errr-online.com

Ive been doing a lot of testing with the guruplug plus lately. Since this thing is a loaner I dont want to make changes to the default settings if I dont have to. This has led me to do all my testing on USB thumbdrives, and on eSATA connected drives. This is a pretty simple thing to setup. Below I will walk you through what you need to do in order to boot from an eSATA connected device.

The first thing you need to is get connected to the guruplug through the jtag connector. Instructions for connecting using the jtag connector can be found here. Once connected power up the guru plug and allow it to boot up. Log in as the root user. If you have not yet, plug in and power up your eSATA drive. When I plugged mine in I got the following:

sheevaplug-debian:~# ata1: exception Emask 0×10 SAct 0×0 SErr 0×4010000 action 0xe frozen
ata1: edma_err_cause=00000010 pp_flags=00000000, dev connect
ata1: SError: { PHYRdyChg DevExch }
ata1: hard resetting link
ata1: link is slow to respond, please be patient (ready=0)
ata1: SATA link up 1.5 Gbps (SStatus 113 SControl F300)
ata1.00: ATA-7: WDC WD2000JS-00MHB0, 02.01C03, max UDMA/133
ata1.00: 390721968 sectors, multi 0: LBA48
ata1.00: configured for UDMA/133
ata1: EH complete
scsi 0:0:0:0: Direct-Access ATA WDC WD2000JS-00M 02.0 PQ: 0 ANSI: 5
sd 0:0:0:0: Attached scsi generic sg2 type 0
sd 0:0:0:0: [sdc] 390721968 512-byte logical blocks: (200 GB/186 GiB)
sd 0:0:0:0: [sdc] Write Protect is off
sd 0:0:0:0: [sdc] Write cache: enabled, read cache: enabled, doesn’t support DPO or FUA
sdc: sdc1
sd 0:0:0:0: [sdc] Attached SCSI disk

Next I need to create a partition on my disk. Normally I would use fdisk for this task but when I try I get:
sheevaplug-debian:~# fdisk /dev/sdc

WARNING: GPT (GUID Partition Table) detected on ‘/dev/sdc’! The util fdisk doesn’t support GPT. Use GNU Parted.

This means I need to install parted.
apt-get install parted
Next I can get a partition set up.
parted /dev/sdc
Now I already have 1 partition on this drive. We can see that by typing print
parted /dev/sdc

GNU Parted 1.8.8
Using /dev/sdc
Welcome to GNU Parted! Type ‘help’ to view a list of commands.

(parted) print

Model: ATA WDC WD2000JS-00M (scsi)
Disk /dev/sdc: 200GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number Start End Size File system Name Flags
1 17.4kB 10.2GB 10.2GB ext2 primary boot

I dont want to mess with this first partition so Im going to make a new one. The first partition was created from 0 to 10240 so I need to go from 10241 to 20481 to make another 10.2G partition.
(parted) mkpart primary ext2 10241 20481
(parted) print

Model: ATA WDC WD2000JS-00M (scsi)
Disk /dev/sdc: 200GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number Start End Size File system Name Flags
1 17.4kB 10.2GB 10.2GB ext2 primary boot
2 10.2GB 20.5GB 10.2GB ext3 primary

Next I want to toggle the boot flag so I type toggle and hit enter
(parted) toggle

Partition number? 2
Flag to Invert? boot/hidden/raid/lvm/hp-service/msftres/bios_grub? boot

(parted) print

Model: ATA WDC WD2000JS-00M (scsi)
Disk /dev/sdc: 200GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number Start End Size File system Name Flags
1 17.4kB 10.2GB 10.2GB ext2 primary boot
2 10.2GB 20.5GB 10.2GB ext3 primary boot

OK. Now Ill type q to quit, and then make a file system on the new partition.
mke2fs /dev/sdc2

… … …
This filesystem will be automatically checked every 30 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.

Now to mount this new partition.
mount /dev/sdc2 /media/usb1/
Now a couple of cp commands will fill this disk with everything you need. This first cp will take a few minutes go grab a drink or something…
cp -avp / /media/usb1
Now to grab dev too. If you look in /media/usb1/dev you will notice it is empty. This would cause a kernel panic if we tried to boot into it now.
cp -ax /dev/ /media/usb1/
Now we are just about ready to reboot and start using our eSATA disk. All we need to do now is to give this new system a different name than the default install so its easy to tell them apart. To do this simply edit a configuration file.
echo "errr-esata" > /media/usb1/etc/hostname
Now we are ready to reboot. Type reboot and wait for the Marvell count down to appear and hit any key to stop the autoboot.
Now at the Marvell command prompt type
set x_bootargs_root root=/dev/sdc2 rootdelay=10
Be sure to use the correct root= line for your drive. This may be sda1 or sdb1 or even sdc1.
Next type boot and hit enter
If you get a kernel panic like so:

VFS: Cannot open root device “sdc2″ or unknown-block(8,34)
Please append a correct “root=” boot option; here are the available partitions:
1f00 1024 mtdblock0 (driver?)
1f01 4096 mtdblock1 (driver?)
1f02 519168 mtdblock2 (driver?)
0800 195360984 sda driver: sd
0801 9999983 sda1
0802 10000976 sda2
Kernel panic – not syncing: VFS: Unable to mount root fs on unknown-block(8,34)
[] (unwind_backtrace+0×0/0xd4) from [] (panic+0×48/0×134)
[] (panic+0×48/0×134) from [] (mount_block_root+0×1c4/0×20c)
[] (mount_block_root+0×1c4/0×20c) from [] (prepare_namespace+0×168/0×1cc)
[] (prepare_namespace+0×168/0×1cc) from [] (kernel_init+0xd4/0×108)
[] (kernel_init+0xd4/0×108) from [] (kernel_thread_exit+0×0/0×8)

This means that you have told Marvell to boot from the wrong partition. In this case its telling me that sdc2 is unknown but it shows me there is an sda1 and sda2 so Im going to try sda2 instead.
Next you will get to this:

Bluetooth: vendor=0×2df, device=0×9105, class=255, fn=2
btmrvl_sdio mmc0:0001:2: firmware: requesting sd8688_helper.bin
btmrvl_sdio_download_helper: request_firmware(helper) failed, error code = -2
btmrvl_sdio_download_fw: Failed to download helper!
btmrvl_sdio_probe: Downloading firmware failed!

This same thing happens every time on the default file system too it just blows past it instead of waiting.. You can hit ctrl+c here or just wait and it will go on past.
Once it has finished booting we will see we are on our eSATA drive by looking at its host name:

Bluetooth: SCO (Voice Link) ver 0.6
Bluetooth: SCO socket layer initialized
Agent registered

Debian GNU/Linux 5.0 errr-esata ttyS0

errr-esata login:

Now I can log in and do what ever to this system and when I reboot unless I intervene it will boot back up in default mode on the default internal flash drive, since what we have done here doesnt last a reboot. I hope this helps some of you out there.

So my boss Robert got a Guru Plug Server Plus, and to my great surprise and joy he sent it home with me to play with. Getting connected to it was simple, once it was plugged in it showed up in my wireless access point list on windows.

Once connected to the access point I got my network info and tried to ssh to the gateway. I was able to log in as root with a clever default root password. I was greeted with a familiar sight.
Debian GNU/Linux 5.0 I connected the device to the internet and tried to apt-get update but found that didnt work. In the /etc/apt/sources.list file there was an entry for a private internal mirror. I had to comment that out and ran dpkg –configure -a since the system suggested it. Once I did that apt-get update worked and so I did an apt-get upgrade Upgraded everything that needed it. Next I installed less, and ntp. I went through the list of pre installed packages, it was pretty long. Some of the packages that stood out were Lighttpd, PERL, PHP5, Python 2.5, MySQL server and client, exim4, udhcpd, and samba 3.2.5. So for dirt you get a pretty powerful cheap ready to rock LAMP stack and File server and Wireless AP. Not so shabby. This puppy supports booting using all kinds of methods. If you are connected to it though the JTAG you will have the option to keep the system from booting. You will be given a prompt:
Hit any key to stop autoboot: 0
Marvell>> help

This will return a nice long list of options. You can choose between USB, TFTP, NFS, and many others. Im looking forward to the next couple of days of playing. I want to try out quagga and maybe asterisk. Check back soon for an update of what I do.

I spent a few hours tonight playing around with Red Hat Enterprise Linux 6 Beta release tonight. So far it seems really nice. I had no issues getting flash-plugin installed from Adobe. I installed irssi and setup my network to use a static IP. All tasks were very familiar feeling from past releases. I mostly messed around with desktop stuff tonight. Tomorrow I hope to get to setup Apache PHP and MySQL, and maybe a few days later I will step through a mail server as well with Postfix.

A simple first step to some basic security on your web server is to make the response headers say as little as possible. This is not going to be the end all only thing you need to do to secure your web server, but hey like I said its a basic first step. When you hit a website and are looking at the content you might find your self wondering “What OS, and what web server is this person using.. And hey I see the pages end with .php I wonder what version of that they are using too..” Well this is all (by default on most systems) just pushed out to everyone who visits the site. You can find this with out even having to have any command line skills or know how to use wget or curl. A simple Firefox Plugin can tell anyone this. The typical output will look something like this:

X-Powered-By: PHP/5.2.6-1+lenny4
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Transfer-Encoding: chunked
Date: Sat, 27 Feb 2010 16:18:09 GMT
Server: lighttpd/1.4.25
200 OK

Wow thats a lot of info about this persons server… We can see here that they are running Debian Lenny, and they have php 5.2.6 with a patch set or 2 on it, and they have Lighttpd version 1.4.25. That now lets a possible attacker know which security lists to go hit up looking for possible exploits in any of the above mentioned software.. And a simple nmap command can automate this whole process of looking for a “mark” through entire net blocks in a matter of seconds.

Lets start by telling less info about our web server. The default response from Lighttpd is lighttpd #current-version# To change this all we need to do is edit our lighttpd.conf file. Using your favorite text editor lets open up lighttpd.conf and look though it for server.tag Odds are its not in there but thats OK we will add it and define the value.

server.tag = “WebServer”

Now that we have done that we will need to restart the web server. Next time we check our site it will look more like this:

X-Powered-By: PHP/5.2.6-1+lenny4
Content-Type: text/html
Transfer-Encoding: chunked
Date: Sat, 27 Feb 2010 15:56:46 GMT
Server: WebServer

Ah now that is much better but that pesky PHP is still telling everyone what OS and version of PHP we have.

Now lets shut PHP up. Using your favorite text editor open your php.ini file and lets look through it for expose_php By default the value will be set to On. We need to set it to Off. Now we need to restart Lighttpd again. Now our response headers will look like:

Content-Type: text/html
Transfer-Encoding: chunked
Date: Sat, 27 Feb 2010 16:02:47 GMT
Server: WebServer

Now again.. This is not the end all.. you still need to sercure the box with iptables or some other type of firewall because this did not make your server any more secure than it was before. All we did was HIDE the info making it harder to find out what you have. There are many other things you can do like running these services in a chroot jail, but this is not going to hurt to do.

Yesterday I was adding a new domain to our servers to slave. While looking though syslog to make sure this was all working I noticed a whole flood of requests for a site that was busted.

unexpected RCODE (REFUSED) resolving ‘www.examplesite.com/A/IN’: x.x.x.x#53

This was just filling my logs like crazy. I wanted to know who on my network was making so many requests for this site.. I was really hoping I didnt have some infected PC on my LAN. To find out I turned on the query log. This is not on by default on Debian, or on Ubuntu, or CentOS which is what I use for all of my DNS. To turn on query log is pretty simple. I added the following to my named.conf.options file

logging {
channel “querylog” {
file “/var/log/bind9-query.log”;
print-time yes;
};
category queries {
querylog;
};
};

Once added you need to make sure this directory is present. If you are in a chroot environment like a good sysadmin remember this path is relevant to your chroot so /var/log/bind9-query.log might really be /chroot/bind9/var/log/bind9-query.log Next make sure your bind user had read/write access to the file.

chown bind:bind /chroot/bind9/var/log/bind9-query.log

Next simply

rndc reload

and go watch that puppy fill up in a hurry. I do not like to keep this turned on because it fills up so fast and I only seem to need it when there is a problem. If you do decide to keep it turned on make sure you set up a logrotate for it. In my environment this log will get to be several megs in under an hour. Sure hope this will help you figure out who is querying what on your network.

Sample output from the log file

05-Feb-2010 09:08:25.524 client 192.168.1.142#51521: query: claimlj2.my.domain.com IN AAAA +

So my media center pc was having issues with sound. Some channels worked great, and others didnt work right at all. By this I mean that you could hear the laugh track perfect but couldnt hear the dialog at all. I am using an Asus P5Q SE/R motherboard, this board has a Realtech HD audio chipset. The sound seemed to work perfect in all the apps I tried.. VLC, Windows Media player, even the HDHomerun Quick TV app. I was stumped.. The device manager showed no unknown devices and reported all devices working correctly. As usual I went to google and tried to find a solution. I found nothing.. I decided there were not enough options in the windows control panel for my sound card so I thought I would see if Asus had a driver for this system They did… I downloaded the audio drivers from Asus here: http://support.asus.com/ you have to search for your motherboard then your OS, then go to the audio driver section. I grabbed the global file which was about 72MB worth of a zip file. Once the down load is complete you can right click the file and extract the files, browse into the directory and find the Setup file, and run through it.. Once the reboot is complete you just need to make sure the Realtech audio settings are correct for your speaker setup do the test from the audio app, and enjoy the sound not giving you problems in media center any more

I upgraded my Vista Windows Media Center machine to Windows 7 this weekend. I was wishing I could get Hulu into media center so I went to google. I found posts where people had done it, but most of them were using some 3rd party app to edit some settings and do it, and the rest never said how they did it. Well since none of the apps were open source it made me very un-trusting of them. I decided to figure out how to add this my self. Its pretty simple. First you need to install the Hulu Desktop. Next open a windows explorer and navigate to your users WMC directory. Here is where my users info is:

C:\Users\errr\AppData\Roaming\Media Center Programs

Next simply stick a shortcut to the Hulu desktop in this folder. Windows Media Center should not be running while you do this. Name this shortcut “Hulu Desktop” or what ever you want. Once that is done simply close your explorer window and start WMC. You will need to go to the Extras section, and go into the Extras Library, select Hulu Desktop (or what ever you named it). This will minimize Windows Media Center and open Hulu Desktop. If its not full screen simply full screen it, and when you close it from full screen it will reopen that way next time. You will now be able to control Hulu desktop with your Media Center remote. The annoying thing is that when you close out of Hulu it does not restore WMC, but you can hit your Media Center button and that will reopen WMC in full screen.
Pretty easy eh?

So I have been trying to think of cool things I could do with Twitter. I happen to be a HUGE fan of nagios for monitoring my systems. From time to time some of the systems I monitor go down, and sometimes they are my email servers, so getting a message from nagios about this is kind of out of the question unless I setup alternative email accounts that I would then have to add to the already large number accounts I have… So why not just “tweet” the notice. This way I have an easy way to get the status. This is what prompted me to write py-nag. Its a pretty simple script that you can toss on your system and then define a new command in nagios and easy as pie now you get notices in twitter. Its all python and the only dep needed should be python-twitter And a simple apt-get install python-twitter took care of that for me.

To set this up you can simply place the nagger.py script somewhere on your system. I put it in /usr/local/bin and named it py-nag

#wget -O /usr/local/bin/py-nag https://code.google.com/p/py-nag/source/browse/nagger.py

Note the # this indicates the command needs to be run as root or you can use sudo. Next set the file to be executable

#chmod +x /usr/local/bin/py-nag

Next you need to configure nagios. On my Debian box I will edit the following file like so:

vim /etc/nagios3/commands.cfg

Next we need to add the command definition

define command {
command_name notify-userName-by-tweet
command_line /usr/local/bin/py-nag –twitusr=MYTWITUSER –twitpass=’MYTWITPASS’ –msg=’T: $NOTIFICATIONTYPE$ Hst: $HOSTALIAS$ dt: $LONGDATETIME$’ –dmonly –user=WhoToTweet
}

Next you need to set your contact to use this command like so:

service_notification_commands notify-userName-by-tweet

This is done in your contact confg. service_notification_commands will accept a comma seperated list so this can be one of many commands. Next you need to reload the nagios config. Now you are all ready to get Direct messages from your nagios nagger. If you prefer to not get the notice as a DM you can use the optional –tweetit param instead of the –dmonly If you use the –tweetit param you do not need the –user flag. I sure hope some people find this useful.

So today I moved our web root from this OLD system to our new server. First things first I tried to hit some of the links and I was served given the option to d/l the file… Well I could go to the Web server config file and tell it to parse these files as php, or how about we ditch the .php3 for something this decade… like .php So I go to our web root and look for all the files that end in .php3

find . -iname “*.php3″ -print

Nice. Now I have a huge list of files here.. How on earth can I rename them with out this taking all day… I used rename like so:

find . -iname “*.php3″ -print |xargs rename -n ’s/\.php3/\.php/’

This command will NOT actually change ANYTHING on your system. The -n flag says to run through as a test and tell me what you would be doing if I wanted it done… I can see from this output that I do indeed want to run this command.

find . -iname “*.php3″ -print |xargs rename -v ’s/\.php3/\.php/’

Now this time it did go though and rename and it printed to the screen what it did (thats what the -v flag does verbose). Now I can go though and edit the index file that pointed to these php3 files and remove that 3. Simple and now I dont have that silly 3 on the file names any more.

So today I was setting up a new laptop for one of our employees. I went to activate his copy of Office 2007 and was told that I had already activated this copy to many times!! Oops, that is my bad for having such a messy desk that I grabbed the wrong copy of office and used the wrong key. No big deal I think to my self so I call to activate over the phone. While talking to this script reader he tells me that my copy is over activated and now I need to reinstall using this other disk (same version of office same everything..) I get a bit pissed cause I have better things to do with my time then totally reinstall Office just to change a simple key. I tell him how that is crazy and that there just HAD to be a way to do this with out a reinstall. The “tech” tells me that there is no way. I tell him he is nuts and how he is lazy and should learn more about his job. So off to regedit I went. I dug though HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\ since it was the biggest number. Mine also had an 8.0 and an 11.0. While digging though there I see “Registration”, I open it then while going though there I found something called DigitalProductID and something else called ProductID. On a whim I decided to just delete these key=>values so I right clicked on them and hit delete. Next I closed regedit and opened up Outlook. Guess what it asked me for thats right!! It asked me for a product key. I gave it, then Office activated with no issues… So this is to you, jerk at M$ who tried telling me this was not possible!! IN YO FACE!!!