Tuesday, April 09, 2013

Déjà Dup - Out of space...

I use Déjà Dup to backup my Fedora 18 desktop. Déjà Dup being a graphical front-end to duplicity.

Recently these backups ceased to work, with Déjà Dup complaining that it didn't have sufficient space to continue. A quick investigation showed almost all of the 4GB of /tmp was being utilized. Obviously a deep flaw in the design of Déjà Dup, but in the meantime I needed to get the backups working once again.

What needs to be done is to set the variable TMPDIR to somewhere with more free space and then run Déjà Dup. In my case running this from the terminal was enough to get the backup working:

TMPDIR=/data/tmp  /usr/bin/deja-dup --backup

For a more permanent solution put the TMPDIR variable in .profile


Thursday, March 21, 2013

HP Microserver Remote Management Card

The optional HP Microserver Remote Management Card (BMC/RAC, call it what you will) features IPMI, which I previously had configured using OpenIPMI on my Centos 6.3 system. There was one issue that required working around, in that the BMC address as reported by the BIOS was 0xCA8 rather than the real address of 0xCA2. To get the ipmi module to load you had to create the file:

/etc/modprobe.d/ipmi.conf

Containing:

options ipmi_si type=kcs ports=0xca2

That all worked nicely until I upgraded the server to Centos 6.4, at which point IPMI stopped working completely. What has happened is that RHEL now has the ipmi driver built into kernel and not as a loadable module any more (who's bright idea?).

You can read all about the driver here.

The fix is now to pass the driver options to the kernel at boot by appeneding the cmdline for the kernel in GRUB with:

ipmi_si.type=kcs ipmi_si.ports=0xca2

Sunday, July 08, 2012

OS X Lion and CUPS Browsing

My D-Link print server having been killed by a power surge I needed an alternative method for sharing my printer on the network.

Simple, I thought. Plug it into the USB port of my CentOS server, enable CUPS and away you go. After all, OS X has CUPS built in, doesn't it?

Well..yes, sort of. But as I found out, only Bonjour support is enabled so Lion just doesn't see CUPS broadcasts on the network.

To enable CUPS browsing as well as Bonjour open a terminal and run:

cupsctl BrowseProtocols='"cups dnssd"'

Thursday, March 15, 2012

GRUB2

I've been trying to get to grips with GRUB2 which has now become the default boot loader on Fedora. In the past if you had wanted to edit the boot menu it was a simple matter of vi'ing /boot/grub/grub.conf

No more.

The new grub configuration file (/boot/grub2/grub.cfg) explicitly states not to edit it manually.

The method now is to edit /etc/default/grub then run this command as root (or sudo):

grub2-mkconfig -o /boot/grub2/grub.cfg

Fedora Desktop Apps

Just finally got around to upgrading my ancient (in Fedora terms) desktop to the shiny new F16. I happen to like Gnome 3; very clean looking.

Anway, a couple of good desktop applications I've discovered that I hadn't been aware until recently are: Hotot (a twitter client) and Vagalume (a last.fm client).




Wednesday, July 16, 2008

Solaris 10 ipfilter

Quick guide for ipfilter on Solaris 10

IP Filter home page:
http://coombs.anu.edu.au/~avalon/

Documentation for IPF is also available from:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html


Enable interfaces to be used with packet filtering:

Edit /etc/pfil/pfil.ap (old way...now seems to require editing /etc/iu.ap)

Uncomment the device names to enable or add a line to specify the interface:

hme0 -1 0 pfil

For the changes to take effect:

1. svcadm restart /network/pfil and replumb the interfaces
or
2. Reboot

Set the ipfilter service to enabled:

svcadm enable network/ipfilter and replumb the interfaces or reboot

By default the configuration files in /etc/ipf will be read at startup

ipf.conf - ipv4 filtering rules
ipf6.conf - ipv6 filtering rules (if ipv6 is configured)
ipnat.conf - NAT rules (optional)
ippool.conf - refer to many address by a single group name (optional)

A simple ipf.conf to block and log all traffic other than ssh would contain:

pass out quick all keep state
pass in quick on hme0 proto tcp from any to any port = 22 keep state
block in log all


Filtering rules can be loaded from alternative locations:

ipf -f filename

As can NAT rules:

ipnat -f filename


Filter rules sets can either be active or inactive. Doesn't seem to support adding or removing individual rules so the only way of changing the current set seems to be to load an inactive set and to swap that with the running set.

To switch between the active and inactive rule sets:

ipf -s

To modify packet filtering behaviour:

ipf -Fa (remove both incoming and outgoing rule sets)

ipf -Fo (remove outgoing rules only)

ipf -Fi (remove incoming rules only)

ipf -D (disable all packet filtering)

ipf -E (enable packet filtering)



To view currently loaded rules for the active set:

ipfstat -io

To view currently loaded rules for the inactive set:

ipfstat -I -io


To remove all the runnings rules and load a new set from a file:

ipf -Fa -f filename

To load rules to the inactive rule set:

ifp -I -f filename

To append rules to the current active rule set:

echo "block in log on hme0 proto tcp from any to any port = 25" | ipf -f -

Sample rule set for an Solaris 10 host (192.168.93.128) with one zone (192.168.93.132). The interface name is hme0. We all ssh and icmp echo (ping) only to the host, all else being blocked. All outgoing traffic is allowed and stateful. http is allowed through to the Solaris zone hosted on the server:

pass out quick all keep state
pass in quick on hme0 proto icmp from any to any icmp-type 8 keep state
pass in quick on hme0 proto tcp from any to 192.168.93.128 port = ssh keep state
pass in quick on hme0 proto udp from any to 192.168.93.132/32 port = 80 keep state
block in log all

PaTcH_MsG 8 Version of is not installed on this system

I had to manually run some of the patches in the Solaris patch cluster recently but got this error:

> ./checkinstall: .: filename argument required
> .: usage: . filename
> PaTcH_MsG 8 Version of is not installed on this system.

To fix make sure that the directory tree all the way down to the patch is executable by 'nobody'.

Thursday, March 01, 2007

setuid wrapper

I needed to run a script with root privileges,but had
forgotten that Solaris (and I guess mosts versions of Unix) will not allow setuid on scripts. The solutions is to write a binary wrapper will will call the script:


#include <unistd.h>
#include <stdio.h>

#define myfile "/path/to/script"

main(argc, argv)
char **argv;
{
setuid(0);
seteuid(0);
execv(myfile, argv);
}


Wednesday, January 17, 2007

Fix for acroread

Adobe reader fails to start on the Gnome desktop on Fedora 6. There 
seems to be a conflict withscim (smart common input method). 
The fix is to add the following to the top of /usr/bin/acroread:

export GTK_IM_MODULE=xim