remove veeamdeploymentsvc, veeamtransport and veeamservice from ubuntu 20.04

these veeam services still running when checking systemctl status:  

  ├─veeamtransport.service

             │ ├─1064 /opt/veeam/transport/veeamtransport --run-service

             │ ├─1347 /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6

             │ └─1496 /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogCount 10 --maxLogSize>

          ├─veeamdeployment.service

             │ ├─1062 /opt/veeam/deployment/veeamdeploymentsvc --run-service

             │ ├─1089 /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8

             │ └─1110 /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17

         ├─veeamservice.service

             │ └─1272 /usr/sbin/veeamservice --pidfile /var/run/veeamservice.pid --daemon

run these commands with sudo or root:

/opt/veeam/deployment/veeamdeploymentsvc --stop

/opt/veeam/deployment/veeamdeploymentsvc -u

/opt/veeam/transport/veeamtransport --stop

/opt/veeam/transport/veeamtransport -u

systemctl stop veeamservice

/usr/sbin/veeamservice -u

systemctl disable veeamservice 

Innatech RG4332

So, I'm a bit bored tonight... I scan my network just for fun and found out something about the unifi router.

So I tried login with root, guess the password.

login as: root
root@192.168.0.1's password:


BusyBox v1.6.1 (2013-12-23 17:22:03 HKT) built-in shell (ash)
Enter 'help' for a list of built-in commands.

Well, that is easy.

# cat /etc/shadow
#root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::
root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::
#tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::
#tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::

Looks like this password hashes have been recycled a few times in router firmware.

check it out. Not a surprise I guess. More interesting bits below:

# ps
  PID USER       VSZ STAT COMMAND
    1 root      1584 S    init
    2 root         0 SW<  [kthreadd]
    3 root         0 SW<  [ksoftirqd/0]
    4 root         0 SW<  [watchdog/0]
    5 root         0 SW<  [events/0]
    6 root         0 SW<  [khelper]
    9 root         0 SW<  [async/mgr]
   74 root         0 SW<  [kblockd/0]
   84 root         0 SW<  [khubd]
  101 root         0 SW   [khungtaskd]
  102 root         0 SW   [pdflush]
  103 root         0 SW   [pdflush]
  104 root         0 SW<  [kswapd0]
  106 root         0 SW<  [crypto/0]
  663 root         0 SW<  [mtdblockd]
  726 root      4428 S    /usr/sbin/mini_httpd -d /usr/www -c /cgi-bin/* -u ro
  730 root      2632 S    /usr/bin/pc
  732 root      1588 S    -/bin/sh
  733 root      4964 S    /usr/bin/logic
  734 root      2560 S    /usr/bin/ip6mon
  735 root      2564 S    /usr/bin/ramon
  736 root      2576 S    /usr/bin/ip6aac
  742 root      1592 S    /usr/sbin/inetd
  744 root      2224 S    /usr/sbin/dropbear
 1412 root      2612 S    /usr/sbin/pppd plugin rp-pppoe.so eth5 user
 1420 root      1204 S    /sbin/udhcpc -i eth8 -m 1500 -f
 1534 root      1984 S    /usr/sbin/dhcp6c -c /var/dhcpv6/dhcp6c_301203713 -f
 1698 root      1204 S    /sbin/miniupnpd -f /etc/upnpd.conf -d
 1921 root      1208 S    /usr/sbin/radvd -C /var/radvd.conf -d 1
 1967 root      2040 S    /usr/sbin/dhcp6s -c /var/dhcpv6/br0.conf -f br0
 2007 root      1320 S    /sbin/dproxy -c /etc/dproxy.conf -d
 2124 root      1244 S    /sbin/udhcpd /var/udhcpd.confge
 6840 root      2280 R    /usr/sbin/dropbear
 6841 root      1592 S    -sh

 6872 root      1584 R    ps

# pwd

/var/log

# cat device_info

Manufacturer: innacomm

ProductClass: RG4332

SerialNumber: RGWINNIN15********

IP: 192.168.0.1

HWVer: RTL8196C

SWVer: RG4332_V2.7.0

There is a samba config file in /etc, but when I try to connect it doesn't work. Not sure what is the purpose of it.

# cat smb.conf

[global]

workgroup = home

netbios name = dsl_route

server string = Samba Server

security = user

local master = Yes

preferred master = Yes

encrypt passwords = yes

smb passwd file = /var/smbpasswd

#private dir = /tmp/smbvar

socket options = TCP_NODELAY

wins proxy = no

log level = 10

load printers = no

guest account = root

log file = /var/log/smblog

max log size = 0

interfaces = 192.168.1.1/255.255.255.0

dns proxy = no

browseable = yes

guest ok = yes

writeable = no

display charset = utf8

unix charset = utf8

dos charset = utf8

public = yes

[usb1_1]

path = /mnt/usb1_1

writeable = yes

browseable = yes

directory mask = 0777

create mask = 0777

I'm getting sleepy, so I'll continue this next time I hope... Bai for now.

vagrant in Windows 7

step 1: download vagrant installer from https://www.vagrantup.com/downloads.html.
step 2: read below:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\toyol>vagrant -v
Vagrant 1.7.2

C:\Users\toyol>vagrant -h
Usage: vagrant [options] []

    -v, --version                    Print the version and exit.
    -h, --help                       Print this help.

Common commands:
     box             manages boxes: installation, removal, etc.
     connect         connect to a remotely shared Vagrant environment
     destroy         stops and deletes all traces of the vagrant machine
     global-status   outputs status Vagrant environments for this user
     halt            stops the vagrant machine
     help            shows the help for a subcommand
     init            initializes a new Vagrant environment by creating a Vagrantfile
     login           log in to HashiCorp's Atlas
     package         packages a running vagrant environment into a box
     plugin          manages plugins: install, uninstall, update, etc.
     provision       provisions the vagrant machine
     push            deploys code in this environment to a configured destination
     rdp             connects to machine via RDP
     reload          restarts vagrant machine, loads new Vagrantfile configuration
     resume          resume a suspended vagrant machine
     share           share your Vagrant environment with anyone in the world
     ssh             connects to machine via SSH
     ssh-config      outputs OpenSSH valid configuration to connect to the machine
     status          outputs status of the vagrant machine
     suspend         suspends the machine
     up              starts and provisions the vagrant environment
     version         prints current and latest Vagrant version

For help on any individual command run `vagrant COMMAND -h`

Additional subcommands are available, but are either more advanced
or not commonly used. To see all subcommands, run the command
`vagrant list-commands`.

C:\Users\toyol>vagrant plugin install vagrant-hostmanager
Installing the 'vagrant-hostmanager' plugin. This can take a few minutes...
Bundler, the underlying system Vagrant uses to install plugins,
reported an error. The error is shown below. These errors are usually
caused by misconfigured plugin installations or transient network
issues. The error from Bundler is:

Could not fetch specs from http://gems.hashicorp.com/

Retrying source fetch due to error (2/3): Bundler::HTTPError Could not fetch specs from http://gems.hashicorp.com/Retrying source fetch due to error (3/3): Bundler::HTTPError Could not fetch specs from http://gems.hashicorp.com/

C:\Users\toyol>SET http_proxy=http://cacing-tanah.com:8080

C:\Users\toyol>vagrant plugin install vagrant-hostmanager
Installing the 'vagrant-hostmanager' plugin. This can take a few minutes...
Installed the plugin 'vagrant-hostmanager (1.5.0)'!

C:\Users\toyol>vagrant box add relativkreativ/centos-7-minimal
==> box: Loading metadata for box 'relativkreativ/centos-7-minimal'
    box: URL: https://atlas.hashicorp.com/relativkreativ/centos-7-minimal
==> box: Adding box 'relativkreativ/centos-7-minimal' (v1.0.3) for provider: virtualbox
    box: Downloading: https://vagrantcloud.com/relativkreativ/boxes/centos-7-minimal/versions/1.0.3/providers/virtualbox.box
    box: Progress: 100% (Rate: 5646k/s, Estimated time remaining: --:--:--)
==> box: Successfully added box 'relativkreativ/centos-7-minimal' (v1.0.3) for 'virtualbox'!

C:\Users\toyol>vagrant init relativkreativ/centos-7-minimal
A `Vagrantfile` has been placed in this directory. You are now
ready to `vagrant up` your first virtual environment! Please read
the comments in the Vagrantfile as well as documentation on
`vagrantup.com` for more information on using Vagrant.

C:\Users\toyol>vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'relativkreativ/centos-7-minimal'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'relativkreativ/centos-7-minimal' is up to date...
==> default: Setting the name of the VM: toyol_default_1425544554065_14802
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
==> default: Forwarding ports...
    default: 22 => 2222 (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: Warning: Connection timeout. Retrying...
    default: Warning: Connection timeout. Retrying...
    default:
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default:
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if its present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
==> default: Mounting shared folders...
    default: /vagrant => C:/Users/toyol

C:\Users\toyol>vagrant ssh-config
Host default
  HostName 127.0.0.1
  User vagrant
  Port 2222
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile C:/Users/toyol/.vagrant/machines/default/virtualbox/private_key
  IdentitiesOnly yes
  LogLevel FATAL


C:\Users\toyol>

step 3: get the private_key from above ssh-config output and save it to your ssh key path. If you're using putty, need to convert it to ppk file first (http://meinit.nl/using-your-openssh-private-key-in-putty)

login as: vagrant
Authenticating with public key "imported-openssh-key"
Passphrase for key "imported-openssh-key":
Last login: Tue Dec 16 09:59:48 2014
[vagrant@localhost ~]$ uptime
 09:45:14 up 8 min,  1 user,  load average: 0.00, 0.10, 0.11

Remove a cluster node in HPUX ServiceGuard

#

1- Make sure all packages run on primary node. In this case you want to remove clnode40 from cluster.

clnode40/root/home/root#cmviewcl

CLUSTER        STATUS       
ssdd_cluster    up           
  
  NODE           STATUS       STATE        
  clnode40       up           running      
  clnode53       up           running      

    PACKAGE        STATUS           STATE            AUTO_RUN    NODE        
    DBssdd          up               running          enabled     clnode53    
    NFSssdd         up               running          enabled     clnode53    
    CIssdd          up               running          enabled     clnode53    
    rsyncssdd       up               running          enabled     clnode53    

2- Halt secondary node. I'm halting the node from inside of the node itself, but I'm suggesting to halt it from the primary node. Because later you need to remove the node and this can't be done from the node to be removed.

clnode40/etc/cmcluster/ssdd#cmhaltnode -f clnode40
Disabling all packages from starting on nodes to be halted.
Warning:  Do not modify or enable packages until the halt operation is completed.
Waiting for nodes to halt ..... done
Successfully halted all nodes specified.
Halt operation complete.

clnode40/etc/cmcluster/ssdd#cmviewcl

CLUSTER        STATUS      
ssdd_cluster    up          

  NODE           STATUS       STATE      
  clnode40       down         halted      
  clnode53       up           running    

    PACKAGE        STATUS           STATE            AUTO_RUN    NODE      
    DBssdd          up               running          enabled     clnode53  
    NFSssdd         up               running          enabled     clnode53  
    CIssdd          up               running          enabled     clnode53  
    rsyncssdd       up               running          enabled     clnode53  

3- pull current cluster/packages config, these command will save the config in the file name you specified.
cmgetconf -p rsyncssdd rsyncssdd.conf
cmgetconf -c ssdd _cluster ssdd _cluster.conf

4- Remove the reference line for the departing node. The reference line begins with the string:

NODE_NAME (in cluster config)
or
node_name (in package config)

5- If removing a node from the cluster results in a one-node cluster, remove all lines containing the references that follow from the cluster ASCII file:

FIRST_CLUSTER_LOCK_VG
FIRST_CLUSTER_LOCK_PV

The lock disk function is not used in a one-node cluster.

6- apply the new modified config
clnode53/etc/cmcluster/ssdd#cmapplyconf -C ssdd _cluster.conf -P DBssdd.conf -P NFSssdd.conf -P CIssdd.DBssdd.conf -P NFSssdd.conf -P CIssdd.conf -P rsyncssdd.conf
MAX_CONFIGURED_PACKAGES configured to 300.
MAX_CONFIGURED_PACKAGES configured to 300.
NFSssdd.conf:490: service_halt_timeout value of 0 is equivalent to 1 sec.
Modifying the cluster locking mechanism from lvm to majority while cluster ssdd_cluster is running.
Deleting FIRST_CLUSTER_LOCK_PV /dev/disk/disk98 from node clnode53 while cluster is running.
Removing configuration from node clnode40
Modifying configuration on node clnode53
Deleting node clnode40 from cluster ssdd_cluster

Modify the cluster configuration ([y]/n)? y
Completed the cluster creation

7- verify node is not visible in cmviewcl
clnode53:/etc/cmcluster/ssdd# cmviewcl

CLUSTER        STATUS      
ssdd_cluster    up          

  NODE           STATUS       STATE      
  clnode53       up           running    

    PACKAGE        STATUS           STATE            AUTO_RUN    NODE      
    DBssdd          up               running          enabled     clnode53  
    NFSssdd         up               running          enabled     clnode53  
    CIssdd          up               running          enabled     clnode53  
    rsyncssdd       up               running          enabled     clnode53  

8- Set AUTOSTART_CMCLD=0 in /etc/rc.config.d/cmcluster. Set AUTO_VG_ACTIVATE=1 in /etc/lvmrc.

Command outputs are from me, cluster commands are lifted from HP site: http://support.hp.com/us-en/document/c01058926


#WHATYEARISTHIS??

configure http proxy on CentOS

1. You can configure persistent proxy environment variable in /etc/profile.d so it will be set every time you login :

[root@mangkuk ~]# cat /etc/profile.d/proxy.sh
http_proxy=http://myproxy:8080
https_proxy=$http_proxy
ftp_proxy=$http_proxy
export http_proxy https_proxy ftp_proxy

2. The proxy for yum package manager need to be configured separately in /etc/yum.conf. The proxy line need to be added under [main] section:

[root@mangkuk ~]# cat /etc/yum.conf
[main]
proxy=http://myproxy:8080
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=16&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release
#  This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
#  It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m
# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
[root@mangkuk ~]#

How to headless solaris on a windows box =revisited =

1. Somehow you have a solaris cd install

2. Get virtualbox and install. http://www.virtualbox.org/wiki/Downloads

3. Configure vm in virtualbox, quite straightforward. For network configuration, choose bridged adapter and choose your pc NIC (this is to let you ssh into your vm)

4. Add the solaris iso into the storage setting so it loads during startup.

5. Starts vm. Install solaris from the mounted iso. It will auto reboot if you choose to, when it finish installing.

6. Boot solaris and disable gui.

To disable the GUI startup: /usr/dt/bin/dtconfig -d
And, to enable it again: /usr/dt/bin/dtconfig -e

7.Enable root login through ssh. (stupid, i know)
(i just grep it to show you how it looks like, after edit restart ssh)

bash-3.2# grep PermitRoot /etc/ssh/sshd_config
PermitRootLogin yes
bash-3.2#
bash-3.2# svcadm restart network/ssh:default
bash-3.2#

8.Configure static network http://facti.net/drupal/node/87

# tail /etc/hosts
# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
#
# Internet host table
#
::1 localhost
127.0.0.1 localhost
192.168.1.5 solar loghost

# tail /etc/inet/ipnodes
# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
#
# Internet host table
#
::1 localhost
127.0.0.1 localhost
192.168.1.5 solar loghost

# tail /etc/nodename
solar

bash-3.2# tail /etc/solar.e1000g0
solar

##this make sure the dns resolve work
bash-3.2# cp /etc/nsswitch.dns /etc/nsswitch.conf
bash-3.2# ping google.com
google.com is alive
bash-3.2#

add your workstation ip and name in your Sun box /etc/hosts file (solve ssh password prompt hang issue)

# tail /etc/hosts
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
#
# Internet host table
#
::1 localhost
127.0.0.1 localhost
192.168.1.5 solar loghost
192.168.1.2 queenofblade
#

9.Shutdown ( or restart network just to test your setting work first)

bash-3.2# svcadm restart network/physical:default
bash-3.2#

bash-3.2# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.5 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:27:14:a9:29
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
bash-3.2#

bash-3.2# netstat -rn

Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
192.168.1.0 192.168.1.5 U 1 1 e1000g0
127.0.0.1 127.0.0.1 UH 1 0 lo0

Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--------------------------- --------------------------- ----- --- ------- -----
::1 ::1 UH 1 21 lo0
bash-3.2#
bash-3.2# dladm show-link
LINK CLASS MTU STATE OVER
e1000g0 phys 1500 up --
bash-3.2#

shutdown -y -i5 -g0

10. get vboxvmservice.sourceforge.net. This is so you can run the server in headless mode, without the virtualbox gui. Read the how-to in doc folder. Please reboot your windows after configuring the VBoxVmService.ini. By default, vboxvmservice starts every vm in VBoxVMService.ini when you starts the service. With the latest revision http://vboxvmservice.svn.sourceforge.net/viewvc/vboxvmservice/ , you can set whether you want the vm to be auto start or not.

##sample .ini
[Settings]
ServiceName=VBoxVmService
VBOX_USER_HOME=C:\Users\zeratul\.VirtualBox
PauseShutdown=5000

[Vm0]
VmName=solar
WorkingDir=E:\leech\VBoxVmService-2.2-Fireworks\vms
ShutdownMethod=savestate
VrdePort=3001

11. install and start vboxvmservice. start vm from the cmd. ( i skip the install and start part)

C:\Users\zeratul>cd E:\leech\VBoxVmService-2.2-Fireworks\vms

C:\Users\zeratul>e:

E:\leech\VBoxVmService-2.2-Fireworks\vms>VmServiceControl.exe
VBoxVmSerice control utility
usage: VmServiceControl [options]
-i Install VBoxVmService service
-u Uninstall VBoxVmService service
-s Start VBoxVmService service
-k Stop VBoxVmService service
-b Restart VBoxVmService service
-e Print service environment
-su n Startup VM with index n
-sd n Shutdown VM with index n
-st n Show status for VM with index n
-sp n Show guest properties if Guest Additions are installed
for VM with index n

E:\leech\VBoxVmService-2.2-Fireworks\vms>VmServiceControl.exe -s
StartService failed: An instance of the service is already running.

E:\leech\VBoxVmService-2.2-Fireworks\vms>VmServiceControl.exe -su 0
Read 2866 bytes
Started your virtual machine, VM0

Name: solar
Guest OS: Oracle Solaris 10 10/09 and later
UUID: ca27e1b2-cc15-4abd-93b5-e47e5ae1c35a
Config file: C:\Users\zeratul\VirtualBox VMs\solar\solar.vbox
Snapshot folder: C:\Users\zeratul\VirtualBox VMs\solar\Snapshots
Log folder: C:\Users\zeratul\VirtualBox VMs\solar\Logs
Hardware UUID: ca27e1b2-cc15-4abd-93b5-e47e5ae1c35a
Memory size: 1024MB
Page Fusion: off
VRAM size: 12MB
HPET: off
Chipset: piix3
Firmware: BIOS
Number of CPUs: 1
Synthetic Cpu: off
CPUID overrides: None
Boot menu mode: message and menu
Boot Device (1): Floppy
Boot Device (2): DVD
Boot Device (3): HardDisk
Boot Device (4): Not Assigned
ACPI: on
IOAPIC: off
PAE: off
Time offset: 0 ms
RTC: local time
Hardw. virt.ext: on
Hardw. virt.ext exclusive: off
Nested Paging: on
Large Pages: on
VT-x VPID: on
State: running (since 2011-03-09T14:42:39.642000000)
Monitor count: 1
3D Acceleration: off
2D Video Acceleration: off
Teleporter Enabled: off
Teleporter Port: 0
Teleporter Address:
Teleporter Password:
Storage Controller Name (0): SATA Controller
Storage Controller Type (0): IntelAhci
Storage Controller Instance Number (0): 0
Storage Controller Max Port Count (0): 30
Storage Controller Port Count (0): 30
Storage Controller Bootable (0): on
SATA Controller (0, 0): C:\Users\zeratul\VirtualBox VMs\solar\solar.vdi (UUID: 5
2f4f312-f325-4362-8cbf-3fc58aad3cb1)
SATA Controller (1, 0): C:\PROGRA~1\Oracle\VIRTUA~1\VBoxGuestAdditions.iso (UUID
: beaca415-3297-4c13-a62b-c40aeeacc7e2)
NIC 1: MAC: 08002714A929, Attachment: Bridged Interface 'Realtek PCIe
GBE Family Controller', Cable connected: on, Trace: off (file: none), Type: 8254
0EM, Reported speed: 0 Mbps, Boot priority: 0
NIC 2: disabled
NIC 3: disabled
NIC 4: disabled
NIC 5: disabled
NIC 6: disabled
NIC 7: disabled
NIC 8: disabled
Pointing Device: USB Tablet
Keyboard Device: PS/2 Keyboard
UART 1: disabled
UART 2: disabled
Audio: enabled (Driver: DSOUND, Controller: AC97)
Clipboard Mode: Bidirectional
Video mode: 720x400x0
VRDE: enabled (Address 0.0.0.0, Ports 3001, MultiConn: off, ReuseSing
leConn: off, Authentication type: null)
Video redirection: disabled
USB: enabled

USB Device Filters:



Available remote USB devices:



Currently Attached USB Devices:



Shared folders:

VRDE Connection: not active
Clients so far: 0

Guest:

OS type: OpenSolaris
Additions run level: 0
Configured memory balloon size: 0 MB

E:\leech\VBoxVmService-2.2-Fireworks\vms>VmServiceControl.exe -st 0
Read 2866 bytes
Status for your virtual machine, VM0

Name: solar
Guest OS: Oracle Solaris 10 10/09 and later
UUID: ca27e1b2-cc15-4abd-93b5-e47e5ae1c35a
Config file: C:\Users\zeratul\VirtualBox VMs\solar\solar.vbox
Snapshot folder: C:\Users\zeratul\VirtualBox VMs\solar\Snapshots
Log folder: C:\Users\zeratul\VirtualBox VMs\solar\Logs
Hardware UUID: ca27e1b2-cc15-4abd-93b5-e47e5ae1c35a
Memory size: 1024MB
Page Fusion: off
VRAM size: 12MB
HPET: off
Chipset: piix3
Firmware: BIOS
Number of CPUs: 1
Synthetic Cpu: off
CPUID overrides: None
Boot menu mode: message and menu
Boot Device (1): Floppy
Boot Device (2): DVD
Boot Device (3): HardDisk
Boot Device (4): Not Assigned
ACPI: on
IOAPIC: off
PAE: off
Time offset: 0 ms
RTC: local time
Hardw. virt.ext: on
Hardw. virt.ext exclusive: off
Nested Paging: on
Large Pages: on
VT-x VPID: on
State: running (since 2011-03-09T14:42:39.642000000)
Monitor count: 1
3D Acceleration: off
2D Video Acceleration: off
Teleporter Enabled: off
Teleporter Port: 0
Teleporter Address:
Teleporter Password:
Storage Controller Name (0): SATA Controller
Storage Controller Type (0): IntelAhci
Storage Controller Instance Number (0): 0
Storage Controller Max Port Count (0): 30
Storage Controller Port Count (0): 30
Storage Controller Bootable (0): on
SATA Controller (0, 0): C:\Users\zeratul\VirtualBox VMs\solar\solar.vdi (UUID: 5
2f4f312-f325-4362-8cbf-3fc58aad3cb1)
SATA Controller (1, 0): C:\PROGRA~1\Oracle\VIRTUA~1\VBoxGuestAdditions.iso (UUID
: beaca415-3297-4c13-a62b-c40aeeacc7e2)
NIC 1: MAC: 08002714A929, Attachment: Bridged Interface 'Realtek PCIe
GBE Family Controller', Cable connected: on, Trace: off (file: none), Type: 8254
0EM, Reported speed: 0 Mbps, Boot priority: 0
NIC 2: disabled
NIC 3: disabled
NIC 4: disabled
NIC 5: disabled
NIC 6: disabled
NIC 7: disabled
NIC 8: disabled
Pointing Device: USB Tablet
Keyboard Device: PS/2 Keyboard
UART 1: disabled
UART 2: disabled
Audio: enabled (Driver: DSOUND, Controller: AC97)
Clipboard Mode: Bidirectional
Video mode: 720x400x0
VRDE: enabled (Address 0.0.0.0, Ports 3001, MultiConn: off, ReuseSing
leConn: off, Authentication type: null)
Video redirection: disabled
USB: enabled

USB Device Filters:



Available remote USB devices:



Currently Attached USB Devices:



Shared folders:

VRDE Connection: not active
Clients so far: 0

Guest:

OS type: OpenSolaris
Additions run level: 0
Configured memory balloon size: 0 MB




E:\leech\VBoxVmService-2.2-Fireworks\vms>

12. ssh to vm. Finished! (get putty or something)

bash-3.2# uname -a;date;uptime
SunOS solar 5.11 snv_122 i86pc i386 i86pc
Wed Mar 9 23:57:14 MYT 2011
11:57pm up 1:14, 1 user, load average: 0.04, 0.03, 0.04
bash-3.2#

13. HOHO

###############
extra notes:
http://www.idevelopment.info/data/Unix/Solaris/SOLARIS_ConfiguringApropos.shtml
http://www.marksanborn.net/howto/bypass-firewall-and-nat-with-reverse-ssh-tunnel/
http://lildude.co.uk/what-do-all-the-services-on-solaris-10-do

extract script

### you need to install rar and 7zip packages first if you don't have them.then you can use 'extract ' next time. easy peasy!

#Extract things. Thanks to urukrama, Ubuntuforums.org. put in .bashrc
extract () {
if [ -f $1 ] ; then
case $1 in
*.tar.bz2) tar xjf $1 ;;
*.tar.gz) tar xzf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) rar x $1 ;;
*.gz) gunzip $1 ;;
*.tar) tar xf $1 ;;
*.tbz2) tar xjf $1 ;;
*.tgz) tar xzf $1 ;;
*.zip) unzip $1 ;;
*.Z) uncompress $1 ;;
*.7z) 7z x $1 ;;
*) echo "'$1' cannot be extracted via extract()" ;;
esac
else
echo "'$1' is not a valid file"
fi
}

hold debian package update

#####Hold package update especially those you custom compile/install, because debian lenny insist their packages are the latest -_-

echo "package hold"|dpkg --set-selections
and, to reverse,
echo "package install"|dpkg --set-selections

####hold packages will show up as hi, while normal update package show up as ii(update able)

swordfish@protoss-emperor:~$ dpkg -l|grep fglrx
hi fglrx-amdcccle 8.771-1 Catalyst Control Center for the ATI graphics accelerators
hi fglrx-driver 8.771-1 Video driver for the ATI graphics accelerators
hi fglrx-driver-dev 8.771-1 Video driver for the ATI graphics accelerators (devel files)

###of course i'm holding these fglrx packages, i don't want a borked driver after kernel update again -_-

###now when you do apt-get upgrade

swordfish@protoss-emperor:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
bind9-host dnsutils fglrx-amdcccle fglrx-driver fglrx-kernel-src

new kernel broke my radeon again

##########fglrx woe

I don't know at first that fglrx packages from debian non-free repo will conflict with the proprietary driver downloaded from amd site. So in install the driver from the repo and then the amd driver. After recompile kernel, everything look fine but opengl somehow is broken. This is the guide how to resolve it. good luck!

#####the error:

when i execute fglrxinfo or glxinfo, the output is something like this(not mine):

X Error of failed request:  BadMatch (invalid parameter attributes)   Major opcode of failed request:  156 (GLX)   Minor opcode of failed request:  5 (X_GLXMakeCurrent)   Serial number of failed request:  37   Current serial number in output stream:  37

and there is one line of error in /var/log/Xorg*

EE GLX error: Can not get required symbols

Somehow, the 3d acceleration is working fine, but still i need opengl to play video smoothly -_-

You can see from the Xorg log that the fglrx module loaded is the old module from non-free debian packages, not the one installed from amd installer.

http://wiki.debian.org/Ati%20Installer%20in%20Lenny

###########

ATI installer for Debian is buggy, and requires some tricks:

./ati-driver-installer-10-1-x86.x86_64.run --buildpkg Debian/lenny

Generating package: Debian/lenny

cp: cannot stat `/home/jarek/install/fglrx-install.ClcbzZ/x710/*': No such file or directory

Package build failed!

To correct this you have to extract sources:

./ati-driver-installer-10-1-x86.x86_64.run --extract fglrx-10.1

and do the following. Enter driver directory:

cd fglrx-10.1

Open file: packages/Debian/ati-packager.sh and in line 67 change:

lenny|testing) X_DIR=x710; X_NAME=lenny;;

to

lenny|testing) X_DIR=x690; X_NAME=lenny;;

Open file packages/Debian/dists/lenny/fglrx-driver.shlibs and at the end add line:

libatiuki 1 fglrx-driver

Copy file libatiuki.so.1.0 and create symbolic link: (for 32-bit system)

cp arch/x86/usr/lib/libatiuki.so.1.0 x690/usr/X11R6/lib/

ln -s libatiuki.so.1.0 x690/usr/X11R6/lib/libatiuki.so.1

For 64-bit system, change x86 to x86_64, x690 to x690_64a, lib to lib64, for above paths.

Now you should be able to build debs:

./ati-installer.sh 10.1 --buildpkg Debian/lenny

##########

http://www.jotschi.de/?p=313

stop xserver/gdm (this will close your desktop environment, make sure you keep this guide somewhere nearby)

modprobe -r fglrx

// get a list of all fglrx packages

sudo dpkg -l | grep fglrx

sudo dpkg -P fglrx-driver

sudo dpkg -P fglrx-kernel-$(uname -r)

sudo dpkg -P fglrx-kernel-src

sudo dpkg -P fglrx-amdcccle

sudo dpkg -P fglrx-driver-dev

// make sure everything is gone

sudo dpkg -l | grep fglrx

3. Restore files that might have been messed up by previous fglrx installations

apt-get --reinstall install libgl1-mesa-glx

apt-get --reinstall install xserver-xorg-core

4. Get rid of old ati configurations

sudo mv /etc/ati /tmp

sudo mv /etc/X11/xorg.conf /tmp

###################################################3

Download the installer and put it in ~/fglrx/

$ cd ./fglrx/

$ chmod +x ati-driver-installer-[version].run

$ ./ati-driver-installer-[version].run --extract fglrx-tmp

$ cd fglrx-tmp

$ su

# ./packages/Debian/ati-packager.sh --buildpkg lenny

# cd ..

dpkg --force-all -i fglrx-driver_[version].deb

dpkg -i fglrx-driver-dev_[version].deb

dpkg -i fglrx-kernel-src_[version].deb

dpkg -i fglrx-amdcccle_[version].deb

#apt-get install module-assistant

#cd /usr/src

# m-a prepare

# m-a update

module-assistant

# SELECT -> fglrx-kernel -> BUILD / INSTALL #

# modprobe -v fglrx

# aticonfig --initial

startx/gdm

#############how to know the fglrx module loaded is correct

debian:check /var/log/Xorg*

(II) LoadModule: "fglrx"

(II) Loading /usr/lib/xorg/modules/drivers//fglrx_drv.so

(II) Module fglrx: vendor="FireGL - ATI Technologies Inc."

compiled for 7.1.0, module version = 8.77.5

Module class: X.Org Video Driver

(II) Loading sub module "fglrxdrm"

(II) LoadModule: "fglrxdrm"

(II) Loading /usr/lib/xorg/modules/linux//libfglrxdrm.so

(II) Module fglrxdrm: vendor="FireGL - ATI Technologies Inc."

compiled for 7.1.0, module version = 8.77.5

#####fglrxinfo will show correct info

swordfish@protoss-emperor:~$ fglrxinfo

display: :0.0 screen: 0

OpenGL vendor string: ATI Technologies Inc.

OpenGL renderer string: ATI Mobility Radeon HD 3400 Series

OpenGL version string: 3.3.10188 Compatibility Profile Context

Find out if your mail server is an open relay

Open relay from wikipedia:

An open mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users.[1][2][3] This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular due to their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.

How to easily check if your mail server is open relay:

telnet relay-test.mail-abuse.org

[terung@myvps ~]$ telnet relay-test.mail-abuse.org
Trying 168.61.4.13...
Connected to relay-test.mail-abuse.org.
Escape character is '^]'.
Connecting to x.x.x.x ...
<<< 220 myvps.mydomain.com ESMTP
>>> HELO cygnus.mail-abuse.org
<<< 250 myvps.mydomain.com
:Relay test: #Quote test
>>> mail from:
<<< 250 ok
>>> rcpt to: <"nobody@mail-abuse.org">
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 1
>>> mail from:
<<< 250 ok
>>> rcpt to:
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 2
>>> mail from:
<<< 250 ok
>>> rcpt to:
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #test 3
>>> mail from:
<<< 250 ok
>>> rcpt to:
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 4
>>> mail from:
<<< 250 ok
>>> rcpt to:
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 5
>>> mail from: <>
<<< 250 ok
>>> rcpt to:
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 6
>>> mail from:
<<< 250 ok
>>> rcpt to:
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 7
>>> mail from:
<<< 250 ok
>>> rcpt to:
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 8
>>> mail from:
<<< 250 ok
>>> rcpt to:
<<< 553 we don't relay (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 9
>>> mail from:
<<< 250 ok
>>> rcpt to:
<<< 553 we don't relay (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 10
>>> mail from:
<<< 250 ok
>>> rcpt to: <"nobody@mail-abuse.org">
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 11
>>> mail from:
<<< 250 ok
>>> rcpt to: <"nobody%mail-abuse.org">
<<< 553 we don't relay (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 12
>>> mail from:
<<< 250 ok
>>> rcpt to:
<<< 553 we don't relay (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 13
>>> mail from:
<<< 250 ok
>>> rcpt to: <"nobody@mail-abuse.org"@[x.x.x.x]>
<<< 553 we don't relay (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 14
>>> mail from:
<<< 250 ok
>>> rcpt to:
<<< 553 we don't relay (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 15
>>> mail from:
<<< 250 ok
>>> rcpt to: <@:nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 16
>>> mail from:
<<< 250 ok
>>> rcpt to: <@[x.x.x.x]:nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 17
>>> mail from:
<<< 250 ok
>>> rcpt to:
<<< 553 we don't relay (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #test 18
>>> mail from:
<<< 250 ok
>>> rcpt to:
<<< 553 we don't relay (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #test 19
>>> mail from:
<<< 250 ok
>>> rcpt to:
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
>>> QUIT
<<< 221 myvps.mydomain.com
Tested host banner: 220 myvps.mydomain.com ESMTP
System appeared to reject relay attempts
Connection closed by foreign host.
[terung@myvps ~]$

fail2ban: drop the banhammer on those bruteforcer bots from China

Get fail2ban source from http://www.fail2ban.org/wiki/index.php/Downloads.

# tar -xjvf fail2ban-0.8.4.tar.bz2
# cd fail2ban-0.8.4
# python setup.py install

Autostart in RedHat,CentOS,Fedora
# cp files/redhat-initd /etc/init.d/fail2ban
# chkconfig –-add fail2ban
# chkconfig fail2ban on
# service fail2ban start

Copy default conf to jail.local which will override jail.conf, the default conf
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

##########sampleconf##########
[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1
ignoreip = 203.82.1.1/24 x.x.x.x

# "bantime" is the number of seconds that a host is banned.
bantime = 86400

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

[ssh-iptables]

enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=yourmail@mail.com, sender=fail2ban@web.com]
logpath = /var/log/secure
maxretry = 3

[proftpd-iptables]

enabled = true
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=ProFTPD, dest=yourmail@mail.com sender=fail2ban@web.com]
logpath = /var/log/secure
maxretry = 6

# This jail forces the backend to "polling".
#####endsample####
#replace the logpath with the proper path for other distro

# /etc/init.d/fail2ban restart
or,
# service fail2ban restart

And check your iptables:
# iptables -L

If you want to unblock someone just do:
# iptables -D fail2ban-ssh 1

Show failed SSH logins by date:
# cat /var/log/secure | grep ‘Failed password’ | sort | uniq -c

#testing ssh filter
/usr/bin/fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf

If your fail2ban seem to not updating the iptables, please check the fail2ban log. If you received below error, you might have old version of iptables and you need to tweak the fail2ban iptables action config.

fail2ban.action [32091]: ERROR iptables -w -N f2b- iptables -w -I INPUT -p tcp -m multiport --dports 0:65535 -j f2b- -- stderr: "iptables v1.4.7: option -w' requires an argument\nTryiptables -h' or 'iptables --help' for more information.\niptables v1.4.7: option -w' requires an argument\nTryiptables -h' or 'iptables --help' for more information.\niptables v1.4.7: option -w' requires an argument\nTryiptables -h' or 'iptables --help' for more information.\n"

reference: https://serverfault.com/questions/730675/fail2ban-action-error-iptables-w-n-f2b-jail-name

Open this config file /etc/fail2ban/action.d/iptables-common.conf , and comment this line:

lockingopt = -w

also changed this line:

 #iptables = iptables to iptables = iptables


extra reading: http://www.fail2ban.org/wiki/index.php/Main_Page

my xorg.conf for fglrx proprietary driver

I've link how to install ati proprietary driver in the old post. This is my config file after successfully install the driver.

file: /etc/X11/xorg.conf

####Begin

Section "ServerLayout"
Identifier "aticonfig Layout"
Screen 0 "aticonfig-Screen[0]-0" 0 0
EndSection

Section "Files"
EndSection

Section "Module"
EndSection

Section "Monitor"
Identifier "aticonfig-Monitor[0]-0"
Option "VendorName" "ATI Proprietary Driver"
Option "ModelName" "Generic Autodetecting Monitor"
Option "DPMS" "true"
EndSection

Section "Device"
Identifier "Mobility Radeon HD 3400 Series"
Driver "fglrx"
Option "DynamicClocks" "on"
Option "mtrr" "on"
Option "DesktopSetup" "Single"
Option "ScreenOverlap" "0"
Option "VideoOverlay" "on"
Option "OpenGLOverlay" "off"
Option "Stereo" "off"
Option "StereoSyncEnable" "1"
Option "FSAAEnable" "no"
Option "FSAAScale" "1"
Option "FSAADisableGamma" "no"
Option "FSAACustomizeMSPos" "no"
Option "UseFastTLS" "0"
Option "BlockSignalsOnLock" "on"
Option "XAANoOffscreenPixmaps"
Option "AccelMethod" "XAA"
BusID "PCI:1:0:0"
EndSection

Section "Screen"
Identifier "aticonfig-Screen[0]-0"
Device "aticonfig-Device[0]-0"
Monitor "aticonfig-Monitor[0]-0"
DefaultDepth 24
SubSection "Display"
Viewport 0 0
Depth 24
EndSubSection
EndSection

########End

iptables sample ideal for vps

file path: /etc/sysconfig/iptables

This is a sample that you can use for your web hosting/vps. It's pretty basic, really. Kindly uncomment entries that you think you'll need. Make sure you backup your old config in-case a fuck up happens. Else, proceed with caution and have fun!

#######iptables begin
# Generated by iptables-save v1.3.5 on Mon Mar 8 15:30:21 2010
*mangle
:PREROUTING ACCEPT [53641:56160765]
:INPUT ACCEPT [53641:56160765]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [44557:9348034]
:POSTROUTING ACCEPT [44557:9348034]
COMMIT
# Completed on Mon Mar 8 15:30:21 2010
# Generated by iptables-save v1.3.5 on Mon Mar 8 15:30:21 2010
*filter
:INPUT DROP [57:3312]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:VZ_FORWARD - [0:0]
:VZ_INPUT - [0:0]
:VZ_OUTPUT - [0:0]
-A INPUT -j VZ_INPUT
-A FORWARD -j VZ_FORWARD
-A OUTPUT -j VZ_OUTPUT
### allow incoming icmp
-A VZ_INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A VZ_INPUT -p icmp -s 0/0 -d -j DROP
#
# Drop stealth scans
-A VZ_INPUT -i -s -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE
-A VZ_INPUT -i -s -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN
-A VZ_INPUT -i -s -p tcp -m tcp --tcp-flags SYN,RST SYN,RST
-A VZ_INPUT -i -s -p tcp -m tcp --tcp-flags FIN,RST FIN,RST
-A VZ_INPUT -i -s -p tcp -m tcp --tcp-flags ACK,FIN FIN
-A VZ_INPUT -i -s -p tcp -m tcp --tcp-flags ACK,URG URG
#
-A VZ_INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A VZ_INPUT -p udp -m udp --dport 53 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 32768:65535 -j ACCEPT
-A VZ_INPUT -p udp -m udp --dport 32768:65535 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 8880 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
-A VZ_INPUT -s 127.0.0.1 -d 127.0.0.1 -p tcp -j ACCEPT
-A VZ_INPUT -s 127.0.0.1 -d 127.0.0.1 -p udp -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 20:21 -j ACCEPT
-A VZ_INPUT -p tcp -m tcp --dport 32768:65535 -j ACCEPT
#########################################################
# Drop all incoming malformed XMAS packets
-A VZ_INPUT -p tcp --tcp-flags ALL ALL -j DROP
# Drop all incoming malformed NULL packets
-A VZ_INPUT -p tcp --tcp-flags ALL NONE -j DROP
# Bad incoming source ip address 0.0.0.0/8
-A VZ_INPUT -s 0.0.0.0/8 -j DROP
#if you're using local communication, comment this.
#i'm not sure if it will disturb it, but just in case..
# Bad incoming source ip address 127.0.0.0/8
#-A VZ_INPUT -s 127.0.0.0/8 -j DROP
# Bad incoming source ip address 10.0.0.0/8
-A VZ_INPUT -s 10.0.0.0/8 -j DROP
# Bad incoming source ip address 172.16.0.0/12
-A VZ_INPUT -s 172.16.0.0/12 -j DROP
# Bad incoming source ip address 192.168.0.0/16
-A VZ_INPUT -s 192.168.0.0/16 -j DROP
# Bad incoming source ip address 224.0.0.0/3
-A VZ_INPUT -s 224.0.0.0/3 -j DROP
#######################################################
#allow outgoing icmp
-A VZ_OUTPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#
-A VZ_OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 25 -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 110 -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A VZ_OUTPUT -p udp -m udp --sport 53 -j ACCEPT
-A VZ_OUTPUT -p tcp -j ACCEPT
-A VZ_OUTPUT -p udp -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 8880 -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 8443 -j ACCEPT
-A VZ_OUTPUT -s 127.0.0.1 -d 127.0.0.1 -p tcp -j ACCEPT
-A VZ_OUTPUT -s 127.0.0.1 -d 127.0.0.1 -p udp -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 20:21 -j ACCEPT
-A VZ_OUTPUT -p tcp -m tcp --sport 32768:65535 -j ACCEPT
COMMIT
# Completed on Mon Mar 8 15:30:21 2010
# Generated by iptables-save v1.3.5 on Mon Mar 8 15:30:21 2010
*nat
:PREROUTING ACCEPT [6142:368537]
:POSTROUTING ACCEPT [315:20384]
:OUTPUT ACCEPT [315:20384]
COMMIT
# Completed on Mon Mar 8 15:30:21 2010
####iptables-end#

That's all. Restart iptables after editing.

/etc/init.d/iptables restart

Sources:

http://www.homepage.montana.edu/~unixuser/031705/iptables.fedora.html
http://bash.cyberciti.biz/security/linux-virtuozzo-vps-firewall-script-2/
http://forums.vpslink.com/linux/865-iptables-error-weird-character-interface-venet0-0-a.html

Install debian lenny on my Toshiba Satellite M300 P4317

Laptop specification:

CPU INTEL
LCD Size 14.1
RESOLUTION 1,280 x 800
Weight 2.35kg
RAM 1024MB DDR2 SDRAM (upgraded to 3GB)
HDD/SSD 200
Webcam YES
CPU Model Intel® CoreTM2 Duo Processor T8600 (2.26GHz, 3MB L2 Cache, 1066MHz FSB)
Video ATI Mobility Radeon HD 3470 up to 893MB total available graphics -128MB dedicated
ODD DVD SuperMulti Double Layer Drive (DVD ± RW/RAM) with LabelFlashTM Technology
Wireless LAN Intel® WiFi Link 5100AGN (802.11agn)
LAN 10/100/1000Mbps Gigabit LAN
Card Reader 5-in-1 Card Reader
Bluetooth Bluetooth V2.1 w/ Enhanced Data Rate

Steps summary:


1. Download a 1 cd image debian-504-amd64-xfce+lxde-CD-1.iso from http://www.debian.org/CD/http-ftp/ (netinstall failed on me earlier, because i choose a dead mirror. But maybe my net is down too, not really sure ) LXDE is openbox-based windows manager.

2. Installation is straight forward, during partitioning, choose manual and delete my previous ubuntu partition, / (root). no need to delete /swap 1.5G (half of your total ram, i think) . After delete it, create /home 28G and / 6.5G. Commit changes.

3. Around 400+ packages get installed. Disable the network update because i'm a paranoid. After finished, rebooted.

swordfish@protoss-emperor:~$ uname -a;date;uptime
Linux protoss-emperor 2.6.26-2-amd64 #1 SMP Tue Jan 12 22:12:20 UTC 2010 x86_64 GNU/Linux
Wed Feb 24 14:02:41 MYT 2010
14:02:41 up 13:52, 5 users, load average: 0.12, 0.28, 0.19

4. Panic attack, because i get a black screen, but i can hear the login menu sound. Ctrl+Alt+F1 and tried to restart gdm from tty1, still no display. Damn. Check on my dad's laptop, looks like it's a problem with the default setting in /etc/X11/xorg.conf. My config file is a blank template! lol.

5. Edit /etc/apt/sources.list. Commented the cdrom sources. Add some proper sources.

#
# deb cdrom:[Debian GNU/Linux 5.0.4 _Lenny_ - Official amd64 xfce+lxde-CD Binary-1 20100131-22:54]/ lenny main

#deb cdrom:[Debian GNU/Linux 5.0.4 _Lenny_ - Official amd64 xfce+lxde-CD Binary-1 20100131-22:54]/ lenny main

#backport
deb http://www.backports.org/debian lenny-backports main contrib non-free

# Testing
deb http://http.us.debian.org/debian/ lenny main contrib non-free
# Testing Sources
deb-src http://http.us.debian.org/debian/ lenny main contrib non-free
#Security
#deb http://security.debian.org/ testing/updates main

#DEBIAN MULTIMEDIA
deb http://www.debian-multimedia.org/ lenny main

#deb http://security.debian.org/ lenny/updates main
#deb-src http://security.debian.org/ lenny/updates main

# Line commented out by installer because it failed to verify:
#deb http://volatile.debian.org/debian-volatile lenny/volatile main
# Line commented out by installer because it failed to verify:
#deb-src http://volatile.debian.org/debian-volatile lenny/volatile main

Refer this: multimedia/backport http://dreamlinuxforums.org/index.php?topic=4012.0

6. Install ssh-server. ssh in from my dad's laptop, so i can refer to the guide from his laptop. Compile and install proprietary ATI driver http://wiki.debian.org/ATIProprietary . Restart gdm. Saw the login screen :D Pheww.



7. ntfs-3g for my NTFS ext drives and vista partitions http://beginlinux.wordpress.com/2009/03/18/mounting-an-ntfs-drive-in-debian/

7.5. Rsync /home ( i don't have a separate /home before, so i backup it into my ext hdd)

8. Install wicd, lightweight connection manager if you want http://www.debianadmin.com/wicd-easy-network-connection-manager-in-debian.html

9. Remove faulty kernel ( i tried to get my wireless working by compiling a new kernel, but it hosed up my display, crash on loading gdm) dpkg --purge linux-image-NNN

10. Install flash apt-get install flashplugin-nonfree ( for facebook fishville :D )

11. Pidgin. apt ( for useless chit chat)

12. Japanese/korean fonts (for my addiction) - apt-get install ttf-sazanami-mincho - apt-get install ttf-unfonts

13. Mplayer from apt ( i'm really suprised, what a solid build :O)

14. Turn off terminal beep (because it's annoying :P) http://www.debuntu.org/how-to-turn-off-virtual-console-beep

15. Change default browser (if you want google-chrome or opera) http://wiki.lxde.org/en/LXDE:Questions#How_do_I_change_my_default_browser.3F

16. Clickable irssi links (for irc addiction). Get rxvt-unicode http://geekosphere.org/726/urxvt-tips-transparency-deamonized-clickable-links/

17. Music! Get herrie cli-based mp3 player with last.fm support apt

18. Etc etc - more lxde compatible apps http://forum.lxde.org/viewtopic.php?t=9&f=7

19. Compiling packages (i need notecase http://notecase.sourceforge.net/download.html for my notes, read the readme.txt for additional packages needed) http://users.telenet.be/mydotcom/howto/linux/package02.htm

20. Still needs some more apps for my likings. All the above would be sufficient for normal daily use. Enjoy your debian!

extra:
http://wiki.lxde.org/en/How_to_make_screenshots
dmesg http://pastebin.com/KZwi6Nvc
lspci http://pastebin.com/rm15iSJr

matahari 10

Hari ni try install solaris 10 dalam virtualbox kat ubuntu aku ( otai2 panggil obontot). Option no 3 desktop console, aku pakai no 4, console jugak tapi dah lupa nama apa. Pakai default option lambat sikit, sebab gui. Mula2 aku install full package. Lama gak tunggu nak habis.

Tips nak bagi cepat install:

1. Pilih no networking - aku rasa dia akan scan network utk check update, masa 1st install aku pakai gui, macam hang kejap dekat sini.

Lepas aku install 1st time, aku delete balik harddisk. Tapi sebelum tu aku tanya burung:

19:33 <@ b> svcs |grep cde
19:33 <@ w> aku dah delete dah harddisk die
19:33 <@ w> ahahahaa
19:33 <@ b> nanti kau nampak cde-login , pastu kau disable kan svcadm disable
19:33 <@ b> chait

Ah, cepat sangat tangan mendelete. Takpe, install balik. Kali ni pilih full jugak, lepas tu edit packages, buang semua gui (gnome,cde,xwindows) staroffice, evolution, firefox, dll. Pilih zfs, sebab nak testing. Setting lain semua straight forward, macam region, local, timezone etc. Dah habis install, dia akan unmount cd pastu reboot. Kalau korang dah pilih auto untuk dua-dua tu, biar je dia reboot.

Bila boot balik, macam lama skit loading. Ram aku letak 512MB, sebab tu slow skit. Ok, dah siap. Login. Default shell tak sure plak ape, cam tak best. Pakai bash, senang. Tapi ada problem sket. takde pipe | . Memang pening la. Nak kena remap balik layout. Key lain semua betul, kalau tekan pipe keluar ~. Haha. Ok, cukup dulu. Nanti aku sambung.