Admins eHow SysAdmin Tips & Tricks

September 26, 2011

Gateway on a different subnet on Linux

Filed under: Debian,General,linux — Tags: , , , , , — admin @ 7:50 am

Theoretically host IP and gateway should be on the same IP subnet. but there are some situations where host IP and gateway subnet are on different subnets. like my situation today. I was assigned two additional IPs for my server by my Data-center, but IPs were from a different subnet compared to server main IP. these IPs will work if you set them as additional IPs. but I needed them to create two new VPS’s on my server with bridged network interface. in this situation additional IPs should serve as main IP address and there is no gateway on same subnet available.
So here are the assumptions :

a.b.c.d is the host IP
e.f.g.h is the gateway IP
a.b.c.d & e.f.g.h are on different subnets.

by default if you try to set gateway by following command :

route add default gw e.f.g.h

you will get this error :

SIOCADDRT: No such process

the trick is simple , first add a route to default gateway itself and then set the default gateway , like this :

route add e.f.g.h/32 dev eth0
route add default gw e.f.g.h

remember you may need to change eth0 to your device name , it may be eth1 or wlan0 or anything.

How to make these route changes persistent ?

For Debian/Ubuntu :
Add the following lines to /etc/network/interfaces :

post-up route add e.f.g.h/32 dev eth0
post-up route add default gw e.f.g.h

September 19, 2011

Steve Jobs’ 2005 Stanford Commencement Address – Must See

Filed under: Apple,General — Tags: , , — admin @ 8:25 pm

If you read my blog , you will know that I am not a fan of Apple. In fact I fight against its dominance and its policies.but I really admire this man, Steve Jobs. He deserves what he has acquired.
I recommend everyone to listen to this speech very carefully several times and make use of advises of this man. What he says and recommends in life is very true and useful.

Watch here :
Steve Jobs' 2005 Stanford Commencement Address

The text of speech :
‘You’ve got to find what you love,’ Jobs says

September 14, 2011

An analysis of recent security breach to DigiNotar and Man-In-The-Middle attack to Iranian users

Filed under: General,Security — Tags: , , , , , , , — admin @ 9:23 am

As I have received several requests from Iranian readers of my blog, I have done some analysis on recent DigiNotar security breach and MITM attack to Iranian users.
This analysis is based on Fox-IT interim report of breach. You can download the complete report in PDF Format from the following link :
http://www.adminsehow.com/wp-content/uploads/2011/09/rapport-fox-it-operation-black-tulip-v1-0.pdf

What is MITM attack and how to prevent it ?
MITM stands for Man-In-The-Middle. it simply means someone stands between you and destination and intercepts or modifies your communication. it is quite easy when communication is not encrypted.
SSL protocol is originally invented to address this issue. The idea is that a trusted Authority (CA) authenticates the identity of destination and by using some cryptography protocols your connection to authentic destination becomes encrypted and impossible to intercept or modify.
It has been shown that the cryptography methods like AES or RC4 which are employed to encrypt the data are quite effective and very hard to crack. so the easier solution is to attack the base of trust model, the trusted authorities (CA). In this kind of attacks, hackers break into CA systems and forge valid certificates for themselves so they can impersonate themselves as authentic destinations and intercept the data. this kind of attack is used in both recent incidents, Commodo and DigiNotar.
Although the protocol is almost safe itself, unfortunately many of these CAs are vulnerable themselves making the whole process vulnerable.
The FOX-IT report indicates the DigiNotar systems were using Windows (Which is vulnerable in nature) and passwords has been crackable through brute-force attack. (More on this later)

To understand it better, I have created a diagram of recent MITM attack to Iranian users with the goal of intercepting communications between them and Google. the attackers have been able to gain access to Google accounts of users through this attack :

This diagram is self-explanatory. The attacker in middle impersonates itself as Google and establishes a secure connection to the user which is signed by DigiNotar CA. Although the connection is still secure, but users have a secure connection to the attacker, not real Google. so attacker has access to all information sent by user, including username, passwords, cookies and etc.
(more…)

September 12, 2011

The Start of the End for Apple iPhone

Filed under: Android,Apple,iPhone — Tags: , , — admin @ 7:37 am

It seems the start of the End of Apple iPhone has begun. After few years of fruit style glory and ripping off the the customers. Our beloved open source Android is going to put an end to it.
The signs are very clear, Apple does not introduce its new iPhone based on its custom. seems fruit company has nothing significant to offer so decides to offer nothing. if you don’t play , you won’t lose. iSheeps becomes depressed and speculate the new iPhone will be released in September or October. Apple prefers to stay quiet as always based on its marketing strategy. they try to keep the iSheeps fed and excited. so they can be ripped off later.
The anticipated date for releasing iPhone 5 is closing , Steve Jobs steps down as CEO. leaving the fruit company in glory and as a hero. others are to be blamed later.
September comes, still no sign of iPhone 5. this phone has become obsolete before its release. its rival Samsung Galaxy S II is equipped with a Dual core 1.2Ghz CPU. at the best scenario iPhone 5 will be equipped with a A5 CPU made by Samsung with a clock of 1Ghz ! yet more to come, Samsung announces its next dual core 1.5Ghz smart phone will be released in next quarter. Apple is almost a year behind now. Google announces the Android based Nexus Prime will be released very soon. Apple is completely knocked out now, unable to compete in the field, sends its legion of lawyers to war.
3 major US operators Sprint, Verizon and AT&T desperate of Apple actions, decide to offer iPhone 5 rival Samsung Galaxy SII.
Statistics start to leak from research companies. Apple is not only losing the in field but also loses market share very fast.

The stats are very clear , by July 2011, Android is dominating the US market share by 42% compared to 27% Apple. the stats should have become worse for Apple by now.
If you are an iSheep reading this article , I recommend you to turn on your brain and start using it. The start of The End of iPhone has begun and clock is ticking.
Join the wave NOW ! Confess to your Sins and promise you will NEVER ripped off again by fruit company. You will be sent to Android heaven.

Edit : Seems I have had high hopes for iSheeps , there is no way to save them ! here is a response from an iSheep :

Oh I am deeply impressed 🙁
I confess to all my sins :(( I was innocent but one day when i was sick, a bad doc at hospital told me an Apple a day keeps the doctor away and involved me to this Fu… fruit lovers wave 🙁
I declare that I would not trust that doc. I’m regret and i want to apply for that anti fruit wave which you mentioned on your blog.
I give you my word that I will never ever let that fruit company to ripoff me again.
So i won’t buy any fruit company product anymore, down with apple , down with peach , down with Kivi , down with pineapple and banana. (Except watermelon which i’m in love with it, Sorry!)
Long live Pepsi and that anti fruit wave.

September 9, 2011

Install Apache2 + PHP5 on Debian

Filed under: Apache,Debian,PHP — Tags: , , , , — admin @ 8:16 am

Very Simple…

apt-get install libapache2-mod-php5
/etc/init.d/apache2 restart

Xen – PyGrub – warning: grub-probe can’t find drive for /dev/xvda1

Filed under: Debian — Tags: , , , , , , , — admin @ 8:05 am

If you get following while doing “apt-get upgrade” on Debian Squeeze :

Setting up linux-image-2.6.32-5-amd64 (2.6.32-35squeeze1) ...
Running depmod.
Running update-initramfs.
update-initramfs: Generating /boot/initrd.img-2.6.32-5-amd64
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 2.6.32-5-amd64 /boot/vmlinuz-2.6.32-5-amd64
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 2.6.32-5-amd64 /boot/vmlinuz-2.6.32-5-amd64
Searching for GRUB installation directory ... found: /boot/grub
warning: grub-probe can't find drive for /dev/xvda1.
grub-probe: error: cannot find a GRUB drive for /dev/xvda1. Check your device.map.
run-parts: /etc/kernel/postinst.d/zz-update-grub exited with return code 1
Failed to process /etc/kernel/postinst.d at /var/lib/dpkg/info/linux-image-2.6.32-5-amd64.postinst line 799, line 2.
dpkg: error processing linux-image-2.6.32-5-amd64 (--configure):
subprocess installed post-installation script returned error exit status 2

The solution is :

Run…

echo '(hd0) /dev/xvda' > /boot/grub/device.map
mknod /dev/xvda b 202 0

Edit /usr/sbin/update-grub :
Change…

find_device ()
{
if ! test -e ${device_map} ; then
echo quit | grub --batch --no-floppy --device-map=${device_map} > /dev/null
fi
grub-probe --device-map=${device_map} -t device $1 2> /dev/null
}

to…

find_device ()
{
if ! test -e ${device_map} ; then
echo quit | grub --batch --no-floppy --device-map=${device_map} > /dev/null
fi
#grub-probe --device-map=${device_map} -t device $1 2> /dev/null
echo /dev/xvda
}

Run…

update-grub 0
sed -i "s/xvda/xvda1/g" /boot/grub/menu.lst

Everything should be fixed now.

References :
http://www.sysadmintalk.net/forums/Thread-PyGrub-grub-probe-can-t-find-drive-for-dev-xvda1-error-Debian-Squeeze
http://lists.bitfolk.com/lurker/message/20080529.142153.954fedf4.el.html

September 5, 2011

IPTables packet traverse map

Filed under: CentOS,Debian,General,linux,Security — Tags: , , , , , — admin @ 7:23 am

1.

(more…)

Powered by WordPress