Walking in Light With Christ - hip0's personal blog on System Administration, Free Software, Computer Security and Religion

From sometime I'm invetigation into the OpenBSD's pf here. In that manner of thoughts I found two good reading. The first one is located here and is a sort of step by step introduction to pf and it's capabilities+examples while the other one is just a good security doc called "The Six Dumbest Ideas in the Computer Security" read it here

Here it goes: In one of the Indian islands, the inhabitants of a state agreed that each year they would appoint a stranger as their ruler. When his year was over, they would banish him, and he would return to the status he had prior to his appointment. Once they appointed over them a fool, who was unaware of their secret plan for him. He accumulated much money, built palaces which he fortified, but he sent nothing out of the country. On the contrary, whatever he had abroad - his money, his wife and children - he brought into the country. When his year was over, the citizens sent him out, stripped of everything and deprived of all that he had build or acquired from the beginning of his term until its end, so that when he left he had nothing of all that had been his inside the city and outside of it. He regretted and grieved for the trouble he had gone to and the effort he had expended in building and accumulating what was then passed on to another. Then, the people decided to appoint as their ruler a stranger who was wise and discerning. When appointed, he chose one man among them, showed him favor, and asked him about the customs of the people and their laws [which had formed the basis of their relationship] with his predecessors. This man revealed to him their scheme, what they intended to do to him. Once he knew this, he devoted himself to none of the pursuits that had preoccupied his predecessor. Rather he labored and strove to take everything that was valuable in the state to another state; all that was precious and dear to him he put in a different place. He placed no trust in the adulation and honor that they showed him. He fluctuated between grief and joy the whole time that he was in the country. He grieved that he was soon to depart, and that the precious things he had managed to take out were few. For if he could have stayed longer, he would have been able to bring out more. But he was glad that he would soon leave and settle in the place where he had secured his valuables, where he would be able to use them and enjoy their various benefits and pleasures with people of mind, confidents spirit, and without interruption. When his year had ended he was not troubled at leaving, but hastened to it with heartfelt joy and calm, applauding [himself for] his action and efforts. He went on to abounding good, great honor, and continuing joy. So he had happiness in both situations, and attained his wishes in both places. The mind: You have just given, in the parable you related, a picture of your state in this world and shown that your condition in it is like that of the kings you mentioned. It is now clear to you that you are a stranger [here] and will soon depart. You should therefore act as the wise and discerning ruler did, so that your condition may be like his. Should you deviate from this course, my worlds will be of no use to you, my fine language will bring you no advantage. The soul: If I had no desire in this matter, I would not have troubled to investigate what is hidden from me of [the nature of] my being.

Today we had the ordinary "Business Meeting" in the Business Communication classes. Also I did some work on the snorts at work. I went to see Ivo and Zlatina (Zlatina is a cousin) and Ivo is her husband very nice couple. I always enjoy to stay in their furniture shop. Also I played a bit with their Laptop Toshiba. I installed Ubuntu on it + the Edubuntu package. Although my cousin doesn't have any experience with Linux she managed to work with it and update it with no problems. It looks the guys from ubuntu has done a good job. After having a dinner I went to see my grandma (I haven't seen her yesterday and she was missing me:). Unfortunately she has a terrible pains in her legs, she is suffering from diabetis. I was in her home when Damqncho (A friend of mine called and we have arranged a meeting in 20 minutes. After seeing Damqncho on the city center I saw uncle Plamen wandering around and invited him to join us. We 3 had a walk together and after that I went home and right now I'm posting this thread. Well that's it end of story

Today I helped my cousing to fix his internet connection on a laptop. The laptop was running Vista. A real nightmare, this OS is really heavy and even messier than Windows XP. What else I'm trying to cope with life. Life is tough. What I can say. Also I started a vsftp server on a FreeBSD box it took me some time because of configuration issues. Right now I'm trying to run a snort server still unsuccessfully for some reason the snort daemon does not start. In the college everything is going in the old manner, except we have started studying Marketing II and another subject I forgot the name it is supposed to be something like statistics. The day was quiet with a bit of work.

In Saturday I went to Bergon. To help with the install and configuration of a FreeBSD 7 system to Static and Kiril(e.g. Arkadietz). The install went smoothly. Then I csupped following the handbook canonical way for rebuild world and kernel and stuff. Also I get to know personally the Bergon's ISP owner and administrator Drago btw he looks like really good man. We spoke about the GDBOP actions when some times ago GDBOP agents break into a server room next to the office and took Bergon's storage servers for users http://free-zone.cc (An FTP for Users). He said the GDBOP IT specialists doesn't know even elementary unix commands like "df" and "du" and he had to tell them what to type. We walked through the server's room. He had some interesting servers I also observed the fiber optics and stuff. After setupping the newly installed server to the server room. We went to the place "Seasons" and we drinked "Stolichno Tymno" and we ate Pizza on drago's account. The idea of this FreeBSD installation was to make the machine hera.bergon.net a freeshell machine for local Bergon users as secure as possible. To achieve that I have set this sysctl settings: security.bsd.see_other_uids=0 security.bsd.see_other_gids=0 net.inet.tcp.msl=7500 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 net.inet.icmp.icmplim=50 kern.ipc.somaxconn=32768 Also I have installed AIDA . Also I have setupped jail with the idea to add the users into jail unfortunately. After running the jail I experienced problems with setupping multiple ips into the jail so I asked for help in ##freebsd in freenode it turned out that by default FreeBSD jail doesn't support virtual IPs but there is a patch to enable that unfortunately the patch is for still for FreeBSD 5,6 or 6.2 none available for 7. After some discussion in ##freebsd I found out there is something that would do the work but it's not still stable enough it's called VIMAGE, VIMAGE looks promising but will be ready maybe in FreeBSD 8 check it out here . The only think which left from the FreeBSD configuration is to setup firewall I intend to make a firewall based on "PF" but I have to spend some time reading for PF. Also I've upgraded the kernel at home to: FreeBSD jericho.pcfreak 7.0-PRERELEASE FreeBSD 7.0-PRERELEASE #0: Mon Feb 18 14:12:03 EET 2008 hipo@jericho.pcfreak:/usr/obj/usr/src/sys/GENERIC i386 Apart from the geek stuff, yesterday I was to the fountain with Narf, today I had a walk in the Central park with Damqncho. Yesterday and today were quiet days thanks ofcourse to God almighty Also Our Heavenly Father gives me peace through our Lord and Saviour Jesus Christ day after day through the Power of the Holy spirit Unfortunately still I'm not too much of a healthy. But I still say The Lord is my rock I won't be in use! Today in the college we had a business Meeting on the topic of "A New Product" I was the Personnel Manager, the last time meeting I was a head of sales. After school and going out for a walk I went to my grandma and grandpa Georgi and Dimitrichka, after that I went to see my other grandma which is so a cool grandma (I love her much). Another good news even though they're old ones are that my grandmother decided to give me 150$ more for buying the laptop. The only thing left is to choose the right laptop :). In USA thinkpads T series are so cheap starting from (around 950$), a good model costs something like 1150$ the same models here cost almost 1800$ pff... To end this post I would say I thank The Lord for giving me quiteful and peaceful days and blessing me in my work and in my studies. Hope he will continue to bless me in the future too.

Check this out. Mysqlreport is a small script intended to Make easy-to-read MySQL status reports. It has also a nice manual explaining every variable it returns. Check it out here . From yesterday I feel a little sich just like I guess I've catched a flu. I'm still looking for a what kind of laptop to buy. Everybody says a different thing. A friend of mine who sells laptop says Gigabyte is a good choice, still I'm uncertain about that. I personally like Thinkpads but unfortunately thinkpads comes with OS installed on them and also I don't like it that IBM Thinkpads (e.g. nowhere days Lenovo Thinkpads) at least the cheaper ones come with Integrated ATI video. I'm thinking of a Dell as a possibility but still I'm in doubt which one to take ... For all those who doesn't know IBM/Lenovo has three major series of Thinkpads the "r" series "t" series from Terminator :), and the "x" series. x series thinkpads are a way smaller than "r" and "t" series. As I've heard from friends and other sources online "t" series are rock solid and had a titanium backing. A good thing about Thinkpads to note is that the batter life of "r" and "z" series is 3.5 h What I can afford is to spend no more than 1600 lv. (something like 1200 USD) for a laptop. The Dell models I liked were Inspiron 1520 but unfortunately they come with integrated wifi card which is dell and has no support for Linux/BSD (I need the computer to run FBSD/linux). Ofcourse I can always use NDIS and use the windows driver under linux/BSD but this is not the idea

Few days ago I watched Dr. Strangelove or How I learned to stop worrying and love the bomb. An awesome film. Although it's from 1964 it's still very fascinating. I liked that film that much that actually I wanted to watch it again right after I watched it. I strongly recommend it to everyone out there. BTW as a whole Kubrick is a really genius director and producer what I didn't like is some of his works are too perverse and violent. An interesting fact about Kubrick is that he is a Jew. So my guess is he is blessed just like every Jew out there.

A new exploit is out vmsplice Local root exploit. All Linux users are advised to update. Debian has released a new package fixing the issue. http://www.securityfocus.com/archive/1/487876 A friends of mine static informed me that the exploit Doesn't rewt an updated CentOS. My debian system has proved vulnerable. I was pretty much surprised when a friend of mine called and said hey man try logging with your user "hipo" :). I suspected something is wrong maybe he have changed my username pass. Luckily he hasn't although later I was not able to login :). He just tested the new exploit below on pc-freak. Luckily I have such friends to remind me of a problems very early. I guess this exploit is going to put a lot of havoc in the Linux world. But yeash that's life. Today Plamenko the guitarist came home and was my guest. We have downloaded some of hi (mountain clips) and put them on DVDs. Later I drinked a coffee with arkadietz and static. They were in an euphoria because of this exploit. I advice everybody there to patch as fast as possible or expect surprises

On one of my previous posts I give an url to a great wiki. Unfortunately I have seen I have given a wrong link here is the mediawiki bsdtips.utcorp.net Today I have to go to a German classes. I'm in doubt what kind of laptop to take I doubt between IBM Thinkpad and Dell. IBM's has ati where I prefer having nvidia. On the other hand I know not all of Dell's hardware would probably work correctly in Linux and BSD. Another problem is IBM is being selled with preinstalled XP ...

In the morning I stand up somewhere around 8:40 I went to a Liturgy as always. It's such a joy to be in the House of the LORD! Right after the Church going I, nomen and Sha'nar (e.g. Niki) had to go to a Cisco Course. It was a sort of boring as usual. After the course we went to a Coffee called central (I and Niki ate spaghetti with vegetables). Just after that I saw Lily. I'm really sad that her parents treat her bad just like mine treat me sometimes. But I believe and hopeGod would solve everything very soon. After that in home I have to make the Cisco Assessment Tests for Chapter 6 6/7 in CCNA 1. On some of the questions I cheated because I was pretty lazy to search in the Cisco docs about to figure out the answers by myself here is the site where answers to CCNA 1 are available CCNA Answers . Towards the evening Damqncho called and I went to see him and later, three of us went to a coffee. I have to note that my "inancial status" is not in too good conditions Nomen tipped all the time for which I'm largely thankful :). Also I have to share my joy from yesterday because my grand parents (My father ones) decided to make me a present and give me a sum of 1000 lv. to buy a laptop. Actually having a laptop is a dream of mine for years. Also what I have to note is this is a direct response to a prayer. Few times ago I mentioned in my prayers that I need a laptop what can I say. I guess God heard my prayers. So Glory be to him for being so merciful to me and the whole earth! Be blessed oh God Lord of Hosts ! Yesterday was a pretty funny day too I met Hellpain a friend of mine who works in Sofia but temporary he is on a official trip in Varna. So I spend almost 3 great hours with this great guy! At Friday Night I and Alex drinked wine in the central park (again good spned time). What should be noted is that friday is a celebrity called "Trifon Zarezan" or said in a simple english The Alcohol lover's day :). It's a tradition for a long time on this day for a close friends to gather together and drink heavily. I haven't had so much fun for a lot of time. So thanks and Glory to God who grant me with all this I can see a great blessing with a good guys friends in my life. So anywayz I have to say again Thanks to God for all his mercies to me the sinner

One more week passed without serious server problems. Yesterday after upgrade to debian 4.0rc2 with apt-get dist-upgrade and reboot the pc-freak box became unbootable. I wasn't able to fix it until today because the machine's box seemed not to read cds well. The problem was consisted of this that after the boot process of the linux kernel has started the machine the boot up was interrupted with a message saying /sbin/init is missing and I was dropped to a busybox without being able to read nothing from my filesystem. Thankfully nomen came to Dobrich for the weekend and today he bring me his cdrom I booted with the debian. Using Debian's linux rescue I mounted the partition to check what's wrong. I suspected something is terribly wrong with the lilo's conf. Looking closely to it I saw it's the lilo conf file it was setupped to load a initrd for the older kernel. changing the line to the new initrd in /etc/lilo.conf and rereading the lilo; /sbin/lilo -C; /sbin/lilo; fixed the mess and pc-freak booted succesfully! Yesterday I had to do something kinky. It was requested from a client to have access to a mysql service of one of the company servers, the problem was that the client didn't have static IP so I didn't have a good way to put into the current firewall. Everytime the adsl they use got restarted a new absolutely random IP from all the BTC IP ranges was assigned. The solution was to make a port redirect to a non-standard mysql port (XXXXX) which pointed to the standard 3306 service. I had to tell the firewall not to check the coming IPs on the non-standard port (XXXXX) against the 3306 service fwall rules. Thanks to the help of a guy in irc.freenode.net #iptables jengelh I figured out the solution. To complete the requested task it was needed to mark all packages coming into port (XXXXX) using the iptables mangle option and to add a rule to ACCEPT all marked packages. The rules looked like this /sbin/iptables -t mangle -A PREROUTING -p tcp --dport XXXXX -j MARK --set-mark 123456 /sbin/iptables -t nat -A PREROUTING -d EXTERNAL_IP -i eth0 -p tcp --dport XXXXX -j DNAT --to-destination EXTERNAL_IP:3306 /sbin/iptables -t filter -A INPUT -p tcp --dport 3306 -m mark --mark 123456 -j ACCEPT . Something I wondered a bit was should /proc/sys/net/ipv4/ip_forward in order for the above redirect to be working, in case you're wondering too well it doesn't The working week was a sort of quiteful no serious problems with servers and work no serious problems at school (although I see me and my collegues become more and more unserious) at studying. My grand parents decided to make me a gift and give me money to buy a laptop and I'm pretty happy for this All that is left is to choose a good machine with hardware supported both by FreeBSD and Linux.