Aug 25

Windows machines.. sigh

Weblog No Comments »
    Change language to:

Lately I have been confronted by Windows machine administration again, mostly at home. I thought I had setup everything so that it does most things that I authorized, and all the others where difficult questions that no one actually understands (And thus reports to me before taking actions). Sadly one of the machines didn’t seem to enjoy that part of my game and decided to go on a trip of his own. It was immediately visible through Internet Explo{r|d}er, a bogus application was loaded and some interesting products where running in the Windows Taskbar / Taskmanager. You where not allowed to kill them (bright ray of light should shine on you now) so something really fishy going on. (SIMBAR is one of the bogus applications btw; a lot of people have that enabled, and still wonder why they are getting those strange spamish messages on screen, oh well it’s all about being carefull!)I decided to install my trustworthy Hitman Pro (www.hitmanpro.nl yeah seems to be developed by a countryman) and installed all the suggested applications. Soon more then 100 bogus entries in the registry and files were discovered.I’ll guess I need to start informing my people again (at home, and around me). BE CAREFUL IN WHAT YOU INSTALL, will be the motto. I will also try and find some applications that can properly defend the perimeter in my home and for the people around me, so that they dont have much to say about what is installed, and should ask around first. This might reduce the user experience, but can save me a lot of time :-)Oh well, lets get rid of this junk and play with MacOSX, and my FreeBSD servers again ;-)  Continue reading »

written by Remko

Aug 20

Soekris 5501 up and running

FreeBSD No Comments »
    Change language to:

Well, After fiddling around for a little I managed to get my new Soekris 5501 up and running this weekend; I am not  using it production wise yet (I need to move my adsl-router to bridged mode and uplink the Soekris to the adsl-router), but it is running which some default packages now.

It's a really new phase for me to have disks mounted ro instead of rw (well at work we have a lot of firewalls which are mounted ro, but that is an entire different setting for me :-)) so I needed to watch around a bit to mount partions rw every now and then (to finalize the rc.conf etc).

I used TinyBSD to do the initial installation after some patches from Richard Arends [ which are pending Release Engineering Team approval btw; see my queue for the patches and information ].

I needed to adopt /boot/loader.conf and insert console="comconsole,vidconsole" in that, because otherwise I would not see anything after the regular boot. I also enabled the /etc/ttys part for ttyd0 so that I can actually use a serial line to logon. Sadly that is now running at 9600bps while the rest of the serial part is running much faster, so i need to adjust that a bit more. Another thing that I found out is that you should not use an AMD64 machine to produce the binaries for the Soekris [i386 device], because that does not work, or at least I could not get it to work, even with TARGET_ARCH=i386 set (some compiler issues that told me to bugger off :-)). But VMware to the rescue and I now have a fully loaded Soekris. See the DMESG below for the standard detection of things [ with the TinyBSD build ofcourse ]:

PLAIN TEXT
CODE:
  1. Copyright (c) 1992-2007 The FreeBSD Project.
  2. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
  3.         The Regents of the University of California. All rights reserved.
  4. FreeBSD is a registered trademark of The FreeBSD Foundation.
  5. FreeBSD 7.0-CURRENT #0: Wed Aug 29 12:46:40 CEST 2007
  6.     root@freebsd-current.elvandar.intranet:/usr/obj/usr/src/sys/TINYBSD
  7. Timecounter "i8254" frequency 1193182 Hz quality 0
  8. CPU: Geode(TM) Integrated Processor by AMD PCS (499.91-MHz 586-class CPU)
  9.   Origin = "AuthenticAMD"  Id = 0x5a2  Stepping = 2
  10.   Features=0x88a93d<FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CLFLUSH,MMX>
  11.   AMD Features=0xc0400000<MMX+,3DNow!+,3DNow!>
  12. real memory  = 536870912 (512 MB)
  13. avail memory = 515969024 (492 MB)
  14. K6-family MTRR support enabled (2 registers)
  15. ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
  16. cryptosoft0: <software crypto> on motherboard
  17. cpu0 on motherboard
  18. pcib0: <Host to PCI bridge> pcibus 0 on motherboard
  19. pci0: <PCI bus> on pcib0
  20. pci0: <encrypt/decrypt, entertainment crypto> at device 1.2 (no driver attached)
  21. vr0: <VIA VT6105M Rhine III 10/100BaseTX> port 0xe100-0xe1ff mem 0xa0004000-0xa00040ff irq 11 at device 6.0 on pci0
  22. vr0: Quirks: 0x2
  23. miibus0: <MII bus> on vr0
  24. ukphy0: <Generic IEEE 802.3u media interface> PHY 1 on miibus0
  25. ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
  26. vr0: using obsoleted if_watchdog interface
  27. vr0: Ethernet address: 00:00:24:c8:da:b4
  28. vr0: [ITHREAD]
  29. vr1: <VIA VT6105M Rhine III 10/100BaseTX> port 0xe200-0xe2ff mem 0xa0004100-0xa00041ff irq 5 at device 7.0 on pci0
  30. vr1: Quirks: 0x2
  31. miibus1: <MII bus> on vr1
  32. ukphy1: <Generic IEEE 802.3u media interface> PHY 1 on miibus1
  33. ukphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
  34. vr1: using obsoleted if_watchdog interface
  35. vr1: Ethernet address: 00:00:24:c8:da:b5
  36. vr1: [ITHREAD]
  37. vr2: <VIA VT6105M Rhine III 10/100BaseTX> port 0xe300-0xe3ff mem 0xa0004200-0xa00042ff irq 9 at device 8.0 on pci0
  38. vr2: Quirks: 0x2
  39. miibus2: <MII bus> on vr2
  40. ukphy2: <Generic IEEE 802.3u media interface> PHY 1 on miibus2
  41. ukphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
  42. vr2: using obsoleted if_watchdog interface
  43. vr2: Ethernet address: 00:00:24:c8:da:b6
  44. vr2: [ITHREAD]
  45. vr3: <VIA VT6105M Rhine III 10/100BaseTX> port 0xe400-0xe4ff mem 0xa0004300-0xa00043ff irq 12 at device 9.0 on pci0
  46. vr3: Quirks: 0x2
  47. miibus3: <MII bus> on vr3
  48. ukphy3: <Generic IEEE 802.3u media interface> PHY 1 on miibus3
  49. ukphy3:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
  50. vr3: using obsoleted if_watchdog interface
  51. vr3: Ethernet address: 00:00:24:c8:da:b7
  52. vr3: [ITHREAD]
  53. isab0: <PCI-ISA bridge> at device 20.0 on pci0
  54. isa0: <ISA bus> on isab0
  55. atapci0: <GENERIC ATA controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xe000-0xe00f at device 20.2 on pci0
  56. ata0: <ATA channel 0> on atapci0
  57. ata0: [ITHREAD]
  58. ata1: <ATA channel 1> on atapci0
  59. ata1: [ITHREAD]
  60. pci0: <serial bus, USB> at device 20.4 (no driver attached)
  61. pci0: <serial bus, USB> at device 20.5 (no driver attached)
  62. pmtimer0 on isa0
  63. orm0: <ISA Option ROM> at iomem 0xc8000-0xd27ff pnpid ORM0000 on isa0
  64. atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
  65. atkbd0: <AT Keyboard> irq 1 on atkbdc0
  66. kbd0 at atkbd0
  67. atkbd0: [GIANT-LOCKED]
  68. atkbd0: [ITHREAD]
  69. sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
  70. sio0: type 16550A, console
  71. sio0: [FILTER]
  72. sio1 at port 0x2f8-0x2ff irq 3 on isa0
  73. sio1: type 16550A
  74. sio1: [FILTER]
  75. Timecounter "TSC" frequency 499905585 Hz quality 800
  76. Timecounters tick every 1.000 msec
  77. Fast IPsec: Initialized Security Association Processing.
  78. ipfw2 initialized, divert enabled, rule-based forwarding disabled, default to accept, logging disabled
  79. ad0: 3919MB <SanDisk SDCFX3-4096 HDX 4.03> at ata0-master WDMA2
  80. Trying to mount root from ufs:/dev/ad0a

written by Remko

Aug 01

Goodbye logtransfer, hello rsync

Technical No Comments »
    Change language to:

For long I used a little script called logtransfer, which is just a stupid script that scp's files over *2007-07-01* for example, but that wasn't very flexible anymore. I setup rsync with some modules that enable me to transfer the logfiles in an almost similiar setup as before, but now with partial filetransfer support (continue where the beast stopped, to prevent unneeded transfers), deletion support (that if files are gone, they are removed locally as well, I wont do that before I made backups on DVD ofcourse).

This generates much more flexibility for me, because filenames can change, things can get deleted by hand, etc and that is taken into account now (I realise that this is not something everyone want to persue, but I do :)).

Backups are now in quicker; more complete and more well, my stylish. No more need to maintain scripts myself; but just use standard tools already available that do the job very well.

(Oh, ofcourse I use rsync for much more then just my backups and logfiletransfers, I use it for the Honeynet project, mirroring my webtrees to an offsite location, making sure that my patches on the FreeBSD cluster are synchronised with my local tree etc).

Example rsync usage that I do  now:

/usr/local/bin/rsync --ignore-errors -av --partial --delete remotehost::modulename targetdirectory

Continue reading »

written by Remko