vnstat

November 18th, 2010

vnStat is a wonderful tool that will allow you to grab traffic information from you network interfaces.

From its homepage…

vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s). It uses the network interface statistics provided by the kernel as information source. This means that vnStat won’t actually be sniffing any traffic and also ensures light use of system resources. However, in Linux at least a 2.2 series kernel is required.

Read the rest of this entry »

Happy Sysadmin Day

July 30th, 2010

One year again, today is the 11th SysAdmin Appreciation Day. Happy day to all of you!

10 years of OpenSSH

October 2nd, 2009

Thank you to everyone that has contributed to OpenSSH over its lifetime. It has made our life as Sysadmins a bit easier.

The version 5.3 has been released and marks the 10th anniversary of this project. From OpenSSH:

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support.

This release marks the 10th anniversary of the OpenSSH project. We would like to thank the OpenSSH community for their support, especially those who will continue to contribute code or patches, report bugs, test snapshots or donate to the project during the next 10 years.  More information on donations may be found at:

http://www.openssh.com/donations.html

DIY storage: how to build cheap cloud storage

September 5th, 2009

This link shows how to build your own 67 terabyte storage servers for less than $8000. On the other hand, this link provides another perspective pointing out objections about the DIY storage server.

Description of the file system hierarchy

August 19th, 2009

man hier

;)

Bash script: effectively check if a filesystem is mounted

August 18th, 2009

Whenever you want to check if a file system is mounted and perform some action in you script based on this, the simplest and most accurate way to do it in Linux is to check /proc/mounts:

if grep -qs ‘/mnt/sda2′ /proc/mounts; then
echo “fs mounted”
else
echo “fs not mounted”
fi

40 years of Unix

June 8th, 2009

Linux, *BSD, Solaris, AIX, HP-UX, True64, Mac OS X…

Unix, the Operating System born at Bell Labs 40 years ago has become a revolutionary OS and we hope it’s legacy will survive for decades.

More info:

How to disable IPv6 in Debian

April 23rd, 2009

I’ve recently installed a new LDAP server on Debian Lenny and I wanted to disable IPv6 as it is unnecessary for me in this moment. With netstat I checked the listening processes:

netstat -tunlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2226/slapd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2215/sshd
tcp6 0 0 :::389 :::* LISTEN 2226/slapd
tcp6 0 0 :::22 :::* LISTEN 2215/sshd

and lsmod showed something like this:

Module Size Used by
ipv6 235364 12
...

So, to disable IPv6 I changed /etc/modprobe.d/aliases:
...
# alias net-pf-10 ipv6
# Disable ipv6
alias net-pf-10 off
alias ipv6 off
...

I also disabled these lines in /etc/hosts to avoid confusions:

...
## The following lines are desirable for IPv6 capable hosts
#::1 localhost ip6-localhost ip6-loopback
#fe00::0 ip6-localnet
#ff00::0 ip6-mcastprefix
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
#ff02::3 ip6-allhosts

Finally I restarted the server.

shutdown -r now

Now the situation is like this:

netstat -tunlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2233/slapd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2216/sshd

lsmod|grep ipv6

...

No IPv6.

dig: basic usage

April 15th, 2009

Today we are going to take a quick look at dig. According to the man pages:

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output.

Let’s see how to lookup the DNS servers for the domain karkomaonline.com:

dig karkomaonline.com -t ns

The -t option specifies the query type (a, any, mx, ns, txt… ), being a the default. The -t ns option will look-up the Name Servers for the domain karkomaonline.com. You should get something like this:

; <<>> DiG 9.4.2-P2 <<>> karkomaonline.com -t ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4825
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1


;; QUESTION SECTION:
;karkomaonline.com.        IN    NS


;; ANSWER SECTION:
karkomaonline.com.    172800    IN    NS    dns010.d.register.com.
karkomaonline.com.    172800    IN    NS    dns024.c.register.com.
karkomaonline.com.    172800    IN    NS    dns071.a.register.com.
karkomaonline.com.    172800    IN    NS    dns150.b.register.com.


;; ADDITIONAL SECTION:
dns010.d.register.com.    48    IN    A    216.21.236.10


;; Query time: 172 msec
;; SERVER: 192.168.1.9#53(192.168.1.9)
;; WHEN: Wed Apr 15 22:46:35 2009
;; MSG SIZE  rcvd: 152

The interesting part is the ANSWER SECTION, that lists the name servers for the mentioned domain. You can get a shorter output of the same command:

dig karkomaonline.com -t ns +short

dns010.d.register.com.
dns071.a.register.com.
dns024.c.register.com.
dns150.b.register.com.

Now look up the mail servers for the same domain:

dig karkomaonline.com -t mx

...
;; ANSWER SECTION:
karkomaonline.com.    86400    IN    MX    0 mailhost.karkomaonline.com.
...

From the output of the first example you can see that by default dig queried my internal DNS server (configured in /etc/resolv.conf):

...
;; SERVER: 192.168.1.9#53(192.168.1.9)
...

You can change this behaviour by instructing dig to query a specific name server:

dig @dns010.d.register.com karkomaonline.com -t mx

...
;; ANSWER SECTION:
karkomaonline.com.    86400    IN    MX    0 mailhost.karkomaonline.com.


;; ADDITIONAL SECTION:
mailhost.karkomaonline.com. 86400 IN    A    94.75.208.171


;; Query time: 181 msec
;; SERVER: 216.21.236.10#53(216.21.236.10)
...

Note that the queried server now is 216.21.236.10.

More info::

Debian GNU/Linux 5.0 released

February 15th, 2009

From the Debian Project site:

This release includes numerous updated software packages, such as the K Desktop Environment 3.5.10 (KDE), an updated version of the GNOME desktop environment 2.22.2, the Xfce 4.4.2 desktop environment, LXDE 0.3.2.1, the GNUstep desktop 7.3, X.Org 7.3, OpenOffice.org 2.4.1, GIMP 2.4.7, Iceweasel 3.0.6 (an unbranded version of Mozilla Firefox), Icedove 2.0.0.19 (an unbranded version of Mozilla Thunderbird), PostgreSQL 8.3.6, MySQL 5.0.51a, GNU Compiler Collection 4.3.2, Linux kernel version 2.6.26, Apache 2.2.9, Samba 3.2.5, Python 2.5.2 and 2.4.6, Perl 5.10.0, PHP 5.2.6, Asterisk 1.4.21.2, Emacs 22, Inkscape 0.46, Nagios 3.06, Xen Hypervisor 3.2.1 (dom0 as well as domU support), OpenJDK 6b11, and more than 23,000 other ready-to-use software packages (built from over 12,000 source packages).

With the integration of X.Org 7.3 the X server autoconfigures itself with most hardware. Newly introduced packages allow the full support of NTFS filesystems and the use of most multimedia keys out of the box. Support for Adobe® Flash® format files is available via the swfdec or Gnash plugins. Overall improvements for notebooks have been introduced, such as out of the box support of CPU frequency scaling. For leisure time several new games have been added, including puzzle games as well as first-person shooters. Also notable is the introduction of “goplay”, a graphical games browser offering filters, search, screenshots and descriptions for games in Debian.

The availability and updates of OpenJDK, GNU Java compiler, GNU Java bytecode interpreter, Classpath and other free versions of Sun’s Java technology, into Debian GNU/Linux 5.0 allow us to ship Java-based applications in Debian’s “main” repository.

Further improvements in system security include the installation of available security updates before the first reboot by the Debian Installer, the reduction of setuid root binaries and open ports in the standard installation, and the use of GCC hardening features in the builds of several security-critical packages. Various applications have specific improvements, too. PHP for example is now built with the Suhosin hardening patch.

For non-native English speaking users the package management systems now support translated package descriptions and will automatically show the description of a package in the native language of the user, if available.

More info can be found here.