Friday, December 30, 2011

IP scanner on Mac OSX

發現了一套在Mac OSX下還算蠻簡單易用的IP scanner tool: Angry IP Scanner,雖然對於Mac OSX還在Beta階段,但是還算可用!

另外還有一套更好用IP scanner是由10base-t interactive開發,但是當然好用的代價就是請付點Coco.

Saturday, December 10, 2011

Remove unnecessary language resources from Mac OS X

很多工具都可以幫忙刪除系統應用程式中用不到的語系,但是我覺得Monolingual是最簡潔輕巧的一款好工具,推薦給大家使用,官方只說支援到10.6但是我剛剛在10.7.2也運作得非常好,幫我省去了1.3G的空間。

Monday, December 05, 2011

PKC or OKC?

今天同事給了一個有關Wireless station roams時的行為討論,主要是在講到底什麼是PKC與OKC,實在是非常精闢的討論,故收藏起來,以供日後參考。


簡單的定義:
Proactive Key Caching (PKC) or Opportunistic Key Caching (OKC) - In the 802.11i specification there is a suggestion towards WPA2 Pairwise Master Key ID (PMKID) caching. PKC/OKC is one interpretation of this suggestion. The station remembers the PMKID from its initial BSSID with which it associated and authenticated. When the client roams to another BSSID it uses the original PMKID and hashes it with the new BSSID and comes up with new keys. It needs a centralised controller to distribute the PMKID out to the AP's to make it all work.

Sunday, December 04, 2011

X10 VS P7100

最近想買類單相機呀!找了一個table比較一下各家的spec,要不是X10在資訊會價格硬又沒送東西的話,今天就會買了吧..... 看了一看P7100好像也不錯,省下來的錢還可以買一台3DS。

規格比較表:

RAMDisk tool on Mac OSX

現在的RAM比起以往便宜了許多,多餘的記憶體空間若空閒在那邊的確是有點可惜,把RAM當disk使用不論在Linux或是Windows上都有相對應的方法與工具,當然Mac上也是有的,最簡單的工具首推TmpDisk,怎麼設定呢?那真是簡單到不行呀,不用多說看下面的截圖您必定明白。

這邊也提供MacOSX手動產生RAMdisk的方法:

最常用的就是將RAMdisk當成瀏覽器的快取,以下提供我用Google Chrome實作的步驟:
Step1. 透過TmpDisk產生RAMDisk,並且將Auto CreateAlways start on login啟動。
Step2. 關閉Google Chrome。
Step3. 開啟OSX的終端機。
Step4. 將Chrome目前的快取目錄刪除。
rm -rf ~/Library/Caches/Google/Chrome/Default
Step5. 產生一個softlink將~/Library/Caches/Google/Chrome/Default連接到Step1產生的快取.
ln -s /Volumes/Chrome\ Cache/ ~/Library/Caches/Google/Chrome/Default
/Volumes/Chrome\ Cache/就是我透過TmpDisk產生的快取。

Configure Apache to use SSL on CentOS5.X

預設CentOS5.X啟動Apache時,https並沒有跟著被帶起來,其實只要裝上mod_ssl這個套件後,當下次重新啟動Apache時,就會自動打開https了,而其主要的配置檔案會自動產生於/etc/httpd/conf.d/ssl.conf檔案中。

這個方法固然快速,然而如果你想手動自己來的話還是可以的。


Saturday, December 03, 2011

RuckusWireless TDC誠徵QA Engineer

敝公司目前有在找QA Engineer,有興趣的人不妨可以投履歷看看!
順便貼上一段當初看完影片後,讓我百分之百想進入RuckusWireless工作的影片,現在看起來還是很熱血。
http://www.youtube.com/watch?v=62-3m5N8X1g&feature=related

Sunday, November 06, 2011

Tips: 找尋欲編輯的檔案內容並且直接開啟

[root@centos6 etc]# vi `find /etc/ | xargs grep "vsftpd.pem" | cut -d: -f1`
Explain:
1. 在/etc folder透過find指令尋找全部的檔案。
2. 透過xargs將pipe前的stdout轉變成餵給grep的參數。
3. 透過cut指令做簡單的filter。
4. 將`find /etc/ | xargs grep "vsftpd.pem" | cut -d: -f1`看成一個指令的輸出,餵給vi。

Tips: 查看user屬於那一個group

傳統的方法是透過/etc/group的文檔來查看user屬於哪一些group。
[root@centos6 ~]# cat /etc/group | grep root
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
disk:x:6:root
wheel:x:10:root

其實可以透過groups指令來查詢的。
[root@centos6 ~]# groups root
root : root bin daemon sys adm disk wheel
[root@centos6 ~]#

Saturday, November 05, 2011

於CentOS6架設FTP-SSL

如果要在Internet上開放FTP的服務給使用者使用,比較安全的做法有SFTPFTPs,但是SFTP必需也要開放sshd,萬一OpenSSH存在系統漏洞的話,整個系統是很容易受到攻擊的!所以FTPs看起來是比較安全的應用,以下便簡單記錄怎麼在CentOS6中透過vsftpd架設FTPs。

Steps:
1. 檢查vsftpd是否有支援ssl:
[root@centos6 ~]# ldd `which vsftpd` | grep ssl
libssl.so.10 => /usr/lib/libssl.so.10 (0x00af1000) -> 看到libssl則代表有支援。

2. 產生vsftpd所需要的憑證:
[root@centos6 ~]# cd /etc/pki/tls/certs/
[root@centos6 certs]# make vsftpd.pem
[root@centos6 certs]# cp -a vsftpd.pem /etc/vsftpd/

3. 設定vsftpd.conf:
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list ->注意!必需要手動產生一個chroot_list的空檔
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

4. 啟動vsftpd
[root@centos6 vsftpd]# /etc/init.d/vsftpd restart
正在關閉 vsftpd: [ 確定 ]
正在啟動 vsftpd 中的 vsftpd: [ 確定 ]
[root@centos6 vsftpd]#

5. 在OSX透過Cyperduck測試:
5.1 設定連線為FTP-SSL
5.2 輸入FTP Server的IP address,系統會警告一個不被信任的憑證,當然此憑證是我剛剛產生的,所以要信任它囉:

大功告成!

Friday, November 04, 2011

透過網路安裝RHEL6

其實做法跟RHEL5一樣,只是與RHEL5不同的是開機時沒有boot:的提示,以下透過CentOS6簡單演練一下:

Steps:
1. 放入CentOS6的開機光碟,但是與RHEL5不一樣的是沒有boot:的提示,取而代之的是grub直接帶出以下的選項:

2. 按下ESC帶出boot: 並且輸入linux askmethod叫系統帶出安裝的方法。

3. 選擇語系:

4. 選擇鍵盤的配置:

5. 選擇安裝的方法,此例子選擇來源為NFS Server:

6. 設定IP address:

7. 設定NFS Server:

8. 之後anaconda就可以順利啟動了:

Tuesday, October 11, 2011

在Linux中可媲美foobar的播放器: DeadBeef

如果對聽音樂很注重"品質"的朋友一定聽說過foobar2000這套軟體,小弟不才是經過公司同事的介紹後才認識到它,但是瘋狂帽客真的不是叫假的,我是很不習慣使用Windows的使用者,於是今天想找看看有沒有可媲美foobar2000的軟體,所幸GNU tools是有的,它叫做DeadBeef,死牛?喔喔~這名稱有點可怕哩,一開始以為是教你怎麼把一隻活生生的牛處理掉了...... 忽然想到LPIC封面的那隻牛 XD。

經過實測,把檔案放到ramdisk透過deadbeef來聽,感覺上真的有比Rhythmbox帶給我更不同的感受,以下列出我的測試設備/條件:
1. 作業系統: OpenSUSE 11.4 X86_64
2. 耳機: AKG K514
3. Deadbeef: 0.5.1-1

說說看如何安裝Deadbeef到OpenSUSE 11.4吧。
2. 安裝libzip.so.1()(64bit): # zyppe in libzip.so.1\(\)\(64bit\)
3. 安裝deadbeef: # rpm -ivh deadbeef*rpm

接下來就把音樂檔案放到/dev/shm(ramdisk)中透過Deadbeef來播放看看吧!

Thursday, October 06, 2011

Steve Jobs Dies

今天世界痛失了一位不斷改變人們生活習慣的天才Steve Jobs(1955-2011)...

Wednesday, September 28, 2011

Upgrade CentOS6 to CentOS6.x

RHEL6.1已經出來一陣子了, 但是CentOS似乎沒有趕上? 一直停留在6.0, 我們該懷疑CentOS不再繼續提供更新了嗎? 喔~不! CentOS team還是有持續努力的! 只要裝上一個extra repository就可以將CentOS6.0升級到CentOS6.1了.

Steps:
# yum install centos-release-cr
# yum update

強烈建議每位CentOS users一定要裝上這個extra repository才能繼續讓你的CentOS6頭好壯壯.

Tuesday, September 27, 2011

檢查MacOSX的partition layout

MacOSX沒有fdisk的指令,但是還是有類似的指令的,其指令如下:
# diskutil list
/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *160.0 GB disk0
1: EFI 209.7 MB disk0s1
2: Apple_HFS Macintosh 60.2 GB disk0s2
3: Apple_HFS Data 99.4 GB disk0s3
/dev/disk1
#: TYPE NAME SIZE IDENTIFIER
0: *8.0 GB disk1
/dev/disk2
#: TYPE NAME SIZE IDENTIFIER
0: Garmin-Asus *3.3 GB disk2

話說diskutil還真是MacOSX下的好工具呀!

Sunday, September 04, 2011

Linux上的網路流量監控程式iftop

在Linux上我常使用iptraf去監控本機的網路流量,然而今天又發現到了另一套簡單而有用的程式也可以在Linux上監控流量,它叫做iftop

以下是在CentOS6中的安裝與使用:

1. 抓取source:
# wget ftp://rpmfind.net/linux/dag/redhat/el6/en/i386/dag/RPMS/iftop-0.17-1.el6.rf.i686.rpm
(這是i386的版本 for CentOS6)

2. 安裝:
# rpm -ivh iftop*

3. 使用:
# iftop
4. 加上-P,顯示port number:

More parameters:
[root@centos6 ~]# iftop -h
iftop: display bandwidth usage on an interface by host

Synopsis: iftop -h | [-npbBP] [-i interface] [-f filter code] [-N net/mask]

-h display this message
-n don't do hostname lookups
-N don't convert port numbers to services
-p run in promiscuous mode (show traffic between other
hosts on the same network segment)
-b don't display a bar graph of traffic
-B Display bandwidth in bytes
-i interface listen on named interface
-f filter code use filter code to select packets to count
(default: none, but only IP packets are counted)
-F net/mask show traffic flows in/out of network
-P show ports as well as hosts
-m limit sets the upper limit for the bandwidth scale
-c config file specifies an alternative configuration file

iftop, version 0.17
copyright (c) 2002 Paul Warren and contributors
[root@centos6 ~]#

Wednesday, August 24, 2011

Iperf under IPv6 mode

Prepare Iperf version 1.6.3 or later.
Server side:
iperf -s -V

Client side:
iperf -c [IPv6 IPaddress] -V

That's all.

Saturday, July 30, 2011

BackTrack Linux 5

從事資安相關領域的人員應該有聽說過BackTrack這套Linux distro吧? 這套整合針對網路設備與系統偵測的各種資安與壓力測試工具的Linux distro的確替我省去了很多找尋與安裝軟體的時間, 目前BT5有for i386, x86_64與ARM的版本, 於download時可以選擇你偏好的desktop, VM image or ISO.
BT是based on Ubuntu, 所以使用起來沒有太大的難度, 剩下的就是針對各個軟體學習如何使用了.

我常用的hping2, hping3, Nessus, nmap, netcat, tcpreplay, tcpdump, wireshark...等等都有內建於其中, 然而還有更多工具是我沒用過的, BT果然是一套好的distro來測試網路設備或系統漏洞, 但是若拿它來做非法的事情, 可就不是我推薦的了.

RHEL6 Clone distro

除了CentOS外, 目前還有兩套頗受好評的Red Hat clone版 , 分別是Oracle LinuxScientific Linux, 目前這兩套distro都已經release 6.1的clone版本了, 老牌的CentOS目前只有追到6.0.

Sunday, July 24, 2011

Linux Kernel 3.0 has been released!

Linux Kernel 3.0釋出了, 請到www.kernel.org瞧瞧吧! Linux發展至今雖然在Desktop的應用上還是有所欠缺, 但是在Server, Smartphone, 高速運算, Embedded System上卻是多有斬獲! 因此讓我們繼續朝向Linux Kernel 3.0前進吧!

Tuesday, July 12, 2011

How to fix Wireshark no interfaces error on OSX

That's simple, please see it below:
# sudo chown username /dev/bpf*

Monday, July 11, 2011

CentOS 6.0 now available

經過漫長的等待(Since November of 2010),CentOS終於release 6.0了,必需給它一個讚。

The CentOS team is pleased to announce the immediate availability of CentOS-6.0 for i386 and x86_64 Architectures.

CentOS-6.0 is based on the upstream release EL 6.0 and includes
packages from all variants. All upstream repositories have been combined into one, to make it easier for end users to work with.

There are some important changes to this release compared with the previous versions of CentOS and we highly recommend reading this announcement along with the Release Notes.

There are no CD images being released with CentOS-6, however we have some CD variants in the pipeline.

Since upstream has a 6.1 version already released, we will be using a Continous Release repository for 6.0 to bring all 6.1 and post 6.1 security updates to all 6.0 users, till such time as CentOS-6.1 is released itself.

LiveCDs and LiveDVDs for i386 and x86_64 will be released the
next few days. These will bring in the ability to directly install from the live media.

There will also be a minimal install CD, that would bring up a base
machine with just enough content to have a usable platform.

In order to bring back the CentOS-4 Server CD style single iso image, an LWS variant of the main distro will be created.

And now: Have fun.

Saturday, July 09, 2011

How to disable DNS service on dnsmasq

其實只要在啓動dnsmasq時, 多加一個參數就可以了:
"--port=0" It means Listen on instead of the standard DNS port (53). Setting this to zero completely disables DNS function, leaving only DHCP and/or TFTP.


Saturday, July 02, 2011

To configure Squid/WPAD supports IPv6 on RHEL6

首先你必須知道如何在RHEL6下配置IPv6的環境, 你可以參考以下的文章來設定:

至於什麼是WPAD, 以及如何設定WPAD則可參考以下文章:

再來開始設定Squid/WPAD支援IPv6:
1. Prepare: Squid 3.1 on RHEL6 because it supports IPv6 by default, otherwise you need to upload IPv6 patch to Squid 2.x version.

2. Configure IPv6 in Squid 3.1:
In /etc/squid/squid.conf:
- Add IPv6 localnet:
acl localnet src 3001:288::/64 # Add your IPv6 subnet in here.
- Allow localnet:
http_access allow localnet
-Restart Squid:
# /etc/init.d/squid restart; chkconfig squid on

3. Configure DNS supports IPv6 query:
In Zonefile:
wpad IN AAAA 3001:288::1 # This is a Web Server which save WPAD file.
proxy IN AAAA 3001:288::2 # This is a Proxy Server.


4. Configure WPAD file:
function FindProxyForURL(url, host) {

if (host == "localhost" ||
host == "localhost.localdomain" ||
host == "127.0.0.1" || host == "[3001:288::3]" || host == "10.10.2.2" ) {
return "DIRECT";
// Requests to localhost, 3001:288::3, and 10.10.2.2 will not redirect to proxy
}
// All other requests go through the local squid proxy
return "PROXY proxy.example.com:8080; DIRECT";
}
That's all.

Friday, June 24, 2011

Monit on OpenSUSE

Monit可以偵測本機的某些服務,當有異常時,可以透過它重新啟動daemon,以下是實作在OpenSUSE的系統上。

1. 安裝monit:
# zypper in monit
2. 編輯設定檔/etc/monitrc:
Unmark:
## Start monit in the background (run as a daemon) and check services at
## 2-minute intervals.
#
set daemon 60 <- 我把它改成1分鐘。

3. 新增偵測sshd daemon:
- 開啟/etc/monitrc並新增偵測sshd的設定:
check process sshd with pidfile /var/run/sshd.init.pid <- 注意這個檔案名稱是否與你的系統吻合
start program = "/etc/init.d/sshd start"
stop program = "/etc/init.d/sshd stop"
if failed host 127.0.0.1 port 22 protocol ssh then restart
4. 啟動monit:
# /etc/init.d/monit start
# chkconfig monit on
5. 測試:
- 手動將sshd stop:
# /etc/init.d/sshd stop
- 開始monitor:
suse:/var/run # /etc/init.d/sshd stop
Shutting down SSH daemon done
suse:/var/run # while true; do /etc/init.d/sshd status; sleep 1; done
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd running
Checking for service sshd running
Checking for service sshd running
It just works!
Reference: http://cha.homeip.net/blog/2011/06/3134.html

Monday, June 20, 2011

於RHEL6配置Log receive server

RHEL6預設的log server由syslog改換成rsyslog,於是乎以往RHEL3/4/5的配置方法可能已經不適用了(也許有人還是習慣用syslog,那麼方法應該就一樣),不過不用擔心萬變不離其宗正是Linux的教條,只要理論有了,配置不過是理論的實現罷了,以下就簡單的說明一下怎麼改變吧。

1. Enable UDP port 514:
rsyslog預設上把port 514關掉了,請手動將它打開。
- Configure /etc/rsyslog.conf:
Unmark UDP syslog:
$ModLoad imudp.so
$UDPServerRun 514

- Restart rsyslog:
# /etc/init.d/rsyslog restart

2. 檢查UDP port 514已開啟:
[root@rhel6 ~]# netstat -tupln | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:* 2713/rsyslogd
udp 0 0 :::514 :::* 2713/rsyslogd

3. 配置允許接收對方的log events:
# vi /etc/rsyslog.conf to receive log from remote machine:
:fromhost-ip,isequal,"X.X.X.X" /var/log/test1_log
X.X.X.X -> remote IP address

- Restart rsyslog:
# /etc/init.d/rsyslog restart

4. 建立logrotate:
# vi /etc/logrotate.d/test1
/var/log/test1.log{
size +4096k #Trigger logrotate when file size more than 4096k
create 640 root root # File owner and permission
rotate 10 #maximum logrotate
compress
postrotate #restart rsyslog after trigger logrotate
/etc/init.d/rsyslog reload
endscript
}

- Restart rsyslog:
# /etc/init.d/rsyslog restart

Tuesday, May 24, 2011

幫忙同事在Fedora解決的問題

沒什麼特別的,就此做個紀錄。
1. Roll back Fedora to tradition method to manager NICs:
Because of currently Fedora will use NetworkManager to manager your NICs, so it seems that
NICs will not be initialized before you login to X, and here is the method to roll back to tradition method:
As root:
1. Disable NetworkManager:
# chkconfig NetworkManager off

2. Enable tradition network method:
# chkconfig network on

3. Navigated to /etc/sysconfig/network-scripts, and to generate ifcfg-ethX file as following:
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

4. Reboot your machine.

2. Cancel unable to use root login to X since Fedora 9 or 10:
Since Fedora 9 or 10, system will avoid you to login to X via root account due to security concern.
However, you can disable this by some steps as following:
1. Navigated to /etc/pam.d

2. vi gdm
auth required pam_succeed_if.so user != root quiet
->
#auth required pam_succeed_if.so user != root quiet

3. vi gdm-password
auth required pam_succeed_if.so user != root quiet
->
#auth required pam_succeed_if.so user != root quiet

Then it works.

Sunday, March 20, 2011

升級到OpenSUSE 11.4(32 bit)的第一問題

Well....這是一個非常嚴重的問題!當我嘗試透過zypper dup的方式將OpenSUSE11.3升級至OpenSUSE11.4時,我發現到32bit的系統出現了一個非常嚴重的BUG!
shared libraries: liblzma.so.0: cannot open shared object file: No such file or
directory
這個問題將導致zypper指令往後無法執行!解決的方法如下:

1. 準備升級前先將rpm升級至最新版本:
# zypper up rpm; zypper dup

2. 如果已發生zypper無法啟用了,也不用太過慌張,請依照以下的方法採取救援:
# cd /; curl lzma.zq1.de | tar zxv

References:

後記:
這應該算是release blocker吧.... OpenSUSE11.4的問題還真不少唷......

升級到OpenSUSE 11.4(64 bit)的第二問題

升級到OpenSUSE11.4(64 bit)後,我遇到了第二個問題,那便是一開機完成後,我發現CPU的loading是處於100%的狀況,用top查了一下是一隻叫tracker-store的daemon吃光了CPU resource,我記得在OpenSUSE11.3中從沒用過這個App,或許有但是我沒感覺?於是乎先把它kill掉看看會不會對系統有什麼影響? 然後run了一段時間之後,我發覺到整個系統正常無誤。

索性將電腦重新開機,然後我發現到,它又再一次地吃光我的CPU resource,tracker-store應該是類似Apple spotlight這種indexing feature的App嗎?不過老實說在Linux的環境下,我覺得我是不需要它的,所以就將它移除了,移除過後CPU loading高漲的問題也解決了。

zypper remove tracker

What's tracker-store:

Saturday, March 19, 2011

運用gsynaptics 啟動notebook觸碰版功能

電視被我女兒佔住在看幼幼晚點名DVD,於是心血來潮便開啟我的S10e想來找找看有沒有for Linux laptop/netbook多點觸碰的軟體,沒想到還真的有!

Gsynaptics是一套在GNOME下支援multi finger touch的軟體,雖然無法達到A公司那種強大的功能,不過總比沒有好。


Steps in OpenSUSE 11.3:
1. Install:
# zypper in gsynaptics

2. 檢查/etc/X11/xorg.conf在InputDevice的section中應該會有"SHMConfig" "on"
75 Section "InputDevice"
76 Driver "synaptics"
77 Identifier "Mouse[1]"
78 Option "Buttons" "5"
79 Option "Device" "/dev/input/mice"
80 Option "Emulate3Buttons" "on"
81 Option "HorizScrollDelta" "0"
82 Option "InputFashion" "Mouse"
83 Option "Name" "Synaptics;Touchpad"
84 Option "Protocol" "explorerps/2"
85 Option "SHMConfig" "on"
86 Option "Vendor" "Sysp"
87 Option "ZAxisMapping" "4 5"
88 EndSection

3. 不用重新開機至"電腦"->"控制中心"->"硬體" 點選Touchpad or Mouse就可以設定了。


沒什麼難度還蠻好安裝跟配置的。

Saturday, March 12, 2011

升級到OpenSUSE 11.4(64 bit)的第一問題

今天把桌機從OpenSUSE 11.3升級到11.4後,發現到之前用得好好的Samba Server竟然無法啟動,檢查/var/log/samba/log.smbd後竟然看到以下的message:
params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/dhcp.conf":
Permission denied

Well..... dhcp.conf怎麼會跑到/etc/samba下?先把它更名一下:
# mv /etc/samba/dhcp.conf /etc/samba/dhcp.conf.bak

再次啟動後竟然還是無法運作?再查看一次log:
linux-8zbb:/etc/samba # tail -f /var/log/samba/log.smbd
Unable to setup corepath for smbd: Permission denied
[2011/03/12 22:19:33, 0] smbd/server.c:1134(main)
smbd version 3.5.7-1.17.1-2505-SUSE-SL11.4-x86_64 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2011/03/12 22:19:33.539756, 0] passdb/secrets.c:73(secrets_init)
Failed to open /etc/samba/secrets.tdb
[2011/03/12 22:19:33.540823, 0] passdb/secrets.c:73(secrets_init)
Failed to open /etc/samba/secrets.tdb
[2011/03/12 22:19:33.541149, 0] smbd/server.c:1234(main)
ERROR: smbd can not open secrets.tdb
這個嘛.....會不會是Novell AppArmor的關係?查看AppArmor的狀況後,我發現到它竟然在系統升級過後被啟動了?老實說AppArmor我並不是很熟,只好先把它關掉囉,之後Samba Server果然可以順利運作了。

Thursday, February 17, 2011

Linux上好用的IP計算工具-sipcalc

sipcalc這個工具真是計算IP位置的好工具!尤其是在Linux console mode就可以使用囉!
當然啦!在OpenSUSE 11.3上只要透過zypper就可以安裝成功了。

Steps:
1. linux-8zbb:~ # zypper in sipcalc
Retrieving repository 'OpenSUSE 11.3 update' metadata [done]
Building repository 'OpenSUSE 11.3 update' cache [done]
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following NEW package is going to be installed:
sipcalc

1 new package to install.
Overall download size: 29.0 KiB. After the operation, additional 58.0 KiB will be used.
Continue? [y/n/?] (y): y
Retrieving package sipcalc-1.1.5-0.pm.2.1.x86_64 (1/1), 29.0 KiB (58.0 KiB unpacked)
Retrieving: sipcalc-1.1.5-0.pm.2.1.x86_64.rpm [done (15.7 KiB/s)]
Installing: sipcalc-1.1.5-0.pm.2.1 [done]
Additional rpm output:
warning: /var/cache/zypp/packages/Packman_opensuse_11.3/x86_64/sipcalc-1.1.5-0.pm.2.1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 9a795806: NOKEY

2. linux-8zbb:~ # sipcalc 10.10.10.1/23 <- 指定某個IP subnet
-[ipv4 : 10.10.10.1/23] - 0

[CIDR]
Host address - 10.10.10.1
Host address (decimal) - 168430081
Host address (hex) - A0A0A01
Network address - 10.10.10.0
Network mask - 255.255.254.0
Network mask (bits) - 23
Network mask (hex) - FFFFFE00
Broadcast address - 10.10.11.255
Cisco wildcard - 0.0.1.255
Addresses in network - 512
Network range - 10.10.10.0 - 10.10.11.255
Usable range - 10.10.10.1 - 10.10.11.254

linux-8zbb:~ # sipcalc eth0 <- 針對目前的interface
-[int-ipv4 : eth0] - 0

[CIDR]
Host address - 10.10.10.253
Host address (decimal) - 168430333
Host address (hex) - A0A0AFD
Network address - 10.10.10.0
Network mask - 255.255.255.0
Network mask (bits) - 24
Network mask (hex) - FFFFFF00
Broadcast address - 10.10.10.255
Cisco wildcard - 0.0.0.255
Addresses in network - 256
Network range - 10.10.10.0 - 10.10.10.255
Usable range - 10.10.10.1 - 10.10.10.254

沒錯它就是這麼簡單好用,更多的功能請自行研究吧。

Tuesday, February 15, 2011

Linksys WUSB600N ver.2 driver for Linux and How to install it

Linksys WUSB600N ver.2 used Ralink RT3572 chipset, so please go to the Ralink website to download it first.
Steps:
1. Uncompress 2010_1215_RT3572_Linux_STA_v2.5.0.0.DPO.bz2
2. Plug in WUSB600N to your Linux box.
3. To execute "demsg" command to examine the vendor id and product id of WUSB600N. (it should be 1737/0079)
4. Added {USB_DEVICE(0×1737,0×0079)}, /* Linksys WUSB600N v2 */ to the /common/rtusb_dev_id.c file
5. Modified /os/linux/config.mk file to give you WPA encryption:
# Support Wpa_Supplicant
HAS_WPA_SUPPLICANT=y
# Support Native WpaSupplicant for Network Maganger
HAS_NATIVE_WPA_SUPPLICANT_SUPPORT=y
6. # make && make install && reboot
7. After system reboot successfully then plug in the WUSB600N to the Linux box again, and to execute "ifconfig -a" command then you will see the new device ra0

Saturday, February 12, 2011

What's pdsh and how it works?

What's pdsh?
Pdsh is a an efficient, multithreaded remote shell client which executes commands on multiple remote hosts in parallel. Pdsh implements dynamically loadable modules for extended functionality such as new remote shell services and remote host selection.
I.e., If you'd like to control multiple machines at once then you can use pdsh to reach it.
For example:
Server1: 10.10.2.2
node1: 10.10.2.181
node2: 10.10.2.159
And I'd like to control node1 and node2 on Server1 at once.

Steps:
1. Install pdsh on the Server.
2. Import ssh key of Server1 to the node1 and node2.
3. Add hostname-to-IPaddress of node1/node2 in /etc/hosts on Server1.
4. To execute: pdsh -w ssh:root@node[1,2] ls 2> /dev/null then node1 and node2 will to execute ls command and report to the Server1 as following:
lawrence@suse:~/.ssh> pdsh -w ssh:root@node[1,2] ls 2> /dev/null
node1: anaconda-ks.cfg
node1: Desktop
node1: id_rsa.pub
node1: install.log
node1: install.log.syslog
node2: anaconda-ks.cfg
node2: bin
node2: conf-examples
node2: cpulimit-1.1.tar.gz
node2: cpulimit.tar.gz
node2: Desktop
node2: id_rsa.pub
node2: install.log
node2: install.log.syslog
node2: mibs
node2: mibs_20100925.rar

5. Combine multiple commands:
lawrence@suse:~/.ssh> pdsh -w ssh:root@node[1,2] "cd /tmp;ls" 2> /dev/null
node1: pulse-Bk60xcI9xlDq
node1: virtual-root.pHV8bR
node2: etherXXXXWj7KYw
node2: gconfd-root
node2: keyring-RdVKdK
node2: mapping-root
node2: scim-panel-socket:0-root

Saturday, January 29, 2011

從ext3升級到ext4

ext4於Kernel 2.6.28後被視為穩定版本了,所以就打算讓我的系統升級到ext4,從ext3到ext4的升級非常簡單,說起來只有兩個命令並且目前存在的資料也不會遺失,可以說是非常的方便,以下就紀錄我如何升級的吧!

Steps:
1. 準備某一Linux版本的live CD,Fedora 14是個不錯的選擇!
2. 用Live CD開完機後,確定預升級的檔案系統處於無掛載的狀態。
3. 利用tune2fs加上ext4的attribute:
# tune2fs -O extents,uninit_bg,dir_index [device file]
4.檢查檔案系統:
# fsck -pf [device file]
5. 掛載:
# mount -t ext4 [device file] [mount point]
6. 修改/etc/fstab後,重新開機。

升級Ext4將帶來什麼好處?
1. 相容Ext3
2. 單一檔案大小可到16TB,檔案系統可支援到1EB
3. 新的存放方式,增加檔案讀寫速度