Damian Zaremba

RADIUS authentication on a HP GbE2c L2/L3 Blade Switch

Posted on April 1, 2012 by Damian

To configure a HP GbE2c L2/L3 Ethernet Blade Switch for RADIUS authentication you need to use radius-server with the following syntax.

radius-server primary-host serverIp
radius-server primary-host serverIp key "SecretKeyHere"
radius-server port 1812
radius-server timeout 10
radius-server enable
no radius-server telnet-backdoor
radius-server secure-backdoor

The first and second lines setup the server/key to authenticate against.

The third/forth defines the port/timeout for the server we configured in the first lines.

The last 3 then enable the server and enable a backdoor so we can authenticate against the switch if the RADIUS server is down.

Categories: How-to, Software, Work | Tags: authentication, hp, network, radius, switch

RADIUS authentication on a HP ProCurve switch

Posted on April 1, 2012 by Damian

No Comments

To configure a HP ProCurve switch for RADIUS authentication you need to use radius-server with the following syntax.

radius-server host serverIp key "SecretKeyHere"

Once this is setup you need to configure the switch to authenticate against the radius server.

aaa authentication login privilege-mode
aaa authentication console login radius local
aaa authentication console enable radius local
aaa authentication telnet login radius local
aaa authentication telnet enable radius local
aaa authentication web login radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

We include the local option so that in the event of the RADIUS server being down we can still authenticate.

Categories: How-to, Software, Work | Tags: authentication, hp, network, radius, switch

NTP on a HP GbE2c L2/L3 Blade Switch

Posted on March 18, 2012 by Damian

No Comments

To configure a HP GbE2c L2/L3 Ethernet Blade Switch for HP c-Class BladeSystem, you need to use NTP with the following syntax.

ntp enable
ntp timezone 0
ntp primary-server <ip>
ntp secondary-server <ip>

The first line enables NTP, the second tells the switch to use GMT+0 and the third/forth tells the switch which servers to sync with.

This needs to be done in configure mode which can be got into via enable mode.

enable
configure

Now ensure the switch timezone is correct, the command for this is slightly obnoxious. Below is an example of setting it to GB:

Switch(config)# system timezone
Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
 1) Africa
 2) Americas
 3) Antarctica
 4) Arctic Ocean
 5) Asia
 6) Atlantic Ocean
 7) Australia
 8) Europe
 9) Indian Ocean
10) Pacific Ocean
11) None - disable timezone setting
#? 8
Please select a country.
 1) Albania               16) Gibraltar     31) Poland
 2) Andorra               17) Greece        32) Portugal
 3) Austria               18) Hungary       33) Romania
 4) Belarus               19) Ireland       34) Russia
 5) Belgium               20) Italy         35) San Marino
 6) Bosnia & Herzegovina  21) Latvia        36) Slovakia
 7) Britain (UK)          22) Liechtenstein 37) Slovenia
 8) Bulgaria              23) Lithuania     38) Spain
 9) Croatia               24) Luxembourg    39) Sweden
10) Czech Republic        25) Macedonia     40) Switzerland
11) Denmark               26) Malta         41) Turkey
12) Estonia               27) Moldova       42) Ukraine
13) Finland               28) Monaco        43) Vatican City
14) France                29) Netherlands   44) Yugoslavia
15) Germany               30) Norway
#? 7
Please select one of the following time zone regions.
1) Great Britain
2) Northern Ireland
#? 1
System timezone set to : Europe/Britain/GB

Lastly just save the changes then logout

copy run start
logout

A full example of this is below:

Switch> en
Switch# conf t
Switch(config)# ntp enable
Switch(config)# ntp timezone 0
Switch(config)# ntp primary-server 79.142.192.4
Switch(config)# ntp secondary-server 217.147.208.1
Switch(config)# exit
Switch# copy run start
Switch# logout

Your switches should now keep their time in sync :)

Categories: How-to | Tags: hp, network, ntp, sntp, switch

SNTP on a HP ProCurve switch

Posted on March 18, 2012 by Damian

No Comments

Configuring NTP for switches is a rather simple process, however the syntax varies depending on the switch OS.

Most switches use SNTP rather than NTP, SNTP is basically NTP but lacks some of the more advanced internal algorithms and is slightly less accurate.

To configure a ProCurve you need to use SNTP with the following syntax.

sntp server <ip>
sntp unicast
timesync sntp

The first line defines what IP to sync with, the second tells the switch to use unicast UDP rather than TCP and the third tells the switch to sync it’s time with the SNTP server.

This needs to be done in configure mode which can be got into via enable mode.

enable
configure

Once the switch is syncing with the SNTP server you can check the time is correct with

show time

Lastly just save the changes then logout

write mem
logout

A full example of this is below:

Switch> en
Switch# conf
Switch(config)# sntp server 79.142.192.4
Switch(config)# sntp unicast
Switch(config)# timesync sntp
Switch(config)# exit
Switch# write mem
Switch# logout

Your switches should now keep their time in sync :)

Categories: How-to | Tags: hp, network, ntp, sntp, switch

Restricting access to EdgeCast nodes

Posted on November 2, 2011 by Damian

No Comments

Today one of our clients published a mix track that was around 140mb, hosted on their account. This was no problem until he started to get hundreds of people downloading the mix which resulted in silly amounts of bandwidth being used.

We quickly had to move him on to the CDN to ensure the traffic impact wasn’t affecting performance for him or others as well as reduce his bandwidth charges substantially.

Once the CDN was all set up and the content pushed out onto the nodes we started to send traffic over.

Due to the impact of social media and people linking directly to the content we had to devise a plan to enable access to the content for the CDN but redirect anyone linking directly to the CDNified subdomain.

In comes mod_rewrite. Now it appears EdgeCast don’t publish their IP ranges in any format that helps my sanity, they are in fact published in a html table. To find them, login to my.edgecast.com, browse to HTTP Large, click on Customer Origin and scroll down to the bottom.

Linux to the rescue! First we just copy the list into a file:

[damian@finnix ~]$ cat > edgecast_ranges
Asia Hong Kong 117.18.234.0 - 117.18.234.255
110.232.176.0 - 110.232.176.255
Asia Singapore 117.18.236.0 - 117.18.236.255
46.22.71.0 - 46.22.71.255
Asia Tokyo 117.18.233.0 - 117.18.233.255
110.232.177.0 - 110.232.177.255
Australia Sydney 117.18.235.0 - 117.18.235.255
110.232.179.0 - 110.232.179.255
Europe Amsterdam 93.184.208.0 - 93.184.208.255
93.184.209.0 - 93.184.209.255
93.184.217.0 - 93.184.217.255
46.22.70.0 - 46.22.70.255
46.22.72.0 - 46.22.73.255
Europe Frankfurt 72.21.89.0 - 72.21.89.255
93.184.212.0 - 93.184.212.255
93.184.213.0 - 93.184.213.255
Europe London 72.21.90.0 - 72.21.90.255
93.184.210.0 - 93.184.210.255
93.184.211.0 - 93.184.211.255
46.22.74.0 - 46.22.75.255
Europe Madrid 46.22.66.0 - 46.22.67.255
Europe Paris 93.184.214.0 - 93.184.214.255
North America Ashburn 72.21.83.0 - 72.21.83.255
68.232.36.0 - 68.232.36.255
North America Atlanta 72.21.88.0 - 72.21.88.255
72.21.93.0 - 72.21.93.255
North America Chicago 72.21.87.0 - 72.21.87.255
68.232.38.0 - 68.232.38.255
North America Dallas 72.21.86.0 - 72.21.86.255
68.232.39.0 - 68.232.39.255
North America Los Angeles 72.21.84.0 - 72.21.84.255
68.232.40.0 - 68.232.40.255
72.21.94.0 - 72.21.94.255
93.184.218.0 - 93.184.218.255
46.22.69.0 - 46.22.69.255
North America Miami 46.22.64.0 - 46.22.65.255
North America New York 72.21.95.0 - 72.21.95.255
68.232.37.0 - 68.232.37.255
North America San Jose
North America San Jose 72.21.82.0 - 72.21.82.255
68.232.41.0 - 68.232.41.255
North America Seattle 72.21.85.0 - 72.21.85.255
Other N/A 72.21.80.0 - 72.21.80.255
72.21.81.0 - 72.21.81.255
72.21.91.0 - 72.21.91.255
72.21.92.0 - 72.21.92.255
117.18.232.0 - 117.18.232.255
93.184.221.0 - 93.184.221.255
93.184.220.0 - 93.184.220.255
93.184.219.0 - 93.184.219.255
117.18.237.0 - 117.18.237.255
93.184.215.0 - 93.184.215.255
93.184.216.0 - 93.184.216.255
68.232.32.0 - 68.232.32.255
68.232.33.0 - 68.232.33.255
68.232.34.0 - 68.232.34.255
68.232.35.0 - 68.232.35.255
68.232.42.0 - 68.232.42.255
68.232.43.0 - 68.232.43.255
68.232.44.0 - 68.232.44.255
68.232.45.0 - 68.232.45.255
68.232.46.0 - 68.232.46.255
68.232.47.0 - 68.232.47.255
93.184.222.0 - 93.184.222.255
93.184.223.0 - 93.184.223.255
110.232.178.0 - 110.232.178.255
117.18.237.0 - 117.18.237.255
117.18.238.0 - 117.18.238.255
117.18.239.0 - 117.18.239.255

Next we need to clear out all the names etc that are randomly dumped in the file:

[damian@finnix ~]$ sed -i 's/^.*\s.*\s//g' edgecast_ranges # Get rid of place names
[damian@finnix ~]$ sed -i '/^\s*$/d' edgecast_ranges # Get rid of blank lines

Now let’s actually turn these IP ranges into something Apache can understand (they are all /24′s so we can cheat):

[damian@finnix ~]$ sed -i 's/^/RewriteCond %{REMOTE_ADDR} !^/g' edgecast_ranges # Add the rewrite cond
[damian@finnix ~]$ sed -i 's/\.255$/.*$/g' edgecast_ranges # Add the wildcard

Now let’s create the actual htaccess file:

[damian@finnix ~]$ echo 'RewriteEngine On' >> .htaccess
[damian@finnix ~]$ cat edgecast_ranges >> .htaccess
[damian@finnix ~]$ echo 'RewriteRule ^downloads/(.*)$ http://media.example.com/$1 [R,L]' >> .htaccess

You should end up with something looking like this:

RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^117.18.234.*$
RewriteCond %{REMOTE_ADDR} !^110.232.176.*$
RewriteCond %{REMOTE_ADDR} !^117.18.236.*$
RewriteCond %{REMOTE_ADDR} !^46.22.71.*$
RewriteCond %{REMOTE_ADDR} !^117.18.233.*$
RewriteCond %{REMOTE_ADDR} !^110.232.177.*$
RewriteCond %{REMOTE_ADDR} !^117.18.235.*$
RewriteCond %{REMOTE_ADDR} !^110.232.179.*$
RewriteCond %{REMOTE_ADDR} !^93.184.208.*$
RewriteCond %{REMOTE_ADDR} !^93.184.209.*$
RewriteCond %{REMOTE_ADDR} !^93.184.217.*$
RewriteCond %{REMOTE_ADDR} !^46.22.70.*$
RewriteCond %{REMOTE_ADDR} !^46.22.72.*$
RewriteCond %{REMOTE_ADDR} !^72.21.89.*$
RewriteCond %{REMOTE_ADDR} !^93.184.212.*$
RewriteCond %{REMOTE_ADDR} !^93.184.213.*$
RewriteCond %{REMOTE_ADDR} !^72.21.90.*$
RewriteCond %{REMOTE_ADDR} !^93.184.210.*$
RewriteCond %{REMOTE_ADDR} !^93.184.211.*$
RewriteCond %{REMOTE_ADDR} !^46.22.74.*$
RewriteCond %{REMOTE_ADDR} !^46.22.66.*$
RewriteCond %{REMOTE_ADDR} !^93.184.214.*$
RewriteCond %{REMOTE_ADDR} !^72.21.83.*$
RewriteCond %{REMOTE_ADDR} !^68.232.36.*$
RewriteCond %{REMOTE_ADDR} !^72.21.88.*$
RewriteCond %{REMOTE_ADDR} !^72.21.93.*$
RewriteCond %{REMOTE_ADDR} !^72.21.87.*$
RewriteCond %{REMOTE_ADDR} !^68.232.38.*$
RewriteCond %{REMOTE_ADDR} !^72.21.86.*$
RewriteCond %{REMOTE_ADDR} !^68.232.39.*$
RewriteCond %{REMOTE_ADDR} !^72.21.84.*$
RewriteCond %{REMOTE_ADDR} !^68.232.40.*$
RewriteCond %{REMOTE_ADDR} !^72.21.94.*$
RewriteCond %{REMOTE_ADDR} !^93.184.218.*$
RewriteCond %{REMOTE_ADDR} !^46.22.69.*$
RewriteCond %{REMOTE_ADDR} !^46.22.64.*$
RewriteCond %{REMOTE_ADDR} !^72.21.95.*$
RewriteCond %{REMOTE_ADDR} !^68.232.37.*$
RewriteCond %{REMOTE_ADDR} !^72.21.82.*$
RewriteCond %{REMOTE_ADDR} !^68.232.41.*$
RewriteCond %{REMOTE_ADDR} !^72.21.85.*$
RewriteCond %{REMOTE_ADDR} !^72.21.80.*$
RewriteCond %{REMOTE_ADDR} !^72.21.81.*$
RewriteCond %{REMOTE_ADDR} !^72.21.91.*$
RewriteCond %{REMOTE_ADDR} !^72.21.92.*$
RewriteCond %{REMOTE_ADDR} !^117.18.232.*$
RewriteCond %{REMOTE_ADDR} !^93.184.221.*$
RewriteCond %{REMOTE_ADDR} !^93.184.220.*$
RewriteCond %{REMOTE_ADDR} !^93.184.219.*$
RewriteCond %{REMOTE_ADDR} !^117.18.237.*$
RewriteCond %{REMOTE_ADDR} !^93.184.215.*$
RewriteCond %{REMOTE_ADDR} !^93.184.216.*$
RewriteCond %{REMOTE_ADDR} !^68.232.32.*$
RewriteCond %{REMOTE_ADDR} !^68.232.33.*$
RewriteCond %{REMOTE_ADDR} !^68.232.34.*$
RewriteCond %{REMOTE_ADDR} !^68.232.35.*$
RewriteCond %{REMOTE_ADDR} !^68.232.42.*$
RewriteCond %{REMOTE_ADDR} !^68.232.43.*$
RewriteCond %{REMOTE_ADDR} !^68.232.44.*$
RewriteCond %{REMOTE_ADDR} !^68.232.45.*$
RewriteCond %{REMOTE_ADDR} !^68.232.46.*$
RewriteCond %{REMOTE_ADDR} !^68.232.47.*$
RewriteCond %{REMOTE_ADDR} !^93.184.222.*$
RewriteCond %{REMOTE_ADDR} !^93.184.223.*$
RewriteCond %{REMOTE_ADDR} !^110.232.178.*$
RewriteCond %{REMOTE_ADDR} !^117.18.237.*$
RewriteCond %{REMOTE_ADDR} !^117.18.238.*$
RewriteCond %{REMOTE_ADDR} !^117.18.239.*$
RewriteRule ^downloads/(.*)$ http://media.example.com/$1 [R,L]

If you browse to http://example.com/downloads/ you should be redirected to http://media.example.com/ unless you are coming from an Edgecast IP range.

Now you can go back to reading slashdot ;)

Categories: Apache | Tags: apache, cat, cdn, edgecast, linux, mod_rewrite, sed

Changing the MySQL client prompt

Posted on August 25, 2011 by Damian

No Comments

It is quite easy to get lost in MySQL when working between a lot of databases.

While you can find out which database you are in, it soon becomes quite irritating having to type

mysql> select database();

+------------------+
| database() |
+------------------+
| test_database |
+------------------+
1 row in set (0.01 sec)

The simplest way to solve this and make life easier, is to change the prompt to include the info!
Simple edit the [mysql] section of your my.cnf file and add the prompt option:

[client]
host = "localhost"
user = "mehuser"
pass = "someubersecurepassword"
prompt=mysql [\\u@\\h - \\d]>

Now when you use the client the prompt will show mysql [<user>@<host> - <database>]>:

mysql [test1@localhost - test_database]>

No more getting confused! If you don’t have access to /etc/my.cnf then use ~/.my.cnf, I usually stick the connection details in there as well – then you can have huge passwords and never have to type/remember them:

[client]
host = "localhost"
user = "mehuser"
pass = "someubersecurepassword"
prompt=mysql [\\u@\\h - \\d]>

Categories: FOSS, Knowledge Base, Linux, MySQL | Tags: my.cnf, mysql, prompt

Changing WordPress tag to category?

Posted on August 25, 2011 by Damian

No Comments

While there appears to be plugins for converting categories to tags, I can’t for the life of me find one to convert tags to categories.

After a quick poke around in the database it seem quite simple to convert between the two.
Note: This /seems/ to work however it might kick you in the face and break stuff.

First find out your “term” id (category or tag):

mysql> SELECT * FROM `terms` WHERE `slug` = 'snippets';
+---------+----------+----------+------------+
| term_id | name | slug | term_group |
+---------+----------+----------+------------+
| 171 | Snippets | snippets | 0 |
+---------+----------+----------+------------+
1 row in set (0.00 sec)

Now look in the taxonomy table and find out its details:

mysql> SELECT * FROM `term_taxonomy` WHERE `term_id` = 171;
+------------------+---------+----------+-------------+--------+-------+
| term_taxonomy_id | term_id | taxonomy | description | parent | count |
+------------------+---------+----------+-------------+--------+-------+
| 174 | 171 | post_tag | | 0 | 17 |
+------------------+---------+----------+-------------+--------+-------+
1 row in set (0.00 sec)

As you can see it is currently a “post_tag”.

To change it to a category change the “taxonomy” field to “category”:

mysql> UPDATE `term_taxonomy` SET `taxonomy` = 'category' WHERE `term_id` = 171;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

Or to change it from a category to a tag then change the “taxonomy” field to “post_tag”:

mysql> UPDATE `term_taxonomy` SET `taxonomy` = 'post_tag' WHERE `term_id` = 171;
Query OK, 1 row affected (0.02 sec)
Rows matched: 1 Changed: 1 Warnings: 0

Categories: FOSS, How-to, Software, Wordpress | Tags: category to tag, mysql, tag to category, wordpress

Spoon!

Posted on August 23, 2011 by Damian

No Comments

It still needs some work to smooth out the handle and round the top off as well as sanding the dip out but I’ve made a pretty decent start on a spoon.

This started out as part of a tree trunk which got removed and split with an axe, from there all the work has been done with 3 knives:

Spoon knife – for rounding the handle and scraping out the dip
9″ knife – for taking off the thick outer and bark
Gerber STL 2.5 knife – for taking tiny slivers off the handle and smoothing out some of the head

Here are some “early” (4/5 days of on and off work) pictures…

Categories: Camping, Fun, Knife skills | Tags: hand made, soon, spoon knife, tree, would

Upgrade EOL Clamav

Posted on August 23, 2011 by Damian

No Comments


ClamAV have EOL'd all their versions prior to 0.95 - if you see an error like the following then ClamAV needs an update:
 LibClamAV Warning: ***********************************************************
 LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
 LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
 LibClamAV Warning: ***********************************************************
 LibClamAV Error: cli_hex2str(): Malformed hexstring: This ClamAV version has reached End of Life! Please upgrade to version 0.95 or later. For more information see www.clamav.net/eol-clamav-094 and www.clamav.net/download (length: 169)
 LibClamAV Error: Problem parsing database at line 742
 LibClamAV Error: Can't load daily.ndb: Malformed database
 LibClamAV Error: cli_tgzload: Can't load daily.ndb
 LibClamAV Error: Can't load /var/lib/clamav/daily.cld: Malformed database
 ERROR: Malformed database

To upgrade ClamAV on a RHEL based system perform the following:
1) wget http://pkgs.repoforge.org/clamav/clamav-0.96.1-1.el5.src.rpm
2) yum install srpm unzip
3) CFLAGS=”-O0″ ./configure –disable-zlib-vcheck
4) make && make install
5) Update /usr/local/etc/clamd.conf (notably removing the “Example” line and un-commenting the TCP socket line).

ClamAV should now work once again.

Categories: Knowledge Base, Linux | Tags: clamav, eol, update

Recovering deleted files from the handlers in /proc/

Posted on August 23, 2011 by Damian

No Comments

On compromised servers it is very common for the exploit to delete its self/logs to try and hide its presence.

Even though the executable may be removed from the filesystem as the process is forked from apache the parent process will still have file handlers open.

This will allow you to recover log files/executables as long as you do not kill the process.

To recover the files use the following steps:
1) Find the PID of the process with the open file handlers (use lsof)
2) cd /proc/ /fd where is what you found using lsof above
3) ls -lra and you should see a load of broken symlinks (red)
4) Copy the file using cp into another directory

Categories: Apache, Knowledge Base, Linux | Tags: apache, deleted files, file recovary, proc

RADIUS authentication on a HP GbE2c L2/L3 Blade Switch

RADIUS authentication on a HP ProCurve switch

NTP on a HP GbE2c L2/L3 Blade Switch

SNTP on a HP ProCurve switch

Restricting access to EdgeCast nodes

Changing the MySQL client prompt

Changing WordPress tag to category?

Spoon!

Upgrade EOL Clamav

Recovering deleted files from the handlers in /proc/

Social

Friends

Recently Played

Sponsors

Recent Posts

Social

Friends

Recently Played

Sponsors

Recent Posts

Blog tags