Friday, October 31, 2008

Howto Quickly wipe a disk in Solaris

I've had to wipe disks in Solaris because of re-installs or other reconfiguration. I was disappointed that using "format" would take hours. Obviously I'm using the wrong tool.

I came across this thread.

http://www.linuxquestions.org/questions/solaris-opensolaris-20/quick-format-a-hard-drive-496294/

It's strange, but I'm noticing people are posting Solaris questions on a Linux website. I wonder how Solaris admins would've felt 10 years ago if people were posting Linux questions on a Solaris site or Usenet group. But, I digress.

The response is to use "newfs" instead of "format", and it seems to work so far. Thankfully, I learn something new every day.

Monday, October 27, 2008

Careful where you copy/paste

I got an IM from an old coworker discussing that he was trying to answer someone's question about an in-house app and which shared libraries it was using. (NOTE: some of the info has been sanitized to protect the "innocent")

He ran the following command, and then copy/pasted the output

[root@customftp root]# ldd /nfs/customapp/bin/daemon
libkstat.so.1 => /usr/lib/libkstat.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libsocket.so.1 => /usr/lib/libsocket.so.1
libgen.so.1 => /usr/lib/libgen.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libsched.so.1 => /usr/lib/libsched.so.1
libaio.so.1 => /usr/lib/libaio.so.1
librt.so.1 => /usr/lib/librt.so.1
libthread.so.1 => /usr/lib/libthread.so.1
libstdc++.so.6 => /usr/lib/libstdc++.so.6
libm.so.1 => /usr/lib/libm.so.1
libgcc_s.so.1 => /usr/lib/libgcc_s.so.1
libc.so.1 => /usr/lib/libc.so.1
libmp.so.2 => /usr/lib/libmp.so.2
libmd5.so.1 => /usr/lib/libmd5.so.1
/usr/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1
/usr/platform/SUNW,Sun-Fire-V210/lib/libmd5_psr.so.1


He then tried to copy paste it into an email, but didn't realize his SSH session was still the active window.

[root@customftp root]# nfs/customapp/bin/daemon
bash: nfs/customapp/bin/daemon: No such file or directory
[root@customftp root]# libkstat.so.1 => /usr/lib/libkstat.so.1
bash: libkstat.so.1: command not found
[root@customftp root]# libnsl.so.1 => /usr/lib/libnsl.so.1
bash: libnsl.so.1: command not found
Connection to customftp closed by remote host.
Connection to customftp closed.


It took me a few minutes to see why he was sending me this IM. My initial reaction was "OK, so you accidently copy/pasted into the wrong window, and somehow you got kicked out." Before reading further, take a look back to see what was so bad about it. Maybe you'll pick it up faster than I did.

Ready?

The output of ldd in a copy/paste was interpretted as piping the output of bad commands to his library files. He basically nuked files he needed in /usr/lib. I initally laughed out loud, but then realized that it was a very unfortunate situation. He said it took him about 2 hours to recover from this mistake.

Thursday, October 23, 2008

Administering Windows from the command line

I sometimes forget that you can do a lot via the command line with Windows. When Unix Admins complain about having to Windows administration, my usual response is "Come on, it's clicky-clicky. Just click around and you'll figure it out." In the past two days, I came across two blog posts that reminded me that you're not necessarily stuck with having to use GUI programs to administer Windows.

The first blog post I came across was posted today about an alternative to running programs remotely on Windows hosts.

http://standalone-sysadmin.blogspot.com/2008/10/issue-remote-commands-to-windows.html

Apparently SysInternals distributed a group of tools called PsTools, which included a utility called PsExec. PsExec allows a user to remotely execute commands on a Windows host. I'm not sure what the security implications are using these utilities. Any time someone uses "telnet" in their description of remote administration, it makes me a bit nervous.

Less than an hour later, I came across this blog post that was written yesterday that makes for a nice supplement to the Standalone Sysadmin post.

http://taosecurity.blogspot.com/2008/10/what-to-do-on-windows.html

It points to another blog discussing useful Windows commands that can be running from the DOS command prompt. I knew all about "net start", "net stop", and some other useful commands to use, but it definitely covers some I didn't know (ex. netsh).

Wednesday, October 22, 2008

Who would think adding a monitor would be so hard?

I was asked today if I'd like an LCD Monitor. I was thinking, "Why not? I could extend my laptop's desktop in Windows XP to it." It's not a bad monitor either; a NEC MultiSync LCD 1970NX. Granted, it doesn't have a flashy widescreen or anything spectacular about it.

I plugged it in to my power strip and VGA port on my Lenovo T61p, and turned it on. Screen black. Oh yeah, need to change my display output settings with a couple toggles of Fn-F7. Still screen black. Huh. Looked at the Display Properties, and XP sees the other monitor and the monitor appears to get a signal. What gives?

I go to NEC's website and see there are drivers for Windows XP. Maybe Plug-and-Play doesn't work? Strange, but okay. Installed the drivers, the LCD 1970NX is detected, etc. Screen black. OK, reboot? Screen black. Went into the menu for the monitor and set it back to factory defaults. Screen still black.

OK, so I go back into Display Properties. Try to make it my default monitor. No dice. Cycle through the display out settings (Fn-F7) so that it only uses the video out. Denied. Change the resolution to something lower, like 800x600 and 16bit color. Still no video. Muck with the screen refresh rate, and change from 60 to 75 Hertz. Starting to lose my patience.

Quick search in Google doesn't yield any known issues, so I cave and ask our local desktop guy. He starts to go through the same steps I've outlined above, without any more success than I do. Then he notices something. My monitor is plugged into the VGA port on my laptop, instead of the VGA port on my port replicator/dock. Apparently, the VGA port on my laptop won't work when it's plugged into my dock, and I have to use the VGA port on it. Makes sense, but I wish XP didn't "detect" the monitor plugged in directly to the laptop, else I would have probably determined that I have to plug the monitor into the dock a lot quicker.

Tuesday, October 14, 2008

Using fvwm2 on Solaris 10

Since I don't like CDE, and the Java Desktop runs painfully slow and looks ugly on my Ultra5; I decided to install fvwm2. I found this site that makes adding fvwm2 fairly painless.

http://www.tiem.utk.edu/~peek/solaris/

Firefox still runs in it, but looks ugly because of the lack of colors. I thought I could get 16bit colors, but I haven't figured it out yet.

I'm debating making it a lab Jumpstart server since it has a 40GB drive. You could argue that I should junk my Ultra5 and it's just a waste of time. It's definitely not worth running as a workstation, since I can easily run VMware Server on my laptop if I want a Unix OS.

Tuesday, October 7, 2008

Segmentation faults when formatting a disk in Solaris

I've had an old Sun Ultra 5 under my desk since I've started at the current job. Instead of keeping it as my footstool, I decided to fire it up and see what happens. Needless to say, this has been a timesuck. I could go into all the details and other mistakes on my part, but it isn't very interesting.

What I didn't know would be a problem was trying to install Solaris 10 after I had impatiently installed NetBSD. Apparently the Solaris installer doesn't know how to recognize the disk formatted by NetBSD. When running "format", it just segfaults and dumps core.

After some Google searches, I came up on this thread.

http://groups.google.com/group/comp.unix.solaris/browse_thread/thread/8107078ff8e2174d?pli=1

after running

dd if=/dev/zero of=/dev/rdsk/c0t0d0s0 bs=512 count=4

I was able to run format on the disk, and run the Solaris 10 install.

Friday, October 3, 2008

Confused by an SSL related blog post

I subscribe to the Planet SysAdmin, an aggregation of Sys Admin related blogs via RSS (http://planetsysadmin.com/). Today, I came across a post that really confused me on what the author was trying to accomplish or explain.

http://utcc.utoronto.ca/~cks/space/blog/web/RevocableSSLNames

I'm hoping that one of you that is smarter than me gets it and maybe can explain it to me. Using his example of online banking, I look at my bank and it looks like the cert is probably handled by a load balancer; or maybe explained in his second case, an HTTPS Proxy server. He discusses revoking the cert by changing the host name.

A) How would that help when I have a bookmark to https://onlinebanking.example.com?
B) and wouldn't you revoke the compromised cert with the certificate issuer anyways?

The only thing I could think of is he's discussing SSL on both ends of his proxy (web client to proxy, proxy to application server). But in that scenario, the only thing that is apparent to the end user is the SSL cert to the proxy which would have to be revoked by the certificate issuer if compromised.

Or, I'm missing something entirely...

Wednesday, October 1, 2008

Solaris Jumpstart server interference

I've been working on trying to install Solaris 10 via DVD and "boot cdrom" on a host in the lab. I've been wondering why the install keeps assigning it an IP address and hostname without me supplying one. Even after running "sys-unconfig", I was never prompted to put in a new IP address or hostname.

The problem was our Jumpstart server. We had jumpstarted this host in the past, testing some automation installs, and the server still had an entry in the ethers file. Apparently when the server starts up, it tries to be slick and configure its interfaces for you when it boots. It looks like the Jumpstart server was picking up the requests and saw it had a matching MAC address in its configuration. The Jumpstart server then passed the hostname and IP address to the server I was trying to install. After we shut down the Jumpstart server, the sys-unconfig worked as expected. I wish the "discovery of network card settings" was not the default behavior.