apt-get on many hosts with clusterssh 
Clusterssh opens for each connection a xterm and sends a keystroke to each window.

You can also work in only one xterm.

#> apt-get install clusterssh

I use approxd for caching .deb's using port 9999. This port is not reachable by all my hosts,
therefore i use remote port forwarding from ssh.

I can type

#> cssh -o "-R9999:approxy:9999" host1 host2 host3

or create a default config

#> cssh -u > $HOME/.csshrc

You can define different clusters aliases. Each alias consists of some hosts:
clusters = apt mon
apt = host1 host2 host3
ssh_args= -x -o ConnectTimeout=10 -R9999:approxy:9999
now i only type

#> cssh apt

a small patch makes "retile windows" working for me:

--- ClusterSSH.pm.orig 2010-09-27 13:23:02.561375883 +0200
+++ /usr/share/perl5/App/ClusterSSH.pm 2010-09-27 13:09:27.011375882 +0200
@@ -1319,7 +1319,7 @@
logmsg( 3,
"x:$current_x y:$current_y, r:$current_row c:$current_col" );

- $xdisplay->req( 'UnmapWindow', $servers{$server}{wid} );
+# $xdisplay->req( 'UnmapWindow', $servers{$server}{wid} );

if ( $config{unmap_on_redraw} =~ /yes/i ) {
$xdisplay->req( 'UnmapWindow', $servers{$server}{wid} );

[ view entry ] ( 792 views )   |  print article
ubuntu 8.10 (intrepid ibex) troubles with an old Acer Travelmate 630 
I could not run the ubuntu live installcd and also the alternate hang sometimes. After a successful install X freezes. I tried to boot with various boot options. Only with acpi=off my system seams to working but with fan running and no battery info. An older knoppix was running, so i decided to install older ubuntu kernels and saw my system running with a gutsy kernel (2.6.22) but not with a hardy kernel (2.6.24).

What changed inside the kernel?

After searching a lot i found pci=nommconf.

It seams that something in the way pci is configured has changed.

[ view entry ] ( 751 views )   |  print article
script to rescue/backup a raid1 system and restore from a cd with initramfs 
Searching for a rescue system that creates a bootable CD to restore my system i found mkcdrec. Because sometimes things (mkcdrec/debian/ubuntu) changes and i had to test and patch for new mkcdrec versions, so i droped it.

Then i started to make a live CD with debian-live and make my install script by myself. I also dropped it (long boottime and had too much to hack to let it work like i wanted).

Now i had the idea to build my own script that tar's my system and builds a bootable cd. I liked the idea of initramfs to extend it like i will and it boots much faster. The only drawback is that all things are hardcoded and have to be changed for every system i backup. But its only a single script: Read More...

[ view entry ] ( 831 views )   |  print article
block ssh brute force attacs / prevent synflooding 
With iptables module recent you can limit the count of tcp connection attempts. In my case i allow only 3 ssh connection attempts per minute. This stops script kiddies doing ssh brute force attacs.
iptables -N synflood
iptables -A synflood -p tcp --dport ssh -m recent --set --name SSH
iptables -A synflood -p tcp --dport ssh -m recent --update \
--seconds 60 --hitcount 4 --name SSH -j DROP

iptables -A INPUT -p tcp -m state --state NEW -j synflood
iptables -A FORWARD -i $OUT -p tcp -m state --state NEW -j synflood

[ view entry ] ( 695 views )   |  print article
Wildcard certificate with virtual hosts and one IP 
NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:443>
ServerName one.domain.at

SSLEngine on
SSLCertificateFile /etc/ssl/certs/domain.at.pem
SSLCertificateKeyFile /etc/ssl/private/domain.at.key

CustomLog /var/log/apache2/one.access.log combined
ErrorLog /var/log/apache2/one.errors.log

<VirtualHost *:443>
ServerName two.domain.at

SSLEngine on
SSLCertificateFile /etc/ssl/certs/domain.at.pem
SSLCertificateKeyFile /etc/ssl/private/domain.at.key

CustomLog /var/log/apache2/two.access.log combined
ErrorLog /var/log/apache2/two.errors.log
$SERVER["socket"] == "" {
ssl.engine = "enable"
ssl.use-sslv2 = "disable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.at.pem"
ssl.ca-file = "/etc/lighttpd/ssl/cacert.pem"
$HTTP["host"] == "one.domain.at" {
server.name = "one.domain.at"
server.errorlog = "/var/log/lighttpd/one_error.log"
accesslog.filename = "/var/log/lighttpd/one_access.log"
server.document-root = "/var/www/one"

$HTTP["host"] == "two.domain.at" {
server.name = "two.domain.at"
server.errorlog = "/var/log/lighttpd/two_error.log"
accesslog.filename = "/var/log/lighttpd/two_access.log"
server.document-root = "/var/www/two"

[ view entry ] ( 732 views )   |  print article

<<First <Back | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | Next> Last>>