2008-vftgs

uptimes

posted Jul 24, 2011, 5:35 PM by Boyce Crownover   [ updated Jul 24, 2011, 5:35 PM ]

Monday, October 20, 2008, 12:09 PM
Posted by Administrator
If you need to measure uptimes on windows machines, then you need to download the uptime tool. It gives essentially the same information as:
net statistics server | find "Stat"
but it can be run against a variety of OSs from a single host. I run it on a Vista machine against XP, 2003 and 2008 servers.

Good/Bad/Ugly

posted Jul 24, 2011, 5:35 PM by Boyce Crownover   [ updated Jul 24, 2011, 5:35 PM ]

Monday, October 20, 2008, 09:54 AM
Posted by Administrator
We use a variety of software and services, and I have experience with a variety of companies, so I thought it might be helpful to share my experience and opinions.

* AIX - I've worked off and on with AIX for a couple years now and I've found it to be an extremely stable and reliable platform, but not a terribly easy one to work with. I'd recommend using BSD or Linux or even Windows if you're developing a new project instead, but if you need a stable system and have AIX available, it will do nicely. Support is expensive and you need RISC to use it, but uptimes and hardware are comparable to what you'd expect from big iron.
* CentOS - This is the Linux distribution I'd recommend for most enterprise systems. It has all the goodness of Red Hat's commercial software without the price tag. If you're capable of managing your own Linux systems and need enterprise class software as inexpensively as possible, then CentOS is a good choice.
* RHEL - Red Hat Enterprise Linux is going to cost you, but when you pay for it you get the benefit of updates from a team committed to providing secure and reliable systems. I recommend this for platforms that will be exposed to the Internet (for the sake of security) or for platforms where you expect more than a thousand users in a day.
* Network Box - This is a managed network gateway and security system. Essentially it will filter all your Internet traffic, scanning for viruses and keeping the system
* EMC - I loathe EMC. I've talked to several salespeople who promise everything that you can imagine and when you pay for something, they start having a vary hard time backing up any promises. They kill good companies like VMWare and Legato. Having talked to other IT people, I know I'm representative of the majority of their customers, stuck with them because they sold us something so expensive that we feel obligated to make it somehow work but with a deep loathing for the providers. (I got a new job, so I'm not stuck with them anymore.)
* SEP - I don't particularly care for Symantec as a company and I don't care for their software, but Symantec Endpoint Protection is a decent package for the money with decent network administration controls. SEP is definitively better than previous generations of anti-virus.

NFS with AIX

posted Jul 24, 2011, 5:34 PM by Boyce Crownover   [ updated Jul 24, 2011, 5:34 PM ]

Wednesday, September 10, 2008, 09:24 AM
Posted by Administrator
In the past I've experimented using NFS served from Linux and mounted on AIX. Some issues led me to far that sync was not handled correctly for AIX 5.3 with default choices, but just for reference, I'd now recommend exporting something like:
example.com(rw,insecure,all_squash,anonuid=0)

Spam sucks

posted Jul 24, 2011, 5:33 PM by Boyce Crownover   [ updated Jul 24, 2011, 5:34 PM ]

Friday, September 5, 2008, 10:48 PM
Posted by Administrator
I've been getting dozens of spam entries as comments on my blog daily. They don't show up because I enabled a comment moderation script a long time ago and regularly delete all the entries. Today I decided to go ahead and test the associated spam block tool, just to keep down the amount of maintenance I've been having to do. If you've made a comment and wondered what happened to it, well I deleted it. So much spam on the blog means that I don't even take the time to read the comments anymore. Hopefully this will clean it up somewhat.

Update: This was applied on September 5, 2008. On that day I received 27 SPAM entries. After September 5th, I have received none.

Bash menu options from files, example with OpenVPN

posted Jul 24, 2011, 5:33 PM by Boyce Crownover   [ updated Jul 24, 2011, 5:33 PM ]

Friday, July 18, 2008, 06:58 AM
Posted by Administrator
Here is a bit that I did last night:

#!/usr/bin/bash
echo "Starting VPN initialization script."
echo "If all goes well, you will need to choose your configuration,"
echo "provide your decryption password and then leave this window"
echo "open until you are done with the VPN connection."

echo
cd /etc/openvpn
userchoice=''
thischoice=''
standardreminder="You may exit the VPN connection at any time by pressing\nCtrl and C keys at the same time.\n\n"
while [ -z "${choice[$userchoice]}" ]
do
ct=1
for i in *.conf
do
choice[$ct]=$i
let ct++
done
echo -e $standardreminder
for ((i=1; i<$((${#choice[*]}+1));i++))
do
echo "Choice $i: ${choice[$i]}"
done
echo -n "Choose your configuration by number: "
read userchoice
userchoice=`echo "$userchoice"|sed 's/[^0-9]//g'`
thischoice="${choice[$userchoice]}"
echo "Choice is: ${choice[$userchoice]}"
if [ -n "${choice[$userchoice]}" ];then break;fi
echo "Invalid choice"
echo
done
echo "DEBUG: proceeding with choice: $thischoice"
echo "DEBUG openvpn --config $thischoice"

Duuuuudddddeeee

posted Jul 24, 2011, 5:32 PM by Boyce Crownover   [ updated Jul 24, 2011, 5:32 PM ]

Thursday, July 17, 2008, 07:42 AM
Posted by Administrator
Okay, this totally cracked me up:
http://www.angryalien.com/1205/starwarsbuns.asp
It's Star Wars reenacted in 30 seconds, by bunnies.


In other news, openbsd rocks, but the people who use it, not so much.

Economic news

posted Jul 24, 2011, 5:31 PM by Boyce Crownover   [ updated Jul 24, 2011, 5:31 PM ]

Monday, July 14, 2008, 07:30 AM
Posted by Administrator
When I heard about the Freddie Mac and Fannie Maye "bailout" (actually relaxing of regulations and potential for additional credit) my gut reaction was displeasure. Now I hear that they are held in large part by foreign investors, and chartered by the US government.

On the plus side, the dollar gained again. Woo-hoo!

Oh my

posted Jul 24, 2011, 5:30 PM by Boyce Crownover   [ updated Jul 24, 2011, 5:31 PM ]

Thursday, July 10, 2008, 09:56 AM
Posted by Administrator
Ha, loved this:
http://tools.ietf.org/html/rfc2321

http://tools.ietf.org/html/rfc1149

Vigilante Justice

posted Jul 24, 2011, 5:29 PM by Boyce Crownover   [ updated Jul 24, 2011, 5:30 PM ]

Sunday, April 20, 2008, 10:09 AM
Posted by Administrator
I was just following a poll about identify theft and considered how much more effective enforcement would be in this area if the victims were allowed to go after the criminals.

After I pondered this for a couple minutes, I thought, so why can't they? Is it illegal to find someone committing identity theft and detain them until the police come to take them (and probably you) into custody? A quick skim over a wikipedia article on citizen's arrest and the answer is maybe. It certainly might be. Are we as a society unwilling to do anything about crime?

IP management

posted Jul 24, 2011, 5:28 PM by Boyce Crownover   [ updated Jul 24, 2011, 5:29 PM ]

Friday, April 18, 2008, 03:52 PM
Posted by Administrator
You need to know what is on your network, and you need to keep your information current. How? Well, why not ping everything in range and then do arp and dns lookups for the active ones? Here is the script I used:

sysresccd IPMgt # cat ipfinder.command
function main
{
quittingtime=`date +%s -d+5days+14hours`
while [ `date +%s` -lt $quittingtime ]
do
if [ -f NonLiveIPs.current.txt ]
then
mv NonLiveIPs.current.txt NonLiveIPs.old.txt
fi
touch NonLiveIPs.current.txt
touch LiveIPs.txt
firstpart='192.168.0.'
lastpart=1
while [ $lastpart -lt 255 ]
do
(
# # %03s - three characters, padded with zeros
strlastpart=$(echo $lastpart|(awk '{printf "%03s", $1}'))
thiscommand="ping -c3 -q ${firstpart}${lastpart} 2>/dev/null|grep '100% packet loss'"
cmdresult=$(eval "$thiscommand")
echo "DEBUG: thiscommand: $thiscommand"
echo "DEBUG: cmdresult: $cmdresult"|cut -b1-80
if [ -n "$cmdresult" ]
then
echo "DEBUG: noresponse processing"
thiscommand="grep ${firstpart}{strlastpart} LiveIPs.txt"
cmdresult=$(eval "$thiscommand")
echo "DEBUG: cmdresult: $cmdresult"|cut -b1-80
if [ -z "$cmdresult" ]
then
echo "DEBUG: noresponseX2 processing"
echo "No Response: ${firstpart}${lastpart}" | tee -a NonLiveIPs.current.txt
else
echo "No Response: ${firstpart}${lastpart} - Temporarily down?"
fi
else
echo "DEBUG: responded, processing"
arpresult="$(arping2 -c1 ${firstpart}${lastpart}|grep 'index')"
echo "DEBUG: arpresult: $arpresult"
macaddr="$(echo $arpresult|awk '{print $4}')"
echo "DEBUG: macaddr: $macaddr"
if [ -z "$macaddr" ];then macaddr="00:00:00:00:00:00";fi
datestamp=$(date +%s.%d%b%Y_%H.%M.%S)
echo "DEBUG: datestamp: $datestamp"
dnsname="$(nslookup ${firstpart}${lastpart}|grep 'name'|awk -F= '{print $2}')"
echo "DEBUG: dnsname: $dnsname"
if [ -z "$dnsname" ];then dnsname=" unknown.dtfcu.com";fi
echo "${firstpart}${strlastpart} $macaddr $datestamp $dnsname" |tee -a LiveIPs.tmp
fi
) &
let lastpart++
if [ $(expr $lastpart % 5) -eq 0 ];then sleep 1;fi
done
echo "DEBUG: pausing for a minute to ensure all processing finished"
sleep 60 #Make sure the delay stays here so everything finishes first
cleanlist
echo "Pausing for five minutes"
sleep 300
date
done
}

function cleanlist
{
sort LiveIPs.tmp|uniq >LiveIPs.txt #Must follow delay
rm -f LiveIPs.tmp;touch LiveIPs.tmp
for i in `awk '{print $1"_"$2}'<LiveIPs.txt|sort|uniq`
do
echo "i: $i"
searchstr=$(echo "$i"|sed 's/_/ /g')
LastUniqContact=$(grep -F "$searchstr" LiveIPs.txt|tail -n1)
echo "$LastUniqContact"|tee -a LiveIPs.tmp
done
mv -f LiveIPs.tmp LiveIPs.txt
}
cleanlist
echo "List cleaned";sleep 1;date;
main

1-10 of 12