mattfahrner.com

Category: Linux

  • VMware virtual or not?

    Matt Fahrner

    Depending on naming, in a VMware environment you may not actually be sure if a Linux system is VMware or not. Here’s a quick command to find out:

    1
    sudo dmidecode s systemmanufacturer

    which will generally output “VMware, Inc.” if VMware.

    On older systems you may find “-s” doesn’t work, in which case just pipe “dmidecode” through grep looking for “VMware”.

    UPDATE:

    If “dmidecode” oddly isn’t available, you can also run:

    1
    lspci | grep i vmware

    If you see “VMware” in the output, it’s a safe bet that it’s a VMware virtual.

  • Installing Plixer’s “Scrutinizer” NPMD

    Matt Fahrner

    Plixer makes a good “Network Performance Monitoring and Diagnostics” (NPMD) application called “Scrutinizer“. NPMD, as Gartner calls it, mostly omeans, collecting, aggregating, and reporting on Netflow data.

    Plixer provides a VMware OVF for installation of a virtual appliance. I, however, ran into a few issues with the installation:

    • I couldn’t get the install to work OVF through vCenter successfully, or at least vCenter 6.5. It would install, but when I booted it would come up to a PXE boot, rather than CentOS which the appliance runs on. The answer was to install it through the Windows vSphere ESXi client or through the web vSphere ESXi client.
    • Setting up SSL (HTTPS) during the initial install prompts wouldn’t work. Everything seemed fine, but on final boot of the Scrutinizer appliance, the HTTP/HTTPS wouldn’t come up at all. It turned out it hadn’t actually generated the certificates and files were missing. The answer is to select “no” to SSL in the initial dialog, then when fully up, log in using the “plixer” login and use the “set ssl on” option after the fact. SSL then works correctly afterwards.
    • By default it will bind to IPv6 ports and not to IPv4 ports (!) to listen for Netflow data. The solution is to log into the Scrutinizer server/guest as root and disable IPv6 per this document. Specifically, I recommend the “/etc/sysctl.conf” change as it is relatively simple to execute.
    • When logged in as “root”, doing a “yum update” is useful, though I would do the following bullet after.
    • When logged in as “plixer”, it’s useful to run the “set tuning” as well as “update packages”, though oddly it seems to run back one of the kernel updates from the last bullet.

    Now I just need to figure why I’m still not seeing the packets from the ASA…

  • Ubuntu package commands

    Matt Fahrner

    Because Ubuntu has a mix of utilities to manage packages I constantly seem to be forgetting the options I need when I go to do basic package management. Mostly for my sake are the ones I use most regularly:

    List installed packages:

    1
    2
    dpkg l
    dpkg getselections

    List names of available packages (including those not installed):

    1
    aptcache pkgnames

    Tell what package owns what file:

    1
    2
    aptfile search FILE
    dsearch s FILE

    List files in a given package:

    1
    2
    dpkg listfiles PACKAGE
    dpkgquery L PACKAGE

    Force a package reinstall:

    1
    apt reinstall install PACKAGE

    Show general package information:

    1
    2
    aptcache show PACKAGE
    dpkg printavail PACKAGE

    Show package dependency information:

    1
    aptcache showpkg PACKAGE

  • Get RPM install date

    Matt Fahrner

    Sometimes you don’t know when an RPM was installed – maybe it was updated, maybe it came with the system. In any case, it can be handy when debugging or even for auditing purposes. This gives an example of getting the install time for the “filesystem” package:

    somehost%  rpm -q filesystem --queryformat '%{name} %{installtime:date}\n'
    filesystem Mon 18 May 2015 02:57:16 PM EDT

    Really all you need is the “%{installtime:date}\n”, but the name can be handy if you want to use it with “-qa” (query all). Also can be handy to put “%{installtime}” (gives seconds since epoch) on the front and run it through “sort -n” to find out order of install.

  • Dell Service Tag the easy way under Linux

    Matt Fahrner

    Sometimes you need the service tag or model off a Dell server that isn’t in your possession. You can either find some feet on the street to do it or as it turns out, with Linux, you can use “dmidecode”:

    1
    2
    3
    4
    5
    6
    7
    8
    someserver# dmidecode | more
    ... blah ... blah ... blah ...
    System Information
    Manufacturer: Dell Inc.
    Product Name: PowerEdge T110
    Version: Not Specified
    Serial Number: 5QZ96S8
    ... blah ... blah ... blah ...

    Thanks to Brandon Checketts’ website for this tidbit.

  • How to probe ethernet capabilities…

    Matt Fahrner

    Mostly for my own edification – use “ethtool”, eg:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
        1#   ethtool eth0
        Settings for eth0:
              Supported ports: [ TP ]
              Supported link modes: 10baseT/Half 10baseT/Full
                                    100baseT/Half 100baseT/Full
                                    1000baseT/Full
              Supports autonegotiation: Yes
              Advertised link modes: 10baseT/Half 10baseT/Full
                                     100baseT/Half 100baseT/Full
                                     1000baseT/Full
              Advertised autonegotiation: Yes
              Speed: 100Mb/s
              Duplex: Full
              Port: Twisted Pair
              PHYAD: 1
              Transceiver: internal
              Autonegotiation: on
              Supports Wakeon: g
              Wakeon: g
              Link detected: yes

    You’ll note two important details about this output:

    1. This NIC is gig capable but is only running at 100mbs.
    2. I claim to be running this as root, but any good sysad should be using “sudo” instead!

    Anyway, simple command, but sometimes you forget them.

  • How to dump the Firefox history (Linux)

    Matt Fahrner

    Not pretty, but gets you there:

    • Find and go to your Firefox profile (usually you can locate by going to “~/.mozilla/firefox/*.default”).
    • Run “sqlite3 places.sqlite .dump | grep moz_places”

    If Firefox is running you may have to copy the “places.sqlite” to a new file then run the “sqlite3” against it. You can’t dump it while Firefox is running because it locks the database.

    Since it’s SQL there are fancier ways of pulling the actual tables, but for a quick script, this will do.

    Note if you’re after the time that a URL was accessed (I was), it seems to be the last field in the “VALUES”. It is is in microseconds since 1970. In that case, this little Perl snippet should get you the actual time:

    Perl
    1
    perl e ‘print scalar(localtime(HISTORYTIME/10**6)), “\n”‘

    where “HISTORYTIME” is replaced by the time printed in the SQL dump (eg: a big arse number like “1373383738987790”).

  • Testing “sendmail” with immediate delivery

    Matt Fahrner

    In the old days when using “sendmail” if you wanted to watch the SMTP conversation between the local host and the next mail relay all you’d have to do is either run “sendmail -v” or “mail -v” (or “mailx -v” depending on the OS). It would then output the entire SMTP conversation with the remote host, which is useful for diagnosing why a remote host may be refusing your mail.

    In more modern implementations “sendmail” actually uses two separate configurations, a “submit.cf” which is used for originating mail, and “sendmail.cf” which is used for delivery/forwarding. Subsequently when you use “sendmail -v” without any additional options it uses “submit.cf” by default, which actually delivers to “localhost” first. Eg:

    1
    2
    3
    4
    5
    6
    7
    8
    9
       
        1%  /usr/lib/sendmail v some.user@somehost.com
        TEST
        .
        EOT
        some.user@somehost.com... Connecting to [127.0.0.1] via relay...
        220 myhost.com ESMTP MAIL RELAY at your service
        >>> EHLO myhost.com
        ...

    The solution is to add the “-Am” flag which tells it to bypass the “submit.cf” and use “sendmail.cf” directly:

    1
    2
    3
    4
    5
    6
    7
    8
    9
       
        2%  /usr/lib/sendmail Am v some.user@somehost.com
        TEST
        .
        EOT
        some.user@somehost.com... Connecting to somehost.com via esmtp...
        220 somehost.com Hello myhost.com [10.1.1.10], pleased to meet you
        >>> EHLO myhost.com
        ...

    Note depending on your OS you may have to run “sendmail” with “sudo” to get enough permissions to access the queue entries. You also ideally should provide the “-t” options and put things in like “To:”, “From:”, and “Subject:” to be a good mail citizen, though for testing it isn’t terribly important.

  • Four keyboard shortcuts you should know…

    Matt Fahrner

    I’m writing this because I see so many people who use computers regularly who don’t know these basic keyboard shortcuts. They’re easy – learn them and your computer life will be much better. Most work on pretty much any GUI (Windows, Unix, even Mac substituting the CMD key for the CTRL key).

    So with no further ado (hold down the CTRL key while typing the key that follows it, kind of like the SHIFT key):

    • CTRL-C = copy the selected text
    • CTRL-V = paste the prior copied text
    • CTRL-X = copy the selected text and then delete it
    • CTRL-Z = undo the last change

    There are quite a few more worth learning, but some aren’t as guaranteed to work (for instance CTRL-SHIFT-Z which does a “redo” of the last “undo”). However, if you simply learn the 4 above your work will be remarkably improved in terms of streamlining.

    As a final note, these DO NOT work in Unix command line (shell) windows. In fact you’ll get completely different and potentially ugly behavior. They will however work in the Unix GUI (X Windows and/or browser windows etc.).

  • How to build a SLES minicd boot image…

    Matt Fahrner

    Sometimes you’ll have a system that doesn’t have a DVD drive and/or it’s more convenient to use the network.  Making a “minicd” to boot from network is fairly simple:

    1. Set up Apache and copy the DVD media to a subdirectory of “/srv/www/htdocs”. At least in my case I ended up with two directories:
      • /srv/www/htdocs/SLES11SP1/SLES-11-SP1-DVD-x86_64.0432..001/
      • /srv/www/htdocs/SLES11SP1/SLES-11-SP1-DVD-x86_64.0432..002/
    2. Copy the boot images to seed a minicd:
      • mkdir /tmp/minicd
      • cp /srv/www/htdocs/SLES11SP1/SLES-11-SP1-DVD-x86_64.0432..001/boot/x86_64/loader/* /tmp/minicd
    3. Edit “/tmp/minicd/isolinux.cfg” and add an entry like:

      4. label slesinstall
      kernel linux
      append initrd=initrd splash=silent showopts install=http://MY.SERVER.COM/SLES11SP2/SLES-11-SP1-DVD-x86_64.0432..001

    1. Make the ISO image:
      • mkisofs -o /tmp/minicd.iso -b isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table /tmp/minicd
    2. Burn the ISO using whatever software you have available (eg: Nero, Roxio, etc.).

  • The unfortunate truth about Exchange

    Matt Fahrner

    Up until the last year my workplace used IMAP servers running on Linux and Solaris to manage and deliver mail. Then we decided because of the collaborative benefits, particularly with mobile devices like Blackberrys, to move to Exchange. The results have been dramatic, and this chart made by Google to espouse their GMail product reflects what we saw (taken from this post):

    Google Email Chart

    As you see the “unplanned” outages go up dramatically with Exchange.

    While it’s true that this doesn’t show self-hosted IMAP services, the people I talk to seem to believe that the self-hosted IMAP solution is somewhere near or below Gmail in terms of outages. My own personal IMAP email, hosted at this site, basically never goes down.

    These figures also unfortuantely reflect conversations I’ve had with numerous other companies that have gone through similar transitions. While all enjoy the benefits of integrated calendaring and tasks, the email capability and reliability suffers significantly. And let’s face it, what is ultimately most important to a business – calendaring or email?

    Moreover, in one example email required a single server to maintain the IMAP email for an entire organization. Now with Exchange it takes six. The installation is also dramatically more complicated, requiring not one admin, but two. Also the data files are in MS-SQL, making them harder to fix and manage.

    Do these issues outweigh the benefits of Exchange collaboration? Personally I’m not sure either way. There certainly are advantages to Exchange. However I do feel Microsoft has built a product that is too complicated and too “heavy” for its own good. This particularly considering that much simpler applications can pretty much do the same thing.

    In the end I would pass a warning to shops thinking of moving to Exchange because “it’s the thing to do”. Make sure you are really aware of what you’re giving up. Those used to the unreliability of Exchange may think, “Oh, that’s just the way email is,” but those who have come from other solutions, will realize what they’ve given up.

  • How to convert to/from DOS format in VIM…

    Matt Fahrner

    It’s very easy, but also easy to forget how to convert to or from a DOS format file in Unix using “vim” (Vi iMproved), the Open Source “vi”. If the file is in DOS format and you want to convert to Unix, use the command:

    :set ff=unix

    note that “ff” is an abreviation for “fileformat” which you can also use.

    If the file is Unix and you want to write DOS format, use the following command:

    :set ff=dos

    In both examples it is assuming you are ESCaped out of edit mode and the leading “:” is required.

    Note that the difference between the two formats is that:

    • DOS format ends each line with a CRLF (carriage-return line-feed) pair.
    • Unix format ends each line with a simple LF (line feed).

    Neither of these forms should be confused with the C language string delimiter ‘NUL’ which is an ASCII “zero”. That however is an entirely different subject.

  • Disabling Firefox Resume From Crash

    Matt Fahrner

    Though to many it’s handy, personally I find Firefox‘s “Resume from Crash” function, well, annoying.  This function makes it so that if Firefox is killed prematurely that the next time you start it you get an (annoying) popup that asks you if you want to restore the previous state/page(s) that Firefox was viewing.

    I can understand the advantage, particularly if Firefox is crashing a lot, but for me it’s stable and 99% of the time when it’s been killed prematurely it’s because I wanted/expected it to. Even when it isn’t expected, 99% of those times I don’t really care that I lost what I was viewing. So, for 1/100th of a 1/100th of a chance of being useful, it isn’t worth it. Particularly since any time you reboot with Firefox up, it’s going to pop this up the next time you run it.

    Fortunately it’s easy to disable. Simply:

    • Bring up Firefox.
    • Enter “about:config” as a destination URL and go to it.
    • If it warns about the end of the world coming if you touch the configs, say “Ok” and move on.
    • Search for the key “browser.sessionstore.resume_from_crash“. By default this will be set to “true”.
    • Double click on this line. This should switch it from “true” to “false” and should also turn the line to bold.

    Done. You probably want to close the browser or browse to another URL to prevent accidentally messing with anymore items in “about:config”.

    More on “browser.sessionstore.resume_from_crash“, can be found here:

    http://kb.mozillazine.org/Browser.sessionstore.resume_from_crash

    mozillaZine probably being the definitive source of Mozilla project documentation.

  • Custom Google RedHat Kickstart List search engine

    Matt Fahrner

    Michael DeHaan at RedHat has created a custom Google “search engine” to search the RedHat Kickstart List archives (the RedHat mailing list “kickstart-list@redhat.com“). It looks pretty handy to not have to use other perhaps more painful tools (or get too much noise):

    http://www.google.com/coop/cse?cx=016811804524159694721%3A1h7btspnxtu

    This whole idea of custom Google Search Engines (which appears to be in “beta” right now) is pretty cool. More on that can be found here:

    http://www.google.com/coop/cse

    Definitely will have to try to create a few of my own…

  • CrossLoop – secure remote access

    Matt Fahrner

    A friend of mine showed me what looks like a nice (free) secure remote access solution for visually managing a remote PC:

    http://www.crossloop.com

    It’s based on TightVNC and therefor has the advantage of using encryption on the control session, helping reduce the risk of prying eyes. It also has a pretty cool way of letting the user choose to delegate or not delegate control by reading you a generated key. In particular it looks pretty handy to maybe manage those pesky (note, I’m smiling when I say that) friends and family when they get into trouble.

    Definitely worth looking into. From what I undestand it works on both Unix and Windows.

  • SUSE Linux Enterprise in the Americas Blog

    Matt Fahrner

    Here’s a potentially interesting Novell SUSE blog where you might expect a little more “off the cuff” information from the SUSE development teams:

    http://opsamericas.com

    There seem to be some interesting articles about a range of things including licensing, desktop lockdown, how to add/update drives to AutoYast etc…

  • Fedora 8, NIS (or LDAP), and “gdmgreeter”

    Matt Fahrner

    One major issue with Fedora 8 in shops that use a network user repository like NIS or LDAP is “gdmgreeter” breaks (note “gdmgreeter” is the Fedora replacement for XDM). The symptom is X11will fail repeatedly and not come up. In that case you will also see errors like this in “/var/log/messages”:

    1
    Jun 13 12:18:00 myhost kernel: gdmgreeter[2614]: segfault at 74207372 ip 08058ddc sp bfa229c0 error 4 in gdmgreeter[8048000+30000]

    What is going on here is that by default on Fedora 8, “gdmgreeter” wants to iterate all the possible users on the system to offer them up on the “greeter” window. Unfortunately it seems to have a bug and when you’re using something like NIS or LDAP as your authentication store, it blows up. My guess is that it has a finite array for storing the user list and doesn’t do bounds checking.

    Regardless it doesn’t really matter why. The solution is you have to go into the “gdmgreeter” configs and disable this new functionality. However, that isn’t very simple because to do so you need to get the “gdmgreeter” control panel up, and to do that you need X11 up and of course you can’t get X11 up with this broken.

    The answer is to temporarily disable NIS/LDAP support in the “/etc/nsswitch.conf” by changing the “passwd” entry to just read “files”, eg:

    1
    password: files

    Then restart the computer (or “telenit 3” followed by “telenit 5” to switch out and back into graphical mode). This will at least let you log in under X11 (though you’ll probably have to do it as “root” since you’ve removed the network authentication option from “nsswitch.conf”).

    Once logged in, assuming you are using Gnome not KDE, start the menu item:

    System / Administration / Login Window

    Select the “Users” tab and deselect the checkbox for:

    1
    Include all users from /etc/passwd (not for NIS)

    the select “Close”. After that is done you can re-add back the NIS/LDAP “nsswitch.conf” entry, eg:

    1
    passwd: files nis

    Note that I have no idea why having an option labeled “Include all users from /etc/passwd (not for NIS)” checked would in fact turn on the NIS when it seems to clearly imply that that’s exactly what it does not do by the text, but in opposite world apparently it does.

    Oh well, we all make mistakes. Hope that helps.

  • Fedora Core 6-isms

    Matt Fahrner

    While in the organizations I have sway over we are working to rid ourselves of older out of maintenance OSes, I do occasionally run into some Fedora Core 6. When I do there are a couple of minor hacks you regularly have to do to make things work (note these are after applying the latest “yum” updates).

    First of all, if using LDAPS with the “uri” specification in the “/etc/ldap.conf”, even though you’ve specified “LDAPS” it’s too dumb to use the correct port. Thus, a line like this:

    uri ldaps://myldapserver.mydomain.com

    has to become:

    uri ldaps://myldapserver.mydomain.com:636

    Why the redundant “:636” is needed I don’t know. It also seems to affect a few later versions of Fedora as well. It does not seem to effect SLES 10.

    Another Fedora Core 6-ism, is if you’re using automount. In that case you need to add:

    OPTIONS=”-Onosharecache”

    to the “/etc/sysconfig/autofs” settings. Without it automount breaks for no apparent reason (well it is actually apparent, it was a “nfs-util” bug). Later versions of Fedora do not suffer from this issue.

  • Good RPM documention

    Matt Fahrner

    Good documentation for maintaining/creating Linux RPMs is difficult to find. This Wraptastic site seems to have so good stuff:

    http://wraptastic.org

    It appears official, but it’s hard to say since the site seems to lack an “about” to key off of.

    In a related line, these two RedHat sites seem to have copies of the “Maximum RPM” book in electronic format:

    I have an older printed version and it goes a long way, but not quite enough, to figure out how RPMs work.

  • How to create a mini-boot CD for SLES 10 SP1

    Matt Fahrner

    If you have an older system that doesn’t have an internal DVD but you do have an external USB DVD, here’s how to build a CD to boot from. This will probably work with any version of SLES 10:

    1. Boot Linux and mount the SLES 10 DVD.
    2. 1
      mkdir /tmp/miniboot
    3. 1
      cp <pathtoDVDmount>/boot/i386/loader/* /tmp/miniboot
    4. 1
      2
      mkisofs o /tmp/miniboot.iso b isolinux.bin c boot.cat noemulboot
               bootloadsize 4 bootinfotable /tmp/miniboot

    This will leave a “/tmp/mini-boot.iso” that you can burn to a CD using your favorite CD burning software (eg: “k3b -cdimage /tmp/mini-boot.iso”, Nero, or Roxio).

    Note that it will initially say it cannot find the media, but when you say “try again”, it will find the DVD.