Archive for the ‘Debian’ Category
Saturday, June 7th, 2008
One of my NSLU2’s went up the swanny two weeks back. Typically it was the one 80 miles away at home, that not only is my primary mail exchanger but also the DHCP server for my home network, chances are somebody might notice. Thankfully I have the ability to fail over DHCP onto sandman with a one line configuration change and a restart of dnsmasq, which I did.
Whilst I was at home this past week I got to work trying to work out what was up. The documentation in Debian about the LED sequences told me that it was getting stuck at the initramfs stage of boot. Basically it couldn’t load the actual operating system off the discs. This meant I would have to delve deep and play with the contents of the flash memory.
I mounted the USB sticks that I use as its discs on my server and extracted a copy of the current kernels and initramfs images that were on it. I also found the Debian installation flash firmware and set about hacking the two. I found some instructions on how to modify an existing image which is what I did. I swapped out the kernel and initramfs in the firmware for the latest ones on my discs and flashed the NSLU2. Same thing happened! So I then set about using the previous kernel version which worked like a charm. For now I have removed the new kernel from it and forced it to keep the old version. I will look into updating it when I have a little more time.
Tags: Debian, firmware, kernel, nslu2, troubleshooting
Posted in Debian, Network, beast | No Comments »
Saturday, January 12th, 2008
After my recent break in I have looked into ways of protecting SSH and my server resources. I employ fail2ban on my main server, it has the resources to run such a programme - my Linksys NSLU2’s however do not. The solution is to use iptables to limit the number of connections any host can make in a given time frame. I wrote up a quick how to on this over at my wiki. Enjoy.
Tags: howto, iptables, kernel, Security, ssh
Posted in Debian, Internet, Linux, Security, Ubuntu | 1 Comment »
Thursday, January 10th, 2008
So today I come to you with a confession, I discovered one of my boxen had been successfully attacked and the attacker had by the looks of things used it for launching DDoS attacks. I feel particularly stupid because the entire thing was my fault, I left the root password as root. Although I must stress I didn’t set it to this, I was using a pre-build debian install because the d-i installer was broken under arm and forgot to change the root password to something a little more secure.
Tags: confession, Debian, hacked
Posted in Debian, Internet, Network | 2 Comments »
Saturday, September 22nd, 2007
You can tell Linux to respond to broadcast pings by running this snippet from the console.
$ echo 0 | sudo tee /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
Edit /etc/sysctl.conf to set the option permanently.
Posted in Debian, Linux, Network, Ubuntu | No Comments »
Friday, September 21st, 2007
Yesterday beast my NSLU2 passed 100 days of uptime a personal record for any of my machines, somewhat geeky 
chris@beast:~$ uptime
20:47:30 up 101 days, 3:00, 1 user, load average: 0.08, 0.16, 0.11
Posted in Debian, Linux, beast | No Comments »
Sunday, July 15th, 2007
I have been playing with packaging for Ubuntu and Debian for a while now and I have one fairly useful package called rsnapshot-scripts which contains a bunch of scripts for use with rsnapshot. It allows you to backup other data sources like MySQL, DPKG and Subversion.
Posted in Debian, Internet, Ubuntu | No Comments »
Friday, May 25th, 2007
So how do I get Postfix to verify and sign messages with the DKIM system, under Debian? Here is how.
- First we need to install the dependencies.
$ sudo aptitude install libdigest-sha{,1}-perl libemail-{address,mime-encodings}-perl libnet-{dns,server}-perl libcrypt-openssl-rsa-perl liberror-perl make libmailtools-perl
-
$ sudo cpan install Mail::DKIM
-
$ perl Makefile.PL
$ make
$ make install
-
$ ./configure --prefix=/usr/local
$ make install
-
$ sudo adduser --system --shell /bin/false --home /var/run/dkimproxy --group dkimproxy
-
$ sudo mkdir /etc/dkimproxy/
$ cd /etc/dkimproxy/
$ sudo openssl genrsa -out private.key 1024
$ sudo openssl rsa -in private.key -pubout -out public.key
$ sudo chown -R root:dkimproxy .
$ sudo chmod -R a=,u=rwX,g=rX,o=rX .
$ sudo chmod o= private.key
Sorry, this solution will not run nicely on my NSLU2 so I have abandoned the rest of this documentation - it should help you somewhat though, hence I am publishing it anyway.
Posted in Debian, Internet, Network | 2 Comments »
Saturday, April 28th, 2007
I have been meaning to contribute to the Folding@Home project once again, sadly there are no packages for Debian or Ubuntu. I set about rectifying this, you can build my package from the source available here: <http://svn.cs278.org/~chris/packages/fah/trunk/>.
Posted in Debian, Internet, Technology, Ubuntu | No Comments »
Saturday, March 24th, 2007
I have had the last week at home, only a month to go before I go back to university (woo) and I have been busy. I have been scaling up my backup solution after settling with rsnapshot I have been writing scripts to handle backing up various special formats I use. So far I have implemented: Subversion, dpkg, DNS, and MySQL. I have licensed my scripts under the GPL v2 and you are free to use them according to that license. You can access the sources in my Subversion repository, its also worth noting I have packages for Ubuntu Feisty and Debian Etch available from my APT repository.
Posted in Debian, Network, Technology, Ubuntu | No Comments »
Thursday, February 15th, 2007
I struggled a little to find out how to get the SSH fingerprint of an SSH key earlier so, I thought I would preserve how for ever more. The snippet below will return the SSH fingerprint for the machines public RSA key (under Debian derived distributions at least.)
$ ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
2048 d6:59:bc:0b:18:ba:17:15:41:fc:d0:2a:60:f4:7e:e8 /etc/ssh/ssh_host_rsa_key.pub
Posted in Debian, Linux, Network, Security | No Comments »
