multicast forward
	echo "Set multicast for PID 509"
	${MROUTE} -a dvb0_5 192.168.1.1 224.223.222.248 ${MINT}
	${MROUTE} -a dvb0_5 192.168.1.1 224.223.222.249 ${MINT}
	${MROUTE} -a dvb0_5 192.168.1.1 224.223.222.250 ${MINT}
 
	#PID 510 multicast forward
	echo "Set multicast for PID 510"
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.231 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.232 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.233 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.234 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.235 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.236 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.237 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.239 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.240 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.242 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.243 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.244 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.245 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.246 ${MINT}
	${MROUTE} -a dvb0_6 192.168.1.1 224.223.222.247 ${MINT}
 
	sleep 5
	;;
 
  stop)
	# Stopping the dvb card
	echo ""
	echo "Stopping Satellite Downlink"
	killall dvbtune >/dev/null 2>&1
 
	echo ""
	echo "Stopping Multicast Routing"
	# Stopping Multicast Router
	${MROUTE} -k
 
	# Disable dvbs interfaces and remove active PID
	echo ""
	echo "Shutting down DVB-S interfaces"
	for iii in {0..7}
	do
	/sbin/ifconfig dvb0_$iii down >/dev/null 2>&1
	${DNET} -d $iii >/dev/null 2>&1
	done
 
	# Remove and disable multicasting forwarding interface
	echo ""
	echo "Shutting down multicasting forwarding interface"
	${IFCONFIG} ${MINT} del ${MIP} multicast
	${IFCONFIG} ${MINT} down
 
	;;
 
  restart)
 
	$0 stop
	$0 start
	;;
 
  status)
 
  	PID1='pidof dvbtune'
  	echo ""
  	echo "Tuning subsystem running at pid" $PID1
 
  	PID2='pidof smcroute'
  	echo ""
  	echo "Mulicast router running at pid" $PID2
 
	;;
 
  multicast)
 
  	echo "Multicasting Routing table:"
  	ip mroute show  
	;;
 
  *)
	echo "Usage: $0 [start|stop|restart|status|multicast]"
	;;
esac
 
exit;s

Omikey Cardman 4040 – Linux FC14

In this post I describe how to get works OMNIKEY Cardman 4040, a pcmcia smartcard reader/writer under Linux Ferdora 14 using manufacturer PC/SC driver.

1. Install the required packages:

[[email protected] ~]# yum install pcsc-lite openct opensc

2. Configure OpenSC

With PC/SC cardbus access OpenCT is useless but without that daemon, on every smartcard operational commad you get lot of this erros:

Error: can't open /var/run/openct/status: No such file or directory

Then to avoid (openct/opensc/pcscd) conflicts I prefer to disable openct framework like this:

Substitute into /etc/opensc.conf :

reader_drivers = openct, pcsc, ctapi;

With (if is not present, add this under “app default” context):

reader_drivers = pcsc, ctapi;

Stop OpenCT daemon:

[[email protected] ~]# /etc/init.d/openct stop

3. Install PC/SC driver

Download PC/SC driver for Linux form:

http://www.hidglobal.com/

Actual release is “ifdok_cm4040_lnx-2.0.0.tar.gz” this file contains a nice installer, but doesn’t work under fedora, then proceed manually:

[[email protected] ~]# tar -xvf ifdok_cm4040_lnx-2.0.0.tar.gz
[[email protected] ~]# cd ifdok_cm4040_lnx-2.0.0
[[email protected] ifdok_cm4040_lnx-2.0.0]# cp ifdok_cm4040_lnx-2.0.0.so /usr/lib/pcsc/drivers/

Create file: /etc/reader.conf.d/cardman4040.conf

With this content (adjust that if you have more that one pcmcia slot) :

#
# Configuration file for CardMan 4040 smartcard reader.
#
FRIENDLYNAME "OMNIKEY CardMan 4040 Socket 0"
DEVICENAME /dev/cmx0
LIBPATH /usr/lib/pcsc/drivers/ifdok_cm4040_lnx-2.0.0.so
CHANNELID 0

Now insert the smartcard reader into pcmcia slot and restart pcscd:

[[email protected] ~]# /etc/init.d/pcscd restart

4. Test the reader:

If all works fine you can get this output:

[[email protected] ~]# opensc-tool -l
Readers known about:
Nr. Driver Name
0 pcsc OMNIKEY CardMan 4040 Socket 0 00 00
[[email protected] ~]#

Now the reader is ready to use.

Citrix – ICAClient issue on Linux FC13

If you are using Citrix ICA Client (v.11.100) on Linux specially Fedora 13 after “java-1.6.0-openjdk” update the following dependencies will be installed:

baekmuk-ttf-batang-fonts                             2.2-29.fc13
baekmuk-ttf-dotum-fonts                              2.2-29.fc13
baekmuk-ttf-fonts-common                             2.2-29.fc13
baekmuk-ttf-gulim-fonts                              2.2-29.fc13
baekmuk-ttf-hline-fonts                              2.2-29.fc13
cjkuni-ukai-fonts                                    0.2.20080216.1-42.fc13
cjkuni-uming-fonts                                   0.2.20080216.1-42.fc13
lohit-malayalam-fonts                                2.4.4-5.fc13
sazanami-fonts-common                                0.20040629-14.fc13
sazanami-gothic-fonts                                0.20040629-14.fc13
sazanami-mincho-fonts                                0.20040629-14.fc13

After this updates ICAClient stops working with flollowing error:


Warning:
Name: FONTLIST_DEFAULT_TAG_STRING
Class: XmRendition
Conversion failed.  Cannot load font.

The problem was located under “sazanami-mincho-fonts”

I’ve no time to fix fontpath problem in this stupid application developed in motif, then my little workaround was:

Blacklist package under /etc/yum.conf

exclude=sazanami-mincho-fonts*

If you are already installed:

[[email protected] leo]# rpm -e --nodeps  sazanami-mincho-fonts

Linux – Removing all IP information from an interface

If an interface has already had IP addresses assigned to it, and all of the addresses need to be removed (along with their routes), there is one handy command to accomplish all of these tasks. ip address flush takes an interface name as an argument. Let’s look at the output of ip address show just before and just after removing all IPs.

[[email protected]]# ip address show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:f8:4a:51 brd ff:ff:ff:ff:ff:ff
inet 192.168.99.35/24 brd 192.168.99.255 scope global eth0
inet 192.168.99.37/24 brd 192.168.99.255 scope global secondary eth0:0
[[email protected]]# ip address flush
Flush requires arguments.
[[email protected]]# ip address flush dev eth0
[[email protected]]# ip address show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:f8:4a:51 brd ff:ff:ff:ff:ff:ff

CentOS – IPv6 interface

You need to update and configure following files for IPv6 configuration:

1. Edit: /etc/sysconfig/network

And append following line, to enable in systemwide the ipv6 protocol:

NETWORKING_IPV6=yes

2. Edit: /etc/sysconfig/network-scripts/ifcfg-eth1 (or your interface number)

And append following line, to enable ipv6 on interface and the address/gateway if you use static routing:

IPV6INIT=yes
IPV6ADDR=2001:1418:0193:000B::210
IPV6_DEFAULTGW=2001:1418:0193:000B::251

Save, close and restart network service:

# service network restart

Debian – Kernel Headers

Memo: Install linux-header package

# apt-get install linux-headers-$(uname -r)

GRUB – Init Shell

Sometime in case of root password lost or file system corruption, you need to boot system with simple shell, skipping the init sequence.

1. At Grub prompt press ‘e’ to edit command before booting.

2. Select ‘kernel’ line

3. Press ‘e’ again to edit selected command

4. Type follow at end of the line: init=/bin/bash (or sh)

5. Press ‘b’ to boot system

6. Now you are at shell prompt. Enjoy

Linux – dmidecode

dmidecode is a tool for dumping a computer’s DMI (some say SMBIOS) table contents in a human-readable format. This table contains a description of the system’s hardware components, as well as other useful pieces of information such as serial numbers and BIOS revision.
If you like to see which memory banks is in use and what the ram module sizes, you simply call dmidecode with memory parameter.

# dmidecode -t memory

dmidecode also gives you information about your system’s cache, bios and cpu.
Here is a sample output for processor:

# dmidecode -t processor

information about your system cache

# dmidecode -t cache

bios information includes vendor of your bios and it’s version. Also, which devices are supported and which ones can be use for booting up your system.

# dmidecode -t bios

Securing “tmp” without repartition

1. First you should secure /tmp:

Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:

# dd if=/dev/zero of=/dev/tmpFS bs=1024 count=1000000
# /sbin/mkfs.ext3 /dev/tmpFS

Create a backup copy of your current /tmp drive:

# cp -Rpf /tmp /tmpbackup

Mount our new tmp parition and change permissions:

# mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
# chmod 1777 /tmp

Copy the old data:
cp -Rpf /tmpbackup/* /tmp/

If you run the mount command and you should get something like this:
/dev/tmpMnt on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)

Edit /etc/fstab and add this:

/dev/tmpMnt /tmp ext3 loop,nosuid,noexec,rw 0 0

Test your fstab entry:

# mount -o remount /tmp

You can test it runnig a script on /tmp partition, if you get “permission denied” it is fine :)

2. Secure /var/tmp:

It should be done because some applications use /var/tmp as the temporary folder, and anything that’s accessible by all, needs to be secured.

Rename it and create a symbolic link to /tmp:

# mv /var/tmp /var/tmp1
# ln -s /tmp /var/tmp

Copy the old data back:

# cp /var/tmpold/* /tmp/

Note: you should restart and services that uses /tmp partition

Debian NetInstall – Sparc

Per prima cosa è necessario avere un host linux nel mio caso Debian, e poi ovviamente una Sparc :)

Sull’host linux è necessario avere un server rarp e tftp quindi installiamo in questo modo:

vm01:~# apt-get install rarpd tftpd-hpa

Configuriamo rarpd, editando il seguente file /etc/ethers inserendo una riga con mac address della sparc (si può vedere appena accesa da OpenBoot):

XX:XX:XX:XX:XX:XX 192.168.xx.xx


Riavviamo per applicare le modifiche:

vm01:~# /etc/init.d/rarpd restart

OpenBoot all’avvio una volta ricevuto l’ip cercherà l’immagine nel tftp on notazione decimale, ammettendo che l’ip sia 192.168.101.9 effettuiamo la conversione in questo modo:

vm01:~# printf "%.2X%.2X%.2X%.2X\n" 192 168 101 9
C0A86509

Scarichiamo quindi l’immagine di netinstall di debian, e creiamo un link simbolico con la notazione decimale:

vm01:~# cd /var/lib/tftpboot
vm01:~# wget ftp://ftp.debian.org/debian/dists/stable/main/installer-sparc/current/images/netboot/boot.img
vm01:~# ln -s boot.img C0A86509

Successivamente da Sparc all’avvio, premere Stop-A o Break per mostrare il prompt di OpenBoot (“ok “) e digitare

boot net

Securing /dev/shm

Edit your /etc/fstab:

# vi /etc/fstab

change:

none /dev/shm tmpfs defaults,rw 0 0

to

none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Remount /dev/shm:

# mount -o remount /dev/shm

You can test it runnig a script on /dev/shm, if you get “permission denied” it is fine!

Iptables Flush

Full flush iptables script:

#!/bin/sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Extract files from DEB package

Some day ago, I wrote about RPM extraction, today I need content of DEB packcage, on the contrary of rpm systems debian package manager allow to extract natively by this command:

#dpkg-deb -x somepackage.i386.deb

But my problem is different, I not using Debian sytem, fortunately DEB files are “ar” archives, which contain three files:
– debian-binary
– control.tar.gz
– data.tar.gz

first, extract “ar” archive with this simple command:

# ar vx somepackage.i386.deb

then extract the contents of data.tar.gz using tar:

# tar -xzvf data.tar.gz

Or, if you want, you can made in one step:

# ar p somepackage.i386.deb data.tar.gz | tar zx

Extract files from RPM package

There is no direct RPM option available via rpm command to extract an RPM file. But there is a small utility available called rpm2cpio. It Extract cpio archive from RPM Package Manager (RPM) package.
Example extract RPM file using rpm2cpio and cpio command:

# rpm2cpio somepackage.x86_64.rpm | cpio -idmv

Output of rpm2cpio piped to cpio command with following options:
i: Restore archive
d: Create leading directories where needed
m: Retain previous file modification times when creating files
v: Verbose

Exim – Command

Some userfull Exim command:

exim -bp mailq — The mailq is relevant
as it gives your the email IDs.
exim -M emailID force delivery of one message
exim -qf Force another queue run
exim -qff Force another queue run and
attempt to flush frozen messages
exim -Mvl messageID View Log for message
exim -Mvb messageID View Body for message
exim -Mvh messageID View Header for message
exim -Mrm messageID ReMove message (no errors sent)
exim -Mg messageID Give up and fail message,
message bounces to sender

Watch – Exim Queue

Just in one line meno:

# watch -n 5 'exim -bp | exiqsumm |grep TOTAL'

BlackBerry – Full Wipe

Blackberry “Wipe-Handheld” command list:

=> Options menu
=> Security Options
=> General Settings
=> Menu
=> Wipe handheld
=> Enter password (“blackberry” by default or your security password)

OpenSSH – Generate server key

OpenSSH require different keys depending if you use SSH1 or SSH2 protocol. All keys are generated by “ssh-keygen” commad, that one should be available on your system with the ssh package. Default key lengths are also appropriate (2048 bits for rsa and 1024 bits for dsa)
For SSH1 protocol, you need a rsa1 key generated has follow:

# ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1

For SSH2 protocol, you need two keys, one rsa key and one dsa key generated has follow:

# ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
# ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

Asterisk – Eutelia SIP

Questo risulta essere un argomento un po’ delicato sopratutto sconsigliato a chi non ha un minimo di dimestichezza con asterisk, dal momento che non mi dilunghero troppo in spiegazioni sul funzionamento ma darò indicazioni essenziali e basta.

Chiunque abbia provato ad usare asterisk su eutelia una volta skypho è sicuramente incappato in qualche problema sia sulla parte di registrazione sia sulla parte di streaming dei flussi rtp, la spiegazione di tutto ciò è abbastanza semplice eutelia appoggia il sistema sip che distribuisce ai cliente utilizzando il Cisco SIP Gateway, lo si può capire velocemente facendo debug. Questa soluzione spesso non è molto propensa a dialogare con asterik in modo standard, pertanto se state usando interfacce GUI o soluzioni embedded potete smettere di leggere perchè la maggior parte delle volte è impossibile uscire dagli schemi imposti.

Ora il problema:
capita che registrando due o più trunk con numerazione in ingresso nonostante la definizione di context diversi per ogni numero, la chiamata diretta a numeri differenti segua sempre la stessa strada anche definendo DID e non facendo Catchall sul trunk/context stesso; questo succede perchè tutto il flusso in arrivo da eutelia viene riconosciuto e inoltrato sul primo trunk che si registra presso il gateway.
Fra le possibili soluzioni ci sarebbe avere un ip pubblico per trunk oppure come letto in giro per la rete modificare la porta da 5060 a 5061 e così via.. Certo sono soluzioni possibili ma per niente pratiche e a volte poco stabili.

La soluzione testata e affidabile usando 4 trunk è la seguente:
-premessa sullo scenario nel mio caso il pbx è nattato utilizzando un ip pubblico statico, ma la stessa soluzione è testata anche su un pbx con ip pubblico in routing senza nat.
-nelle configurazioni i numeri sono oscurati ommettendo le ultime tre cifre con XXX e al posto delle password è inserita la parola “mysecret”

Prima cosa definiamo il trunk e il context principale nel file /etc/asterisk/users.conf qui è importante definire il primo trunk o quello preferito per le chiamate in uscita dato che lo stesso context può essere usato anche per quello.

[eutelia]
type = friend
srvlookup = yes
realm = voip.eutelia.it
username = 0245071XXX
secret = mysecret
fromuser = 0245071XXX
fromdomain=voip.eutelia.it
qualify = yes
insecure = port,invite
host = voip.eutelia.it
context = from-eutelia
nat = yes
canreinvite = no
disallow = all
allow = ulaw
allow = alaw
useragent=Asterisk_Eut

Successivamente definiamo la registrazione dei numeri aggiuntivi nel file /etc/asterisk/sip.conf:

register => 0245071XXX:[email protected]/0245071XXX
register => 0245072XXX:[email protected]/0245072XXX
register => 0245073XXX:[email protected]/0245073XXX
register => 0245074XXX:[email protected]/0245074XXX

Ora l’ultima fase definiamo dove far andare le chiamate e dove farle uscire, questo nel file /etc/asterisk/extensions.conf

#DID in ingresso dal context di eutelia qui definiamo dove dirottare le chiamate, nel primo esempio vanno ad un gruppo di chiamata, nel secondo ad un voice menu, nel terzo ad un exetension SCCP e infine nel quarto ad un extension SIP

[from-eutelia]
exten => 0245071XXX,1,GoTo(ringroup1,s,1)
exten => 0245072XXX,1,GoTo(voicemenu1,s,1)
exten => 0245073XXX,1,Dial(SCCP/114)
exten => 0245074XXX,1,Dial(SIP/112)

Ora per definire le chiamate in uscita dovete andare nel vostro context principale in cui sono definite le regole per le extension e il dialplan, tipicamente lo riconoscete perché è quello definito nel file user all’interno delle singole extension, nel mi caso di chiama “DialPlan01”

#Questo formato inoltra qualsiasi chiamata preceduta dal condice di impegno della linea “0” sul trunk eutelia ovviamente rimuovenlo prima dell’inoltro:

[DialPlan01]
exten = _0.,1,Dial(SIP/eutelia/${EXTEN:1})
exten => 112,1,dial(SIP/112)
exten => 114,1,dial(SCCP/114)

Ammetto che lo “0” per l’impegno delle linee è una cosa abbastanza antiquata derivata dai vecchi pbx a cui in parte sono ancora affezzionato, è possibile benissimo definirla in questo modo:

exten = _.,1,Dial(SIP/eutelia/${EXTEN})

In modo che tutte le chiamate non locali vengano inoltrate direttemente sul trunk.

Miaoo – Tomcat su Debian

Breve draft su come installare tomcat su debian, in questo caso lenny, le versioni dei pacchetti potrebbero cambiare ma il risultato finale è quello.

Partiamo installando quello che ci serve:

#apt-get install tomcat5.5 tomcat5.5-admin sun-java5-jdk tomcat5.5-webapps

Attenzione, se l’installazione debian di default sicuramente non trovo il java jdk, è necessario quindi aggiungere il repository non-free, in apt editando in questo modo: /etc/apt/source.list

deb http://your-mirror-url/debian/ lenny main non-free
deb-src http://your-mirror-url/debian/ lenny main non-free

Configurare il sistema per utilizzare java

srv01#update-alternatives --config java

There are 2 alternatives which provide ‘java’.

Selection Alternative
———————————————–
1 /usr/lib/jvm/java-1.5.0-sun/jre/bin/java
*+ 2 /etc/alternatives/kaffe-system/bin/java

Press enter to keep the default[*], or type selection number:

digitiamo 1 per attivare /usr/lib/jvm/java-1.5.0-sun/jre/bin/java

Definiamo il runtime java specifico installato e reso di default nel sistema come da step precendenti, editando il file /etc/default/tomcat5.5 e aggiungendo:

JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun/

Definiamo ora gli utenti per l’interffaccia di gestione editando il file /var/lib/tomcat5.5/conf/tomcat-users.xml e creando una struttura simile:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="standard"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="tomcat" password="pwd" roles="tomcat,admin"/>
<user username="both" password="pwd" roles="tomcat,role1"/>
<user username="role1" password="pwd" roles="role1"/>
<user username="leo" password="pwd" fullName="leonardo" roles="standard"/>
<user username="manager" password="pwd" fullName="" roles="manager"/>
</tomcat-users>

In questo caso sono definiti 3 utenti, due principali e uno definito dall’utente (manager, admin, leo)

Fatto questo avviamo tomcat o riavviamolo se già attivo:

srv01#/etc/init.d/tomcat5.5 start o restart

Di default il server è in ascolto sulla porta 8180 quindi per accedere andare all’indirizzo:

http://ipserver:8180/

Nota: nel mio caso ho usato il pacchetto jdk5 che contiene il java 1.5.0 è disponibile anche a scelta il pacchetto 1.6.0 ovviamente di chiama jdk6

SCSI R.I.P.

During a raining night..

Syslog tail:

Jul 18 03:02:18 pbx01 kernel: [265460.092056] >>>>>>>>> Dump Card State Begins <<<<<<<<
Jul 18 03:02:18 pbx01 kernel: [265460.092059] scsi0: Dumping Card State in Command phase,/
at SEQADDR 0x157
Jul 18 03:02:18 pbx01 kernel: [265460.092063] Card was paused
[cut]
Jul 18 03:02:18 pbx01 kernel: [265460.092511] Pending list:
Jul 18 03:02:18 pbx01 kernel: [265460.092514] 6 SCB_CONTROL[0x60]:(TAG_ENB|DISCENB)
Jul 18 03:02:18 pbx01 kernel: [265460.092521] SCB_SCSIID[0x7] SCB_LUN[0x0]
Jul 18 03:02:18 pbx01 kernel: [265460.092526] 2 SCB_CONTROL[0x74]: /
(DISCONNECTED|MK_MESSAGE|TAG_ENB|DISCENB)
Jul 18 03:02:18 pbx01 kernel: [265460.092534] SCB_SCSIID[0x7] SCB_LUN[0x0]
Jul 18 03:02:18 pbx01 kernel: [265460.092539] 3 SCB_CONTROL[0x0] SCB_SCSIID[0x7] SCB_LUN[0x0]
Jul 18 03:02:18 pbx01 kernel: [265460.092547] Kernel Free SCB list: 7 1 4 5 11 10 9 8
Jul 18 03:02:18 pbx01 kernel: [265460.092556]
Jul 18 03:02:18 pbx01 kernel: [265460.092558] <<<<<<<<< Dump Card State Ends >>>>>>>>>
Jul 18 03:02:18 pbx01 kernel: [265460.092570] scsi0:0:0:0: Cmd aborted from QINFIFO
Jul 18 03:02:18 pbx01 kernel: [265460.092579] aic7xxx_abort returns 0x2002
Jul 18 03:02:18 pbx01 kernel: [265460.092590] sd 0:0:0:0: [sda] Attempting to queue a TARGET RESET message
Jul 18 03:02:18 pbx01 kernel: [265460.092594] CDB: 0x2a 0x0 0x0 0x5a 0xf3 0xbc 0x0 0x0 0x8 0x0
Jul 18 03:02:18 pbx01 kernel: [265460.092604] aic7xxx_dev_reset returns 0x2003
Jul 18 03:02:18 pbx01 kernel: [265460.092655] Recovery SCB completes
Jul 18 03:02:18 pbx01 kernel: [265460.092696] Recovery SCB completes
pbx01:/#
pbx01:/# Timeout, server not responding.
leobook2-w:~ leonardorizzi$

Ouch!

ProFTP(D) – Ident Lookups

Visto che mi è capitato e mi dimentico sempre, proftpd nell’installazione standard (Debian per capirci) è attivo di defaultl l’ident del client, quindi colpa del reverse o colpa dei dns mal configurati la connessione risulta parecchio lenta nella fase di autenticazione.

Per risolvere:

#/etc/proftpd/proftpd.conf
IdentLookups no

Linux – Iftop

iftop command listens to network traffic on a named network interface, or on the first interface it can find which looks like an external interface if none is specified, and displays a table of current bandwidth usage by pairs of hosts. iftop is a perfect tool for remote Linux server over ssh session.

iftop must be run by the root or the user who has sufficient permissions to monitor all network traffic on the network interface.
Type iftop command at tge shell prompt to display traffic:

# iftop


However, iftop works best when you use filters. For example, if you want to find out how much bandwidth users are wasting or trying to figure out why the network is slow,

# iftop -f icmp

You can display or analyses packet flowing in and out of the 192.168.1.0/24 network:

# iftop -F 192.168.1.0/24

Disable output for DNS traffic by using filter code such as:

# iftop -f 'not port domain'

iftop has many options read man page for further information.

Linux – Send mail from command line

The Linux command line can be very powerful once you know how to use it. You can parse data, monitor

Mutt:
One of major drawbacks of using the mail command is that it does not support the sending of attachments. mutt, on the other hand, does support it. I’ve found this feature particularly useful for scripts that generate non-textual reports or backups which are relatively small in size which I’d like to backup elsewhere. Of course, mutt allows you to do a lot more than just send attachments. It is a much more complete command line mail client than the “mail” command. Right now we’ll just explore the basic stuff we might need often. Here’s how you would attach a file to a mail:

# echo "Sending an attachment." | mutt -a backup.zip -s "attachment" [email protected]

This command will send a mail to [email protected] with the subject (-s) “attachment”, the body text “Sending an attachment.”, containing the attachment (-a) backup.zip. Like with the mail command you can use the “-c” option to mark a copy to another mail id.
Shell scripting:
Now, with the basics covered you can send mails from your shell scripts. Here’s a simple shell script that gives you a reading of the usage of space on your partitions and mails the data to you.

#!/bin/bash
df -h | mail -s "disk space report" [email protected]

Save these lines in a file on your Linux server and run it. You should receive a mail containing the results of the command. If, however, you need to send more data than just this you will need to write the data to a text file and enter it into the mail body while composing the mail. Here’s and example of a shell script that gets the disk usage as well as the memory usage, writes the data into a temporary file, and then enters it all into the body of the mail being sent out:

#!/bin/bash
df -h > /tmp/mail_report.log
free -m >> /tmp/mail_report.log
mail -s "disk and RAM report" [email protected] < /tmp/mail_report.log

Now here’s a more complicated problem. You have to take a backup of a few files and mail then out. First the directory to be mailed out is archived. Then it is sent as an email attachment using mutt. Here’s a script to do just that:

#!/bin/bash
tar -zcf /tmp/backup.tar.gz /home/leo/files
echo | mutt -a -s /tmp/backup.tar.gz "daily backup of data" [email protected]

The echo at the start of the last line adds a blank into the body of the mail being set out.

Debian – Service startup

Under Debian Linux startup files are stored in /etc/init.d/ directory and symbolic linked between /etc/rcX.d/ directory exists. Debian Linux uses System V initialization scripts to start services at boot time from /etc/rcX.d/ directory. Debian Linux comes with different utilities to remove unwanted startup file

Using rcconf:

This tool configures system services in connection with system runlevels. It turns on/off services using the scripts in /etc/init.d/. Rcconf works with System-V style runlevel configuration. It is a TUI(Text User Interface) frontend to the update-rc.d command.

Install rcconf in Debian:

#apt-get install rcconf

To start rconf, login as root user and type rcconf

# rcconf

Select the service you would like to enable or disable.

Using sysv-rc-conf:

sysv-rc-conf provides a terminal GUI for managing “/etc/rc{runlevel}.d/” symlinks. The interface comes in two different flavors, one that simply allows turning services on or off and another that allows for more fine tuned management of the symlinks. Unlike most runlevel config programs, you can edit startup scripts for any runlevel, not just your current one.

Install sysv-rc-conf in debian:

#apt-get install sysv-rc-conf

This will install sysv-rc-conf.Now you need to run the following command

# sysv-rc-conf

Select the service you would like to enable or disable.

Both sysv-rc-conf and rcconf are best tools to use on Remote Debian Linux or when GUI is not available

You can also use update-rc.d script as follows (update-rc.d removes any links in the /etc/rcX.d directories to the script /etc/init.d/service):

# update-rc.d -f {SERVICE-NAME} remove

For example to stop xinetd service you can type command as follows:

# update-rc.d -f xinetd remove

Debian – Change installation language

# dpkg-reconfigure locales

CentOS – Asterisk

Brevemente, come installare Asterisk su CentOS usando yum.
Partiamo dal indicare che ufficialmente CentOS nei sui repository non ha i pacchetti di asterisk, quindi è necessario utilizzarne degli altri, in particolare quelli di Trixbox che come ben sapere è basata su questa distribuzione.

Per primo, installare il plug-in che ci permette di gestire le priorità

[[email protected] ~]# yum install yum-priorities

Creare un file con il seguente contenuto e posizionarlo in /etc/yum.repos.d/ nominandolo con estensione .repo

[trixbox]
name=Trixbox – Repo
baseurl=http://yum.trixbox.org/centos/5/RPMS/
gpgcheck=0
priority=2
enabled=1

A questo punto è necessario inserire il campo “priority=1” negli altri .repo presenti nella directory e procedere con l’installazione di asterisk soddisfando le dipendenze relative ad esso con il repository di Trixbox per evitare incompatibilità.

MySQL Backup & Restore

Per effettuare un backup del singolo database:

[email protected]:~# mysqldump --database dbname > name_db.sql -u root -p

Queste sono opzioni utili:

–quick: effettua il dump direttamente sullo standard output;
–add-drop-table: inserisce le istruzioni di eliminare le tabelle esistenti prima di ricrearle;
–add-locks: blocca gli inserimenti;
–lock-tables: blocca la lettura;

Per fare un restore del singolo database:

[email protected]:~# mysql --one-database dbname < name_db.sql -u root -p

Perl – Zabbix SMS Allert

Un netmonitor, non è un vero netmonitor se non fa squillare il telefono del sysadmin con un sms almeno 3 volte a notte, ecco qui uno script in perl per interfacciare zabbix con il servizio fornito da Mobyt tramite un POST http su un loro gateway, con qualche aggiustatina può essere usato anche con altri servizi analoghi.

#!/usr/bin/perl

# Leonardo Rizzi
# Version 0.3
# SMS sent throuth Mobyt gateway
# Designed for use without ip autentication only MD5 Hash
# Attention: there aren't any check but message limit is of 160 charaters.

use Digest::MD5 qw(md5_hex);
use strict;
use LWP::UserAgent;
use HTTP::Request::Common qw(POST);
my ($operation, $qty, $rcpt, $query, $out, $ua, $ok, $ko, $data, $from);
my ($code, $id, $password);

$id="username";
$password="password";
$ok='SMS Sent Correctly';
$ko='SMS Not Sent';
$from= $ARGV[1];
$operation="TEXT";
$qty = 'h';

#attention this fuking provider don't accept 00 for international area code only + if you use 00 you get sent error
$rcpt = $ARGV[0];
$data = $ARGV[2];
$code = join '', $id,$operation,$rcpt,$from,$data,$password;

my $ticket=md5_hex($code);

$ua = new LWP::UserAgent;
$ua->agent("SMS_MD5_Relay/0.2 " . $ua->agent);
my $req = POST 'http://smsweb.mobyt.it/sms-gw/sendsmart',
[
id => $id,
operation => 'TEXT',
rcpt => $rcpt,
from => $from,
data => $data,
qty => $qty,
ticket=> $ticket
];

my $res=$ua->request($req);

if ($res->content =~ /^OK/)
{
fine_ok (); }
else
{ fine_ko (); }

exit;
sub fine_ko () {
my $msg=shift;
print "$ko\n";
exit (1);

}

sub fine_ok () {
my $msg=shift;
print "$ok\n";
exit (1);

}

MySQL – Reset root password

E si a volte capita di non ricordare o avere sotto mano la password di un database mysql, ecco qualche breve passaggio per reimpostarla:

1. Stoppare il server mysql solitamente una cosa del genere dovrebbe bastare:

[email protected]:~# /etc/init.d/mysql stop

2. Avviare una sessione del demone mysql con il parametro “skip grant table”

[email protected]:~# mysqld_safe –skip-grant-tables

3. A questo punto è possibile collegarsi al server senza che richieda credenziali quindi:

[email protected]:~# mysql
>

4. Reipostiamo direttamente nella tabella del db la password di root:

mysql> UPDATE mysql.user SET Password=PASSWORD(‘NewPass’) WHERE User=’root’;
mysql> FLUSH PRIVILEGES;

5. Stoppiamo il demone avviato con il “skip grant table” e riavviare quello corretto:

[email protected]:~# /etc/init.d/mysql start

Debian – PXE installation

Dato che ultimamente è più facile per me avere a portata di mano un portatile o dispositivo simile e non i cd che vanno innesorabilmente persi, mi sono deciso a mettere un sistema di boot PXE sul notebook per effettuare l’installazioni dei server.

Ecco quello che serve per partire, è necessario avere questi 3 pacchetti:
– Il server TFTP dove risiederanno le immagini di boot.
– Il server DHCP per distribuire gli indirizzi e i parametri PXE
– Il dnsmasq questo servirà ad installazione avviata per recuperare i pacchetti dal repository

1. Quindi prima cosa installiamo:

[email protected]:~/apt-get install tftpd-hpa dhcp3-server dnsmasq

2. Abilitiamo il server tftp con questi passaggi:

Editiamo:
/etc/default/tftpd-hpa

Modificando questo parametro:
RUN_DAEMON=”no”
in questo:
RUN_DAEMON=”yes”
Io mi sono creato per comodità un link simbolico alla root del tftp in /

[email protected]:~# ln -s /var/lib/tftpboot /tftp-root

Ora di può far partire il servizio:

[email protected]:~# /etc/init.d/tftpd-hpa start

3. Abilitiamo il server dhcp:

Editiamo questo file:
/etc/dhcp3/dhcpd.conf

Inserendo queste righe:

option domain-name-servers 192.168.10.50;
default-lease-time 86400;
max-lease-time 604800;
authoritative;

subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.10 192.168.1.20;
filename “pxelinux.0”;
next-server 192.168.10.50;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.10.50;
}

Ora di può far partire il servizio:

[email protected]:~# /etc/init.d/dhcpd-server start

4. Abilitiamo il dnsmasq

Editiamo questo file:
/etc/dnsmasq.conf

dhcp-boot=pxelinux.0,tardis,192.168.10.50

Ora di può far partire il servizio:

[email protected]:~# /etc/init.d/dnsmasq start

5. Routing:

Questa parte ci serve per fare il get dal repository usando il portatile da router.

[email protected]:~# echo 1 > /proc/sys/net/ipv4/ip_forward

6. Prepariamo il repository locale:

[email protected]:~# cd /tftp-root
[email protected]:~# wget http://ftp.nl.debian.org/debian/dists/etch/main/installer-i386/current/images/netboot/netboot.tar.gz
[email protected]:~# tar xvf netboot.tar.gz

Con questa operazione creaiamo il repository per il boot normale senza opzioni, eventuali parametri andranno specificati manualmente.

Ora collegando una macchina da installare con il pxe abilitato, prederà l’ip dal server dhcp e caricherà l’immagine di boot tramite tftp!

Debian – debian-sys-maint

Se per sbaglio durante un restore di un database mysql cancellaste l’utente di sistema debian-sys-maint
Potete ripristinarlo usando la password generata e scritta in chiaro in questo file:

/etc/mysql/debian.cnf

Questo è necessario se usate il sitema APT per gestire gli aggiornamenti dei servizi, in caso contrario non ha senso di esistere.

Tool – Make Self

Segnalo un tool per creare gli eseguibili autoestraenti sui sistemi *nix sempre utile per ogni evenienza.

http://megastep.org/makeself/

VPS Linux – TUN/TAP Device

Se aquistato una vps con Debian basata su XEN ricordatevi che nella maggio parte dei casi mancano tools per gestire i moduli quindi per utilizzare un qualsiasi modulo in questo caso particolare tun/tap occorre installarli:

# apt-get install module-init-tools

#modprobe tun

# mkdir /dev/net

# mknod /dev/net/tun c 10 200

A questo punto è tutto pronto.

Per riconoscere se è questo il vostro problema è facile incorrere in questo errore:

QM_MODULES: Function not implemented

Linux – Zabbix Build 1.6.1 (MySql)

Una breve guida sull’implementazione di questo giovane netmonitor che a mio avviso a differenza di soluzioni più conosciute e consolidate come nagios, introduce una gestione molto più web oriented semplificando moldo le operazioni in ambienti che necessitano di rapida scalabilità.

L’installazione è stata effettuato con successo usando Debian Etch 4.0r5 e CentOS 5.2 inutile dire che tutte le operazio che seguiranno dovranno essere fatte da utente ‘root’

1. Prepariamo quello che ci serve per la compilazione:

tardis:~# aptitude -y install build-essential libmysqlclient-dev libssl-dev libsnmp-dev libiksemel-dev libcurl3-dev

tardis:~# apt-get install snmp libiksemel3 libcurl3 libsnmp-base libmysqlclient15off

2. Scarichiamo i sorgenti, e procediamo con scompattazione:

tardis:~# wget http://garr.dl.sourceforge.net/sourceforge/zabbix/zabbix-1.6.1.tar.gz
tardis:~# tar zxvf zabbix-1.6.1.tar.gz
tardis:~# cd zabbix-1.6.1

3. Configurazione e compilazione, in questo caso verà compilato oltre all’agente dedicato a discovery e al monitoraggio, anche il server che ha la funzione di raccogliere di dati dai vari agent, gestire gli allarmi e le operazioni di cordinameto:

tardis:~# ./configure –prefix=/usr –with-mysql –with-net-snmp –enable-server –enable-agent –enable-ipv6 –with-jabber
tardis:~# make

Ora una piccola nota, se compilaste direttamente su macchine di produzione a questo punto basterebbe fare un ‘make install’ non avendo gli strumenti dedicati, è necessario spostare il compilato sulla macchina dedicata e procedere a mano, quindi (questa fase è da eseguire sulla macchina di produzione che dovrà avere a bordo Apache2, PHP5, Mysql5 già funzionanti):

4. Creiamo utente e gruppo dedicato:

groupadd zabbix
useradd -c ‘Zabbix’ -d /home/zabbix -g zabbix -s /bin/bash zabbix
mkdir /home/zabbix
chown zabbix:zabbix /home/zabbix

5. Creiamo database e utente dedicato in mysql server:

mysql -p -u root
create database zabbix;
grant all on zabbix.* to ‘zabbix’@’localhost’ identified by ‘changeme’;
quit;

6. Popoliamo le tabelle del database:

server:~/zabbix-1.6.1# mysql -u root -p zabbix  < create/schema/mysql.sql
server:~/zabbix-1.6.1# mysql -u root -p zabbix < create/data/data.sql
server:~/zabbix-1.6.1# mysql -u root -p zabbix < create/data/images_mysql.sql

7. Creaiamo una struttura di directory dedicata, questa soluzione potrebbe risultare noiasa, ma durante le operazioni di aggiornamento e manutenzione sarà molto più comodo e veloce:

server:~# mkdir /usr/share/zabbix
server:~# mkdir /usr/share/zabbix/sbin
server:~# mkdir /usr/share/zabbix/etc
server:~# mkdir /usr/share/zabbix/frontends

8. Con i seguenti passaggi creaiamo un link simbolico delle /etc di zabbix alla /etc di sistema, copiamo il frontend php nella directory dedicata, e infine copiamo gli esguibili compilati che ci servono:

server:~/zabbix-1.6.1# ln -s /usr/share/zabbix/etc/ /etc/zabbix
server:~/zabbix-1.6.1# cp -r frontends/php/* /usr/share/zabbix/frontends

server:~/zabbix-1.6.1# cp src/zabbix_agent/zabbix_agent /usr/share/zabbix/sbin/zabbix_agent
server:~/zabbix-1.6.1# cp src/zabbix_agent/zabbix_agentd /usr/share/zabbix/sbin/zabbix_agentd
server:~/zabbix-1.6.1# cp src/zabbix_server/zabbix_server /usr/share/zabbix/sbin/zabbix_server

9. Configuriamo i file di init.d copiandoli e aggiustando i path

server:~/zabbix-1.6.1# cp misc/init.d/debian/* /etc/init.d/

Modificate entrambi gli script aggiustando i path in particolare questa riga:

da così: DAEMON=/home/zabbix/bin/${NAME}
deve diventare così: DAEMON=/usr/share/zabbix/sbin/${NAME}

10. Aggiungiamo la definizione delle porte usate da zabbix nei /etc/services

echo ”
zabbix_agent 10050/tcp # Zabbix ports
zabbix_trap 10051/tcp” >> /etc/services

11. Copiamo le configurazioni di default e apportiamo le modifiche di base:

server:~/zabbix-1.6.1# chown -R zabbix:zabbix /usr/share/zabbix/etc
server:~/zabbix-1.6.1# cp misc/conf/zabbix_* /usr/share/zabbix/etc

Editiamo il file: zabbix_agentd.conf e assicuriamoci che ci sia la seguente riga

Server=127.0.0.1

Editiamo zabbix_server.conf

max_execution_time = 300
date.timezone = UTC
DBHost=localhost
DBName=zabbix
DBUser=zabbix
DBPassword=changeme

12. Apache e PHP

Nel file php.ini è necessario avere i seguenti parametri definiti:

max_execution_time = 300
date.timezone = UTC

La configurazione di apache è abbastanza a discrezione dell’amministratore si può fare in due modi:

Creando un vhost dedicato:

<virtualhost>
ServerName zabbix.domain.tld
DocumentRoot /usr/share/zabbix/frontends
<directory>
Options FollowSymLinks
AllowOverride None
</directory>
</virtualhost>

Oppure creando un’alias in una vhost già definito:

<IfModule mod_alias.c>
Alias /zabbix /usr/share/zabbix/frontends
</IfModule>

13. Ora se tutto è stato fatto correttamente avviando i servizi e aprendo la pagina web si potrà procedere con la rapiada configurazione del frontends e poi all’uso ma prima i seguenti comandi:

/etc/init.d/apache2 restart
/etc/init.d/zabbix-server start
/etc/init.d/zabbix-agent start

Linux – IPv6 Tunnel Broker

Come definire il link ad un tunnel broker i questo esempio HE.net da sistema operativo linux utilizzando i net tools

Prima parte crea l’interfaccia di tunneling sull’ipv4:

ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.84.42

Seconda parte genera l’endpoint del tunnel in ipv6:

ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:1f12:11c::2/64

Terza parte definisce la rotta sul device relativo all’endpoing del tunnel per tutto il traffico ipv6:

route -A inet6 add ::/0 dev sit1

Archives