Skip to content

Testing logcheck rules

02-May-11

To test a new logcheck rule, match it against a logfile:

sed -e 's/[[:space:]]*$//' /var/log/syslog | \
egrep '^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crond\[[0-9]+\]: \(root\) CMD \(run-parts /etc/cron.(daily|hourly)\)'

Reference: README.logcheck-database

Filed in Logging | Tagged , , | Comments (0) »

Changing a Git Repository’s Origin

26-Apr-11

From within the project, execute:

git config remote.origin.url <new url>

If you get an error similar to the following when doing a “git pull” from the new origin:

You asked me to pull without telling me which branch you
want to merge with, and 'branch.master.merge' in
your configuration file does not tell me, either. Please
specify which branch you want to use on the command line and
try again (e.g. 'git pull <repository> <refspec>').
See git-pull(1) for details.

If you often merge with the same branch, you may want to
use something like the following in your configuration file:

    [branch "master"]
    remote = <nickname>
    merge = <remote-ref>

    [remote "<nickname>"]
    url = <url>
    fetch = <refspec>

See git-config(1) for details.

Then run:

git remote rm origin
git remote add --track master origin <new url>

See also, if you’re renaming the origin you originally cloned from:

git branch --set-upstream master origin/master
Filed in Git | Tagged | Comments (0) »

Enabling Dedicated IPMI LAN Port on SuperMicro X8DTH-6F

11-Apr-11

Note: Much of this article is not original work, but came from the excellent support staff at Pogo Linux.

The IPMI interface on a SuperMicro X8DTH-6F motherboard (and presumably other SuperMicro motherboards) auto-selects between binding to the dedicated management port and the first port on the motherboard depending on whether the dedicated port is cabled or not. Switching between the ports requires a cold boot of the hardware:

  • Shut down the system and remove power for two to three minutes.
  • While the system is down, cable the dedicated management port. You may need to configure your switch port to be set to 100Mbps/full duplex, as some switches – including our Cisco – have difficulty auto-negotiating with the dedicated card.
  • After two to three minutes have elapsed, plug power cables into the system again and boot. Note that the BIOS will take longer to load.
  • Press [Del] to enter the BIOS configuration; you may set an IP address for the IPMI interface under Advanced -> IPMI Configuration -> IP Configuration. (The BIOS interface to configure the IPMI card is very slow; verify that none of your key strokes were missed.)
  • The IPMI interface can now be accessed via HTTPS or the SuperMicro IPMIView tool.
Filed in SuperMicro | Tagged , , , | Comments (0) »

389 Directory Server Font Requirements

22-Feb-11

If you are installing a 389 Directory Server instance on a headless (no X11) CentOS installation, you need extra font packages not included as 389 dependencies. (Otherwise, e.g. no text may appear when you launch “389-console”.) I verified this listing works; a subset may work, but I have not tested against one.

  • ghostscript-fonts-5.50-13.1.1
  • xorg-x11-fonts-base-7.1-2.1.el5
  • xorg-x11-fonts-Type1-7.1-2.1.el5
  • xorg-x11-fonts-75dpi-7.1-2.1.el5
  • bitmap-fonts-0.3-5.1.1
  • urw-fonts-2.3-6.1.1
  • xorg-x11-fonts-ISO8859-1-75dpi-7.1-2.1.el5
  • xorg-x11-fonts-100dpi-7.1-2.1.el5
  • xorg-x11-fonts-truetype-7.1-2.1.el5
  • xorg-x11-fonts-ISO8859-15-75dpi-7.1-2.1.el5
  • dejavu-lgc-fonts-2.10-1
  • bitstream-vera-fonts-1.10-7
  • xorg-x11-fonts-ISO8859-15-100dpi-7.1-2.1.el5
  • xorg-x11-fonts-ISO8859-1-100dpi-7.1-2.1.el5
  • liberation-fonts-1.0-1.el5
Filed in Applications | Tagged , , , , , , | Comments (0) »

Converting SSH Key Formats

25-Jan-11

To convert an SSH key from SSH2-compatible format to OpenSSH-compatible, use the “-i” flag to “ssh-keygen”:

-i This option will read an unencrypted private (or public) key file in SSH2-compatible format and print an OpenSSH compatible private (or public) key to stdout. ssh-keygen also reads the RFC 4716 SSH Public Key File Format. This option allows importing keys from several commercial SSH implementations.

e.g.:

ssh-keygen -i -f user.ssh2.pub > user.ossh.pub
Filed in ssh | Tagged , , , , , | Comments (0) »

Selecting Ciphers in Sendmail

20-Jan-11

The best reference that I’m aware of for this used to be at http://sial.org/howto/sendmail/cipherlist/ – but DNS to that site is currently broken. The site can be reached by IP address, at least for the time being.

Distilled instructions:

  • Assuming you are building from source, add the following to your site.config.m4: 
    APPENDDEF(`confENVDEF', `-D_FFR_TLS_1')
  • Next, rebuild the Sendmail binary; when finished, add the following to your sendmail.mc and rebuild your sendmail.cf: 
    LOCAL_CONFIG
O CipherList=DH

    (Assuming, for whatever reasons, you want to limit ciphers to Diffie-Hellman varieties. Adjust as necessary.)

You can verify your CipherList values using OpenSSL:

> openssl ciphers DH
ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ADH-DES-CBC3-SHA:ADH-DES-CBC-SHA:EXP-ADH-DES-CBC-SHA:ADH-RC4-MD5:EXP-ADH-RC4-MD5:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA

Tested against Sendmail 8.14.1.

Filed in Sendmail | Tagged , , , , | Comments (0) »

Listing files in a .zip archive

06-Jan-11

Use the “-l” flag to unzip:

> unzip -l Downloads/vijava2120100824.zip
Filed in Applications | Tagged , | Comments (0) »

Little-Known SSH Features and Tricks

27-Nov-10

Many more at 25 BEST SSH COMMANDS / TRICKS; three I didn’t know:

  1. Copy your SSH public key to your authorized_keys on another host: 
    ssh-copy-id [-i [identity_file]] [user@]machine
  2. Login to a host you can’t directly reach, through an intermediary that can reach the host: 
    ssh -t reachable_host ssh unreachable_host

    (The -t flag is necessary to allocate a pseudo-tty.)

  3. Use a Wireshark running locally to inspect traffic that a remote host sees: 
    ssh root@example.com tshark -w - not tcp port 22 | wireshark -k -i -

    or 

    ssh root@example.com tcpdump -U -w - not port 22 | wireshark -k -i -

    (Of course, if you need to inspect SSH traffic, you’ll need to exclude the IP address of the local host running SSH from the remote tshark or tcpdump command. Also, the above assumes the use of SSH keypair authentication with the remote host – see Wireshark’s Pipes page for ideas if you need to enter a password on the command line.)

Filed in ssh | Tagged , , , , | Comments (0) »

Send a page range of a PDF to the non-default CUPS Printer

27-Nov-10

On the command line:

lpr -P printer-queue -o page-ranges=1-2 document.pdf

Reference: Command-Line Printing and Options

Filed in CUPS | Tagged , , | Comments (0) »

Converting an IP Address to Hex

09-Nov-10

Convert an IP address to hex using the “gethostip” command:

$ gethostip 1.2.3.4
1.2.3.4 1.2.3.4 010203047

This is useful for naming files in a pxelinux.cfg directory, for instance.

Filed in Linux | Tagged , , , , | Comments (0) »