Archive for September, 2013

NTPD bind interface

Select the interfaces where ntpd should listen on, edit ntpd.conf and:

interface ignore wildcard
interface listen eth0
interface listen 127.0.0.1

Advertisements

Leave a comment

SNMPD opening service at random port

Just installed SNMPD in Debian 7 and checked that default installation opens a random port > 1024

root@SRVKARNAK:/etc/apache2# netstat -putan| grep snm

udp 0 0 0.0.0.0:39517                    0.0.0.0:* 9198/snmpd
udp 0 0 127.0.0.1:161                    0.0.0.0:* 9198/snmpd
udp 0 0 192.168.3.222:161           0.0.0.0:* 9198/snmpd

 

“udp 0 0 0.0.0.0:39517 ” a little concerned about security I wanted to remove this “unknown” trap.

Edit the snmpd.conf and remove the “trapsink” stuff from file, and restart the service

 

Now everything sounds good

root@SRVKARNAK:/etc/apache2# /etc/init.d/snmpd stop
Stopping network management services: snmpd snmptrapd.
root@SRVKARNAK:/etc/apache2# /etc/init.d/snmpd start
Starting network management services: snmpd.

root@SRVKARNAK:/etc/apache2# netstat -putan| grep snm

udp 0 0 127.0.0.1:161                       0.0.0.0:* 9214/snmpd
udp 0 0 192.168.3.222:161             0.0.0.0:* 9214/snmpd

 

 

Leave a comment

Gerrit on Debian

## How to build the package

* First make sure you have **build-essential** package installed on your system.
* Clone the package repository for [gerrit-debian](https://github.com/dnaeon/gerrit-debian)

Now building the package is easy as executing the command below:

$ cd /usr/local/src

$ git clone https://github.com/dnaeon/gerrit-debian.git

$ dpkg-buildpackage -us -uc

$ cd gerrit-debian

In this how to I want to use MySQL, so;

$ sudo apt-get install mysql-server mysql-client

 

Configure MySQL before start configuration:

CREATE USER 'gerrit'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON gerrit.* TO 'gerrit'@'localhost';
CREATE database gerrit;

$ sudo dpkg -i gerrit_2.4.2_all.deb

Configure Gerrit authentication is just a pain in the ass, to make thinks easy and secure I will use Apache Web Server as proxy, this way I can get more control about the whole thing.


HTTP-Client  <---> 80/443:Apache Web Server <---> 8081:Gerrit

#Gerrit configuration

cat /var/lib/gerrit/review_site/etc/gerrit.config

[gerrit]
basePath = git
canonicalWebUrl = http://git.mxt.com.br/gerrit/
[database]
type = MYSQL
hostname = localhost
database = gerrit
username = gerrit
[auth]
type = HTTP
[sendemail]
smtpServer = mail.maxtrack.com.br
smtpUser = gerrit
[container]
user = gerrit
javaHome = /usr/lib/jvm/java-6-openjdk-amd64/jre
[sshd]
listenAddress = 192.168.3.222:29418
[httpd]
listenUrl = proxy-http://127.0.0.1:8081/gerrit/
[cache]
directory = cache

Apache configuration

$cat /etc/apache2/sites-enabled/gerrit

<VirtualHost *:80>
ServerName hostname.com.br
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On

<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName “Gerrit Code Review”
Require valid-user
AuthUserFile ‘/etc/apache2/gerrit.htpasswd’
</Location>

ProxyPass /gerrit/ http://127.0.0.1:8081/gerrit/
ProxyPassReverse /gerrit/ http://127.0.0.1:8081/gerrit/
</VirtualHost>

 

 

cat /etc/apache2/sites-enabled/gerrit-ssl
<IfModule mod_ssl.c>
<VirtualHost git.mxt.com.br:443>
ServerName git.mxt.com.br
ServerAdmin hamilton@maxtrack.com.br
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On

<Proxy *>

Order deny,allow
Allow from all
</Proxy>
<Location /gerrit/login/>
AuthType Basic
AuthName “Gerrit Code Review”
Require valid-user
AuthUserFile ‘/etc/apache2/gerrit.htpasswd’
</Location>
ProxyPass /gerrit/ http://127.0.0.1:8081/gerrit/
ProxyPassReverse /gerrit/ http://127.0.0.1:8081/gerrit/
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

SSLCertificateFile /etc/apache2/ssl/gerrit.crt
SSLCertificateKeyFile /etc/apache2/ssl/gerrit.key

BrowserMatch “MSIE [2-6]” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch “MSIE [17-9]” ssl-unclean-shutdown

</VirtualHost>
</IfModule>

 

The following site has amazing information:

http://dachary.org/?p=1716

Leave a comment

GlusterFS

apt-get install build-essential python python-dev bison flex libssl-dev fuse-utils

Leave a comment

Unison

wget http://www.seas.upenn.edu/~bcpierce/unison//download/releases/stable/unison-2.40.102.tar.gz
tar xvfz unison*tar.gz
cd unison*
sudo apt-get install ocaml
make UISTYLE=text
sudo apt-get install liblablgtk2-ocaml-dev
make unison

 

ssh-keygen -t dsa

ssh-copy-id -i $HOME/.ssh/id_dsa.pub root@remote_server

Leave a comment

Kernel OOPS

http://tinti.eng.br/wiki/index.php?title=Linux_Kernel#Kernel_oops

1 Comment

DNS forwarding

The DNS server in my work place sucks a lot, so I decided to configure a DNS server by myself and check internal domains (1.com.br, 2.com.br…) in the company DNS servers.

hamilton@springfield:~$ cat /etc/bind/named.conf.local 

//
// Do any local configuration here
//

zone “1.com.br” {
type forward;
forwarders { 192.168.0.207; 192.168.0.208; };
};

zone “2.com.br” {
type forward;
forwarders { 192.168.0.207; 192.168.0.208; };
};
zone “3.com.br” {
type forward;
forwarders { 192.168.0.207; 192.168.0.208; };
};
zone “4.com.br” {
type forward;
forwarders { 192.168.0.207; 192.168.0.208; };
};

 

Got some problems with DNSSEC, the company DNS are based on Windows 2008 Server:

 

Sep 4 11:03:08 springfield named[4507]: error (network unreachable) resolving ‘com.br/DNSKEY/IN’: 2001:12ff::10#53
Sep 4 11:03:08 springfield named[4507]: error (insecurity proof failed) resolving ‘1.com.br/A/IN’: 192.168.0.208#53
Sep 4 11:03:08 springfield named[4507]: validating @0x7ff9d80008c0: 1.com.br A: got insecure response; parent indicates it should be secure
Sep 4 11:03:08 springfield named[4507]: error (insecurity proof failed) resolving ‘1.com.br/A/IN’: 192.168.0.207#53
Sep 4 11:03:11 springfield named[4507]: validating @0x7ff9d80056e0: 1.com.br SOA: got insecure response; parent indicates it should be secure
Sep 4 11:03:11 springfield named[4507]: error (insecurity proof failed) resolving ‘1.com.br/DNSKEY/IN’: 192.168.0.207#53
Sep 4 11:03:11 springfield named[4507]: validating @0x7ff9e0011190: 1.com.br SOA: got insecure response; parent indicates it should be secure
Sep 4 11:03:11 springfield named[4507]: error (insecurity proof failed) resolving ‘1.com.br/DNSKEY/IN’: 192.168.0.208#53
Sep 4 11:03:11 springfield named[4507]: error (network unreachable) resolving ‘1.com.br/DNSKEY/IN’: 2001:12ff::11#53

 

To solve this I had to disable dnssec in Bind9.

# dnssec-validation auto;

Leave a comment

Linux listing GPIOs

A little help from my friend Tinti

mount -t debugfs none /sys/kernel/debug/
cd /sys/kernel/debug/

cat gpio

GPIOs 0-31, gpio-0:
gpio-0 (pcmc-pwren ) out hi
gpio-1 (cam-pwdn2 ) out lo
gpio-2 (io_exp-int ) in hi irq-130 edge-falling wakeup
gpio-3 (gpio1_3 ) out lo
gpio-5 (cam-reset ) out hi
gpio-6 (cam-pwdn1 ) in hi irq-134 edge-falling
gpio-7 (vcc3v75-en ) out hi
gpio-8 (pmic-int ) in lo irq-136 level-high wakeup
gpio-9 (ign_ap ) in hi irq-137 edge-falling wakeup

GPIOs 32-63, gpio-1:
gpio-33 (modem_dsren ) out hi
gpio-34 (bt_rst ) out lo
gpio-42 (gps-en ) out hi
gpio-43 (fm_rx_en ) out lo
gpio-44 (fec_pwren ) out hi
gpio-45 (dvr_pwren ) out hi
gpio-46 (zigbee-dd ) in hi irq-174 edge-both wakeup
gpio-47 (charger-enn ) out lo
gpio-48 (usbh1_pwren ) out hi
gpio-49 (phoenix-en ) out hi
gpio-50 (sdhc1-detect ) in lo irq-178 edge-rising
gpio-51 (hdmi_det ) in hi irq-179 edge-falling
gpio-52 (zigbee-dclk ) out hi
gpio-53 (ifen_hosdet ) in hi irq-181 edge-falling wakeup
gpio-56 (bt-host-wake ) in hi
gpio-57 (wlan_pwr ) out hi
gpio-58 (bt-wake ) out hi
gpio-63 (gsensor_int ) in lo irq-191 edge-rising

Leave a comment

SVN Could not read status line: Secure connection truncated

I had this problem when trying to clone N2N

svn co https://svn.ntop.org/svn/ntop/trunk/n2n
svn: OPTIONS of ‘https://svn.ntop.org/svn/ntop/trunk/n2n&#8217;: Could not read status line: Secure connection truncated (https://svn.ntop.org)

Solved the problem upgrading my svn client

From:

svn –version
svn, version 1.6.17 (r1128011)
compiled Jun 26 2013, 20:44:36

to

svn –version
svn, version 1.7.5 (r1336830)
compiled Jun 22 2013, 03:54:07

Leave a comment