Tuesday, October 16, 2007

Couldn't Start Apache On Non-standard Ports

I was trying to configure Apache 2.x to listen on non-standard ports (ex. 8001) and was getting "permission denied ... unable to open logs" errors. This was on a Red Hat Enterprise Linux 4 ES server that I had just built, and a fresh install of httpd using up2date. Strangely, if Apache was configured to listen on port 80, it would start with no problems.

Apparently, if you do not disable SELinux in your kickstart file, it is enabled by default. SELinux will not allow httpd to start on the high ports I was specifying. Since I currently do not use SELinux in my environment, I have no qualms disabling it. To disable it (RHEL4), I modified /etc/sysconfig/selinux and configured "SELINUX=disabled". This requires a reboot to take effect.

Wednesday, September 26, 2007

Setting up LVM in RHEL kickstart file

Another piece of fun today...

Task:
Set up and configure a linux box with the following partition information.

Non-LVM
/boot - 100MB

LVM
/ - 9GB
/opt - 12GB
/var - 8GB
swap - 8GB

Kickstart Entries:
clearpart --all
part /boot --fstype ext3 --size=100 --ondisk=sda
part pv.4 --size=0 --grow --ondisk=sda
volgroup VolGroup00 pv.4
logvol / --fstype ext3 --name=root --vgname=VolGroup00 --size=9216
logvol /opt --fstype ext3 --name=usr --vgname=VolGroup00 --size=12228
logvol /var --fstype ext3 --name=var --vgname=VolGroup00 --size=8192
logvol swap --fstype swap --name=swap --vgname=VolGroup00 --size=8192

My big mistake was trying to set the "pesize" in the volgroup line. Apparently, it will assume to use all if not set, which is what I wanted. RedHat documentation about kickstart options can be found here.

Friday, September 14, 2007

Creating ISO images with Mac OS X

Since moving .iso files is easier than CD's when performing remote installs, I was trying to find out how I could without paying for software. Apparently, you can do this natively with Mac OS X.

Giving credit where credit is due, I found this link very useful.

http://www.slashdotdash.net/articles/2006/08/14/create-iso-cd-dvd-image-with-mac-os-x-tiger-10-4

And then, if your kernel supports it, you can mount it like this.

# mount -o loop -t iso9660 file.iso

Tuesday, September 4, 2007

Cfengine File Permission Blunder

While testing some changes to our sshd_config, I imported a copy of it from another host to our cfengine repository. After making adjustments to our cfagent.conf so that the test machine would be the only host to get this copy, I saved the file and ran cfagent.

Much to my surprise, the test server's sshd_config file would not update. I double checked my cfagent.conf, made sure the file was correct in the cfengine repository, etc. Looking at /var/log/messages, I saw

Sep 4 12:52:50 testhost cfengine:testhost[4333]: Network access to cfserver:/repository/cfengine/test/etc/ssh/sshd_config denied

This was confusing, because the testhost:/var/cfengine/cfagent.conf was getting the new configuration file. After banging my head for a while, I realized that the permissions of cfserver:/repository/cfengine/test/etc/ssh/sshd_config were incorrect.

-r-------- 1 root root 3050 Sep 4 10:53 sshd_config

Apparently, when importing the file over to my repository, I kept its original permissions. After chown'ing the file to cfengine, everything worked. Unfortunately, "Network access denied" is misleading. So, in the future, check you file perms to make sure cfengine can read the file.

Monday, August 20, 2007

Is Usenet Dead?

I may have missed the countless articles, Slashdot posts, etc. (would anyone be surprised, or as one of my colleagues keeps saying to me, "OLD!"). For some reason (okay, I was looking up music album easter eggs), I came across a link to an alt.music group and made me think of the "good old days" when customers would ask UUNET to basically max out their T1/T3 with Usenet newsfeeds. I started digging around, and noticed aside from the occasional spam posts, newsgroups seem to be dead.

Did everything now go to Wikis, blogs, collaborative web groups (i.e. Yahoo! Groups), and BitTorrents (R.I.P. alt.binaries); and I just didn't notice?

Thursday, July 26, 2007

Happy Sys Admin Day!

http://www.sysadminday.com/
I know I'm a day early, but I won't be around the computer tomorrow (I will be too busy celebrating). So, here's to the good sysadmins, and the lamers like me.

Tuesday, July 24, 2007

iPhone Mac Address OUI's

Because of security concerns, I'm thinking about filtering out iPhone wi-fi access from our corporate "trusted" wi-fi network. One thought would be to know what the MAC addresses for iPhones wi-fi start with, and block those. I found this post.

http://www.everythingiphone.com/forum/wifi/iphone-mac-address-oui-5819.html

Monday, July 23, 2007

Accessing Serial Console Using a Mac Book Pro

Mac Book Pro's are awesome, but they lack a serial port. Recently, our Network Admin left for greener pastures (or a job that gave him an office) and most of our Unix/Linux admins prefer Macs for their workstations. I found this blog post to address our problem of being able to connect to the serial access port on our network gear.

http://www.ciscoblog.com/archives/2006/05/macbook_pro_usb.html

Monday, July 16, 2007

Corrupted MS Entourage 2004

In a rush to leave the office on Friday, I closed my Mac Book Pro and didn't bother shutting down my apps (including Microsoft Entourage 2004). Much to my dismay this Monday morning, my Entourage would start to have strange errors and wouldn't allow me to open anything in the client or close message windows. Eventually, I would force Entourage to quit, and get the "do you want to submit this error" window. Clicking on "Details" I would see

Exception: EXC_BAD_ACCESS
Codes: KERN_PROTECTION_FAILURE

Apparently, I corrupted the local database for my Entourage 2004 client. I found this post to a newsgroup via Google with the answer. The abbreviated fix is

1. Start the Database Utility. To do this, hold down the OPTION key on the keyboard, and then start Entourage. The Database Utility window opens. In the Database Utility window, you have the option to select the database that you want to maintain.

2. Run the "Verify database integrity." If problems are found, you can select the option to rebuild the database.

After I rebuilt the database, Entourage started up and proceeded to download my mail again from our Exchange server.

Wednesday, July 11, 2007

Lame But Useful Bash Tricks (Part 1)

Incrementing Letters and Numbers for Variable Lists

[Note: Applicable for Bash version 3.00]

Using curly brackets "{" and "}", you can set a range with a variable list. Inside the curly brackets, the range just needs to be separated by two periods, "..".

Ex.
$ SERVERLIST="`echo server-{1..5}`"
$ echo $SERVERLIST
server-1 server-2 server-3 server-4 server-5

$ SERVERLIST="`echo server-{a..d}`"
$ echo $SERVERLIST
server-a server-b server-c server-d

This could also be useful for quick "for" loops with a list that has incremental numbers off the same root name.

Ex.
for i in server-{1..5}
do
echo $i
done

server-1
server-2
server-3
server-4
server-5