Uno-Code -

Nice little switch site

admin — Mon, 11 Jan 2010 18:39:44 -0800

I'm a big fan of the Dell switches and various other SOHO (Small Office Home Office) type of switches. I have a few clients that need something a little beefier than a linksys 4 port, but something a less than cisco stuff.

SOHOSwitches.com has a good selection of switches (Fast Ethernet, Ethernet and Gigabit) switches.

Dell PowerEdge T105 Server on Sale

admin — Wed, 09 Dec 2009 07:59:07 -0800

So I was thinking I needed another box for backups here at the office, so I checked out Dell. Often they have good deals on servers without operating systems. Sure enough, they have an awesome deal on Dell servers! I was able to pick up a Dell PowerEdge T105 for $269.. yeah, you read that right. That included 1GB of RAM and 2 160GB drives with Dual Core AMD Athlon 2.3GHz processor in there!

Here are some of the servers on sale:
PowerEdge T105 = $269 ($387 Instant Savings)
PowerEdge T100 = $299 ($437 Instant Savings)
PowerEdge T110 = $429 ($239 Instant Savings)

I have various PowerEdge towers here at the office and they work great for loading up Gentoo (or whatever flavor of Linux you want) and using them as file servers, etc.

Using LiveCD to chroot and repair software RAID and LVM

admin — Thu, 19 Nov 2009 10:25:17 -0800

After the udev/lvm2 upgrade, my VM box was completely hosed. This was due to the fact that I had a older kernel and udevd was having problems with signalfd. If you found this post because of that, simply upgrade to a new kernel, and you should be good again.

I'm writing this post as more of a reference for me. My VM box uses RAID0 software raid and has LVM on top of that. When my box failed to boot (not seeing root filesystem in md) and was dead in the water. I rebooted with the LiveCD but I couldn't remember to a) get the RAID going again and b) how to get LVM up. So after some length forum post searches, calling friends, I was able to finally chroot into the server and update the kernal. I wanted to post my procedure on how I did this.

After booting into LiveCD

Crucial is offering a 5% discount promotion on memory

admin — Thu, 01 Oct 2009 11:53:10 -0700

I just wanted to post this, in case anyone else was interested. Right now at Crucial.com, they have a exclusive promotion where they're offering 5% off on memory. This seems like a really good to me and good opportunity to boost up some memory in those tired servers!

To learn more about the promotion, click here.

Issues with Fail2Ban upgrade (0.8.0-r1 to 0.8.3)

admin — Wed, 26 Aug 2009 09:25:31 -0700

Today, I upgraded fail2ban from 0.8.0-r1 to 0.8.3 and started seeing "Unexpected communication error" in the logs like what I have listed below.

Issues with hardened-sources-2.6.28-r9

admin — Sun, 31 May 2009 07:19:17 -0700

I recently upgraded kernel on one of my servers from hardened-sources-2.6.28-r7 to hardened-sources-2.6.28-r9 and immediately had problems after reboot. Rebooting that server, I was greeted with the following message:

Booting 'Gentoo (bzImage-2.6.28-hardened-r9)'

root (hd0,0)
Filesystem type is ext2fs, partition type 0x83
kernel (hd0,0)/boot/bzImage-2.6.28-hardened-r9 root=/dev/sda4
[Linux-bzImaeg, setup=0x2a00, size=0x165990]

Decompressing Linux... Parsing ELF... done.
Booting the kernel.

I went ahead and posted this issue to the Gentoo forum and worked on a few ideas how to remedy this. You can follow that thread here: http://forums.gentoo.org/viewtopic-p-5762324.html

I noticed that the hardened-source ChangeLog mentioned the following:

My first time with GoToMeeting

admin — Sat, 30 May 2009 07:00:00 -0700

So I've seen the commercials on TV about GoToMeeting for a while, but I never had a opportunity to try it out. Yesterday, I had a conference call with a web client about a application we're developing and going over some server requirements to pull it off. Early in the call, the client recommend that we have this meeting using GoToMeeting, since there were some graphic design topics that they needed to discuss with me and a marketing director.

Recent package updates are making me nervous (Snort and Mod_Security)

admin — Sun, 24 May 2009 09:17:41 -0700

A few weeks ago, I saw that snort needs to update to 2.8.4.1 (up from 2.6.1.3-r1), but with this update, it no longer has support for snortsam. This sucks! I posted a thread about this on the Gentoo forums, but no response yet. Because of this I'm not updating my production boxes, that use snortsam as part of it's IPS. On a box that was running just snort, I had troubles getting it started. The whole thing left a unpleasant taste in my mouth.

Here are some relevant links about this:

http://forums.gentoo.org/viewtopic-t-764081-highlight-snort.html
http://bugs.gentoo.org/245752

Good site, admin

admin — Mon, 18 May 2009 07:59:43 -0700

I started seeing emails posted via contact forms with this message body. All sites on multiple servers starting experiencing this. I believe this is just a probe to test if contact forms are requiring captcha or this could be a initial set up for backscatter, etc. Either way, I don't like it. The first piece of investigation was to look at the IP of the originating requests. Unfortunately, they're all random. Clearly the program is using a proxy, or this could be a virus/worm related activity. So blocking based on origin is not a good solution.

The next route that made the most sense for me was to create a mod_security rule to block this traffic based on POST payload. I'm running mod_security-2.1.2, so this rule may not work depending on what brand of mod_sec you're running. I created the following rule in my custom rule config.

How to set up Spamassasin-FuzzyOcr for Gentoo

admin — Fri, 24 Apr 2009 08:41:24 -0700

After seeing a increase in image spam, I decided to add the Fuzzy OCR plugin for spamassassin. Basically, it will read the image and see if there are any words or phrases that are labeled as spam and append a score to it. I was surprised that I didn't see any how tos for Gentoo, and I ran across multiple issues setting this up, so here we go.

We need to use spamassassin-fuzzyocr-3.5.1-r1 to get things working. Currently, Gentoo has 2.3b as the stable version, make sure you use the latest greatest. I added the following to /etc/portage/package.keywords:

=mail-filter/spamassassin-fuzzyocr-3.5.1-r1		~x86
dev-perl/MLDBM-Sync								~x86

I added the following USE flags to /etc/portage/package.use

media-libs/netpbm       jpeg jpeg2k png tiff xml zlib -jbig -rle -svga
mail-filter/spamassassin-fuzzyocr       amavis dbm gocr logrotate mysql ocrad tesseract
app-text/tesseract      tiff