Archive for September, 2013
NTPD bind interface
Posted by hvera1981 in Uncategorized on September 26, 2013
Select the interfaces where ntpd should listen on, edit ntpd.conf and:
interface ignore wildcard
interface listen eth0
interface listen 127.0.0.1
SNMPD opening service at random port
Posted by hvera1981 in Uncategorized on September 26, 2013
Just installed SNMPD in Debian 7 and checked that default installation opens a random port > 1024
root@SRVKARNAK:/etc/apache2# netstat -putan| grep snm
udp 0 0 0.0.0.0:39517 0.0.0.0:* 9198/snmpd
udp 0 0 127.0.0.1:161 0.0.0.0:* 9198/snmpd
udp 0 0 192.168.3.222:161 0.0.0.0:* 9198/snmpd
“udp 0 0 0.0.0.0:39517 ” a little concerned about security I wanted to remove this “unknown” trap.
Edit the snmpd.conf and remove the “trapsink” stuff from file, and restart the service
Now everything sounds good
root@SRVKARNAK:/etc/apache2# /etc/init.d/snmpd stop
Stopping network management services: snmpd snmptrapd.
root@SRVKARNAK:/etc/apache2# /etc/init.d/snmpd start
Starting network management services: snmpd.
root@SRVKARNAK:/etc/apache2# netstat -putan| grep snm
udp 0 0 127.0.0.1:161 0.0.0.0:* 9214/snmpd
udp 0 0 192.168.3.222:161 0.0.0.0:* 9214/snmpd
Gerrit on Debian
Posted by hvera1981 in Uncategorized on September 24, 2013
## How to build the package
* First make sure you have **build-essential** package installed on your system.
* Clone the package repository for [gerrit-debian](https://github.com/dnaeon/gerrit-debian)
Now building the package is easy as executing the command below:
$ cd /usr/local/src
$ git clone https:
//github
.com
/dnaeon/gerrit-debian
.git
$ dpkg-buildpackage -us -uc
$ cd gerrit-debian
In this how to I want to use MySQL, so;
$ sudo apt-get install mysql-server mysql-client
Configure MySQL before start configuration:
CREATE USER 'gerrit'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON gerrit.* TO 'gerrit'@'localhost'; CREATE database gerrit;
$ sudo dpkg -i gerrit_2.4.2_all.deb
Configure Gerrit authentication is just a pain in the ass, to make thinks easy and secure I will use Apache Web Server as proxy, this way I can get more control about the whole thing. HTTP-Client <---> 80/443:Apache Web Server <---> 8081:Gerrit #Gerrit configuration
cat /var/lib/gerrit/review_site/etc/gerrit.config
[gerrit]
basePath = git
canonicalWebUrl = http://git.mxt.com.br/gerrit/
[database]
type = MYSQL
hostname = localhost
database = gerrit
username = gerrit
[auth]
type = HTTP
[sendemail]
smtpServer = mail.maxtrack.com.br
smtpUser = gerrit
[container]
user = gerrit
javaHome = /usr/lib/jvm/java-6-openjdk-amd64/jre
[sshd]
listenAddress = 192.168.3.222:29418
[httpd]
listenUrl = proxy-http://127.0.0.1:8081/gerrit/
[cache]
directory = cache
Apache configuration
$cat /etc/apache2/sites-enabled/gerrit
<VirtualHost *:80>
ServerName hostname.com.br
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName “Gerrit Code Review”
Require valid-user
AuthUserFile ‘/etc/apache2/gerrit.htpasswd’
</Location>
ProxyPass /gerrit/ http://127.0.0.1:8081/gerrit/
ProxyPassReverse /gerrit/ http://127.0.0.1:8081/gerrit/
</VirtualHost>
cat /etc/apache2/sites-enabled/gerrit-ssl
<IfModule mod_ssl.c>
<VirtualHost git.mxt.com.br:443>
ServerName git.mxt.com.br
ServerAdmin hamilton@maxtrack.com.br
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName “Gerrit Code Review”
Require valid-user
AuthUserFile ‘/etc/apache2/gerrit.htpasswd’
</Location>
ProxyPass /gerrit/ http://127.0.0.1:8081/gerrit/
ProxyPassReverse /gerrit/ http://127.0.0.1:8081/gerrit/
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/gerrit.crt
SSLCertificateKeyFile /etc/apache2/ssl/gerrit.key
BrowserMatch “MSIE [2-6]” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch “MSIE [17-9]” ssl-unclean-shutdown
</VirtualHost>
</IfModule>
The following site has amazing information:
http://dachary.org/?p=1716
GlusterFS
Posted by hvera1981 in Uncategorized on September 18, 2013
apt-get install build-essential python python-dev bison flex libssl-dev fuse-utils
Unison
Posted by hvera1981 in Uncategorized on September 17, 2013
wget http://www.seas.upenn.edu/~bcpierce/unison//download/releases/stable/unison-2.40.102.tar.gz
tar xvfz unison*tar.gz
cd unison*
sudo apt-get install ocaml
make UISTYLE=text
sudo apt-get install liblablgtk2-ocaml-dev
make unison
ssh-keygen -t dsa
ssh-copy-id -i $HOME/.ssh/id_dsa.pub root@remote_server
Kernel OOPS
Posted by hvera1981 in Uncategorized on September 9, 2013
DNS forwarding
Posted by hvera1981 in Uncategorized on September 4, 2013
The DNS server in my work place sucks a lot, so I decided to configure a DNS server by myself and check internal domains (1.com.br, 2.com.br…) in the company DNS servers.
hamilton@springfield:~$ cat /etc/bind/named.conf.local
//
// Do any local configuration here
//
zone “1.com.br” {
type forward;
forwarders { 192.168.0.207; 192.168.0.208; };
};
zone “2.com.br” {
type forward;
forwarders { 192.168.0.207; 192.168.0.208; };
};
zone “3.com.br” {
type forward;
forwarders { 192.168.0.207; 192.168.0.208; };
};
zone “4.com.br” {
type forward;
forwarders { 192.168.0.207; 192.168.0.208; };
};
Got some problems with DNSSEC, the company DNS are based on Windows 2008 Server:
Sep 4 11:03:08 springfield named[4507]: error (network unreachable) resolving ‘com.br/DNSKEY/IN’: 2001:12ff::10#53
Sep 4 11:03:08 springfield named[4507]: error (insecurity proof failed) resolving ‘1.com.br/A/IN’: 192.168.0.208#53
Sep 4 11:03:08 springfield named[4507]: validating @0x7ff9d80008c0: 1.com.br A: got insecure response; parent indicates it should be secure
Sep 4 11:03:08 springfield named[4507]: error (insecurity proof failed) resolving ‘1.com.br/A/IN’: 192.168.0.207#53
Sep 4 11:03:11 springfield named[4507]: validating @0x7ff9d80056e0: 1.com.br SOA: got insecure response; parent indicates it should be secure
Sep 4 11:03:11 springfield named[4507]: error (insecurity proof failed) resolving ‘1.com.br/DNSKEY/IN’: 192.168.0.207#53
Sep 4 11:03:11 springfield named[4507]: validating @0x7ff9e0011190: 1.com.br SOA: got insecure response; parent indicates it should be secure
Sep 4 11:03:11 springfield named[4507]: error (insecurity proof failed) resolving ‘1.com.br/DNSKEY/IN’: 192.168.0.208#53
Sep 4 11:03:11 springfield named[4507]: error (network unreachable) resolving ‘1.com.br/DNSKEY/IN’: 2001:12ff::11#53
To solve this I had to disable dnssec in Bind9.
# dnssec-validation auto;
Linux listing GPIOs
Posted by hvera1981 in Uncategorized on September 4, 2013
A little help from my friend Tinti
mount -t debugfs none /sys/kernel/debug/
cd /sys/kernel/debug/
cat gpio
GPIOs 0-31, gpio-0:
gpio-0 (pcmc-pwren ) out hi
gpio-1 (cam-pwdn2 ) out lo
gpio-2 (io_exp-int ) in hi irq-130 edge-falling wakeup
gpio-3 (gpio1_3 ) out lo
gpio-5 (cam-reset ) out hi
gpio-6 (cam-pwdn1 ) in hi irq-134 edge-falling
gpio-7 (vcc3v75-en ) out hi
gpio-8 (pmic-int ) in lo irq-136 level-high wakeup
gpio-9 (ign_ap ) in hi irq-137 edge-falling wakeup
GPIOs 32-63, gpio-1:
gpio-33 (modem_dsren ) out hi
gpio-34 (bt_rst ) out lo
gpio-42 (gps-en ) out hi
gpio-43 (fm_rx_en ) out lo
gpio-44 (fec_pwren ) out hi
gpio-45 (dvr_pwren ) out hi
gpio-46 (zigbee-dd ) in hi irq-174 edge-both wakeup
gpio-47 (charger-enn ) out lo
gpio-48 (usbh1_pwren ) out hi
gpio-49 (phoenix-en ) out hi
gpio-50 (sdhc1-detect ) in lo irq-178 edge-rising
gpio-51 (hdmi_det ) in hi irq-179 edge-falling
gpio-52 (zigbee-dclk ) out hi
gpio-53 (ifen_hosdet ) in hi irq-181 edge-falling wakeup
gpio-56 (bt-host-wake ) in hi
gpio-57 (wlan_pwr ) out hi
gpio-58 (bt-wake ) out hi
gpio-63 (gsensor_int ) in lo irq-191 edge-rising
SVN Could not read status line: Secure connection truncated
Posted by hvera1981 in Uncategorized on September 2, 2013
I had this problem when trying to clone N2N
svn co https://svn.ntop.org/svn/ntop/trunk/n2n
svn: OPTIONS of ‘https://svn.ntop.org/svn/ntop/trunk/n2n’: Could not read status line: Secure connection truncated (https://svn.ntop.org)
Solved the problem upgrading my svn client
From:
svn –version
svn, version 1.6.17 (r1128011)
compiled Jun 26 2013, 20:44:36
to
svn –version
svn, version 1.7.5 (r1336830)
compiled Jun 22 2013, 03:54:07