the mergy notes

If you have a few linux servers that for whatever reason you have to leave open to ssh into on the standard port 22, denyhosts is a great way to get rid of the annoying daily logwatch email logs showing some losers somewhere have been spending all day doing a denial of service trying to brute-force attack their way in to ssh. Better ways are just to not even let ssh be accessible to non-legit IPs as well as disable ssh logins except for a couple of valid users, but in the case of mobile devices, locations, etc. you just sometimes need to have the ability to ssh into servers anywhere and other services might be dependent on the default port number, so changing it to get it out of the range of the script-kiddie or russian mafia is just not an option. It is one thing to have secure passwords, keys, etc. but just the fact they continue to bang on your servers can really rack-up bandwidth and annoyance.

Denyhosts is written in python and works with your logs to (based on your settings) inhibit attempts once thresholds you configure are met on login attempts. Really cool.

http://denyhosts.sourceforge.net

I have tested on ubuntu and centos and works great. The default configs are basically ready for centos/fedora/redhat out of the rpm or from source.

I had mergy.org running on a very old laptop on a small ide 2.5″ drive. It was slow, but it was working. It got very tedious to work on though when anything went wrong and the webserver was really starting to get slow so I finally bit decided to move to newer hardware. But, the problem was that the drives on anything modern are serial ATA.

Here is what I did

1. Installed the same flavor and version of linux  on the new server and hard drive mimicing the partitions numbering on the old server. You could just get away with partitioning the drive in step 3 using one of the many RIPLinux bundled utils or fdisk, gparted, etc.

2. Took the drive out of the old laptop and put it in a usb external case and connected to the new server.

3. Booted on a RIPLinux CD - but any live CD would do really.

4. Blew away all files on the various partitions on the new server/drive

5. copied the files and directories over from the old drive with cp -prv

6. Changed the grub config in /boot to point to /dev/sda1 as opposed to /dev/hda1

7. Checked /etc/fstab to make sure mount points are OK

8. Edited the boot grub menu to make sure that point to the root directory

And it worked!

Recovery is Possible linux —> http://ftp.leg.uct.ac.za/pub/linux/rip/

After running Ubuntu for quite a while now, most of the system is great and extremely functional. The real mess is with the lack of wireless management tools to handle multiple wireless networks. That is, until I have been working with WICD. WICD is the best manager I have used at it is great at storing keys, etc. This is really a must have for a desktop/laptop WIFI user. Installing it requires you remove the built-in ‘Network Manager’ that Gnome/Ubuntu installs, but you want to - trust me. It also handles toggling wired ethernet as well.

You should check it out -> wicd.sourceforge.net

Getting Ubuntu Gutsy running on an IBM ThinkPad T42 is easy, but the X Server can be a pain. Here is my config.

# xorg.conf (xorg X Window System server configuration file)
#
# This file was generated by dexconf, the Debian X Configuration tool, using
# values from the debconf database.
#
# Edit this file with caution, and see the xorg.conf manual page.
# (Type “man xorg.conf” at the shell prompt.)
#
# This file is automatically updated on xserver-xorg package upgrades *only*
# if it has not been modified since the last upgrade of the xserver-xorg
# package.
#
# If you have edited this file but would like it to be automatically updated
# again, run the following command:
# sudo dpkg-reconfigure -phigh xserver-xorg

Section “Files”
EndSection

Section “InputDevice”
Identifier “Generic Keyboard”
Driver “kbd”
Option “CoreKeyboard”
Option “XkbRules” “xorg”
Option “XkbModel” “pc105″
Option “XkbLayout” “us”
EndSection

Section “InputDevice”
Identifier “Configured Mouse”
Driver “mouse”
Option “CorePointer”
Option “Device” “/dev/input/mice”
Option “Protocol” “ImPS/2″
Option “ZAxisMapping” “4 5″
Option “Emulate3Buttons” “true”
EndSection

Section “InputDevice”
Identifier “Synaptics Touchpad”
Driver “synaptics”
Option “SendCoreEvents” “true”
Option “Device” “/dev/psaux”
Option “Protocol” “auto-dev”
Option “HorizEdgeScroll” “0″
EndSection

Section “InputDevice”
Driver “wacom”
Identifier “stylus”
Option “Device” “/dev/input/wacom”
Option “Type” “stylus”
Option “ForceDevice” “ISDV4″# Tablet PC ONLY
EndSection

Section “InputDevice”
Driver “wacom”
Identifier “eraser”
Option “Device” “/dev/input/wacom”
Option “Type” “eraser”
Option “ForceDevice” “ISDV4″# Tablet PC ONLY
EndSection

Section “InputDevice”
Driver “wacom”
Identifier “cursor”
Option “Device” “/dev/input/wacom”
Option “Type” “cursor”
Option “ForceDevice” “ISDV4″# Tablet PC ONLY
EndSection

Section “Device”
Identifier “ATI Technologies Inc RV350 [Mobility Radeon 9600 M10]”
Boardname “ati”
Busid “PCI:1:0:0″
Driver “ati”
Screen 0
Option “MergedFB” “off”
EndSection

Section “Monitor”
Identifier “Thinkpad T42 Display”
Modelname “Custom 1″
modeline “640×480@60″ 25.2 640 656 752 800 480 490 492 525 -vsync -hsync
modeline “800×600@56″ 36.0 800 824 896 1024 600 601 603 625 +hsync +vsync
modeline “800×600@60″ 40.0 800 840 968 1056 600 601 605 628 +hsync +vsync
modeline “1024×768@60″ 65.0 1024 1048 1184 1344 768 771 777 806 -vsync -hsync
modeline “1280×960@60″ 102.1 1280 1360 1496 1712 960 961 964 994 -hsync +vsync
modeline “1280×1024@60″ 108.0 1280 1328 1440 1688 1024 1025 1028 1066 +hsync +vsync
modeline “1400×1050@60″ 122.61 1400 1488 1640 1880 1050 1051 1054 1087 -hsync +vsync
Gamma 1.0
EndSection

Section “Screen”
Identifier “Default Screen”
Device “ATI Technologies Inc RV350 [Mobility Radeon 9600 M10]”
Monitor “Thinkpad T42 Display”
Defaultdepth 24
SubSection “Display”
Depth 24
Virtual 1400 1050
Modes “1400×1050@60″ “1280×1024@60″ “1280×960@60″ “1024×768@60″ “800×600@60″ “800×600@56″ “640×480@60″
EndSubSection
EndSection

Section “ServerLayout”
Identifier “Default Layout”
screen 0 “Default Screen” 0 0
Inputdevice “Generic Keyboard”
Inputdevice “Configured Mouse”

# Uncomment if you have a wacom tablet
# InputDevice “stylus” “SendCoreEvents”
# InputDevice “cursor” “SendCoreEvents”
# InputDevice “eraser” “SendCoreEvents”
Inputdevice “Synaptics Touchpad”
EndSection
Section “Module”
Load “v4l”
EndSection
Section “device” #
Identifier “device1″
Boardname “ati”
Busid “PCI:1:0:0″
Driver “ati”
Screen 1
Option “MergedFB” “off”
EndSection
Section “screen” #
Identifier “screen1″
Device “device1″
Defaultdepth 24
Monitor “monitor1″
EndSection
Section “monitor” #
Identifier “monitor1″
Gamma 1.0
EndSection
Section “ServerFlags”
EndSection

RedHat’s Knowledgebase has no info on correctly bonding network interfaces on RHEL 5. They do have some old RHEL 3 information, but things have changed a little bit and they have failed to add the changes to another knowledgebase article. Here goes the quick way to get you going.

1. Get the hardware addresses of your network cards. These are usually eth0, eth1, etc. but the addresses may surprise you but they are usually eth0, eth1, eth2, etc.
2. Once you have your network addresses, you can get going. Stay out of the GUI network configuration tool RedHat provides because it has no idea what you are trying to do yet.

In ‘/etc/sysconfig/network-scripts’ create a new file for your bonded interface - for example, bond0. The file will be named

ifcfg-bond0

and put this in the file (replace the stuff in <> with the actual addresses you want and no <>)

DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
NETWORK=<WHATEVER YOUR NETWORK ADDR IS>
NETMASK=<YOUR NETMASK>
IPADDR=<IP ADDR YOU WANT THE BOND TO SERVE UP>
USERCTL=no
GATEWAY=<THE GATEWAY ROUTER IP>
TYPE=Ethernet
IPV6INIT=no
PEERDNS=yes

3. Then create a ifcfg file for each interface you want to be a part of the bond0. I have 2 for this bond. If there are existing files there, edit them or nuke them and recreate them. They were probably created with the GUI interface network config utility in RHEL. (For example purposes, I am using eth0 and eth1 as the 2 network interfaces we want to bond with bond0)

In ‘/etc/sysconfig/network-scripts’ you want;

a file for eth0

ifcfg-eth0

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=yes

and a file for eth1

ifcfg-eth1

DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=yes

4. Then you have to add bond0 to be a recognized interface for the kernel. You can do this in modprobe.conf. RedHat still has references to /etc/modules.conf which doesn’t exist in RedHat 5 anymore.

So, modify ‘/etc/modprobe.conf’ and add the line

alias bond0 bonding

5. Then reboot the whole server. I know, you can restart the network (/etc/init.d/network restart) or restart the interface bond0 (/sbin/ifup bond0) and leave everything up, but if you are doing this, you probably have no one hitting the server across the network anyway and it would be good to make sure the bond kicks up on startup and plays nice.

Really surprised that RedHat has yet to incorporate this into the network config utility and they make you go down this road to handle it. There are other settings with ‘miimon’, etc. but this gets you into the ballpark. More information on linux bonding here.

I added this to the /etc/modprobe.conf to help with switch timing and delays we were seeing in transfer tests.

options bond0 miimon=100 mode=1

RedHat Linux / RHEL 5 and previous versions have a problem with large volumes because of a boot limitation with GRUB .9x (now referred to as ‘GRUB Legacy’ which does not allow booting to volumes larger than roughly 2 terabytes. This is an issue because when you get servers with storage like a Dell PowerEdge 2950 and you load it up with a bunch of 750 gig drives and RAID 5 them, you are into the 3-4 terabyte range.

GRUB does not like dealing with such large volumes. But, rather than taking one of the drives out of the RAID and using that as boot volume, you can do a couple of other things. You can boot with an external hard drive, but that gets pretty messy.

What works well, is to get a 1 gig or so USB memory stick and during the RHEL install, put the

/boot

mount on it and leave root and the other mounts on the large RAID. GRUB will install on the USB and and long as you have that in at boot, you will be good until RH can get off their butts and bring the GRUB 2 fully into the mix.