Skip to main content

Posts

Showing posts from 2006

Setting up name-based virtual host on apache

I just finished setting up name-based virtual host for one of my clients. The server is Red Hat Linux Enterprise 4 update 4 (RHEL) with public IP. After I have successfully setting up DNS server correctly in particular to access to this server, this is how I setup name-based virtual host for it.

What is name-based virtual host?
A feature for webserver (ie apache,IIS etc) to serve many websites with one IP. The server will serve webpages accordingly based on the name of the site (ie www.example.com , mail.example.com , blog.example.com etc2).

Let's do it.
This tip is for Red Hat and maybe the same for Fedora Core (FC). On Mandriva and other distros, the directive to change may be in different files and different folders.

Step 1
Open up /etc/httpd/conf/httpd.conf with your favorite text editor (I personally use joe in console).

Step 2
Coment out this line:

NameVirtualHost *:80


Step 3
Comment out these lines (in the VirtualHost containers and change accordingly to your server name:

ServerAdmin t…

The new ShoutMix ShoutBox v2

At last the long awaited ShoutMix ShoutBox v2 is ready for prime time now and this time AJAX is used for real time update. It has many new features though. To know more, please register at shoutmix site and explore yourselve. For heavy or corporate users, you are encouraged to register as a premium user with affordable price and enjoy more features.

More news here and here.

connecting to SSH server passwordless

If you have to connect to an SSH server frequently or you want to make a shell script using ssh, you might want to consider connecting to it passwordless. This trick is now new. I have heard about this long time ago but didn't have any necessity for it so I ignored it until recently.

by the time of this writing, I have just completed my script for backup using SSH passwordless. Here I want to share the way I did it in a simple way. I hope it benefits others. Bear in mind that, all ssh utilities like sftp, scp and ssh can use passwordless connection once we complete setup one.

Step 1
Connect to SSH server and open up sshd_config in /etc/ssh or equivalent. Check your distro documentation.Make sure you have the following entries:# Allow Identity Auth for SSH1?
RSAAuthentication yes

# Allow Identity Auth for SSH2?
PubkeyAuthentication yes

# Authorized Keys File
AuthorizedKeysFile ~/.ssh/authorized_keysStep 2
Make RSA keys using ssh-keygen in your home directory of ssh client.
$ cd ~
$ mkdir i…

An encounter with VLAN

2 days ago, I helped my friend setting up internet connection for his office's LAN. As he showed me the network diagram, I realised that there are 6 VLAN that I need to cover to make them connect to the internet.

6 VLANS-->CORE SWITCH-->ROUTER+PROXY+DNS-->GATEWAY-->INTERNET

The problem was to get the clients in each VLAN to communicate each other and to communicate with router. All clients should also be able to access dhcp server located in one of the VLANS. After struggling about two days, I managed to get all clients in different VLANS talking to each other and the router. The problem was that I didn't understand how each VLAN talk to each other. The solution was located on coe switch. The commands below did the job:

route add -net 172.20.10.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.20.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.30.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.40.0 netmask 255…

ping using netbios name from Linux box

I have a linux box in a LAN with almost other boxen are MS Windows ME/XP. This Linux box acts as a WINS server serving request from LAN for netbios information. I can get the name of pcs in my workgroup using smbclient -L mywinsserver but I didn't know the ip address of each client. I would like to ping the name of a client pc using netbios names. How to overcome this? I got this simple solution from the net. Put wins in /etc/nsswitch.conf like this:

hosts: files dns wins
This line says, try looking in /etc/hosts files and then dns server and then wins server for the ip address of the name. This is only applicable if there is a WINS server in your network. If not, you're out of luck.

tips : to speed up netbios name resolution, try putting wins in the front like this

hosts: wins files dns

I don't recommend this unless you access clients on your network frequently. Otherwise, the default should be enough.

Samba explained

I'm done setting up samba server as instructed by my boss 2 weeks ago. The mystery of SAMBA have been revealed :). I never done this before. I mean I've never done setting up one for 'production' server. I learnt a lot from internet by googling and asking on a Linux forum to get hints. I wanna share a few tips here for us.

My setup
The first thing to configure is smb.conf. I use Slackware 10.2. This file is located in /etc/samba. For your distro, you should check in /etc or /etc/samba. This file is divided into 2 categories:

global setting [global]share definitions (this is where you define your sharing directories)Let's discuss them in turn

global setting[global]

workgroup - specify workgroup of your machine
server string - specify server string ie Samba server
security - specify your security here ie share or user. share is suitable for home use. user is more secure. You have to specify username and password when you want to connect to this samba server.
hosts allow - i…

The latest Google Talk

When I was checking my INBOX, I usually ignored emails from unknown sender (including emails from mailing lists) for the first time if and only if the Subject was not interesting but one email really caught me. The subject was about the latest Google Talk or Gtalk for short. I am a big fan of Google Talk and have been using it for nearly a year now. Of course, the 'talk' feature is the main attraction. I like its simplicity.Nonetheless, I want it to have more features like the ability to share files, change status on the fly based on action, more colorful smilies and webcam support. Use YM! I hear you say. No. What I want is the google way of doing things. Simple but elegant. :-)

Wait no more. At least many of the features have been added in the recent release. See what's new. Download it here.

Apache virtual server on SuSe 9.2

Hello there!. We meet again. :)

I am in the process of tranferring my old server files and data to our new server. It is an IBM e-series (2 Xeon CPUs, 1 GB RAM, 2 HDDs, Hardware RAID capable, 2 power supplies). I have setup SuSe Linux Professional 9.2 on it for testing. After 2 days testing it, I decided to use it as the distro of choice for our new server. SuSe is an excellent distribution for servers (so do other distributions aimed for servers). This is the article on how I setup name-based apache virtual server for the server.

Setting up apache virtual server
What is apache virtual server? It is a concept where a server can have multiple names and multiple IPs. Each server name can have different content depends on folder they are assigned (See below). The configuration on some distros is different depends on what directive have been put in httpd.conf and other files.

Copy file /etc/apache2/vhosts.d/vhost.template to vhost.conf in the same directory. Put this in /etc/apache2/vhosts.d/…

Installing Linux on an iMac

What Linux distro is the best for iMac? For a week, by searching with google, I found out that YellowDog is the best. I have to verify it myself by installing one. Before this, I have run Ubuntu Live CD PowerPC Edition to find out whether Linux can be installed on iMac. I couldn't believe my eyes. It was running perfectly. Now it's time to install to hard disk and wipe out the Mac OS 9.

My iMac is a G3 with 60 GB hard drive and Riva 128 is the graphic adapter.

SuSeLinux:~ # cat /proc/cpuinfo
processor : 0
cpu : 745/755
temperature : 27-29 C (uncalibrated)
clock : 400.000000MHz
revision : 50.2 (pvr 0008 3202)
bogomips : 49.79
timebase : 24967326
machine : PowerMac2,2
motherboard : PowerMac2,2 MacRISC2 MacRISC Power Macintosh
detected as : 66 (iMac FireWire)
pmac flags : 00000014
L2 cache : 512K unified
pmac-generation : NewWorld
SuSeLinux:~ #



SuSeLinux:~ # lspci
00:0b.0 Host bridge: Apple Compu…

AMD Opteron vs Intel Itanium

Recently, I attended a seminar on Grid Computing and HPC. The organizer invited an Indian speaker, a sales director of SUN India, Mr Mohan. In his brilliant speech, many useful information gathered by me especially the decision made by SUN to opt for AMD Opteron on many its HPC products instead of Intel Itanium (in terms of commodity 64-bit CPU).

Why Opteron?
These are the reasons (briefly):

1. Allows end users to run their existing installed base of 32-bit applications and operating systems at peak performance, while providing a migration path that is 64-bit capable.

2. HyperTransport technology - provides a scalable bandwidth interconnect between processors, I/O subsystems, and other chipsets. This feature is not available in Itanium.

3. Integrated DDR DRAM Memory Controller - this memory is integrated in CPU itself. For Itanium, the memory is outside of CPU. According to Mr Mohan,Itanium introduced FSB (Front Side Bus) to connect CPU to external RAM. This increases latency.

4. Low-Power …

64 bit is the way to go...

The server is up and running. It is a 64-bit Xeon with two processors.


[root@flowerhorn ~]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 4
model name : Intel(R) Xeon(TM) CPU 2.80GHz
stepping : 1
cpu MHz : 2800.216
cache size : 1024 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 1
fpu : yes
fpu_exception : yes
cpuid level : 5
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi m
mx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl cid cx16 xtpr
bogomips : 5521.40
clflush size : 64
cache_alignment : 128
address sizes : 36 bits physical, 48 bits virtual
power management:

processor : 1
vendor_id : GenuineIntel
cpu family : 15
model : 4
model name : Intel(R) Xeon(TM) CPU 2.80GHz
stepping : 1
cpu MHz …

bond0 interface

In the example below, the bond0 interface is the master (MASTER) while eth0 and eth1 are slaves (SLAVE). Notice all slaves of bond0 have the same MAC address (HWaddr) as bond0 for all modes except TLB and ALB that require a unique MAC address for each slave.

# /sbin/ifconfig
bond0 Link encap:Ethernet HWaddr 00:C0:F0:1F:37:B4
inet
addr:XXX.XXX.XXX.YYY Bcast:XXX.XXX.XXX.255 Mask:255.255.252.0
UP BROADCAST
RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:7224794 errors:0
dropped:0 overruns:0 frame:0
TX packets:3286647 errors:1 dropped:0
overruns:1 carrier:0
collisions:0 txqueuelen:0

eth0 Link
encap:Ethernet HWaddr 00:C0:F0:1F:37:B4
inet addr:XXX.XXX.XXX.YYY
Bcast:XXX.XXX.XXX.255 Mask:255.255.252.0
UP BROADCAST RUNNING SLAVE
MULTICAST MTU:1500 Metric:1
RX packets:3573025 errors:0 dropped:0 overruns:0
frame:0
TX packets:1643167 errors:1 dropped:0 overruns:1 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0x1080

eth1 Link encap:Ethernet HWaddr 00:C0:F0:1F:37:B4
inet
addr:XXX.XXX.XXX.YYY Bcast:X…

squid and iptables - revisited

One of best combinations for internet connected LAN is squid, a proxy server and iptables, a packet filtering ruleset. To make it useful, this combination is used to configure transparent proxy for a LAN or more.

iptables -t nat -I PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128Above command is for LAN (192.168.0.0/24) connecting to the internet via proxy server running on port 3128.

To make https proxied( it is not actually because we can't proxied encrypted packets but they are just forwarded), the command is as below :
iptables -t nat -I PREROUTING -s 192.168.0.0/24 -p tcp --dport 443 -j REDIRECT --to-port 3128You can NOT do the same for ftp (port 21). For ftp, you have manually inserted the proxy address for ftp protocol in your browser connection setting.

By above command executed on a proxy server (a.k.a firewall), the PCs in the LAN need not be configured one by one to use the proxy server. Less work for system/network administrator :). They are said…

When Microsoft lovers bash Microsoft

People tell me I bash Microsoft too much; that Microsoft's products really are great. OK, so I won't bash Microsoft this time around.

I'll let Microsoft's own friends do it.

Let's start with Mike Danseglio, program manager in Microsoft's Security Solutions group. In early April at the InfoSec World conference, Danseglio was talking about Windows security. He said, "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit."

In other words, Windows users may have no choice but to wipe their systems down to the bare-metal and then reinstall the operating system and applications.

In one case, Danseglio said, a branch of the U.S. government had a malware infestation on more than 2,000 client machines that "was so severe that trying to recover was meaningless. They did not have an automated process to wipe and r…

Torvalds Patches Linux Kernel, Fixes Broken Virus

Patch fixes bug that prevented a virus from running on some systems.

Robert McMillan, IDG News Service
Wednesday, April 19, 2006


SAN FRANCISCO -- The hacker who created a widely reported cross-platform virus that could affect both Windows and Linux PCs may have inadvertently done some free bug testing for the Linux operating system. Linux creator Linus Torvalds said today he had patched his operating system kernel to fix a bug that had been preventing the virus from running.

The virus, called Virus.Linux.Bi.a/ Virus.Win32.Bi.a, was first reported on April 7 by security vendor Kaspersky Lab, which labeled it an interesting proof-of-concept program, because of its ability to affect both Windows and Linux.

After discovering that the virus didn't work on recent versions of Linux, open-source developers did some investigative work and discovered that the cause was an obscure bug in the compiler used by Linux. News of this bug was first reported on NewsForge.com.

The bug affects versions of L…

Red Hat keeps its grip on Fedora

Red Hat Inc. announced on April 4th that the Fedora Project is going to stay under Red Hat's control, instead of going to the Fedora Foundation as it had previously announced.

Red Hat's Community Development Manager Greg DeKoenigsberg explained that the Fedora Foundation was not going to take charge of the operating system, after all. Instead, Red Hat was retaining some "control over Fedora decisions, because Red Hat's business model *depends* upon Fedora."

This brings to mind the way Sun keeps control of Java through its Java Community Process partners.

This is also not what Red Hat said it was doing in June 2005, when it announced that it was forming the Foundation to take charge of Fedora development. At that time, Mark Webbink, Red Hat's deputy general counsel, said, "We feel that we are now at a point where we need to give up absolute control. We built our company on the competence of the open-source community and it's time for us to continue to ma…

ATI releases Linux driver and update

PEOPLE often complain about ATI Linux support. Nvidia rocks with driver support for the OS, and we know that Nvidia has just released a driver supporting the new kernel.

ATI is ready with its own answer, supporting XFree86 4.1, XFree86 4.2, XFree86 4.3 and X.Org 6.8. There is even a 64-bit driver and all of these drivers and XFree86 and the driver itself are version 8.24.8.

The driver supports all the modern graphic cards including X1900, X1800 cards and the older ones too. The big thing is that ATI now supports Avivo, even under Linux, and we do know that many of this community plays with video files than with games.

The Linux driver even has a GUI and you can download it here.

*UPDATE: My machine now uses ATI's proprietary driver and it rocks. The installation is a snap.

Gunning for Linux The free operating system--backed by IBM, HP, and others-- is breaking Microsoft's monopoly.

...but a lawsuit by SCO, which claims to own parts of the code, could wreck the party.old news but nice to read.

By Roger Parloff May 17, 2004

(FORTUNE Magazine) – In the ascetic waiting room of the SCO Group's Lindon, Utah, headquarters, the only reading matter is a stack of beige, telephone-book-sized binders. They are volumes I, II, III, and IV of the company's press clippings. For the previous month. SCO (pronounced "skoe," to rhyme with "snow") is already notorious in three insular communities. The first to appreciate its significance were countercultural software developers, at least a few of whom would like to transform society by reordering our approach to the protection of intellectual property. Next to catch on were the pragmatic information technology officers and risk-averse in-house lawyers who work for every company this magazine writes about. Now the ripple effects are about to touch the rest of us, and we need to know about SCO too. SCO became …

How The Open-Source World Plans To Smack Down Microsoft, And Oracle, And...

Old news but still worth reading.
By David Kirkpatrick February 23, 2004 (FORTUNE Magazine) – Steve Ballmer made a sudden and unscheduled trip to Munich last winter. The CEO of Microsoft had been vacationing with his family in Europe when he got word that the Bavarian capital was about to scrap the Windows operating system on its 14,000 PCs and switch to free "open source" Linux software to run its machines. Loath to lose a prominent government customer, Ballmer jumped into a business suit and rushed to Munich. But he was too late. The city decided to go open source. What happened in Germany is a microcosm of a change that is sweeping the $200-billion-a-year software industry. Open-source software is popping up everywhere, in PCs and cellphones and set-top boxes, in servers that power the world's websites and in giant corporate and government systems. Today the biggest challenge confronting Microsoft--and Oracle and IBM and virtually every other major software maker--is chi…