Thursday 27 August 2009

Find and replace with sed

I use this when switching distributions, and I need to add the new distro name to sources.list
sudo sed -i 's/jaunty/karmic/g' /etc/apt/sources.list

Wednesday 19 August 2009

DNS Hijacking, filtering and OpenDNS

With witless clowns like Senator Stephen Conroy pushing for draconian mandatory net filtering these days smart people should consider using a service such as OpenDNS rather than the DNS service provided by their ISP.

Simply put 208.67.222.222 and 208.67.220.220 in your /etc/hosts file and you are good to go.

However you should note that OpenDNS use "services" such as redirecting "domain not found" errors to a search page to fund their operations rather than letting your browser display the appropriate error as it should do. This also effects things such as ping. If I ping a domain name that does not exist I should get a response "unknown host", whereas with OpenDNS it will resolve to the OpenDNS page and the ping will receive a reply as if the nonexistent domain actually exists.

Even if you don't use OpenDNS, more and more ISP's these days have also taken to hijacking invalid domain requests and sending the standard "domain not found" error to their own (partner) advertisment pages.

There are a few ways to mitigate this behaviour. The easiest is to put the following line in your /etc/hosts file
127.0.0.1 hit-nxdomain.opendns.com

This will cause the redirection to go to your locahost adaptor. If you are running a service (ie web server) on port 80 then it will resolve to its default page and it won't solve the successful ping to bogus domain problem described above. This is a less than perfect solution.

The best solution is to use dnsmasq on your gateway. Dnsmasq is a combined DHCP and DNS server and is easy to set up.

Once you have it set up, simply put the ipaddress that is returned from a bogus ping into your /etc/dnsmasq.conf file. In my case I have;
bogus-nxdomain=208.67.216.132
bogus-nxdomain=208.67.219.132

and normal service will be resumed!

Wednesday 12 August 2009

HOWTO: Passwordless SSH using a public key

If you find yourself logging in to machines regularly or you want to include ssh commands in a script, for example using rsync to backup then you don't want to have to enter a password every time. In such cases you can use a public key.

The first thing we need to do is create a ssh key pair on the client host. Make sure that you login as the user who will be connecting to the server. In this case I am using the root user.
Warning: If your user already has a key pair then you should skip this step otherwise you may overwrite your existing key and potentially cause problems for other services that may already rely on them.

First, we should check whether there is already a keypair for our user;

ls -al ~/.ssh/
known_hosts


If there are files id_rsa and id_rsa.pub (or similar) listed then you already have a keypair and you should skip this step.

Creating an ssh key pair (press [enter] for each question asked);

ssh-keygen
Note: It is important that you don't enter a passphrase when asked to! If you did just run the command again, it will overwrite the key you just created.

You can check your new keys by looking in the .ssh folder

root@client:~# ls .ssh/
id_rsa id_rsa.pub known_hosts


The one we are interested in here is the public key which ends with .pub. We need to copy this file to /root on the server.
Note: You can do this via scp or copy it onto a thumbdrive or even type it in from a printout if you like! I will leave it up to you to decide the best method in your situation.

On the server, we will need to login as the root user;

Now, we should have the public key file that we copied earlier in our root directory. Let's double check that;

root@server:~# ls -al *.pub
-rw-r--r-- 1 root root 392 2010-08-02 08:22 id_rsa.pub


Great, it is there! We need to add this key to the root users authorized_keys file;

cat id_rsa.pub >> .ssh/authorized_keys

We can test that this worked by going back to our client PC and logging into the server via ssh;

root@client:~# ssh root@server
Linux server 2.6.32-25-generic-pae #44-Ubuntu SMP Fri Sep 17 21:57:48 UTC 2010 i686 GNU/Linux
Ubuntu 10.04.1 LTS

Welcome to Ubuntu!
* Documentation: https://help.ubuntu.com/
Last login: Thu Oct 14 15:38:57 2010 from client
root@server:~#


If it didn't ask you to enter a password then you are cooking with gas!

Tuesday 4 August 2009

Virtualbox3 Headless with Bridged Networking

Note: This howto is now outdated due to changes introduced in Virtualbox 3.1x

See this post for an updated version.

As of karmic koala, Vbox 3 is provided via the standard Ubuntu repos. Unfortunately, this is the OSE version and it does not appear to work headless.

So, we have to download the "free" version from the Sun (soon to be Oracle?) website, which is currently here

At the time of writing there was no Karmic build, so I used the Jaunty package (virtualbox-3.0_3.0.4-50677_Ubuntu_jaunty_i386.deb)

Before we can install the deb, we will also need to install some dependencies.
sudo apt-get install python2.5 libcurl3 dkms libqt4-network libqtgui4 libxslt1.1

Now we can install the virtualbox deb that we downloaded earlier.
sudo dpkg -i virtualbox-3.0_3.0.4-50677_Ubuntu_jaunty_i386.deb

NOTE: When I installed this for the nth time I received the following error:
virtualbox-3.0.postinst: 118: /etc/init.d/vboxdrv: not found
I'm not sure if this was due to my previous installations of different versions or not. I figured it was so ignored it and things seemed to be OK. Of course YMMV.

Next, add your user account to the vboxusers group
sudo adduser brettg vboxusers

Virtualbox machines that you create will by default go in your home directory
/home/brettg/.VirtualBox/

Ensure vboxusers have appropriate permissions to the kernel
sudo vi /etc/udev/rules.d/40-permissions.rules

/etc/udev/rules.d/40-permissions.rules
KERNEL=="vboxdrv", GROUP="vboxusers", MODE="0660"

Creating a virtual machine
Create a machine named "io"
VBoxManage createvm -name io -register

Configure it with a nic bridged to eth0
VBoxManage modifyvm io --nic1 bridged --bridgeadapter1 eth0

Create a virtual DVD link called "dvd" to an ISO image on the server
VBoxManage registerimage dvd /store/archive/ISO/ubuntu-8.04-server-i386.iso

Connect the DVD to the virtual machine
VBoxManage modifyvm io -dvd /store/archive/ISO/ubuntu-8.04-server-i386.iso

Assign "io" 128Mb RAM, enable acpi and set to boot from DVD
VBoxManage modifyvm io -memory 128MB -acpi on -boot1 dvd 

Create an 8Gb virtual HDD named "io-sda.vdi"
VBoxManage createvdi -filename io-sda.vdi -size 8000 -register

Assign that Virtual Drive Image to "io"
VBoxManage modifyvm io -hda io-sda.vdi

Because we are installing Ubuntu Server as a guest we need to enable PAE
VBoxManage modifyvm io -pae on


Using the virtual machine
Start the machine
VBoxHeadless -startvm "io" &

On a GUI workstation, establish a remote desktop connection to the machine
rdesktop -a 16 io:3389


Congratulations, you are now up and running!

After you have installed the OS, you need to remove the DVD and instruct the machine to boot from the hdd.
VBoxManage modifyvm "io" -dvd none

You can also deregister the dvd image if you don't intend to use it again.
VBoxManage unregisterimage dvd /store/archive/ISO/ubuntu-8.04-server-i386.iso

Note: When I installed Ubuntu Server the network autodetection didn't work. After installation was completed there was no eth0 present. I simply added the following to /etc/network/interfaces
auto eth0
iface eth0 inet dhcp

and was then up and running

Other useful commands;
VBoxManage showvminfo io
VBoxManage list hdds
VBoxManage list runningvms
VBoxManage controlvm io poweroff
VBoxManage controlvm "io" savestate

Monday 3 August 2009

Problems adding permissions in vmware server

Stop the web management service
sudo /etc/init.d/vmware-mgmt stop

Edit the authorisation file
vi /etc/vmware/hostd/authorization.xml

locate this line;
"11"

Change it to read;
"12"

Restart the management service
/etc/init.d/vmware-mgmt start