Systems Administration Notes
Some quick notes to help me (and possibly you) remember some of those annoying
details that seem to come up alot but I always keep forgetting.
Apache: htaccess block
Require username/password for people not on local 10.1.1.* network:
<Directory "/usr/local/apache/htdocs">
AllowOverride None
Options None
order deny,allow
deny from all
AuthType Basic
AuthName dev
AuthUserFile /usr/local/apache/conf/htpasswd
AuthGroupFile /usr/local/apache/conf/htgroup
require group dev
allow from 10.1.1
satisfy any
</Directory>
HTML: Meta Refresh:
Redirects the browser to the named url. Set this in the headers of an html page. 0 referrs to the
number of seconds till refresh.
<meta http-equiv="refresh" content="0; url=http://www.anders.com/">
Netfilter: iptables: Port Forwarding:
2.4 kernels and later. This will take requests coming from the world to port 1234 of
our real internet IP (198.207.193.80) and forward them to port 5678 on a machine
on our local fakenet (10.1.1.5).
echo 1 > /proc/sys/net/ipv4/ip_forward
/usr/local/sbin/iptables -A PREROUTING -t nat -p tcp -d 198.207.193.80 --dport 1234 -j DNAT --to 10.1.1.5:5678
Samba: PDC and Win2k:
Situation:
Win2k client connecting to samba as a PDC through a machine account.
error:
[2003/03/27 04:25:34, 2] passdb/pdb_smbpasswd.c:startsmbfilepwent(170)
startsmbfilepwent_internal: unable to open file /usr/local/samba/private/smbpasswd. Error was Permission denied
Fix:
Initial pdc login requires a root user in samba. create a samba account for root
and login as root to samba.
tinydns (djbdns) and reverse classless name delegation
My blood, sewat and tears are broken out on another page for
reverse classless delegation with tinydns.
Update Root Servers List
dnsip `dnsqr ns . | awk '/^answer/ { print $5 }'` > @
List of Root DNS Server IPs
As of November 2010:
198.41.0.4
192.228.79.201
192.33.4.12
128.8.10.90
192.203.230.10
192.5.5.241
192.112.36.4
128.63.2.53
192.36.148.17
192.58.128.30
193.0.14.129
199.7.83.42
202.12.27.33
Java uploader servlet
Bare bones of an uploader servlet I wrote 100 years
ago to teach myself the basics.
Postgres Notes
Administration notes on postgres are on another page as well.
CentOS Notes
Administration notes on centos are on another page too.
Send a popup note to a Windows machine
net send 10.1.1.1 "hi there"
Cisco IOS
Catalyst 3550 switch port configuration example
Dell PowerEdge 1750 and Gentoo Linux
When trying to install Gentoo, typically the ethernet network and SCSI disk drivers don't autoconfigure. (as of
Gentoo 1.4 version 2004.1) To enable the Tigon3 10/100/1000 network adapter, modprobe tg3. To enable the LSI Logic 53c1030 SCSI
adapter, modprobe mptbase; modprobe mptscsih. See the modules under /lib/modules/2.4*/kernel/drivers/message/fusion.
Dell PowerEdge 1950 Ethernets and Linux
The ethernet ports on the Dell 1950s are labeled incorrectly. When booted, eth0 is port 2 and eth1 is port 1. The BMC
(accessable through ipmi via ipmitool) talks to the network on port 1 or eth2. Of course you won't be able to ping it
through that port as the hardware is shared between Linux and the BMC TCP/IP stack.
The ip command
The ip command is part of the iproute2 package. On Gentoo, emerge iproute2 to get it.
Securely backup a tree on a remote machine to a tape drive on the local machine
ssh machine -l user "tar -c /path" | dd of=/dev/tape
where "machine" is the hostname of the remote computer, "user" is the username on the remote computer and
"/path" is the path to be backed up. This command opens a shell on the remote machine through ssh and
starts a tar of some path with compression on the remote machine. The output of tar is through STDOUT
so the data flows back through the secure channel to the local machine and gets piped into dd which in
turn outputs to the local tape drive at /dev/tape. Of course the "-l username" is not absolutely necessary.
To get at the archive, un-tar as normal: tar -xvf /dev/tape
mysql client through an ssh tunnel
ssh to a remote host and make your local 12345 port tunnel to the remote server and pop out on that server's localhost 3306:
ssh -L localhost:12345:localhost:3306 remote.server.com
If you have a local instance of mysql running, you MUST force the mysql command interpreter to use TCP
or else it will ignore the port and host options you specify and just use the local socket instead. (45 minutes
of my time figuring that one out right there)
mysql mysql -P 12345 -h localhost --protocol=TCP -u root -p
djbdns NAPTR and SRV record builder
NAPTR and SRV records can be supported by djbdns through it's generic record syntax though composing
these records isn't easy. I have made a djbdns record builder to help.
RTP Payload Types
In a SIP VoIP call, the INVITE can include several codec choices for the RTP streams the call uses. Finding what
all the codec choice numbers stand for is the job is the RTP Codec Chart.
Tomcat Notes
Administration notes on Apache Tomcat are on another page.
DJB Software fix for > glibc 2.3.1
DJB software such as qmail, djbdns and daemontools doesn't like to compile on newer versions of glibc because
the software has problems locating errno.h. Adding the explicit location to the file "conf-cc" in the source
fixes this issue.
cc -O2 -include /usr/include/errno.h
In the DJB program clockspeed if you see this error in clockview.c:
./compile clockview.c
clockview.c: In function 'print':
clockview.c:23: warning: assignment makes pointer from integer without a cast
clockview.c:24: error: dereferencing pointer to incomplete type
clockview.c:26: error: dereferencing pointer to incomplete type
clockview.c:28: error: dereferencing pointer to incomplete type
clockview.c:30: error: dereferencing pointer to incomplete type
clockview.c:32: error: dereferencing pointer to incomplete type
clockview.c:34: error: dereferencing pointer to incomplete type
clockview.c: In function 'main':
clockview.c:46: warning: return type of 'main' is not 'int'
make: *** [clockview.o] Error 1
Change the second line in clockview.c:
#include <sys/time.h>
to this:
#include <time.h>
To get an updated list of default servers for dnscache:
cd /service/dnscache
dnsip `dnsqr ns . | awk '/answer:/ { print $5 ; }' | sort` > root/servers/@
svc -t /service/dnscache
Some notes on DJB's publicfile.
Sun Lights Out Manager (LOM) Access
On a Sun box via serial, (default 9600-8-N-1 No Flow) type #. to get to
the LOM. Type console to get back to the OS prompt.
To reset the LOM admin password through SunOS:
/usr/platform/`uname -i`/sbin/scadm userpassword admin
To stop a system from auto booting from SunOS:
/usr/platform/`uname -i`/sbin/eeprom auto-boot?=false
or do this in the LOM:
sc> bootmode bootscript="cdrom"
To make a system auto boot:
sc> setenv auto-boot? false
Built-in Mac OSX Screenshot Commands
| Key Combination |
Result |
| Command+Shift+3 |
Capture entire screen and save as a file |
| Command+Control+Shift+3 |
Capture entire screen and copy to the clipboard |
| Command+Shift+4 |
Capture dragged area and save as a file |
| Command+Control+Shift+4 |
Capture dragged area and copy to the clipboard |
| Command+Shift+4 then Space bar |
Capture a window, menu, desktop icon, or the menu bar and save as a file |
| Command+Control+Shift+4 then Space bar |
Capture a window, menu, desktop icon, or the menu bar and copy to the clipboard |
Dell PowerEdge 1750 RAC ERA/O Remote Console and Linux 2.6 Kernels
I was having a problem with a Dell PE1750 machine with an ERA/O embeded server
management card. The ERA/O card has a web interface (https with default username
"root" and default password "calvin") that (among other things) lets you open
a "Remote Console" in a browser window. Basically, if you are not in a GUI mode,
you can see what's on the screen and type on the keyboard. This is especially
handy because you can reboot the machine and have full access to the BIOS because
the ERA/O RAC card is it's own computer. (not a part of the motherboard) Other
handy things you can do include switching the power supply to the motherboard off
and on (cold reset) should you have a hardware lockup that only killing power
will fix, and uploading a floppy image over the net to use to boot the machine.
(handy when updating BIOS remotely or booting a floppy to rescue the machine)
(who uses floppy these days?!)
The problem I ran into was that I could access the BIOS and even play around
with the GRUB boot loader program as the machine began to boot but once the machine
was to a boot prompt, keyboard input wouldn't work. In my tests, this had worked
with earlier revs of the kernel so I was surprised to see it suddenly stop working.
The fix was to pass the following as a kernel parameter on boot:
i8042.dumbkbd=1
Keyboards are usually bi-directional. The kernel can do things like blink the
keyboard lights, but in the above scenerio, the keyboard is just a 1 way serial
input. This "hack" stops the kernel from trying to send data to the keyboard and
allows me to login as normal to a Linux 2.6 kernel through the ERA/O card. Go figure!
Asterisk and MeetMe without Zapte; Hardware
If asterisk won't compile app_meetme even though the zaptel library is compiled and installed,
it is probably because zaptel.h and tonezone.h aren't in the include path asterisk is checking.
The easiest way to fix this is to copy zaptel.h and tonezone.h to the asterisk source's include
directory.
|
