mecca_

Members
  • Content count

    53
  • Joined

  • Last visited

Community Reputation

1 Neutral

About mecca_

  • Rank
    DDP Fan club member
  1. Nice write up. I find your comments regarding stability pretty interesting. Are you calling all system crashes kernel crashes or did you actually get kernel exceptions? The linux kernel is extremely stable and I find it pretty hard to believe that an untainted kernel would just "crash". Usually when one sees a system crash (especially on a laptop) it's due to a bad binary module. In my experience this is most often the WiFi or graphics driver. I've been running debian for almost 10 years now and I have to say that up until the last year or two debian unstable was actually pretty damn stable. Some of my production servers with 365+ day uptime were running debian unstable without a problem. While I recently had to downgrade to testing, that was because of library version issues on some custom applications rather than a stability problem. That being said I've found it more and more difficult to run debian unstable on my desktop or laptop. I've run into numerous problems with dependency version mismatching and other weirdness; though never any full crashes that weren't a direct result of something stupid that I did. Thanks for pointing out sidux, I might actually give it a try.
  2. I'm really not sure what your ultimate goal is here. Why on earth would you want nmap scans to go to syslog? If it's to generate some sort of log of all the scans you've done it would be much more worthwhile to write a wrapper around nmap and send the results to some sort of database. Or even a flat file other than syslog for that matter. Anyway, most general purpose applications don't have an interface to write to syslog directly. You can instead use the "logger" command to redirect output to syslog. Example: (Note I purposely added a second /etc/hosts entry for 127.0.0.1 to generate an error and show that this error can be redirected to syslog as well) genome:~# nmap localhost 2>&1 | logger genome:~# tail /var/log/messages Feb 1 08:34:10 genome logger: Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. Feb 1 08:34:10 genome logger: Interesting ports on localhost (127.0.0.1): Feb 1 08:34:10 genome logger: Not shown: 996 closed ports Feb 1 08:34:10 genome logger: PORT STATE SERVICE Feb 1 08:34:10 genome logger: 22/tcp open ssh Feb 1 08:34:10 genome logger: Feb 1 08:34:10 genome logger: Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
  3. Thanks, How did you find out the password? Cracked it? Is it good to work with zimbra? Some we cracked, some we just had the users stop by and input their passwords. I really like zimbra. It's basically a nice front end around a bunch of open source applications. Also, they have an exchange migration utility that works well. For the most part we used this tool for migrations (it doesn't require a password, just an exchange admin account). We primarily used imapsync to sync a mailbox after a migration. IE: we use the migration wizard over night because a user may have had a huge mailbox. We come in the morning and use imapsync to catch any mails that may have been delivered to the old account, then we move the client over to the new server. imapsync is alot faster for a small sync than the migration wizard. I'm not going to lie, the whole process required tons of manual intervention which sucked, but some of the tools that zimbra offers made it alot easier. Also, while we converted many people to thunderbird during this process we have some users who can't get away from outlook. Zimbra has an outlook connector that actually works really well and provides the same functionality to outlook that being connected to an exchange server would have. I don't know what kind of environment your working in so I'm not sure if that would be helpful... (I should note that we ponied up for Zimbra network edition. I don't think all of the feature I mentioned are in the OpenSource version)
  4. I did something similar a while back ago except my company went with zimbra. We used imapsync http://freshmeat.net/projects/imapsync/ for some of the mailboxes, but it has the downside of needing to know the password of the mailbox you're migrating which sucks if you have a large migration to do. The tool itself works great though.
  5. That actually brought back alot of memories for me haha, thanks for that A bit off topic but I bet you it was Super-KOD http://www.packetstormsecurity.org/DoS/SuperKoD-1.1.tgz It was actually a flaw in IGMP not TCP. I think it became public around 2001, but I know for sure that this was floating around IRC much earlier than this. It was interesting because at this point and time people had thought that the remote BSOD was long gone already. *edited* to remove information on activities that I don't condone
  6. I tend to stick with vim as well but I think it's worth noting that gedit is actually really nice as an IDE. I had no idea, but with a bit of tweaking you can actually get gedit to perform quite a bit like the Mac IDE TextMate that so many ruby enthusiasts are in love with. I haven't tried this myself but a friend of mine has been using gedit in this way for quite some time and he really likes it. Instructions: http://grigio.org/textmate_gedit_few_steps (again I haven't tried it so ymmv)
  7. I'm not completely sure what you're looking for, but try this: #!/usr/bin/perl -w use strict; my $num = 1; while(<STDIN>){ $_ =~ /^\s+$/ ? print "\t||\n" : (print "$num\t||$_" and $num++); } print "\n"; Should give the output: 1 ||INTRODUCTION || 2 || 1. The Industrial Revolution and its consequences have been a disaster || 3 || for the human race. They have greatly increased the life-expectancy of || 4 || those of us who live in "advanced" countries, but they have || 5 || destabilized society, have made life unfulfilling, have subjected *edit* My reading comprehension is pretty low right now, so if I totally missed the point here I apologize
  8. It's verbatim, but it's not complete unless you really only have two network sockets open which seems very odd for a fail-over machine. If I'm wrong then I apologize but anyway, forget about this it's probably not the problem. Is the IP address you're using now the same as the one at your previous datacenter? Are they both managed by the same company? Do they delegate control to your own DNS servers, or do they host DNS for you? I'm not sure what exactly you're trying to say here... What do you mean by three IPs having the same rnds (reverse dns) but three separate PTR records? Let's go over a quick reverse DNS query, maybe it will help mecca@genome:~$ dig +trace -x 74.125.53.105 ; <<>> DiG 9.4.3-P2 <<>> +trace -x 74.125.53.105 ;; global options: printcmd . 516737 IN NS G.ROOT-SERVERS.NET. . 516737 IN NS C.ROOT-SERVERS.NET. . 516737 IN NS A.ROOT-SERVERS.NET. . 516737 IN NS D.ROOT-SERVERS.NET. . 516737 IN NS I.ROOT-SERVERS.NET. . 516737 IN NS F.ROOT-SERVERS.NET. . 516737 IN NS L.ROOT-SERVERS.NET. . 516737 IN NS K.ROOT-SERVERS.NET. . 516737 IN NS B.ROOT-SERVERS.NET. . 516737 IN NS H.ROOT-SERVERS.NET. . 516737 IN NS E.ROOT-SERVERS.NET. . 516737 IN NS M.ROOT-SERVERS.NET. . 516737 IN NS J.ROOT-SERVERS.NET. ;; Received 504 bytes from 68.87.69.146#53(68.87.69.146) in 9 ms We're doing a reverse lookup of 74.125.53.105, one of google's addresses. 'dig' first gets a listing of all of the root servers. 74.in-addr.arpa. 86400 IN NS X.ARIN.NET. 74.in-addr.arpa. 86400 IN NS Y.ARIN.NET. 74.in-addr.arpa. 86400 IN NS Z.ARIN.NET. 74.in-addr.arpa. 86400 IN NS CHIA.ARIN.NET. 74.in-addr.arpa. 86400 IN NS DILL.ARIN.NET. 74.in-addr.arpa. 86400 IN NS BASIL.ARIN.NET. 74.in-addr.arpa. 86400 IN NS HENNA.ARIN.NET. 74.in-addr.arpa. 86400 IN NS INDIGO.ARIN.NET. ;; Received 199 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in 38 ms From the root server (B.ROOT-SERVERS.NET), we find out who's authoritative for the 74.0.0.0/8 network. We get a listing of possible name servers (NS) 125.74.in-addr.arpa. 86400 IN NS NS2.GOOGLE.COM. 125.74.in-addr.arpa. 86400 IN NS NS4.GOOGLE.COM. 125.74.in-addr.arpa. 86400 IN NS NS3.GOOGLE.COM. 125.74.in-addr.arpa. 86400 IN NS NS1.GOOGLE.COM. ;; Received 126 bytes from 192.35.51.32#53(DILL.ARIN.NET) in 37 ms From one of the nameservers authoritative for 74.0.0.0/8 we get a list of servers in charge of 74.125.0.0/16. We continue on, getting more specific. 105.53.125.74.in-addr.arpa. 86400 IN PTR pw-in-f105.google.com. ;; Received 79 bytes from 216.239.36.10#53(NS3.GOOGLE.COM) in 18 ms From one of the nameservers (NS3.GOOGLE.COM) authoritative for 74.125.0.0/16 they answer our query. They find a PTR record for the address we looked up and it points to pw-in-f105.google.com. This whole process is rdns. A PTR record is a single pointer to an address. You said earlier that reverse DNS is working, so if this is un-needed info I apologize, I'm just confused as to what your actual layout is. Try that dig command and make sure that the servers you are expecting to answer are indeed answering. The whole BNC process isn't that complicated: 1. The bnc server mediates a connection between your client and IRC 2. When you connect to the IRC server, the server does a reverse lookup (see process above) for whatever IP address it sees the connection as coming from. The result of this is used as the hostmask for your IRC session. 3. ... well there is no 3, that's it. If your client is connecting from the right IP and reverse DNS is working as you expect, I have no idea what else it could be.
  9. You must have accidentally edited something out here or ran these commands at very different times. If there were indeed a connection between .11 and freenode, then you would have seen the connection via lsof. I understand that you need your privacy but cutting out all command output except for what you believe is relevant does make it hard to help Anyway, I still think the problem is probably something you overlooked in your BNC config file (assuming you really can reverse resolve all of these IP's externally)
  10. The BNC is listening on the correct IP, and only that IP. I can resolve both ways fine from an external machine. Ok, but in your original post you said: While I'm assuming you have the flags backwards (with -n shouldn't show a hostname, without -n should) tcpdump shows that your process is indeed listening on your primary IP. Have you verified that it's listening on the correct IP via netstat\lsof\fuser\etc.? Can you give us some output from these commands to diagnose further? (assuming their all on the same subnet, feel free to censor the first 3 octets) I would double check your BNC config files, there is probably something small you've overlooked there. Good luck
  11. In the case of your tcpdump test, it sounds like possibly some conflicting information or a typo in /etc/hosts. Are you sure that your BNC is listening on the correct IP and not _all_ of your IPs? Are you able to correctly reverse resolve your IPs from an external machine?
  12. That's what I would suggest, doing it manually: http://www.gnu.org/software/grub/manual/html_node/Installing-GRUB-natively.html#Installing-GRUB-natively This is the way I normally do it, but you will have to set up the windows partition on your own.
  13. I'm a sys admin for a software development company. We run whatever our customers run to ensure that our product works on what they're using, so I have a fairly good idea about what's being used out there in larger corporations. As far as linux is concerned, most of our clients run either RedHat\CentOS (version 3 and 5 mostly) or SuSE Enterprise (10 and 11). We've been doing some development on Ubuntu, but we haven't had any customers come to us asking for that platform yet. We also verify our product on Solaris 9 and 10, HPUX 11.11+, and AIX 5.3+. For the most part, linux is linux. If you learn one distribution well, you can easily adjust to another one and get used to the small differences. For our internal servers we run debian or gentoo, but that's our IT departments personal preference. I'm not sure how much you would really run into those distributions in other companies. The largest difference you'll notice between distributions will be in package management (IE. .deb vs .rpm) They more or less do the same things, you may just have to sort through the man pages when jumping from one distro to another while you find those differences. If you're looking at eventually becoming a linux\unix admin sometime and you're looking for software to learn, I would suggest DNS (bind & djbdns), MTAs (postfix, sendmail, qmail), and some directory service (OpenLDAP, NIS, etc). While samba is definitely good to know, the things I mentioned are some of the basic things that you will be expected to know. The thing is, most corporations will have a NAS\SAN that can export data in NFS for Unix\Linux clients and CIFS for windows clients. Samba is used, but not as much as you would expect. Good luck.
  14. I'd have to second this idea, but I'd recommend gentoo instead. If your true goal is to learn linux, then gentoo is good for quite a few reasons: 1. You install everything: Most distributions provide alot of stuff that linux users take for granted. Things like syslog, crontab, and quite a few other things. When using gentoo, you have to install all of that explicitly or your system will not run properly. While this process is hard at first because you don't know all of the pieces that are supposed to be there, it really is a good way to learn. 2. You learn more about actual Open source applications: Another thing that modern distributions do is compile packages with all of the bells and whistles all the time. With gentoo, you have control whether or not packages have certain capabilities, which in turn will teach you more about the dependencies of packages on libraries and such. An example, when I first started using gentoo I installed xfce. I went to set a wallpaper and I couldn't. Turned out that I hadn't built xfce with jpeg support. At the time, I had already been using linux for years and I had no idea about libjpeg. I had taken for granted the fact that all of the other distributions I used just included that with all of their GUI app builds. 3. Great documentation: Gentoo has some of the best documentation out there. They will give you step by step instructions on how to accomplish things, and tell you why you are doing it. 4. Things will break: Gentoo has quite a few bugs. The good thing about this is that running into these bugs and finding fixes for them will teach you quite a bit. I can honestly say that most of the knowledge I have of Linux has come from trying to fix broken things. It's hard and it's time consuming, but again if your goal is to learn then it works out quite well. All of that being said, remember that you really have to have the desire to learn what you're doing. It's easy to follow guides on the internet to get stuff to work, but it's much harder to figure out what exactly you're doing and why it's working. If your intent is to just learn to use a new desktop environment, don't go this route. If your intent is truly to learn linux then, imho, this is the best route to go. Good luck.
  15. The cool thing about wpa_supplicant is you can define multiple networks in wpa_supplicant.conf, and wpa_supplicant will connect to whichever network is in range. Each workday I connect to 3 WAPs. 1 WPA, 1 WPA2, and 1 WEP 128. The way I manage this is with a shell script. The wpa part is easy, just start wpa_supplicant, wait about 10 seconds (sleep 10) for the association to take place, and then run dhclient. The same wpa_supplicant command is used to access both WPA networks (as they are defined in /etc/wpa_supplicant.conf) To connect to the WEP network, I just use iwconfig. Now I believe you can do all of this with wpa_supplicant, but I just haven't bothered yet. You shouldn't need to use wpa_passphrase on the passphrase the admin gave you. I'm assuming what he gave you is just a long random string that is indeed the password. That's why it works in network manager, it's just using that as your password. Your wpa_supplicant.conf entry would look something like: network={ ssid="home" key_mgmt=WPA-PSK psk="long ass string the admin gave you" } *EDIT* I don't have my laptop here but just FYI that script looks something like: #!/bin/bash if [[ $@ == "work" || $@ == "home" ]]; then wpa_supplicant -Dwext -c/etc/wpa_supplicant.conf sleep 10 dhclient wlan0 elif [[ $@ == "school" ]]; then iwconfig wlan0 essid workssid key somekey fi Yes it's stupid, but you can get the point from it.