full of … these

Rotate backups over FTP

Posted: June 14th, 2011 | Author: | Filed under: howto | Tags: , | No Comments »

I was looking for a method to rotate old files from external backup account.

It looks like is not that easy but a small fuse module can mount the ftp account locally. This allows you to use scripts and tools from local server to search, delele, upload, download files like they were local.

To carry out this I have installed curlftpfs:
apt-get install curlftpfs

Mount the external ftp account:
curlftpfs -o allow_other username:p4ss@backupserver.external /media/ftpmount/

Notice the -o allow_other, without this no other user than the user used to mount the account will be able to use it.

Now you can use: rsync, find, cp, vim or du to make whatever you need with the files.


Shell tools, today is sed’s day

Posted: December 4th, 2010 | Author: | Filed under: shell | Tags: , , , , , , , | No Comments »

When you have to deal with shell scripting and task automation you need powerful tools.

I will post some basic usage examples to prove how useful sed can be when you have to modify a large number of files.

Here the simple one.
You have several files and you want a word replaced in all of them.

sed -i 's/apache2/httpd/g' files*.conf

This will modify the file matching the pattern files*.conf replacing “apache2” with “httpd”
Removing -i will print the result on the console.

Now, the really useful one, the one that will save you a lot of time.
The problem you have is: 100+ config files that needs to be modified by adding four lines in a special position in the files.

sed -i '/RewriteEngine/i \
\n<Location \/aaa>\n\tProxyPass ajp\:\/\/127.0.0.1\:8019\/aaa\n\tProxyPassReverse ajp\:\/\/127.0.0.1\:8019\/aaa\n\<\/Location\>\n' files*.conf

-i will modify the files by adding before “RewriteEngine" the text:


empty line
<Location/aaa>
<tab>ProxyPass ajp://127.0.0.1:8019/aaa
<tab>ProxyPassReverse ajp://127.0.0.1:8019/aaa
</Location>
emptyline

Now think about adding these lines in every single file, one by one, from 1 to 100, each in an exact position, some of the configs having two or more sections to be added.

Piece of cake with sed.


openswan and sonicwall vpn tunnel

Posted: October 1st, 2009 | Author: | Filed under: howto, linux | Tags: , , , , | No Comments »

Two years ago I wrote an article about connecting openswan to checkpoint.

Here is a new example of connecting openswan to a sonicwall device.

ipsec.conf:

conn sonicwall
type=tunnel
# left=%defaultroute
left=serverip
leftsubnet=10.0.0.0/24
leftid=@macofserver #same on both ends
# leftxauthclient=yes
right=ipfosonicdevice
rightsubnet=192.168.0.0/24
# rightxauthserver=yes
rightid=@macsonicwall #add it as optional on the sonicwall interface
keyingtries=0
pfs=no
aggrmode=yes
auto=add
auth=esp
keyexchange=ike
esp=3des-sha1
ike=3des-sha1
authby=secret
# xauth=yes

ipsec.secrets:
@macofserver @macsonicwall : PSK "sasgSFgdasfg"

Start/Stop/Debugging:

ipsec setup --start
ipsec setup --stop
ipsec setup --restart

#after changes are made apply them
ipsec auto --replace sonicwall

#when debugging, it exists when it works
ipsec whack --name sonicwall --initiate

#after it works
ipsec auto --up sonicwall

Debug for phase1 and 2:
tcpdump -i eth0:0 host ipfosonicdevice
Logs:
tail -f /var/log/secure

References:
http://www.pelagodesign.com/blog/2009/05/18/ubuntu-linux-how-to-setup-a-vpn-connection-to-a-sonicwall-router-using-openswan-and-pre-shared-keys-psk/
http://www.sonicwall.com/downloads/SonicOS_Enhanced_to_Openswan_Using_GroupVPN_with_XAUTH.pdf


OpenWrt, limit the access to the internet

Posted: September 3rd, 2009 | Author: | Filed under: howto, linux | Tags: , , , , , , | No Comments »

I just tried a Linksys WRT54GL. It’s nice, but what if you have to add hotspot services on it.
I have installed Coova for fun.
A common scenario is to have anonymous clients accessing it with all kind of systems, all kind of software and, of-course, viruses trojans.
So, just to be prepared you want to allow access only to a few ports: 80 (http), 443 (https), 5222 (jabber), 5050 (yahoo messenger), 1863 (MSN), etc.

All you have to do is to add the following two lines in /etc/firewall.user below “Allow SSH on the WAN interface” section:
iptables -A forwarding_rule -i br0 -m multiport --dports 80,443,5222,5050,1863 -j ACCEPT
iptables -A forwarding_rule -i br0 -j DROP

Now restart the firewall:
/etc/init.d/S35firewall restart
Test.

That’s all.


opensuse 11 on dell inspiron 1501 and dell vostro 1510

Posted: August 14th, 2008 | Author: | Filed under: fun, howto, linux | Tags: , , , , , , | 14 Comments »

I got a new laptop from work, first thing to do with? … of course, install linux….
because ubuntu disappointed me, hdd problem convinced me to try something else (any distro you may chose, i’m pretty sure you have to hack drivers).

From previous experience with dell 1501, i prefered opensuse 11.0.
On 1501, everything was smooth: ndiswrapper for wifi (fwcutter and restricted driver are unstable) ati driver from the opensuse’s page (check http://en.opensuse.org/Ati).
Graphic performaces? Not even like in windows, too bad.

Now let’s get back to vostro 1510.
After installing opensuse 11 with gnome, the keyboard and touch pad did not work.
No fix on google.
No problem let’s try kde (last kde I had used was on redhat 9, that’s on 2003-2004).
After several minutes and one reboot I could log in. Strange to work with kde but not with gnome.
Those guys from gentoo said it’s becuase ACPI. Anyway it works.
Now let’s fix network:
– the wired network 🙂

rmmod/modprobe r8169 driver to have the wired internet working

– the wireless network

ndiswrapper saves the day, I’ll not give details, I add the fact that I have used XP drivers from dell.com.

For the video card:

go to opensuse’s page download the ymp file and use it with yast. For compiz use simple-ccsm.

Conclusions:

– opensuse 11.0 works better on dell 1501 than ubuntu (i have tried with ubuntu 6.06, 7.10 and 8.04);
– i have no ideea why gnome did not work (the keyboard was not working) and kde succeded to be used on vostro 1501;
– ubuntu is not the only and last alternative to windows on your desktop or laptop, I still have ubuntu installed, but sometime is a pain to modify/hack it;
– the video card from vostro (Nvidia Geforce 8400M) performs as expected (2600fps when running glxgears), compiz works perfect;
– no hdd problems when running opensuse on these two laptops, no need to modify the power management of the harddisk to save it’s life.

I’ll write more about these linux distro in combination with the laptops I have around.