Check if reboot required after installing updates.

September 9, 2014 at 11:19 am (linux, TechTips) ()

After you apply updates to your Fedora system using the shell, you can quickly and easily query your system to determine if it needs a reboot or not for the updates to fully take effect.

First, make sure that you have the RPM package: yum-utils    installed.

This package includes the Python script:

/usr/bin/needs-restarting

You must run this script either as root or using sudo.  The output of the script will be a list of all the running applications that were updated after they were started.  This output will help you decide if a reboot is desired now or later.  If you are running this on your personal computer and there is any output, simply reboot now to make sure the updates have been applied.

Permalink Leave a Comment

Is it still worth getting a CCIE?

July 25, 2012 at 10:58 am (Opinions, Technology) (, )

I’ve been thinking a lot lately about if I still want to pursue a CCIE.  If so, which one?  There are so many to choose from.  Today I spoke to a wise, senior associate of mine and asked him about this question of mine.  His advice was invaluable.  His suggestion was to study for a CCIE in a speciality that interests you.  Why?  Because you need some really good motivation to keep working towards it on a constant basis.  Excellent advice!

Although I have my CCNP in routing and switching, the CCIE that really interests me is CCIE Data Center.  This is because it it contains many of the things that interest me and that I already work with on a day to day basis:

  • storage
  • switching
  • routing
  • virtualization
  • security

Anyhow, I need to do more research about what the best way is to prepare for taking the CCIE written exam for datacenter.  If you have any suggestions, please post them as comments to this article.

Speaking of articles, I also ran across this great one regarding whether or not it’s still worth trying to get the CCIE.  If you read the article, make sure you take time to read the comments too.  There’s some really good stuff there.

 

Permalink Leave a Comment

Can’t mount a Windows 2008 share?

September 27, 2011 at 10:34 am (linux, TechTips, windows)

If you are trying to mount a Windows 2008 (or potentially other versions of windows) share using mount.cifs and you keep getting an input/output error like the one below, then read on.

[jason@superfreak ~]$ sudo mount //powerhouse-smb.mydomain.com/LogFiles /mnt/ecomm/ -tcifs -orw,username=doctor
Password:
mount error 5 = Input/output error
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

The error reporting that is provided by mount.cifs is really not that good.  That input/output error could really mean anything.  Let’s use smbclient to attempt a connection to the share.  smbclient is sort of like a FTP client, but used to connect to a SMB share.  However, the real reason why we are using it is because it gives much more detailed error reporting by default.  Also, you could increase the debug level to some truly insane detail.

[jason@superfreak ~]$ smbclient //powerhouse-smb.mydomain.com/LogFiles -U doctor
Enter doctor’s password:
Domain=[POWERHOUSE] OS=[Windows Server 2008 R2 Standard 7601 Service Pack 1] Server=[Windows Server 2008 R2 Standard 6.1]
tree connect failed: NT_STATUS_DUPLICATE_NAME

Finally, some more detail.  The error message ‘NT_STATUS_DUPLICATE_NAME’ indicates that the connection was denied by the windows server because the destination host name that I provided was different then the computer name set on the actual destination server.  This is a security feature in Windows Server 2008 (and likely other versions of Windows).  In my case this is because I access the server through a load balancer.  There is a special virtual service on the load balancer to allow the SMB connection into the server.  However, for you the mismatch might be caused by a alias in your hosts file, bad DNS entry or simply even a mistype.

Now try the mount operation using the IP addresses instead of the hostname.  Using just the IP address will not cause that security check to trip.  Now it should work with no issues.

Happy Hacking.

Permalink Leave a Comment

View the contents of a SSL cert.

September 14, 2011 at 1:45 pm (Uncategorized) (, , )

Did you just find a thisserver.crt file on your machine and you want to check the details of what it’s for? In other words you have a SSL certificate that you want to decode.

You need to be on Linux and have OpenSSL installed. Then use the x509 module:

openssl x509 -text -in thisserver.crt

Enjoy!

Permalink Leave a Comment

Add and remove SCSI hot to linux.

August 4, 2011 at 11:24 am (Uncategorized)

I do file restores from snapshots using a linux server.  In my case it’s Centos.

I do this by creating a disk resource from a snapshot on my IPStor SAN.  Then I assign the new resource to all nodes of my HQ VMWare cluster.

  1. Create a disk resource from a snapshot on my IPStor SAN.
  2. Assign the new resource to all nodes of my HQ VMWare cluster.
  3. In VMWare, set the path settings for the new FC resource to round robin.  (Do this on each node in the cluster.)
  4. Add the resource to the restore linux server as a Raw Device Mappings.
  5. SSH into Linux server used for doing restores.
  6. Rescan the SCSI bus in order to make the new device available for mount.     Replace the “X” with the proper host number.

echo “- – – ” > /sys/class/scsi_host/hostX/scan

  • View the /var/log/messages file in order to determine what block device ID this resource has showed up as. In the example output, you will notice in green that this resource is registered as block device sdb1.  Look for some output like this:
Aug  4 10:48:28 zenoss ntfs-3g[7273]: Unmounting /dev/sdb1 (Users) 
Aug  4 11:06:22 zenoss kernel:   Vendor: VMware    Model: Virtual disk      Rev: 1.0 
Aug  4 11:06:22 zenoss kernel:   Type:   Direct-Access                      ANSI SCSI revision: 02
Aug  4 11:06:22 zenoss kernel:  target0:0:1: Beginning Domain Validation
Aug  4 11:06:22 zenoss kernel:  target0:0:1: Domain Validation skipping write tests
Aug  4 11:06:22 zenoss kernel:  target0:0:1: Ending Domain Validation
Aug  4 11:06:22 zenoss kernel:  target0:0:1: FAST-40 WIDE SCSI 80.0 MB/s ST (25 ns, offset 127)
Aug  4 11:06:22 zenoss kernel: SCSI device sdb: 1572864000 512-byte hdwr sectors (805306 MB)
Aug  4 11:06:22 zenoss kernel: sdb: Write Protect is off
Aug  4 11:06:22 zenoss kernel: sdb: cache data unavailable
Aug  4 11:06:22 zenoss kernel: sdb: assuming drive cache: write through
Aug  4 11:06:22 zenoss kernel: SCSI device sdb: 1572864000 512-byte hdwr sectors (805306 MB)
Aug  4 11:06:22 zenoss kernel: sdb: Write Protect is off
Aug  4 11:06:22 zenoss kernel: sdb: cache data unavailable
Aug  4 11:06:22 zenoss kernel: sdb: assuming drive cache: write through
Aug  4 11:06:22 zenoss kernel:  sdb: sdb1
Aug  4 11:06:22 zenoss kernel: sd 0:0:1:0: Attached scsi disk sdb
Aug  4 11:06:22 zenoss kernel: sd 0:0:1:0: Attached scsi generic sg1 type 0
  • Make sure that you can see the new resource.

cat /proc/scsi/scsi

  • Mount the new resource to a available mount spot.
mount /dev/sdb1 /mnt/recover1
  • Do your restore by copying off the files that you need….yada yada yada
  • Now it is time to unmount and disconnect the restore resource.
  • unmount the block device:

umount /dev/sdb1 /mnt/recover1

  • Delete the SCSI resource from the SCSI bus:

echo “scsi remove-single-device a b c d” > /proc/scsi/scsi
a == hostadapter id (first one being 0)
b == SCSI channel on hostadapter (first one being 0)
c == ID
d == LUN (first one being 0)

  • Make sure the resource is gone.

cat /proc/scsi/scsi

  • Now remove the RDM from the virtual host.
  • Remove SAN assignment of the snapshot resource from VMWare cluster.
  • Have vmware hosts rescan their FC connectsions.
  • Delete snap shot resource from SAN.
  • You are done.

Permalink Leave a Comment

Empathy needs a OTR plugin.

July 25, 2011 at 11:37 am (Uncategorized)

I just switched over to using Empathy for my IM client. I really like it better then Pidgin because it has much smoother integration with GNOME3 and is slicker looking. However, one of the things that it is really lacking is the fact that it doesn’t have plugins. Since it doesn’t have plugins, I can’t use encryption such as OTR (Off The Record).

I hope the Empathy fairies here this and that OTR gets added some time.

Permalink 1 Comment

TFTP new software onto ASA from a TFTP server on other side of VPN tunnel.

July 22, 2011 at 1:49 pm (Uncategorized) (, , )

If you need to TFTP new software (or any other file for that fact) onto a ASA from a TFTP server that is on the other side of a VPN tunnel, you will need to specify the source interface for the TFTP client to use.

The easiest way to do this, is to specify it inline with the copy command:

 copy tftp://192.168.1.30/ASA/asa842-k8.bin;int=INSIDE-management disk0:/asa842-k8.bin

Where, 192.168.1.30 is the IP of the TFTP server. INSIDE-management should be replaced with whatever interface you want to use as source.

Permalink 3 Comments

No security exception for SSL EV certificates in Fire Fox 3.6.17

May 18, 2011 at 10:05 am (Technology) (, )

Today I learned something new about Fire Fox 3.6.17. I was migrating a SSL EV certificate from a IIS server onto a Virtual Server that is located on a KEMP LoadMaster. This test server on the LM is running a prototype/test site. Therefore, the domain name doesn’t match the domain name that the SSL cert was created for. This normally will create a SSL name mismatch error in the web browser. This error normally can then be bypassed by the user, this process is called “Security Exception” in Fire Fox. I went to add this exception and found that Fire Fox wouldn’t allow me to add it. What’s interesting is that the exception window tells you that the identification of the certificate is so positive that there is no reason for you to add an exception.

This site provides valid, verified identification. There is no need to add an exception.

I think this is a good thing.  It really helps make the EV certificates more strong and adds value to them.  I guess I’ll go back to using a self signed certificate for testing.

No security exception.

Permalink Leave a Comment

suid, sgid, sticky bit

December 15, 2010 at 12:38 pm (Uncategorized) (, , )

Great quick reference article on suid, sguid and sticky bit.

http://www.zzee.com/solutions/linux-permissions.shtml

Permalink Leave a Comment

What do the ‘ls’ colors mean in BASH?

December 15, 2010 at 12:27 pm (Uncategorized) (, )

Ever wonder what all the default colors outputed by ls in BASH mean? These are some of the common default ones:

Executable files: Green
* Normal file : Normal
* Directory: Blue
* Symbolic link : Cyan
* Pipe: Yellow
* Socket: Magenta
* Block device driver: Bold yellow foreground, with black background
* Character device driver: Bold yellow foreground, with black background
* Orphaned syminks : Blinking Bold white with red background
* Missing links ( – and the files they point to) : Blinking Bold white with red background
* Archives or compressed : Red (.tar, .gz, .zip, .rpm)
* Image files : Magenta (.jpg, gif, bmp, png, tif)

Ganked from: http://www.cyberciti.biz/tips/where-is-color-of-ls-command-defined.html

Permalink 1 Comment

Next page »

Follow

Get every new post delivered to your Inbox.