Rolling shells

First of you need to know this is quick and very insecure way to run a dns. I recommend using chroot jail for bind, which i wont cover here.

We start with installing packages:

apt-get install bind9 bind9-doc dnsutils

then edit /etc/bind/named.conf.options to append following lines:

allow-recursion {
0.0.0.0/0 ;
};

I strongly recommend using real network that you wish dns to be accessible from, that will save you a lot of troubles.

And finally just start/restart bind9 with:

/etc/init.d/bind9 restart

To get ipset and iptables set module working, which means kernel modules as well, you need to install the following :

ipset, kernel headers and build essentials, you also need package named netfilter-extensions-source.

then run as root

module-assistant build netfilter-extensions-source

to test it simply run

ipset -N servers ipmap --network 192.168.0.0/16

First impressions, lets see, easy install, huge amount of features that are just godly for small office. There goes some of the list:

What’s coming in 1.4

• Active Directory sync
• Remote backup
• Webmail
• Support for Master-Slave LDAP
• PPPoE support
• Usability enhancements

What’s new in 1.2

• WAN failover
• New backup module
• New monitor module
• New VoIP module with Asterisk

Well follow soon i will try it. Write a short intro and may be some tutorials on using it.

Meanwhile you can check their site: http://www.ebox-platform.com/

Just crossed over engadget and look at that pretty screenshots hit the more link:

Read more…

Run:

apt-get install vim-nox

and then:

update-alternatives --config editor
and select vim-nox:

evil:/tmp/# update-alternatives --config editor

There are 4 alternatives which provide `editor'.

  Selection    Alternative
-----------------------------------------------
          1    /bin/ed
*+        2    /bin/nano
          3    /usr/bin/vim.tiny
          4    /usr/bin/vim.nox

Press enter to keep the default[*], or type selection number: <-- 4
Using '/usr/bin/vim.nox' to provide 'editor'.
evil:/tmp/#

Choose the one you like most, voila.
Shoud work on ubuntu and other derivates too.

Debian have their own way for doing things. Here is a quick fix up if mess with the mysql-maintain user.

If you end up having error like that one when restarting your mysql server:

armed:~# /etc/init.d/mysql restart
Stopping MySQL database server: mysqld failed!
Starting MySQL database server: mysqld already running.
/usr/bin/mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'debian-sys-maint'@'localhost' (using password: YES)'

First you need to find out what is the password for your system:

armed:~# cat /etc/mysql/debian.cnf | grep pass
password = x4FStDr29DDshTFqsf

and than add the user:

GRANT ALL PRIVILEGES ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY '' WITH GRANT OPTION;

Something interesting i spotted on Karansbir’s blog:

Running dstat normally gives you something like this :

# dstat --nocolor
----total-cpu-usage---- -dsk/total- -net/total- ---paging-- ---system--
usr sys idl wai hiq siq| read  writ| recv  send|  in   out | int   csw
  3   0  97   0   0   0| 820k  456k|   0     0 | 800B  866B|1054   255

And you can split the disk metrics up based on devices using something like this :

# dstat -D sda,sdb,total --nocolor
----total-cpu-usage---- --dsk/sda-- --dsk/sdb-- -dsk/total- -net/total- ---paging-- ---system--
usr sys idl wai hiq siq| read  writ: read  writ: read  writ| recv  send|  in   out | int   csw
  1   1  97   0   0   0| 176k   77k:  30k  162k: 411k  478k|   0     0 |3608B 4005B|1447  1458
 33   2  63   0   1   2|   0     0 :   0   216k:   0   432k|2470k 1611k|   0     0 |2915  6967
 31   2  65   0   1   1|   0     0 :   0     0 :   0     0 |2210k 1338k|   0     0 |2866  6051

But you can also get deeper level device names / nodes to measure – which is required in many cases if you have drivers for storage creating nodes further down the tree than /dev. Eg. I have a setup where there are four mysql instances running, each with its own dedicated storage :

# mount | grep srv
/dev/cciss/c0d1 on /var/lib/mysql/node1 type ext3 (rw)
/dev/cciss/c0d2 on /var/lib/mysql/node2 type ext3 (rw)
/dev/cciss/c0d3 on /var/lib/mysql/node3 type ext3 (rw)
/dev/cciss/c0d4 on /var/lib/mysql/node4 type ext3 (rw)
/dev/cciss/c0d5 on /srv/wal type ext3 (rw)

so in this case, to get dstat reporting working you need to mention just the component level, like this :

# dstat -D cciss/c0d1,cciss/c0d2,cciss/c0d3 --nocolor
----total-cpu-usage---- dsk/cciss/c dsk/cciss/c dsk/cciss/c -net/total- ---paging-- ---system--
usr sys idl wai hiq siq| read  writ: read  writ: read  writ| recv  send|  in   out | int   csw
  3   0  97   0   0   0| 209k   89k: 201k   86k: 204k   85k|   0     0 | 799B  865B|1055   256
 90   1   8   1   0   0|3196k   68k: 764k    0 : 816k   24k|1067k 1650k|   0     0 |1999   609
 95   1   3   1   0   0|2548k    0 :   0  4084k:2448k 5700k| 660k  791k|   0     0 |1611   571
 96   1   2   1   0   0|2628k    0 : 808k    0 :1620k    0 | 352k  798k|   0     0 |1835  1605

And you get the details, for each block device.

yesterday i run true a weird situation. After installing fresh DomU with xen-image-create via debootstrap, I noticed that its ipbtales is not working giving the following:

WARNING: Could not open 'kernel/net/netfilter/x_tables.ko': No such file or directory
FATAL: Could not open 'kernel/net/ipv4/netfilter/ip_tables.ko': No such file or directory
iptables v1.3.6: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

anyway its very easy to fix and i just decided to share the info, just type a simple command:

depmod

If you have problems with xen domU console on Debian 5.0 Lenny, stoping at crond, try to add the following line to your config:

extra = 'console=hvc0 xencons=tty'

How do you fix the issue with a SSH server which freezes after authenticating?

$ ssh root@xxx.xxx.xxx.xxx
The authenticity of host ‘xx.xx.xxx.xxx (xx.xx.xxx.xxx)’ can’t be established.
RSA key fingerprint is replaced for security.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘xx.xx.xxx.xxx’ (RSA) to the list of known hosts.
Password:
PTY allocation request failed on channel 0

In the above scenario, you can see that I logged in but I’m not able to get into the console.

Once you’re in debug more, you will see lots of messages elaborating the SSH access steps in detail. These messages might point you to the root cause or the stage at which you’re being locked.

In my case, I got freezed after authenticating myself.

Resolution is just to make pts and restart sshd

mkdir /dev/pts
mount /dev/pts
/etc/init.d/ssh restart

and permanent solution is just instaling udev via:

apt-get install udev