Older blog entries for mchirico (starting at number 50)

This is a powerful tool with a lot of options. It comes installed with the Fedora distributions, but to take full advantage of this tool the kernel should be recompiled from source, to reference the uncompressed kernel image with the ``--vmlinux'' option.

This article ``Performance Monitoring on Linux'' walks you through the necessary steps for compiling the source kernel on Fedora installs. Also included is a quick look at iozone, and smartmontools.

The article isn't finished. cfengine has interesting system monitoring features as well (cfenvd components), but that article is taking its time.

Advanced Programming in the UNIX Environment: Second Edition

I picked up a copy of ``Advanced Programming in the UNIX Environment: Second Edition'', by W. Richard Stevens, Stephen A. Rago. Pub Date: June 17, 2005, 960 pages. Stevens passed on in 1999 - boating accident I think. Rago is carrying on the tradition.

This package will intelligently push and pull updates to multiple servers, with built in locking to prevent system overloading. In addition, there are tripwire features (md5sum in a BerkeleyDB database), for system monitoring.

That's not all. There is an intrusion detection component, well, let's call it "sophisticated environment monitoring" where deviations from "normal" and "abnormal" behavior can be detected, with flexibility to customize...

Some of the articles written about cfengine seem to gloss over the full functionality. I saw one popular article mention rsync, which isn't needed. Cfengine will perform its own updates ... look for traffic on port 5308. Setting up keys and admit rights can be a bit tricky, especially since error messages can be misleading. Anyway, I'm making cfengine my next article. It could be 40+ pages.

tcpdump

A document that goes beyond methodically listing tcpdump options and engages the reader with short programs using raw sockets (for sending with flag manipulation) and libpcap (for receiving), may be worth writing. Perhaps it maybe worth reading if it is given a bit of a security spin, since I got a lot of comments on the Breaking Firewalls with OpenSSH and PuTTY article.

Personally, I think tcpdump is indispensable for system administration.

Fedora Core 4

So far I like it. Bind 9 is setup securely, or specifically more secure than FC3. I did have compiler errors with cyrus-sasl-2.1.21.tar.gz; but, for setting up postfix to interact with gmail, the installed package work fine, unlike FC3.

Wietse listed my Postfix Tutorial under the Howtos and FAQs, so I feel good about making a small contribution. Reviews have been positive.

openvpn

I've been very impressed with openvpn. The documentation is well written; however, I still think there's room for an article. Specifically, I was thinking of creating a tutorial that would complement the Live Linux CD; but, have openvpn installed, with NFS in conjunction with UnionFS. Perhaps add instructions on compiling GCC? Nothing yet; I'm still in meticulous testing phase.

Linux Device Drivers, 3rd Editon

This book is extremely good, and it's released under the creative commons license. For $65 you can get a Delcom USB device. I've done a simple one here, which may help if you're thinking of doing a 2.6 kernel module for it and need help getting started.

SourceForge

I noticed SourceForge is using Fedora Core 2 for their servers. Interesting, it seems the Red Hat 9.0 and 8.0 users may be gravitating to the Fedora releases. Originally, from companies that I surveyed, there was the issue of on-going support. However, from my personal experience, I prefer working with the 2.6 kernel. I don't want to keep a server running an old version of the OS and dated applications for years. With SourceForge going with Fedora Core 2, it may throw some weight behind this decision as well. True, there is Debian. But, I prefer grub over lilo especially when configuring for software raid. Again true, you can get all of this under Debian, I'm starting to see Fedora pull ahead - just my observation.

Articles

The MySQL Tips is averaging 40 downloads per hour. I think the SQLite Tutorial and Gmail article are more interesting. The Live Linux CD gets a lot of reads from the UK. And Breaking Firewalls generated the most hate mail - seems System Administrators are shutting down port 22 because of this article. I would encourage them to reread and re-think the article before taking such actions. In reality, I think it's just a few people complaining loudly.

Today's Tip

Instead of using ``ps auxf|grep 'someprocess' try the following. For example, suppose you start working with openvpn, and you want to see if it's running.

        ps -fC openvpn
  UID        PID  PPID  C STIME TTY          TIME CMD
  nobody   27092     1  0 09:45 ?        00:00:00 openvpn server.conf

I think the above method is cleaner.

Yes, you can relay all your mail to Google Gmail from your home system, if you have a Gmail account. Plus, you can get it delivered, fetched, locally.

Postfix has to be configured with TLS and SASL. The following listing will probably make sense, if you're familiar with Postfix. If you've never used Postfix, then, you might want to read the complete tutorial ``Google Gmail on Home Linux Box using Postfix and Fetchmail''

 /etc/postfix/main.cf
      transport_maps = hash:/etc/postfix/transport
      smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
     smtp_generic_maps = hash:/etc/postfix/generic

 
  /etc/postfix/transport
    # Contents of /etc/postfix/transport
    #
    # This sends mail to Gmail
    gmail.com               smtp:[smtp.gmail.com]
    # 
    # Except mail going to the tape and closet server
    tape.squeezel.com        relay:[tape.squeezel.com]
    closet.squeezel.com      relay:[closet.squeezel.com]

 
 /etc/postfix/generic
      # Note hostname is squeezel.squeezel.com
   chirico@squeezel.squeezel.com         mchirico@gmail.com


 
 /etc/postfix/sasl_passwd
    # Contents of sasl_passwd
    #
    [smtp.gmail.com]              mchirico@gmail.com:pa33w0r8

Fetchmail

I would strongly recommend using Fetchmail with the ``sslcertck'' option, after you verify and copy the certificates. See the tutorial for a complete step by step approach on how to do this.

    # 
    #
    # Sample /home/chirico/.fetchmailrc file for Gmail
    #
    # Check mail every 90 seconds
    set daemon 90
    set syslog
    set postmaster chirico
    #set bouncemail
    #
    # Google Gmail  is mchirico but on computer it is chirico
    #  To keep mail on the server use the you would put keep at the end.
    # user 'mchirico@gmail.com' with pass "pa33w0r8"  is 'chirico' here options ssl sslcertck  sslcertpath '/home/chirico/certs/.certs' keep    
    #
    poll pop.gmail.com with proto POP3 and options no dns 
         user 'mchirico@gmail.com' with pass "pa33w0r8"  is 'chirico' here options ssl sslcertck  sslcertpath '/home/chirico/certs/.certs' 
         smtphost localhost    
    # You would use this to by-pass Postfix
    # mda '/usr/bin/procmail -d %T'


  

Regards,

Mike Chirico

I noticed a lot of Internet Explorer users complaining about annoying pop-ups. And when they run ad-aware, it looks like lots of spyware. Also, I hear an inordinate number of complaints regarding ISP service yesterday and today...check the DNS, especially Comcast users.

Maybe you've noticed a slow email day?

I think this cache poisoning is going to get worse. But, I've been wrong before.

References

Microsoft has posted an update on this.

The following is the DNS CACHE POISONING DETAILED ANALYSIS REPORT Version 2, which gives a history and some good details.

I picked up a copy of ``C++ Common Knowledge: Essential Intermediate Programming'' by Stephen C. Dewhurst, 2005. I like his example (Item 6: Array Formal Arguments), dealing with array formal arguments. In fact, there are no array formal arguments. Arrays decay to a first element pointers. What does this mean? It's not possible to find the size of an array, that is passed to a function with ``sizeof(array)/sizeof(Array[0])'', because sizeof(array) finds the size of the pointer, and not the array. Yes, when you create the array, you can find the size of it; but, when it decays to a pointer, which it does when you pass an array to a function, you cannot use this method. Don't take my word for it. Try it.

Dewhurst gives an interesting way around this - I've added initialization of the array as well.

#include <iostream>
#include <string>
using namespace std;

 template <typename T,int n, typename T2>
int give_size_init(T (&array)[n],T2 init_val)
{
  int i;
  for(i=0; i<n; i++)
    array[i]=init_val;
  return n;
}

 int main(void)
{
  int a[13];
  string s[15];
  string s_init;
  cout << "Size of array is " << give_size_init(a,5) << endl;
  cout << "Size of array is " << give_size_init(s,"ta da") << endl;
  s_init="more";
  cout << "Size of array is " << give_size_init(s,s_init) << endl;
  return 0;
}  

OpenSSH and PuTTY This article was updated that details connecting beyond a firewall. In addition, I rarely see people using the config option with openSSH, which is peculiar, since it's convenient and powerful. Also the RemoteForward option for presenting remote websites through multiple firewalls, is my favorite option.

If the system administrator deliberately filters out all traffic except port 22 (ssh), to a single server, it is very likely that you can still gain access other computers behind the firewall. This article shows how remote Linux and Windows users can gain access to firewalled samba, mail, and http servers. In essence, it shows how openSSH and Putty can be used as a VPN solution for your home or work place.

           $  shutdown -k +1

I love the man page on this one.

      -k     Don't really shutdown; only send the warning messages to every-
              body.

Doesn't that sound a bit sinister? I picture an evil System Administrator, having malice aforethought and obvious premeditation, going around executing repeated ``shutdown -k'' commands.

149 Linux Tips

I'm up to 149 tips. I'm a bit of a numbers freak. Tip 23 was special because the numbers PI and E sync on the number 23. So I had to come up with a unique tip for that one.

             3.14159265358979323
             2.71828182845904523

So, how hot does your hard disk run? smartmontools will tell you.

My hard drive is currently 31C

194 Temperature_Celsius     0x0002   177   177   000    Old_age   Always       -        
31 (Lifetime Min/Max 16/44)

There is a good article in Linux Journal.