As a Linux consultant and linux admin, I specialize in managing large Linux based server clusters. Security is a very important part of my role, as well as server housekeeping and maintenance. I’ve worked with a number of routing technologies and have relationships with a variety of different Datacenters where I house some of my hardware. Debian/Ubuntu are my preferred distributions however I’ve had plenty of experience with RedHat, CentOS and Voyage Linux.
Here is the list of Linux Consultant HOWTOs & Tutorials on the blog:
01st Jan 10 – Linux Consultant – Server Management, Basic Housekeeping
Server management is one of the most basic requirements in maintaining a healthy server/cluster, however, is often overlooked until something goes wrong. In it’s most basic form, server management involves:
- Checking log files for size and suspicious entries
- Checking disk space usage
- Checking memory usage
- Checking for new packages (apt-get update; apt-get upgrade)
- Check load and process list
- Checking backups
02nd October 09 – Linux Consultant – Disk Speed
Using hdparm it’s pretty easy to find out your disk’s readLinux Consultant – Disk Speed speed. hdparm is actually an entire IDE/SATA management utility.
Firstly, ensure that you have the tool – apt-get install hdparm
Once done, quite simply use hdparm with -t or -T options to time buffered reads and cache reads respectively. Be VERY careful about other options that hdparm offers, some are very dangerous and can completely corrupt your data.
Timing buffered disk reads: 200 MB in 3.00 seconds = 66.57 MB/sec
apnic03:~# hdparm -T /dev/sda/dev/sda:
Timing cached reads: 4372 MB in 2.00 seconds = 2187.38 MB/sec
26th September 09 – Shrinking/Resizing ext3 Partitions
Shrinking or expanding an ext3 partition is easy but is not without it’s risks. Before starting, you NEED to take a backup of your data. There’s a strong possibility that it will all disappear and your filesystem will become permenantly broken, as with any disk or filesystem procedure.
- The steps below are the RAW STEPS required to resize your partition. This is a potentially dangerous procedure that could easily destroy/ruin/damage your partition, data, filesystem or other partitions on the same disk.
- DO NOT perform these steps on a live/production machine
- DO NOT perform these steps unless you have a full backup of your data/disk
- These steps are really for theoretical purposes only. They should work just fine, but tools such as gparted will do this for you.
ns3:~# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda1 9.4G 6.8G 2.2G 77% / tmpfs 443M 0 443M 0% /lib/init/rw udev 10M 92K 10M 1% /dev tmpfs 443M 0 443M 0% /dev/shm /dev/sdb1 20G 9.8G 9.0G 52% /email
In my example, I’m going to resize /dev/sdb1 which is my /email partition. /dev/sdb1 is a partition residing on device /dev/sdb
15th September 09 – Linux DHCP Server
DHCP is an acronym for Dynamic Host Configuration Protocol. It allows a host to broadcast a request for it’s IP settings. Hopefully, a DHCP server like the one we’ll be configuring will respond. Running tcpdump shows a dhcp request looks like:
17:26:02.003956 00:00:00:00:00:00 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0×0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request, length 300
POP3 is an incredibly simple protocol, and with the most basic commands, you can access your POP3 server ‘by hand’ with this POP3 HOWTO without the need for a client. You can find the entire POP3 RFC here http://www.ietf.org/rfc/rfc1939.txt (continued…)
15th December 08 – Linksys WRT54G Serial Console
Adding a serial port to your Linksys WRT54G, WRT54GS, WRT54GL and probably a wide range more is really really easy. The only thing we need is a serial to ttl converter. I personally followed the guide right here: http://www.rwhitby.net/projects/wrt54gs – works perfectly, and very well laid out. This http://www.compsys1.com/workbench/On_top_of_the_Bench/Max233_Adapter/max233_adapter.html is where I purchased my MAX232 kit from. (continued…)
15th December 08 – Some simple filtering and sniffing with tcpdump
tcpdump is one of the best network debugging tools available. In it’s most basic form, it will print network traffic in terms of a source and destination address to the console, more advanced uses include printing out captured ASCII and simple but powerful filtering. (continued…)
07th October 08 – Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange is a popular mathematical key exchange algorithm. It allows two parties to establish a ‘key’ over an insecure medium such as the internet. As you will see, it doesn’t matter whether the intercepting party captures each piece of transmitted information, they will not be able to break the key in any way, other than the usual brute force method.
Diffie-Hellman Key Exchange is not an encryption method, it is generally but not always used pre encryption to decide on a shared encryption key.
We will call the communicating parties Bill and Ben. Let Roger be the intercepting party. You can work out these calculations on a calculator:
Bill and Ben transmit and agree on a public prime number (p) and a ‘generator’ (g) which is an integer less than ‘p’. Bill now decides on a random private number (a) which he does not transmit, Ben also agrees on a random private number (b) which he does not transmit either. (continued…)
28th November 08 – mknod tutorial
mknod is a powerful command with which you can create block or character special files. If you view the man page, you’ll see that you can use it to create block device links and character device links. If you don’t know what these are then don’t worry. The purpose of this tutorial is to explore the FIFO (First In First Out) feature.
A FIFO literally does what it says on the box. The first piece of data to go in is the first piece of data to go out.
The usage of the command is:
Usage: /bin/mknod [OPTION] NAME TYPE [MAJOR MINOR]
Where MAJOR and MINOR are for the special devices mentioned above. (continued…)
24th October 08 – rsync over SSH, SSH key login, public keys, automated backups
This tutorial will cover how to set up a simple backup job between two machines using rsync and ssh. You will need HOST A and HOST B, whereby HOST B is your target backup service. (continued…)
There’s a couple of guides out there on how to set up Exim, MySQL, Courier and Spamassassin in a virtual user environment but I thought I’d put together a high level basic guide myself.
My installation is running on debian etch 4.0 stable (2.6.18-6-686)
As this is a vdomain/vuser setup, you will not require a system shell/login for the users you add.
To start off, just install the packages you’ll need with apt-get:
Now if you already have exim4-* installed which is the default, you have two choices. We want to install our own exim version from source but without breaking the repository. The choices are to either just rename exim4 to exim4.old and then create your new exim install, or alternatively create a dummy empty exim4 package remove exim4-* and install your dummy package. This will resolve the dependancies issue in the package manager. Neither method is particularly clean – I have installed a dummy package personally and removed the real exim4 set of packages.
7th October 08 – PHP, MySQL, Apache2 install HOWTO on Debian
Setting up a PHP/MySQL/Apache2 environment on Debian is really easy. I’ll walk through a quick setup and optimization process. I’ve optimized it for a 1.5Gb to 2GB RAM machine with reasonable load.
Now download eaccelerator from http://eaccelerator.net
27th September 08 – Linux Benchmark, IO statistics and system statistics with dstat
There are a number of common command line tools that we can use to monitor system resources. We have df for disk space, free for RAM usage, top for processes, bmon for network usage, etc. Quite often though, I find it useful to monitor them all simultaneously, and constantly switching commands or using ‘watch’ with free/df is annoying.
22nd September 08 – Wireless Hacking, Problems with WEP, Wireless Security & WPA
Unfortunately today there are still a huge range of wireless OEM equipment being shipped with WEP as standard. WEP has been known as vulnerable for a long time. This HOWTO assumes Linux familiarity, compatible hardware, the ability to read and troubleshoot, and a brain.
16th September 08 – NetCat tutorial for Linux & Windows, HOWTO, nc
I wrote this article some time ago, but thought I’d publish it here for reference:
- Netcat Basics – 1
- What is Netcat? – 1
- Netcat Syntax – 2
I’ve taken the same script but tweaked IPs and bandwith values into my office. Previously I was on a 24mbit down 2.5mbit up DSL connection courtesy of www.bethere.co.uk The office is only about 800m from the closest exchange which is quite nice – I generally find I get 18+mbit down and 1.5+mbit up. Not only great bandwidth, but latency is also very small and responsiveness is great, especially as a regular [constant] SSH use. Recently, despite having no business justification whatsoever, I ordered the same again for the same office. This one clocks in at about 19mbit up and 1.7mbit down – even better! Some ISPs support line bonding – I dont believe that many in the UK do, and seeing as at the time of writing, bethere were the only ISP to support anywhere close to 24mbit, I wasn’t going to try and find another.
17th August 08 – VMware Time Problems
Using VMware Server on an SMP machine has long caused me problems.
Although the host machine’s clock generally remains correct, the guest machines are often 2-5 times too slow. Running a local time server is just a hack besides which, running ntp each minute is really horrible.
2nd July 08 – Bandwidth Limiting HOWTO with Linux, tc and iproute2
I’ve recently optimized the scripts used for bandwidth management in one of our UK facilities and I thought I’d post a quick howto on it.
30th June 08 – LAMP Optimization
Here’s 3 easy steps to immediately boost your Linux Apache MySQL PHP installation
26th May 08 – Linux Device Names & Automatic Mounting
Recently I came across an annoying issue. I have three identical Seagate USB mass storage devices, plugged in to a debian etch 4.0 stable (2.6.18) machine. I could add those devices and mount points to /etc/fstab, but upon reboot, the /dev/sdX device names would change and therefore the drives would get mounted in the wrong place and bad things would happen. To summarize, drive1 would appear as /dev/sdb on one boot, but on another boot, drive1 would appear as /dev/sdc with drive2 appearing as /dev/sdb.