Posts from 2015-02

colored iptables output
posted on 2015-02-27 00:32:21

To get colored iptables output, try this monster:

iptables -L -vnx --line-numbers | sed ''/Chain.*/s//$(printf "\033[33;1m&\033[0m")/'' | sed ''/[ds]pt:.*/s//$(printf "\033[31;1m&\033[0m")/'' | sed ''/[ds]pts:.*/s//$(printf "\033[31;1m&\033[0m")/'' | sed -r ''/\([0-9]\{1,3\}\\.\)\{3\}[0-9]\{1,3\}\(\\/\([0-9]\)\{1,3\}\)\{0,1\}/s//$(printf "\033[36;1m&\033[0m")/g''

Ugly as shit could ever be, but only way I found out how this can be done. Also a little buggy, as some colors are a bit off, but still better than vanilla.

UPDATE: some fixes and better coloring and way more regex madness

iptables -L -vnx --line-numbers | \
sed ''/Chain[[:space:]][[:graph:]]*/s//$(printf "\033[33;1m&\033[0m")/'' | \
sed ''/^num.*/s//$(printf "\033[33m&\033[0m")/'' | \
sed ''/[[:space:]]DROP/s//$(printf "\033[31m&\033[0m")/'' | \
sed ''/REJECT/s//$(printf "\033[31m&\033[0m")/'' | \
sed ''/ACCEPT/s//$(printf "\033[32m&\033[0m")/'' | \
sed -r ''/\([ds]pt[s]\?:\)\([[:digit:]]\+\(:[[:digit:]]\+\)\?\)/s//$(printf "\\\1\033[33;1m\\\2\033[0m")/''| \
sed -r ''/\([0-9]\{1,3\}\\.\)\{3\}[0-9]\{1,3\}\(\\/\([0-9]\)\{1,3\}\)\{0,1\}/s//$(printf "\033[37;1m&\033[0m")/g'' | \
sed -r ''/\([^n][[:space:]]\)\(LOGDROP\)/s//$(printf "\\\1\033[1;33m\\\2\033[0m")/'' | \
sed -r ''/[[:space:]]LOG[[:space:]]/s//$(printf "\033[36;1m&\033[0m")/''

And something to copy paste more easily, slightly modified again:

iptables -L -vnx --line-numbers | sed ''/Chain[[:space:]][[:graph:]]*/s//$(printf "\033[33;1m&\033[0m")/'' | sed ''/^num.*/s//$(printf "\033[33m&\033[0m")/'' | sed ''/[[:space:]]DROP/s//$(printf "\033[31m&\033[0m")/'' | sed ''/REJECT/s//$(printf "\033[31m&\033[0m")/'' | sed ''/ACCEPT/s//$(printf "\033[32m&\033[0m")/'' | sed -r ''/\([ds]pt[s]\?:\)\([[:digit:]]\+\(:[[:digit:]]\+\)\?\)/s//$(printf "\\\1\033[33;1m\\\2\033[0m")/''| sed -r ''/\([0-9]\{1,3\}\\.\)\{3\}[0-9]\{1,3\}\(\\/\([0-9]\)\{1,3\}\)\{0,1\}/s//$(printf "\033[36;1m&\033[0m")/g'' | sed -r ''/\([^n][[:space:]]\)\(LOGDROP\)/s//$(printf "\\\1\033[1;33m\\\2\033[0m")/'' | sed -r ''/[[:space:]]LOG[[:space:]]/s//$(printf "\033[36;1m&\033[0m")/''| sed ''/CATCH-DROP/s//$(printf "\033[31m&\033[0m")/''
Plesk: mysql admin password
posted on 2015-02-25 16:36:11

To access a plesk's mysql database, you need the password plesk creates by itself.

Either get it in plaintext:

/usr/local/psa/bin/admin --show-password

Or just access the mysql db client with this line:

mysql -uadmin -p$(cat /etc/psa/.psa.shadow)
php: locate error log location
posted on 2015-02-23 11:51:16

The easiest way to locate the php error log location, is to use this on the shell:

php --info | grep error
typo3: access without password
posted on 2015-02-23 10:35:22

To gain access to typo3 backend without having a working set of credentials, you might either try using the mysql client and directly add the user to the database, but this is kind of unwieldy.

Easier it is to use the typo3 install tool.

On a proper install this can be accessed via http://<yourdomain.name>/typo3/install from your browser, where you will be prompted for the install password. Since it is extremely likely that you do not know it anymore, change it to one you know. Also the install tool is very likely deactivated. typo3 may tell you in the login mask, which file to create on the server so you can access the web interface afterwards. For me it was to create an empty file called ENABLE_INSTALL_TOOL in the typo3conf folder of the typo3 install.

To get a working password, you have to swap the md5 hash of the password in the <path-to-your-typo3-install>/typo3conf/localconf, or in typo3 versions prior to 6.0 in the localconf.php file. Have a look at the typo3 documentation what to do exactly, as this can change with new typo3 releases.

Sidenote:
To get a working hash, simple enter the password you want in to the install tool webmask. The login will fail and the tool will tell you the hash of the password you wanted to use.

Once you are logged in, choose the 'Database Analyser' menu, in there you should be able to create a new 'admin' user.

With that one you can login into the backend.

Do not forget to cleanup after you (remove the ENABLE_INSTALL_TOOL file from the typo3conf folder).

fritzbox: find out cpu architecture
posted on 2015-02-23 01:16:59

To find out which architecture your fritzbox' cpu has, try this:

if egrep -q 'AR9|AR10|VR9|Fusiv' /proc/cpuinfo; then echo "CPU: mips"; else echo "CPU: mipsel"; fi

Older ones are mipsel, whereas newer ones are of mips architecture.

fritzbox: install ssh server
posted on 2015-02-22 17:38:27

After having enabled the telnet access to your fritz box, which involves a phone connected to the device and dialing a number as described here, connect to its ip:

connect via telnet

[jl@jerrylee ~]% telnet 10.0.0.1                                               
Trying 10.0.0.1...
Connected to 10.0.0.1.
Escape character is '^]'.
password: 


BusyBox v1.20.2 (2014-09-26 13:25:19 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

ermittle die aktuelle TTY
tty is "/dev/pts/0"
Console Ausgaben auf dieses Terminal umgelenkt
disable start/stop characters and flowcontrol
#

check architecture

Depending on the architecuture of the fritzbox cpu, you need a different binary. Older fritzboxes had mipsel cpu's whereas newer ones have mips ones. You may find this here helpful. Later this check is integrated into the install script, so no real need to bother with it now.

install overview

Several steps are needed, to achieve what is desired: (is automated in next section)

  1. set a root password

  2. copy the hashed password

  3. check cpu architecture

  4. install appropriate dropbear ssh server, depending on the platform

5.

actual installation

From there on, do these steps: (tried to make these foolproof by using absolute paths)

cd /var
/usr/bin/wget http://www.spblinux.de/fbox.new/cfg_dropbear
chmod 755 /var/cfg_dropbear

In case you wondered what this 'spblinux' distro is, this is what the sourceforge page tells:

SPBLinux: 
    modular mini distribution running completely in RAM
    can be booted from USB
    based on Busybox and Midnight Commander
    optional with DirectFB and (since version 2.1) Mozilla
    it is possible to create/modify own modules inside SPB:Linux.
ASA: access console via serial port
posted on 2015-02-21 18:02:56

To connect to one of Cisco's ASA's (short for Adaptive Security Appliance), you have several options.

Either use the management ethernet port (labelled MGMT) or via the serial interface (CONSOLE), which are both rj45 outlets. This methods of access are the same for most other hardware appliances.

If the ASA was not accessed in a while and the network config was lost (or if it's a leftover from an old customer), you are likely unable to access it through the management port, because you do not know the subnet you have to be in to connect to it, anymore.

If you still happen to know your credentials, you might try the serial interface.

If your computer has a serial interface, too, you only need a rs232-to-rj45 cable for the asa. If you have a laptop its much more likely that you just lack the serial port, you need an adapter from serial to ethernet, plus an adapter from serial-to-usb.

From here the steps differ, depending on your operating system.

windows

  1. plug in the adapter, which is connected to the devices CONSOLE port, too
  2. open the device manager
  3. look up which COM port just got added
  4. open putty
  5. connection destination is i.e. COM-7, if thats the one you saw
  6. enter baud rate (9600 for cisco devices AFAIK)
  7. connect

You should be greeted by a prompt of the ASA. Hit space, in case putty does not update your console window.

linux

  1. plug in the adapter connected to the ASA
  2. ls -alh /dev/tty*
  3. You should see a device called something like /dev/ttyUSB0
  4. sudo screen /dev/ttyUSB0 9600, with baud rate of 9600 like mentioned in the windows manual above
  5. you should be connected, hit spacebar if nothing is shown.

If you happen to have problems to find out which device is added when you insert the adapter into your usb port, try:

watch --differences -n.2 ls /dev/tty*
bash: combined dns-reverse-dns-lookup
posted on 2015-02-20 12:27:15

On dns lookups at work

While working with domains, you often need to to a dns lookup, to find out the ip of the machine in question (at least when working with several hundred web servers ;)), followed by a reverse dns lookup on the ip to find out the actual hostname. The regular hostname is just easier to remember than the IP. It's bad enough with IPv4, and will become worse with IPv6.

I.e. usually you do something like this:

[sjas@ctr-014 ~]% host ix.de
ix.de has address 193.99.144.80
ix.de has IPv6 address 2a02:2e0:3fe:1001:302::
ix.de mail is handled by 10 relay.heise.de.
ix.de mail is handled by 50 secondarymx.heise.de.
[sjas@ctr-014 ~]% host 193.99.144.80
80.144.99.193.in-addr.arpa domain name pointer redirector.heise.de.
[sjas@ctr-014 ~]%

or this:

[sjas@ctr-014 ~]% dig ix.de +short
193.99.144.80
[sjas@ctr-014 ~]% dig -x 193.99.144.80 +short
redirector.heise.de.
[sjas@ctr-014 ~]%

This can be 'shortened' into a single step with proper output:

[sjas@ctr-014 ~]% echo ${$(dig -x $(dig ix.de +short) +short)%?}
redirector.heise.de
[sjas@ctr-014 ~]%

proper solution

Since this is kind of unhandy (and let's be honest, bash sucks sometimes), just place it into a function definition in your .bashrc:

rdns() {
    echo ${$(dig -x $(dig $1 +short) +short)%?}
}

An in-depth explanation of this bash 'gem' will be added here, if I do not forget to add it in the near future. :)

Which let's you do:

[sjas@ctr-014 ~]% rdns ix.de
redirector.heise.de

script explanation

In short:

echo "${$(dig -x $(dig $1 +short) +short)%?}"

Echo a string...

echo "                                      "

... which stems out from a combination of parameter expansion...

      ${               $1                  }"

... wherein also a suffix is removed, in this case ? representing a single char.

                                         %?

There a subshell is used to run the dig command in a subshell...

        $(dig                     +short)

... which in turn runs another dig call in another subshell...

                 $(dig    +short)

Use man bash to get further info on this stuff.

Apachebench
posted on 2015-02-18 13:45:50

apachebench (long for ab) is dubbed the 'Apache HTTP server benchmarking tool'.

Straight from the man page:

ab is a tool for benchmarking your Apache Hypertext Transfer Protocol (HTTP) server. It is designed to give you an impression of how your current Apache installation performs. This especially shows you how many requests per second your Apache installation is capable of serving.

An usage example here:

ab -n200 -c25 <url>, where n is the number of requests, and c the number of concurrent ones.

[sjas@ctr-014 ~]% ab -n200 -c25 http://google.de/                                                                                 
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking google.de (be patient)
Completed 100 requests
Completed 200 requests
Finished 200 requests


Server Software:        gws
Server Hostname:        google.de
Server Port:            80

Document Path:          /
Document Length:        218 bytes

Concurrency Level:      25
Time taken for tests:   0.541 seconds
Complete requests:      200
Failed requests:        0
Write errors:           0
Non-2xx responses:      200
Total transferred:      114800 bytes
HTML transferred:       43600 bytes
Requests per second:    369.41 [#/sec] (mean)
Time per request:       67.676 [ms] (mean)
Time per request:       2.707 [ms] (mean, across all concurrent requests)
Transfer rate:          207.07 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:       11   11   0.2     11      12
Processing:    46   51  22.5     49     304
Waiting:       46   51  22.5     49     304
Total:         57   62  22.5     60     315

Percentage of the requests served within a certain time (ms)
  50%     60
  66%     60
  75%     61
  80%     61
  90%     61
  95%     62
  98%     66
  99%    249
 100%    315 (longest request)
Linux: Find out HDD serial number
posted on 2015-02-17 15:30:39

To find out the serial number of your harddisk, look up your /dev/sdX name via lsblk:

[sjas@ctr-014 ~]% lsblk -i
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda      8:0    0 111.8G  0 disk 
|-sda1   8:1    0   108G  0 part /
`-sda2   8:2    0   3.8G  0 part [SWAP]
sr0     11:0    1  58.1M  0 rom

The device here is /dev/sda, as it contains my root partition as can be seen from the mountpoint information.

The -i flag is for ascii-output mode. That way copy pasting works better.

Then hdparm -i will give you the needed information:

[sjas@ctr-014 ~]% sudo hdparm -i /dev/sda

/dev/sda:

 Model=Samsung SSD 840 EVO 120GB, FwRev=EXT0BB6Q, SerialNo=S1BUNSAF306489A
 Config={ Fixed }
 RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=0
 BuffType=unknown, BuffSize=unknown, MaxMultSect=1, MultSect=1
 CurCHS=16383/16/63, CurSects=16514064, LBA=yes, LBAsects=234441648
 IORDY=on/off, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120}
 PIO modes:  pio0 pio1 pio2 pio3 pio4 
 DMA modes:  mdma0 mdma1 mdma2 
 UDMA modes: udma0 udma1 udma2 udma3 udma4 udma5 *udma6 
 AdvancedPM=no WriteCache=enabled
 Drive conforms to: unknown:  ATA/ATAPI-2,3,4,5,6,7

 * signifies the current active mode
Writing udev rules
posted on 2015-02-17 12:34:16

preface

The following applies to current ubuntu and fedora installations, i.e. 14.04 and 21.

Renaming hardware, especially network interfaces, can be done via udev. Why would you want that?

biosdevnames and its friends are the latest craze: Read up on predictable network interface names.

So there are two approaches:

  1. edit grub to disable net.ifnames and biosdevname and rename the basic eth's
  2. directly rename the interface names, after the biosdevname stuff was applied

I personally prefer the first approach, but this post will cover both approaches as through the difference the udev syntax becomes clearer.

net.ifnames and biosdevname grub changes

Some example, what these and their combinations will cause:

No parameters: NIC identified as enp5s2.

only biosdevname=0: NIC identified as enp5s2.

only net.ifnames=0: NIC identified as em1.

Parameter net.ifnames=0 AND biosdevname=0: NIC identified as eth0.

approach 1

applying changes to grub

  1. edit /etc/default/grub
  2. insert GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" (or append both vars, in case the string was not empty in your config before)
  3. save, quit
  4. grub2-mkconfig -o /boot/grub2/grub.cfg
  5. reboot the server

changes via udev

lookup the MAC address of your NIC:

Via ip a or ip l or directly in the address file in /sys/class/net/<if-name>/address, whatever you like best. ;)

[sjas@ctr-014 ~]% ip a

...

2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether AA:BB:CC:DD:EE:FF brd ff:ff:ff:ff:ff:ff
    inet6 fe80::20e:fff:ffff:4f6f/64 scope link 
       valid_lft forever preferred_lft forever

...

The adress AA:BB:CC:DD:EE:FF is of course not my real mac address. ;) But the mac is what we need here.

edit /etc/udev/rules.d/70-persistent-net.rules

Open the file in a editor of your choosing. If it does not exist, create it. There either edit already existing entries for your NIC (look if the MAC is already used somewhere), or add a new entry.

Basically your entry looks like this:

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="AA:BB:CC:DD:EE:FF", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

Copy this line, adjust your MAC address and the interface name (if you do not want to call your IF (interface) 'eth0'). All the other entries are not touched, if the IF was called ethX or something alike already prior.

approach 2

This is almost the same like above, just edit the /etc/udev/rules.d/70-persistent-net.rules file to match your MAC address and the name your IF should be called at NAME. But depending on the name your IF has had prior, you have to change the KERNEL attribute.

If i.e. your NIC's IF was called p2p1 prior, adjust the KERNEL flag to KERNEL=="p2p*"

It could be that the KERNEL flag can be omitted, I can't provide an answer on this for now, this post is a rewrite from memory and some leftover links in my browser. If I get around to test, this post will be updated.

biosdevnames explained

Prefixes:

en -- ethernet
sl -- serial line IP (slip)
wl -- wlan
ww -- wwan

Name type: o -- on-board device index number [P]ps[f] -- PCI geographical location

If your IF's are named p2p1 or something, this means the NIC is plugged into slot 2 of your pci bus and the first rj45 slot is used. If it is a dual-port NIC, the second IF would of course be called p2p2.

Copy paste from the systemd source from here from where the information above was taken:

/*
 * Predictable network interface device names based on:
 *  - firmware/bios-provided index numbers for on-board devices
 *  - firmware-provided pci-express hotplug slot index number
 *  - physical/geographical location of the hardware
 *  - the interface's MAC address
 *
 * http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames
 *
 * Two character prefixes based on the type of interface:
 *   en -- ethernet
 *   sl -- serial line IP (slip)
 *   wl -- wlan
 *   ww -- wwan
 *
 * Type of names:
 *   b<number>                             -- BCMA bus core number
 *   ccw<name>                             -- CCW bus group name
 *   o<index>                              -- on-board device index number
 *   s<slot>[f<function>][d<dev_port>]     -- hotplug slot index number
 *   x<MAC>                                -- MAC address
 *   [P<domain>]p<bus>s<slot>[f<function>][d<dev_port>]
 *                                         -- PCI geographical location
 *   [P<domain>]p<bus>s<slot>[f<function>][u<port>][..][c<config>][i<interface>]
 *                                         -- USB port number chain
 *
 * All multi-function PCI devices will carry the [f<function>] number in the
 * device name, including the function 0 device.
 *
 * When using PCI geography, The PCI domain is only prepended when it is not 0.
 *
 * For USB devices the full chain of port numbers of hubs is composed. If the
 * name gets longer than the maximum number of 15 characters, the name is not
 * exported.
 * The usual USB configuration == 1 and interface == 0 values are suppressed.
 *
 * PCI ethernet card with firmware index "1":
 *   ID_NET_NAME_ONBOARD=eno1
 *   ID_NET_NAME_ONBOARD_LABEL=Ethernet Port 1
 *
 * PCI ethernet card in hotplug slot with firmware index number:
 *   /sys/devices/pci0000:00/0000:00:1c.3/0000:05:00.0/net/ens1
 *   ID_NET_NAME_MAC=enx000000000466
 *   ID_NET_NAME_PATH=enp5s0
 *   ID_NET_NAME_SLOT=ens1
 *
 * PCI ethernet multi-function card with 2 ports:
 *   /sys/devices/pci0000:00/0000:00:1c.0/0000:02:00.0/net/enp2s0f0
 *   ID_NET_NAME_MAC=enx78e7d1ea46da
 *   ID_NET_NAME_PATH=enp2s0f0
 *   /sys/devices/pci0000:00/0000:00:1c.0/0000:02:00.1/net/enp2s0f1
 *   ID_NET_NAME_MAC=enx78e7d1ea46dc
 *   ID_NET_NAME_PATH=enp2s0f1
 *
 * PCI wlan card:
 *   /sys/devices/pci0000:00/0000:00:1c.1/0000:03:00.0/net/wlp3s0
 *   ID_NET_NAME_MAC=wlx0024d7e31130
 *   ID_NET_NAME_PATH=wlp3s0
 *
 * USB built-in 3G modem:
 *   /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.4/2-1.4:1.6/net/wwp0s29u1u4i6
 *   ID_NET_NAME_MAC=wwx028037ec0200
 *   ID_NET_NAME_PATH=wwp0s29u1u4i6
 *
 * USB Android phone:
 *   /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2/2-1.2:1.0/net/enp0s29u1u2
 *   ID_NET_NAME_MAC=enxd626b3450fb5
 *   ID_NET_NAME_PATH=enp0s29u1u2
 */
grub2: Windows boot entry fix
posted on 2015-02-10 17:57:13

If you have linux along with windows installed on different partitions, and you somehow manage to lose your windows boot entry, try the following.

setup

Either edit /etc/grub.d/40_custom, or if the file does not exist, create a new one. Prefix it with a number you like, it will let grub decide where the boot menu entry will appear. If put into the 40_custom, it will appear on the end of the boot menu.

There add this:

menuentry "Windows" {
set root=(hd0,3)
chainloader +1
}

Then issue the command update-grub in the shell (which should be aliased to update-grub2, in case you wondered), to update the /boot/grub/grub.cfg. Else your changes will not have any effect.

It is however EXTREMELY likely, that hd0,3 from above will not work in your case. More on this later on.

So reboot, and try booting the new entry.

explanation

As menuentry chose whatever you like, that is just the string which will appear in the menu.

set root=... decides which partition will be loaded.
chainloader +1 tells grub to chainload the next bootlader from there if one is present, starting on the first block of the partition, IIRC, no warranty on that. It is basically the same as chainloader 0+1, for more info on the block list syntax see here.

If it won't work reboot again, and press 'e' to edit the boot entry. Choose another harddisk or partition until you 'hit ground'. (hd0,1) is for example the first harddisk, with its first partition which will be tried. From there, the numbers are simply incremented. If this is information overflow, it is more condensed int the grub manual. If you use NTFS on the windows partion, you might also try the insmod chain and insmod ntfs commands from the last link.

troubleshooting and finding the correct harddisk and partition

boot a linux for setup inspection

Use a linux (either the installed one if it still boots or a boot stick), and have a look at your existing partitions via either fdisk -l or parted, if you want to du further troubleshooting. An idea would be to search which partition was intended to be the windows boot partition (hint: it should be around 100MB in size), remember the number, it might help you.

use grub to identify the partitions

Also you can use grub's shell to list all possible harddisk/partition combos. Just boot into grub2, hit 'c' to enter the console and do ls.

This will show you something like this:

grub> ls
(hd0,msdos6) (hd0,msdos5) (hd0,msdos4) (hd0,msdos3) (hd0,msdos2)
(hd0,msdos1)
grub>

These are all the partitions you can try, either by editing the grub configs in /etc/grub.d, or when editing the menu entries directly when in grub and hitting 'e' when having chosen your just created entry.

Date in filename
posted on 2015-02-10 13:22:40

For documentation (read: work) purposes it's often neccessary to include a date in the filename.

In bash there exist several flags for the date command which come to help. The command itself is easiest used like this:

$ cp <filename>.<ext> <filename>$(date +<FLAGS>).<ext>

As <FLAGS> you usually need: (in Europe)

[sjas@ctr-014 ~]% date +%Y%m%d
20150210

[sjas@ctr-014 ~]% date +%Y%m%d%H%M
201502101337
There was an error during the CUPS operation: 'cups-authorization-canceled'.
posted on 2015-02-06 13:17:39

While trying to a add a new printer, above mentioned error popped up. Why adding a printer in the past worked without problems, I cannot say for sure. Maybe during an update CUPS' security settings got adjusted.

Well, solution was to go into /etc/cups/cups-files.conf and look up which user groups are listed somewhere here:

# Administrator user group
SystemGroup lpadmin

So, now either add your user's own group, or add your user to lpadmin or whatever group is already listed. Afterwards do a service restart cups and be glad.

Number formats and Datatypes
posted on 2015-02-05 14:44:43

There exist quite some number formats, and how these are represented may differ in different programming languages. This post will try to create a condensed overview on the basics.

byte

A bit consists of 8 bits in memory. The number type called byte uses one byte in memory for representation. Which is a combination of 1's and 0's, a digits altogether.

So the possible numbers that can be represented are 2^8 = 256. That is, a byte can encode numbers from 0 to 255.

(This could differ depending on the implementation of the used platform, but except for very old or exotic systems one bit is always consisting of eight bits.)

unsigned vs. signed

unsigned means the number domain is lacking an algebraic sign, signed does have one. This will decide the actually possible numbers.

So:

unsigned byte goes from 0 to 255.
signed byte goes from -128 to 127.

The signed ones use bit seven for representing the sign.
0 is for '+', 1 ist for '-'.

int

byte uses one exactly one byte in memory. If numbers bigger than 0 to 255 are needed, integers (read: ints) are uses. These use several bytes in memory for representation.

Usually formats with two, four and eight bytes are used, corresponding to 16, 32 and 64 bits. Also (depending on implementation, of course), these can be signed or unsigned.

On the amount of representable numbers:
Each time the bit/byte count is doubled, the maximum number is the new byte count is the square of the one with half the byte count.

Usually an unsigned int is the long name for uint.

Another convention is this naming scheme: (used in most programming languages)

16 bit = short 32 bit = int 64 bit = long

endianness

Depending on the order of the bytes in memory used for representing a multi-byte value, either a big-endian-order or little-endian-order is in place. Here this means, if the bit on the lowest memory address houses the byte containing the lowest bits of the number, the little endian format is used.

On the intel architecture (and thus on all x86 and x64 systems), endianness is always little-endian.

MIPS, SPARC, PowerPC and Motorola's 68000 systems endianness is big-endian.

decimals

In case you need decimals, then there are float and double coming to your rescue. float's are single-precision, doubles are... double-precision.

This posting is not yet finished and will be expanded in the future.

Ubuntu 14.04 LAMP issues
posted on 2015-02-05 13:53:38

apache

Apache (as of version 2.4 now) has these issues.

  1. vhosts unter sites-enabled do have to end with .conf, except you fix the global setting which files are importet/loaded when restarting.
  2. *.80 in your virtualhost configuration should have the domain instead of the * wildcard.

mysql

Here two variable names got changed:

key_buffer => key_buffer_size
myisam-recover => myisam_recover_options

To fix the warnings, a workaround is to include the value of the current setting with the new variable set to it inside /etc/mysql/my.cnf.

mysql: show database sizes
posted on 2015-02-05 10:07:28

Try running the following query:

SELECT table_schema                                        "DB Name", 
   Round(Sum(data_length + index_length) / 1024 / 1024, 1) "DB Size in MB" 
FROM   information_schema.tables 
GROUP  BY table_schema; 

This gives you something along this lines:

mysql> SELECT table_schema                                        "DB Name", 
    ->    Round(Sum(data_length + index_length) / 1024 / 1024, 1) "DB Size in MB" 
    -> FROM   information_schema.tables 
    -> GROUP  BY table_schema; 
+-----------------------+---------------+
| DB Name               | DB Size in MB |
+-----------------------+---------------+
| information_schema    |           0.0 |
| mysql                 |           0.7 |
| provisioning_test     |          46.3 |
| app_example           |          24.4 |
| app_production        |           0.1 |
| app_userdata          |         178.7 |
| performance_schema    |           0.0 |
| phpmyadmin            |           0.3 |
| other                 |          59.4 |
+-----------------------+---------------+
9 rows in set (0.08 sec)
RHEL 6 Fail2Ban fix
posted on 2015-02-04 17:51:22

When using fail2ban, installing it via yum is easy.

Sad part is, even though the install is done, it won't be of much help. This is due to the regular expressions defined in /etc/fail2ban/filter.d/sshd.conf, which will not match current entries in /var/log/secure/.

test

Testing this is rather easy:

fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf

The output should look like this:

Running tests
=============

Use   failregex file : /etc/fail2ban/filter.d/sshd.conf
Use         log file : /var/log/secure


Results
=======

Failregex: 16972 total
|-  #) [# of hits] regular expression
|  13) [16972] ^.*authentication failure[s]?; logname=.* uid=.* euid=.* tty=.* ruser=.* rhost=<HOST>  user=.*\s*$
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [36248] MONTH Day Hour:Minute:Second
`-

Lines: 36248 lines, 0 ignored, 16972 matched, 19276 missed
Missed line(s): too many to print.  Use --print-all-missed to print all 19276 lines

If there are no 'matched' entries, the regex is likely to fail.

Instead of passing the filterfile as second arguement, matching strings as regexes also works. For furter info google the fail2ban manual.

fix

Adding this fixed the issue for me:

^.*authentication failure[s]?; logname=.* uid=.* euid=.* tty=.* ruser=.* rhost=<HOST>  user=.*\s*$

Afterwards issueing iptables -L -vnx will show that the Chain fail2ban-SSH gets populated rather fast.

Installing emacs 25 on debian wheezy
posted on 2015-02-04 13:55:58

To install and not having to care about package dependency hell, here's a walkthrough:

  1. apt-get install -y git-core libxaw7-dev libxpm-dev libpng12-dev libtiff5-dev libgif-dev libjpeg8-dev libgtk2.0-dev libncurses5-dev autoconf automake
  2. apt-get build-dep emacs
  3. git clone --depth 1 -b master git://git.sv.gnu.org/emacs.git
  4. cd emacs
  5. ./autogen.sh
  6. ./configure --prefix=/opt/emacs25
  7. make
  8. sudo make install

Step 8 as root, so emacs will be available system-wide.

emacs: change font size
posted on 2015-02-01 22:05:45

There are several possibilities. Aside from using the dropdown menu (heaven forbid!), or using the actual commands via M-x, you have two options:

  1. Shift + Mouse1 - which will open a context menu
  2. c-x c-+ and c-x c--, which is what you will certainly will prefer. =)
Wine on CentOS 7
posted on 2015-02-01 00:37:41

If you happen to run into troubles while running wine, such as it is telling you 'malformed EXE' or something, don't bother troubleshooting it. Just install playonlinux:

sudo wget -O /etc/yum.repos.d/playonlinux.repo http://rpm.playonlinux.com/playonlinux.repo
sudo yum install -y playonlinux

Afterwards run playonlinux, forget about the 32bit openGL error message. Set up your wine (32 or 64 bit, depending on what you need) under Tools >> Manage Wine Version, open a console and just run the .exe you need.

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, arcconf, arch, architecture, areca, arping, asa, asdm, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pvecm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

View posts from 2017-03, 2017-02, 2017-01, 2016-12, 2016-11, 2016-10, 2016-09, 2016-08, 2016-07, 2016-06, 2016-05, 2016-04, 2016-03, 2016-02, 2016-01, 2015-12, 2015-11, 2015-10, 2015-09, 2015-08, 2015-07, 2015-06, 2015-05, 2015-04, 2015-03, 2015-02, 2015-01, 2014-12, 2014-11, 2014-10, 2014-09, 2014-08, 2014-07, 2014-06, 2014-05, 2014-04, 2014-03, 2014-01, 2013-12, 2013-11, 2013-10


Unless otherwise credited all material Creative Commons License by sjas