tech.jerkharris.com

Alright, there are a lot of distro zealots out there. If you’ve worked in IT for any extended amount of time, you will have known at least one or two. You know the type, the guy who tells you that “blank” is the best distro for everything. I’ll admit it, I was that guy once in my life. If you’re an experienced linux user, chances are you’ve been that guy too. Alas, we all grow up. The best way to sum up operating systems, in my opinion, has been quote I borrowed from Robert DeNiro’s character Sam from the movie Ronin. That quote being “Its a toolbox” in response to the question “What do you favor?”. Of course, he was speaking of guns. However, I am not a mercenary. I’m a system admin. The phrase still holds true for my profession as it probably does for many others. However, in my experience, I feel this is especially fitting to operating systems. At a job interview for my first real IT job, I was asked, “What is your favorite operating system.” Of course, I told the truth. I have no favorite. I use what works best for the job at hand. I felt this was a very good answer. However, the interviewer pressed the point, wanting to know what I favored. Its a shame I did not muster the afore mentioned quote. I finally just told him I preferred Linux, as the place I was interviewing for was a Linux shop and I knew that was the answer they were looking for. So, there you have it my $.02.

The install process for this is fairly simple. These packages come from the EPEL repositories. EPEL stands for Extra Packages for Enterprise Linux. It is maintained by the Fedora project. So, a big thanks to them!

Down to business!

That’s all there is to it!

Hey everyone. Sorry I haven’t been posting much lately. I’ve been working on another project that has been taking most of my time. My girlfriend has been in town the past few weeks visiting as well. So most of my time outside of work is already spoken for.

The project I’ve been working on is a web based front end to my router box written in PHP. First, the router isn’t your standard store bought model. It’s a little beefier to say the least. The router is actually a Pentium III 650MHz w/256 MB of RAM running Fedora Core 6. I built it a little over a year and a half ago to learn more about routing using Linux. But more specifically, I wanted to learn more about iptables. It has served well as a learning device. But, I really can’t say that I understand everything as much as I’d like to.

So, the other night I got bored and decided to try some packet sniffing on my network to see what was going on while I was at work. What I didn’t really realize was that the sniffer I chose to use (ettercap) disabled ip forwarding. Not a good thing to disable on your router. I had to call my girlfriend and have her hook a monitor and keyboard up to the machine, then find the script, then run it. Not an easy task for someone whose passion is painting and not linux. I have to say she did a good job for being totally clueless as to what she was doing. After that mutual headache, I decided I needed an easier way run the script than logging in locally.

I decided the best way to do this would be to create a web based interface. I figured using PHP would be preferable. This is something I had never done before. And to be honest, I was fairly intimidated. The extent of my PHP knowledge consisted of using passthru to run whoami to see what user php scripts were being executed by. Well, it was actually a lot easier than I had thought it would be. I’ve put about 8 hours into the project thus far and I have implemented an inbound and outbound IP blocker, DHCP host adder, and Squid ACL adder. Information about the system is also displayed, such as the kernel, disk and memory usage, and bandwidth graphs on both LAN and WAN interfaces. I’ve included a screen shot of the main page after the jump for anyone interested. Its not very pretty, but its at least functional. Anybody have any good names for this concoction? Read the rest of this entry »

A fantastic utility for copying files in a unix based environment is rsync. It will let you copy from one location to another or to another computer if need be. You can do a lot of things with rsync. But lets start out with the basics.

Copying locally:

rysnc is like most other copy utilities. You must specify a source and a destination. Here are some examples.

This will copy the entire /home directory to /backup. Notice there is no trailing slash on the source of /home. This tells rsync to transfer /home and all the contents within. If you included a trailing slash rsync would transfer all of the files within the home directory, but not home itself. This is an important point to keep in mind.

Now.. Say you need to restore a user’s public_html contents. The syntax would be as follows.

Okay now.. Getting the hang of it? Now for some really cool stuff!

Transferring to and from remote machines:

So, recently I got a new laptop and I wanted to copy my music collection over to it so I could have more to listen to at work. I used rsync over SSH to get this done. Now, generally you probably don’t want to have rsync open to the public if you want to maintain some privacy and security. That is why it is wise to use rsync over ssh. This sounds much more complicated than it actually is.

The only thing that you need to do is to add the -e flag to execute a command. So in this case, we use -e ssh to execute rsync over ssh. The way I have illustrated above will allow you to transfer from one machine to another without being logged into either of them. This is in my opinion one of the coolest things about rsync.

Flags:

Some of my favorite flags.

-a, –archive archive mode; same as -rlptgoD (no -H)
-v, –verbose increase verbosity
-e, –rsh=COMMAND specify the remote shell to use
-q, –quiet suppress non-error messages

–progress show progress during transfer
–exclude=PATTERN exclude files matching PATTERN

Hopefully this is a good starter for all of you out there that aren’t that well versed with rsync. I find this utility being used more than twice in my every day computing life. Please post any questions in the comments.

Over the years, my music collection has moved from one drive to another to another and so on. Unfortunately, I’ve lost some data through my own poor copy methods. This has left me with a lot of empty directories. Cleaning these out when you have more than 200 directories to pick through can be rather tedious.  Thank goodness for find! Use the following to clean out your empty directories.

This is a nice little script that I use to clean up files and directories with poor permissions. Its great to use in preparation before installing mod_suPHP/PHP suexec.

# Make sure all files are owned by the correct user. Get rid of file owned by nobody
for i in $(ls /home| cut -f1 -d/); do chown -R $i:$i /home/$i/public_html/*; done

# Find all files that are 777 and change them to 644
for i in $(find /home/*/public_html -perm 777 -type f); do chmod 644 $i; done

# Find all directories that are 777 and change them to 755
for i in $(find /home/*/public_html -perm 777 -type d); do chmod 755 $i; done

This is easily done by adding two lines to your .bashrc file.

Now your bash history will have the date and time that each command was run.

Here you have the bash_history excerpt from a compromised server. The attacker was lazy enough to not even cover his/her tracks. My night just got a whole lot more exciting due to this though.

Caught by rkhunter.

A big thanks to my good man Shelby over at fauxzen.com for suggesting the SemGeshi CodeFix plugin. It has made my site look way better!

I got bored at work the other day and decided to whip up some custom error pages. You can see them for yourself.

• http://jerkharris.com/400.shtml
• http://jerkharris.com/401.shtml
• http://jerkharris.com/404.shtml
• http://jerkharris.com/500.shtml