June 28, 2007

Howto: Create a virtualization host and a virtual machine running RHEL5

Catégorie: OS Tricks — Michel @ 10:56 am

This is the brand new feature of RHEL5, the ability to have a out of the box virtualization server using a bundled-in version of Xen. However, all is not that easy for the first version. Hence this howto. Note this is subject to changes, these are workarounds for the first version of RHEL5, and may not apply to newer versions.

I need to extend a big thanks to the RHELV5-List users, who carefully helped the newbie I am in the virtualization world.

Goal: To create a Red Hat Enterprise Linux 5 barebones system with virtualization enabled. To create a virtual machine using the same Red Hat Enterprise Linux 5 license.
(poursuivre la lecture…)

December 14, 2006

How to: Correct permission problems on your new Linux server

Catégorie: OS Tricks — Michel @ 11:09 pm

Simple:

deactivate SELinux.

It's not well integrated enough, and causes more problems than anything in servers, especially if you are not familiar with that.

Number of my friends who had troubles with this so far:  4  5.

(Thanks to M. Donovan to have reminded me about that one)

November 30, 2006

FYI: gluScaleImage is (sometimes) GL_REPEAT

Catégorie: OS Tricks — Michel @ 10:39 am

This is a small FYI for gluScaleImage users. It took me a long time to find this feature, and hopefully you'll be able to use it to your advantage.

If you are working on OpenGL, you probably know that you usually need 2^n texture sizes, usually from 64×64 and usually to 2048×2048 (modern cards). Everything else must be scaled.

In all the manuals, they suggest to use the gluScaleImage in order to rescale the image from a format to another, like if you got a 35×53 texture, you probably want a 64×64. In there, gluScaleImage is your friend… usually. First, you must properly initialize your OpenGL environment, and properly set up its flags. Usually this is no big deal. But then, the gluScaleImage algorithm does not set up any guidelines on how the texturing is done internally, all they say is "linear interpolation" and that's what you will expect. Any other parameter will be implementation-dependent.

This includes the wrapping mode. Since there is no way to indicate how you want to wrap the image, it uses what the implementation deems as "best bet", which is the OpenGL 1.0 default mode: GL_REPEAT. So: pixels will warp from one side to the other during the interpolation. It's a very good bet for most textures, as most are meant to be repeated, but then, for HUDs, user-generated pictures and other textures that you will set to GL_CLAMP, GL_CLAMP_TO_EDGE or GL_CLAMP_TO_BORDER, it will not be what you expect. You will see stray pixels on the other side.

The answer to that is : devise your own algorithm. Sorry kiddo but that's your turf now. If you want to properly control how the image is scaled, create your own version of gluScaleImage. That way, your application will be happy and you will not get strange bugs.

Reference: https://bugs.freedesktop.org/show_bug.cgi?id=9202

November 25, 2006

Howto: Disable the PC speaker beep in Windows

Catégorie: OS Tricks — Michel @ 7:01 pm

I hate sounds. I hate with a passion Windows sounds, in fact. Mac sounds, I can live with, there are really only a few events that trigger a sound, so it's not really a gigantic problem. But on Windows, they seemed compelled to fill in all the available sound positions with something, be it opening a window, a menu, geez, if they thought it would be ok, they would've put a sound whenever you move your mouse.

It's fun in the user interface to be able to put sounds wherever you can, that's cool. To have the ability is cool. To know you can have a different sound for two gazillion events is cool.

But I don't want sounds to bother me.

In other words, I listen to music, I don't listen to user interface.

Last thing I want is to be working, to be listening to some very relax classical music and to hear a very loud "BUD!" from a croaking frog on a stupid screen saver (metaphysical example of course, I don't even use screen savers, it goes directly to energy saver for me thank you).

So I remove all the sounds. I go to Control Panel, then select the "No sounds" scheme, say no to my modified theme (oh the humanity, no I don't want to save that) and that's it.

Only problem is once in a while, I get a PC speaker beep. In other words, I am working, and I receive a mail in Thunderbird and it gets greeted with a BEEP! that not only gets transmitted to my headphones to the maximal possible volume, but that everyone in the whole room (the whole city I'd say by the volume) just jumps.

What the?! When I say I want no sounds, it's not to have it reappear with something even more annoying and loud. Oh no. That's very improper design, Microsoft folks.

At first, I tried to disable it completely, I went to device manager, I tried looking for options, I tried doing whatever I could. To no avail. The PC Speaker is there to stay. Then, I found the problem. The problem is Windows, in its very intelligent way, decides that if you don't have a default sound, it have to find a way to get your attention, so instead of showing some alert, flashing the menu bar like on Mac, or I don't know what, they System Beep.

Hence the tip: In my sound scheme, I use No Sounds. Then, I scroll down a few pages of events until the last one of the first section, and it's aptly named "Default sound". And because there's nothing there, Windows fills in the blank. So I put something there. You could find an empty sound, I could provide one right here, no sweat. But you can choose "Windows XP Start Menu" in the sound bank and it's very close to being "nothing". Totally non-aggressive. And once that is done, no more PC Speaker beep.

June 4, 2006

*nix trick: Decompressing .tar.gz files

Catégorie: OS Tricks — Michel @ 9:58 pm

I got a .tar.gz file. How do I decompress it?

Although it is not always true, depending on your system, the command is usually: tar xzvf thefilename.tar.gz

If it's not working, you can do it in two steps:
gunzip thefilename.tar.gz
tar xvf thefilename.tar

May 23, 2006

Windows XP: Anti-virus and anti-spyware

Catégorie: OS Tricks — Michel @ 3:41 pm
“My computer is slow”“It takes five minutes to start my computer”

“I need to upgrade my computer”

All things I heard about computers from people I know… mostly Windows. I want to give a few tricks to make sure you are running ok. Note that I assume your system is legit, if your Windows is copied, you might run into problems and I don’t really care about your mishaps. Buy your software!

First, left-click Start, right-click on “My Computer” and to the bottom of the menu, left-click on “Properties”. In the window that appears, look at how much RAM you have. If it’s in gigabytes (Gb), you are fine. If it’s in megabytes, you better have 512 or more. If not, that’s your first pit stop: bring your computer to your local repair shop and ask to have up to 1 gigabyte of RAM (more is sometimes useful but not for Mr. Everyone). If you have 256, it should run kind of fine, if you have less than that, here’s your problem. Don’t even think about changing your computer unless you give it a fair chance. You can cancel that window.

Second, make sure your system is properly updated. That means going to Start menu again, “All programs”, and look at the upper-left part of the window. If you see “Microsoft Update”, you are in luck. Click it. Go through all the loops and hoops that they say is required. It might take some time, and might ask for reboots. Do the quick update. If you are asked to update some things, do so, reboot, then do it again, until they say you are good to go. If you only have “Windows Update”, that’s not bad, simply less complete. Click it. Go through all the loops and hoops, same thing.

Third, you need some anti-virus. If you have the choice, Norton Anti-Virus is the most complete, however it’s expensive and does take a lot of computer juice. If you do not have a solution right now, you can see that part by going to Start Menu (again), Configuration Panel, Security Center and see if you have the anti-virus protection activated (Green light), consider using a free one, like Grisoft AVG Anti-Virus Free Edition (link opens a new window). It has no pop-ups, it has no major annoyances and it is easy to install. Simply press “Get AVG Free”, go down the window and download the file there, with the cryptic name ending with .exe. Say you want to execute it, follow up installation, and do a first preliminary virus check. If a virus is found, that might mean game over, that you have to reinstall Windows. Normally no, but sometimes it happens. Another possibility is Avira AntiVir PersonalEdition Classic (new window)… again a very good solution, reputable. The key here is reputability, will you use some anti-virus or anti-spyware that spams everyone simply because they say so? It might even be a spyware itself!

Then, speaking of spywares, you need to remove these pesky spywares that must clog your system. Many good reputable solutions exist, like Ad-Aware Personal (new window). I personally enjoy using Spybot Search&Destroy (new window). Do download the latter, choose your language, press Download, in the Download section below press Download here to the right of the software, then choose a mirror… I personally never had a problem with BN FileForum, so press Download here to the right, finally press Download Now to the right of the window. Execute immediately, follow instructions do a first scan. There will be problems, for sure. They might be simply cookies, but they might be bigger problems. You might again have to reboot, even multiple times. The system might even not be able to clean all of the pests. Then, another game over, and please reinstall Windows. Once it’s done, start the software again and inoculate against all threats.

Last part … Install Firefox (new window) as a default browser. You might like Internet Explorer but everyone tries to attack IE by all possible means. Most web sites support Firefox so why not. You can also go with Opera (new window) as it’s very good, quick, efficient and has nice features. All in all, it’s a matter of taste. However, what’s not a matter of taste is the security issues on Internet Explorer. Sad but true.

Now your system is theoretically clean, it is protected, it has everything you need. Now the cleanup part. Start menu, Configuration panel again, Add/Remove Software. Wait for the list to appear. Then, you are free to remove almost anything and everything that is in this first pane. The exceptions are everything that has the following words in it: “ATI, NVIDIA, Intel, VIA, Drivers, Update, Service Pack”. Use your common sense, if you remove Realtek AC’97 Audio (for example if you have that installed), you will not have sound on your computer anymore. Worst case, if you are unsure, Google the term.

If nothing works, maybe you computer is really too old. Maybe it really needs a good “Spring cleaning”, where you reinstall everything from scratch. Yes, you lose everything, but at least you are totally sure you really need a new computer before doing useless expenses.

Howto: Linux quick shell backup

Catégorie: OS Tricks — Michel @ 3:41 pm
Backups, you need them. Oh yes you need them. Better safe than sorry. You got two computers? One to backup and the other one accessible via FTP? Then you can do a backup.

What you need? A shell script, ncftp for FTP transfer, perl (in shell arguments) and tar.

For sake of completeness, FTP is not safe and can be intercepted, it isn’t as fast as other protocols, but it has the main advantage to be there and available. Same for tar, even with -z, you could do better with bzip2 for example, but it has the immense quality of being always there. Why ncftp? Because it tries a few times. Yes, you can do better and faster but this is simple to understand. Oh and the passwords are in plaintext, yes you can do better.

Again, pleasie-no-copy-paste, as wordpress changes characters. You need to type back everything or know what you’re doing.

Here is the shell file to use. First, you need to create a folder in /root named “backup”. This assumes you are root of course. You can always put ~/ instead of root. The best place to put this is also in one of the /etc/cron.* folders, daily if you can, monthly is better than nothing, yearly, well, what’s the point. Or you can call it in standalone.

myfile=/root/backup/backup.$(date -I).tar.gz
startbackupat=2005-01-01
touch $myfile
chmod 600 $myfile
cd /
nice tar -czf $myfile --newer $startbackupat home var/spool/mail > /dev/null
ncftpput -u MyFtpUserName -p MyPassword -DD host.example.com FolderToPutThisIn $myfile

That’s it! Now, this is made for Fedora Core, and tar has the very bad habit of being different depending of its brand, so you will need to tweak it if you’re not using FC. Even there, you want to change “home” and “var/spool/mail” for something else I’m sure of it. Or maybe add to these two lines, don’t forget, you can put many many lines there.

This will backup all files starting at 2005-01-01, and create files named backup.THEDATE.tar.gz, using a low-priority process (hence the “nice” before), transfer it using ncftpput, and delete the file automatically once it has been copied (the -DD option).

If you want to start the backup at the time of a file, you can use the following line: startbackupat=$(date -r /root/backup/anotherbackupfile +'%Y-%m-%d') (hint hint, that does incremental if you tweak it enough).

If you want to backup your mysql database, add the following lines before the tar line:

touch /root/backup/mysql.dump
chmod 600 /root/backup/mysql.dump
mysqldump -A -f --password=MySqlRootPassword > /root/backup/mysql.dump

Don’t forget to add the file in the tar line (simply add root/backup/mysql.dump before the > )

And I suggest you delete the dump file after its copy (next line after tar: rm /root/backup/mysql.dump)

Why the touching of file and chmod? To be a little bit more secure, don’t forget anyone getting this file would have access to your full backup contents, probably the most sensitive info you got. That’s also why I haven’t used /tmp to put the files.

What else. You can put --exclude lines in your tar line. For example, if you want to copy all your files except one folder, you would use --exclude='home/pr0n' and it will not copy that folder.

Like I said, this is very crude backuping system. It is not meant to replace a full-fledged system but it works well and doesn’t take a genius to understand, hence it doesn’t take a genius to tweak.

How to save iptables ;)

Catégorie: OS Tricks — Michel @ 3:40 pm
Iptables tables are located in /etc/sysconfig/iptables in Fedora Core.

As root, you can use the iptables-save command like this:

  • iptables-save > /etc/sysconfig/iptables

And your precious iptable will be secured.

How to limit attack attempts in Linux

Catégorie: OS Tricks — Michel @ 3:40 pm
These days, there are gazillion of zombie drone computers whose only goal is to try out passwords on your poor little server. Usually, they will start tons of connections with random passwords attempts until they find a good one. Although you could ban these forever, you can always simply hinder their progress by limiting the number of trials they can do in one minute. Using this iptables chain, you can limit to 3 tries per minutes, then their connection will be dropped for a good minute. Usually, this piss them off and they will look elsewhere.The iptables is the following:

ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 3/min burst 3
LOG tcp -- anywhere anywhere LOG level notice prefix `[RATELIMIT] '
DROP (or reject) tcp -- anywhere anywhere

And you create it using these lines:

iptables -N ratelimit
iptables -A ratelimit -p TCP -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A ratelimit -p TCP -j ACCEPT --syn -m limit --limit 1/minute --limit-burst 3
iptables -A ratelimit -p TCP -j LOG --log-level "NOTICE" --log-prefix "[RATELIMIT] "
iptables -A ratelimit -p TCP -j REJECT (or DROP, the difference being REJECT gives instant information to the user the system does not accept your connection, while DROP simply drops the request, leaving the original system in the dark. I prefer DROP but for debugging and to get a valid feedback from your users, it’s better REJECT as they will nag you “the system rejected my logging!”)

(Update: Thanks to Mike, modified –limit 3 to 1, it reflects what I am saying best)
And finally, you need to connect this iptable chain to the ssh protocol (the most used for passwords attacks these days) or telnet, or any other TCP protocol you know is being attacked (no, web doesn’t work and e-mail is not a good idea ;) )

So if you have a iptables line to accept ssh protocol as destination port, modify it to call the chain instead. For example:

iptables -L INPUT (this will show the list of current input filters - count the number of lines up to the ssh line, starting at one for the first line. If you don’t have a line specific to SSH, consider adding one, you simply don’t have to -D the previous one, but then it’s a totally different topic so you’re on your own ;) )

iptables -D INPUT linenumber (this will delete the line “linenumber” from the table)

iptables -I INPUT linenumber -p TCP –dport 22 -j ratelimit (this will add the new line “linenumber” to the table)

Then, verify with another iptables -L INPUT and if everything is fine, you should have a rate limiting system in place! Save it and you’re done.

I still suggest you do all this with Webmin, the only detail being the --syn is replaced by “TCP Flags equals SYN out of SYN, RST and ACK”.

Remember: do not copy-paste the lines from my site, Wordpress changes the accent characters like the quotes!

How to get stuff in Linux

Catégorie: OS Tricks — Michel @ 3:40 pm
To get files from FTP or HTTP in Linux, there are many small useful tools you should have on your computer.

First, you need either apt-get (debian), up2date (red hat), fink (darwin) or yum (independant). For ease of use, I suggest you install yum but that’s up to you. I will give the examples using that one.

You need the following files:

  • ncftp, to retrieve stuff in FTP using the ncftp command. yum install ncftp
  • lynx, to retrieve stuff in HTTP using the lynx command. yum install lynx
  • wget, to retrieve stuff either in FTP or HTTP using the wget command. yum install wget

Once you have these tools, you are free to go. If you require a file that’s on a web page, and you know the file is a direct link, use the following command:

wget “http://www.example.com/myfile.tar.gz” . Don’t forget the quotes, or else if you have a weird character in your string, you’ll execute commands. You can use wget to get files from a FTP server using the same principles.

The two other tools are harder to use, ie: not one-liners. You can get a ftp file from ncftpget the same way you use wget, or you can get a http file from lynx the same way you use wget again. Then, if you want to get a file from a ftp server using the good old FTP protocol, you type ncftp, the server name and you move around in ftp. Same for lynx, you type an address and you’ll have a text-only web browser.

» Dans le passé »

Engin: WordPress - Modèle créé par Michel Donais.

Contrat Creative Commons
Cette création est mise à disposition sous un contrat Creative Commons.