Author Archive | jbmurphy

mysql_secure_installation

I just learned about the script: /usr/bin/mysql_secure_installation. Very cool. Here are the commands that the script actually runs.

I am going to add these to my provisioning script (I already take care of the root password piece):

mysql -e “DROP DATABASE test;”
mysql -e “DELETE FROM mysql.user WHERE User=’root’ AND Host!=’localhost’;”
mysql -e “DELETE FROM mysql.user WHERE User=”;”
mysql -e “FLUSH PRIVILEGES;”

CentOS, NTPD, VMware and sleeping.

I have a MacPro at home, and I am running VMware Fusion on it. At night, I sleep the machine to save electricity. I have a CentOS guest running and the time is always out of sync. After the VM is restored from sleep, the NTP service is no longer running and my time really drifts.

I finally sat down and tried to figure out my time sync issues on CentOS and VMware. This document explains it all. At the bottom they say you should turn off VMware tools time sync and use NTPD.

To install NTPD (with the recommended changes from the above document)

  1. yum install ntp
  2. chkconfig ntpd on
  3. sed -i 1i”tinker panic 0″ /etc/ntp.conf
  4. sed -i “s/^server\t127.127.1.0/#server\t127.127.1.0/g” /etc/ntp.conf
  5. sed -i “s/^fudge\t127.127.1.0/#fudge\t127.127.1.0/g” /etc/ntp.conf
  6. service ntpd start

The “tinker panic 0” is the most important part. Now when my VMware Fusion wakes and the CentOS guest powers on, NTP gets everything setup correctly.

Powershell script to install Cygwin

I like having Cygwin installed on my machine, and since I always re-image, I needed a script to install Cygwin automatically.

function Install-Cygwin {
   param ( $TempCygDir="$env:temp\cygInstall" )
   if(!(Test-Path -Path $TempCygDir -PathType Container))
    {
       $null = New-Item -Type Directory -Path $TempCygDir -Force
    }
   $client = new-object System.Net.WebClient
   $client.DownloadFile("http://cygwin.com/setup.exe", "$TempCygDir\setup.exe" )
   Start-Process -wait -FilePath "$TempCygDir\setup.exe" -ArgumentList "-q -n -l $TempCygDir -s http://mirror.nyi.net/cygwin/ -R c:\Cygwin"
   Start-Process -wait -FilePath "$TempCygDir\setup.exe" -ArgumentList "-q -n -l $TempCygDir -s http://mirror.nyi.net/cygwin/ -R c:\Cygwin -P openssh"
}

This will download and install Cygwin and install the openssh package.

OpenVPN on windows with a TUN device

Since my laptop hard drive  died, I did not have access to my home VPN. I needed to set up OpenVPN on windows. I setup my PKI and installed the portable version of OpenVPN. Tried connecting and got this error:

There is a problem in your selection of –ifconfig endpoints [local=X.X.X.X, remote=X.X.X.X]. The local and remote VPN endpoints cannot use the first or last address within a given 255.255.255.252 subnet.

The fix? Add the following to your server config:

topology subnet

Running a BASH script when my Laptop is opened at home – Part 1

My laptop hard drive died. I was upset only because there was data on my laptop that had not been moved over to my desktop. My desktop has time machine and is rsynced to several other drives and locations.

So I lost data. My own fault because I was not diligent in moving data off my laptop.

To make sure this did not happen again, I needed the ability to run a script when I open my laptop at home. But how?

  • First, I thought about identifying being at home by my wireless SSID. That was okay, but what if I was connected by wire?
  • Second, I thought about identifying home based on my subnet. Well, I could find myself on a network with the same range, and that could be bad.
  • Then I found this link that showed some code on how to get the MAC address of the defined Default Gateway. Perfect.

MAC addresses should be unique. Therefore the BASH script should only run when I am on my home network.

Here is the BASH script to find the Default Gateway’s MAC address

GATEWAY=`netstat -rn | grep default | cut -c20-35`
MACADDRESS=`arp -n $GATEWAY | cut -f4 -d' '`

Next step is to use this code when I open my Laptop lid.

CentOS Kickstart with local CDROM media and a “http config file”

At our NYC office, I have a PXE/Kickstart system setup. All I need to do is boot to PXE, and I can install CentOS with very little intervention. I have to choose Server vs Desktop (each choice points to a different http hosted kickstart cfg file.) and I have to setup my partitons how I want them.

Recently I was tasked to setup a new office in LA. I had taken a CentOS iso with me, but I wanted to use the standard config file (hosted over http) at the central office. Basically I wanted to use the local bits with a remote config file. I learned a couple fo things going through this exercise.

  1. It is not easy to serach for KickStart config file examples becasue KickStart is the name of the process and the name of the config file.
  2. When booting from an ISO, if you want use local bits with a remote KickStart config file, the command is
    • linux ks=http://url.server.com/
    • The kickstart file must have the directive: cdrom
    • you can not have both “url” and “cdrom” in the same file. It will use the first one it finds (or last, I do not remember which)
  3. You can not combine both command line parameters and a kickstart file – the KickStart file overrides. For example I used:
    • linux ks=http://url.server.com/ks.cfg method=cdrom and I did not have “cdrom” in the config file. The installer prompted me for media type.

The only way I could use local bits with a KickStart file, was to specify “cdrom” in the config file. Which means I had to have yet another option/config file= dekstop,server, server-cdrom.

VMware ESX and vmdks larger than 256gb

News to me! if you want to create a vmdk larger than 256 gb, you need to blow away the datastore and re-create it with a larger block size!

  1. Move everything off the datastore.
  2. Under the configuration tab, Right click and delete the store
  3. Click add storage and it will find the unused disk
  4. and when Creating the new datastore, change the block size to accommodate the largest vmdk you want to create:
    • 1M =256gb, 2M=512gb, 4M=1T,8M=2T

Using a MacBook to connect to a Cisco router

We have a “USBG-232MINI” USB to Serial adapter and I needed to connect to a Cisco router. GNU screen to the rescue!!

The command is

screen /dev/tty.usbserial-A9005yuF 9600 (Where A9005yuF is probably unique)

And to exit hit Control+A then K.

PowerShell to list all users and when their password expires

I wanted to dump a list of accounts and their password expiration dates – accounts that were not disabled, that had a certain description, and were not set with “Password never expires”

(Get-ADUser -filter {(Description -notlike "Service*") -and (Enabled -eq "True") -and (PasswordNeverExpires -eq "False")} -properties *) |
select samaccountname,description,
@{N="LastChanged";E={(Get-Date([System.DateTime]::FromFileTimeUtc($_.pwdLastSet))).ToShortDateString()}},
@{N="Expires";E={(Get-Date([System.DateTime]::FromFileTimeUtc($_.pwdLastSet))).AddDays((Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.TotalDays).ToShortDateString()}}

Powered by WordPress. Designed by WooThemes