KarKomaOnline a site for Sysadmins

40 years of Unix

June 8th, 2009

Linux, *BSD, Solaris, AIX, HP-UX, True64, Mac OS X…

Unix, the Operating System born at Bell Labs 40 years ago has become a revolutionary OS and we hope it’s legacy will survive for decades.

More info:

Tags: Unix
Posted in Unix facts | No Comments »

How to disable IPv6 in Debian

April 23rd, 2009

I’ve recently installed a new LDAP server on Debian Lenny and I wanted to disable IPv6 as it is unnecessary for me in this moment. With netstat I checked the listening processes:

netstat -tunlp

Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2226/slapd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2215/sshd tcp6 0 0 :::389 :::* LISTEN 2226/slapd tcp6 0 0 :::22 :::* LISTEN 2215/sshd

and lsmod showed something like this:

Module Size Used by ipv6 235364 12 ...

So, to disable IPv6 I changed /etc/modprobe.d/aliases:
... # alias net-pf-10 ipv6 # Disable ipv6 alias net-pf-10 off alias ipv6 off ...

I also disabled these lines in /etc/hosts to avoid confusions:

... ## The following lines are desirable for IPv6 capable hosts #::1 localhost ip6-localhost ip6-loopback #fe00::0 ip6-localnet #ff00::0 ip6-mcastprefix #ff02::1 ip6-allnodes #ff02::2 ip6-allrouters #ff02::3 ip6-allhosts

Finally I restarted the server.

shutdown -r now

Now the situation is like this:

netstat -tunlp

Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2233/slapd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2216/sshd

lsmod|grep ipv6

...

No IPv6.

Tags: IPv6, Tips and Tricks
Posted in Linux Debian, Tips and Tricks | No Comments »

dig: basic usage

April 15th, 2009

Today we are going to take a quick look at dig. According to the man pages:

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output.

Let’s see how to lookup the DNS servers for the domain karkomaonline.com:

dig karkomaonline.com -t ns

The -t option specifies the query type (a, any, mx, ns, txt… ), being a the default. The -t ns option will look-up the Name Servers for the domain karkomaonline.com. You should get something like this:

; <<>> DiG 9.4.2-P2 <<>> karkomaonline.com -t ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4825 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION: ;karkomaonline.com.        IN    NS
;; ANSWER SECTION: karkomaonline.com.    172800    IN    NS    dns010.d.register.com. karkomaonline.com.    172800    IN    NS    dns024.c.register.com. karkomaonline.com.    172800    IN    NS    dns071.a.register.com. karkomaonline.com.    172800    IN    NS    dns150.b.register.com.
;; ADDITIONAL SECTION: dns010.d.register.com.    48    IN    A    216.21.236.10
;; Query time: 172 msec ;; SERVER: 192.168.1.9#53(192.168.1.9) ;; WHEN: Wed Apr 15 22:46:35 2009 ;; MSG SIZE rcvd: 152

The interesting part is the ANSWER SECTION, that lists the name servers for the mentioned domain. You can get a shorter output of the same command:

dig karkomaonline.com -t ns +short

dns010.d.register.com. dns071.a.register.com. dns024.c.register.com. dns150.b.register.com.

Now look up the mail servers for the same domain:

dig karkomaonline.com -t mx

... ;; ANSWER SECTION: karkomaonline.com. 86400 IN MX 0 mailhost.karkomaonline.com. ...

From the output of the first example you can see that by default dig queried my internal DNS server (configured in /etc/resolv.conf):

... ;; SERVER: 192.168.1.9#53(192.168.1.9) ...
You can change this behaviour by instructing dig to query a specific name server:

dig @dns010.d.register.com karkomaonline.com -t mx

... ;; ANSWER SECTION: karkomaonline.com. 86400 IN MX 0 mailhost.karkomaonline.com.
;; ADDITIONAL SECTION: mailhost.karkomaonline.com. 86400 IN A 94.75.208.171
;; Query time: 181 msec ;; SERVER: 216.21.236.10#53(216.21.236.10) ...

Note that the queried server now is 216.21.236.10.

More info::

Tags: dig
Posted in Tips and Tricks | No Comments »

Debian GNU/Linux 5.0 released

February 15th, 2009

From the Debian Project site:

This release includes numerous updated software packages, such as the K Desktop Environment 3.5.10 (KDE), an updated version of the GNOME desktop environment 2.22.2, the Xfce 4.4.2 desktop environment, LXDE 0.3.2.1, the GNUstep desktop 7.3, X.Org 7.3, OpenOffice.org 2.4.1, GIMP 2.4.7, Iceweasel 3.0.6 (an unbranded version of Mozilla Firefox), Icedove 2.0.0.19 (an unbranded version of Mozilla Thunderbird), PostgreSQL 8.3.6, MySQL 5.0.51a, GNU Compiler Collection 4.3.2, Linux kernel version 2.6.26, Apache 2.2.9, Samba 3.2.5, Python 2.5.2 and 2.4.6, Perl 5.10.0, PHP 5.2.6, Asterisk 1.4.21.2, Emacs 22, Inkscape 0.46, Nagios 3.06, Xen Hypervisor 3.2.1 (dom0 as well as domU support), OpenJDK 6b11, and more than 23,000 other ready-to-use software packages (built from over 12,000 source packages).

With the integration of X.Org 7.3 the X server autoconfigures itself with most hardware. Newly introduced packages allow the full support of NTFS filesystems and the use of most multimedia keys out of the box. Support for Adobe® Flash® format files is available via the swfdec or Gnash plugins. Overall improvements for notebooks have been introduced, such as out of the box support of CPU frequency scaling. For leisure time several new games have been added, including puzzle games as well as first-person shooters. Also notable is the introduction of “goplay”, a graphical games browser offering filters, search, screenshots and descriptions for games in Debian.

The availability and updates of OpenJDK, GNU Java compiler, GNU Java bytecode interpreter, Classpath and other free versions of Sun’s Java technology, into Debian GNU/Linux 5.0 allow us to ship Java-based applications in Debian’s “main” repository.

Further improvements in system security include the installation of available security updates before the first reboot by the Debian Installer, the reduction of setuid root binaries and open ports in the standard installation, and the use of GCC hardening features in the builds of several security-critical packages. Various applications have specific improvements, too. PHP for example is now built with the Suhosin hardening patch.

For non-native English speaking users the package management systems now support translated package descriptions and will automatically show the description of a package in the native language of the user, if available.

More info can be found here.

Tags: Linux
Posted in Uncategorized | No Comments »

ISO image as a filesystem

January 3rd, 2009

If you want to mount an ISO image as a filesystem, simply proceed as follows:

mkdir /mnt/iso0
mount -o loop -t iso9660 /tmp/debian-40r6-amd64-netinst.iso /mnt/iso0

Tags: mount
Posted in Tips and Tricks | No Comments »

15th birthday of the Debian project

August 16th, 2008

On 16 August 1993 Ian Murdock issued the first announcement of the Debian Project on comp.os.linux.development. Since then Debian has established itself as one of the most stable Linux distros and commited to the FOSS.

More info:

Tags: Linux
Posted in General, Linux Debian | No Comments »

Happy Sysadmin day!

July 25th, 2008

Today July 25th, is the 9th annual System Administrator Appreciation Day.

Tags: Sysadmin
Posted in General | No Comments »

Solaris 10 post-installation tasks

May 30th, 2008

This post outlines some of the post-installation tasks I usually perform after a fresh Solaris 10 installation. Note that this is my own approach and that it is based on x86 archictecture.

The first general tasks involve linuxifying the new environment and setting some environment variables:

a) Changing root account settings:

vi /etc/passwd
root:x:0:0:Super-User:/root:/usr/bin/bash

b) Creating a directory for the root account:

mkdir /root
mv /.bash* /root
mv /.sunw /root

c) Modifying /etc/profile or /root/.bash_profile according to my preferences:

PS1=’[33[01;31m]SERVER-NAME [33[00m]u@h:[33[01;34m]w[33[00m]$ ‘

alias la=”ls -alh”
alias cp=”cp -i”
alias mv=”mv -i”
alias rm=”rm -i”

PATH=/opt/csw/bin:/usr/sbin:/usr/bin:/usr/openwin/bin:/usr/dt/bin:/usr/ccs/bin:$PATH
export PATH

export TERM=xterm

d) Network stuff:

vi /etc/resolv.conf

search mydomain.com
nameserver 192.168.1.2

vi /etc/defaultrouter

192.168.1.1

cd /etc
cp nsswitch.dns nsswitch.conf

e) Once finished this basic configuration, I usually install and configure PKG-GET for the package management:

mkdir /tmp/karkoma

cd /tmp/karkoma

/usr/sfw/bin/wget http://www.blastwave.org/pkg_get.pkg
pkgadd -d pkg_get.pkg all

/usr/sfw/bin/wget http://www.blastwave.org/wget-i386.bin
chmod 755 wget-i386.bin

PATH=/tmp/karkoma:/opt/csw/bin:/usr/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin
export PATH

vi /opt/csw/etc/pkg-get.conf

Change this file according to your needs, remember to pick a mirror nearest to you. Then continue with the following:

pkg-get -i wget

PATH=/opt/csw/bin:/usr/sbin:/usr/bin:/usr/openwin/bin:/usr/dt/bin:/usr/ccs/bin
export PATH

pkg-get -i gnupg

Note that by adding the PATH to /etc/profile it will be available system wide.

f) Add users to your new environment:

mkdir -p /export/home
useradd -d /export/home/username -m -s /bin/bash -c “Franz Kafka” username
passwd username

g) Finally disable un-needed services

svcadm disable sendmail
svcadm disable ftp
svcadm disable telnet
svcadm disable finger

That’s all. Now, what kind of tasks do you perform in a fresh installation?

References:

From KarkomaOnline.

Tags: Solaris
Posted in Solaris | No Comments »

Another alternative to Bind: Unbound DNS server

May 21st, 2008

DJBDNS, MaraDNS… and now another player in the DNS servers ground: Unbound.

Unbound is a validating, recursive, and caching DNS resolver.

The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net.

Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible.

The source code is under a BSD License.

Unbound 1.0.0 was released in May 20.

Tags: DJBDNS, DNS, MaraDNS, Unbound
Posted in General | No Comments »

Nine Inch Nails’ new album under Creative Commons

May 5th, 2008

You know that this kind of post is not usual in this site but I think it worth it. According to their web site:

as a thank you to our fans for your continued support, we are giving away the new nine inch nails album one hundred percent free, exclusively via nin.com.

the music is available in a variety of formats including high-quality MP3, FLAC or M4A lossless at CD quality and even higher-than-CD quality 24/96 WAVE. your link will include all options - all free. all downloads include a PDF with artwork and credits.

…

the slip is licensed under a creative commons attribution non-commercial share alike license.

This people is really a pioneer in the music world. Congratullations to their fans.

Tags: Creative Commons, Nine Inch Nails
Posted in Events, General | No Comments »

KarkomaOnline

40 years of Unix

How to disable IPv6 in Debian

dig: basic usage

Debian GNU/Linux 5.0 released

ISO image as a filesystem

15th birthday of the Debian project

Happy Sysadmin day!

Solaris 10 post-installation tasks

Another alternative to Bind: Unbound DNS server

Nine Inch Nails’ new album under Creative Commons

Tags

Categories

Archives

Users

Recent posts

Recent comments

SecurityFocus: Vulnerabilities

SecurityFocus: News

Slashdot