So, you’ve got a few Xen images around, and they are starting to fill up. How do you add a few more gigs to ’em?

 root@tpe:/# xm shutdown vm01  
 root@tpe:/# cd /xenimages  
 root@tpe:/xenimages# dd if=/dev/zero bs=1024 count=1000000 >> vm01.img  
 root@tpe:/path/to/images# resize2fs -f vm01.img  
 

That’s it, you just added a gig to your image called ‘vm01.img’.

For those of you not needing Apache and the whole kitchen sink, [insert reason here], Lighttpd is a very attractive contender. For me, it has a small memory footprint, which is highly appealing. However, getting SEO urls to work (i.e. utilizing rewrite), isn’t too straightforward.
Tada! A little research yields two helpful links: one at lighttpd.net regarding how to use ModRewrite and another showing how to slightly modify the .htaccess file used by OpenSEF and Apache.
So…

1. Flush/clear any caches available
2. Make sure site is listed in OpenSEFs manager inside Joomla
3. Make sure SEO is Enabled insided the Joomla ‘Site Configuration’
4. Change your host conditional statement so it matches this:

$HTTP[\"host\"] =~ \"(^|\\.)yourdomainname\\.com$\" {
     server.document-root = \"/var/www/your/domainlocation/\"
     url.rewrite-once = (
          \"^images*\\.(jpg|jpeg|gif|png)\" => \"$0\",
          \"^/administrator.*$\" => \"$0\",
          \"^/mambots.*$\" => \"$0\",
          \"(/|\\.htm|\\.php|\\.html|/[^.]*)$\" => \"/index.php\"
     )
}

Clear your browser cache, and check it out. If it doesn’t work, you can try to “Delete All” URLs inside OpenSEF, and then your site will rebuild as necessary. Another note, as you can maybe tell by the above ruleset: you can have rewrite ignore directories. Just include:

\"^/directory.*$\" => \"$0\",

This little process, a total of two lines, took way to long to figure out.

First, we convert the VMware avi (VMnc format) to the Microsoft avi format.

 mencoder -of avi -ovc lavc movie.avi -o movie2.avi 

Next, we convert the Microsoft avi format to FLV format.

 ffmpeg -i movie2.avi -r 12  -b 100 movie.flv 

You can play around with the -r switch (rate per second) and the -b switch (bitrate). But, if those get larger, so does your FLV file.

Abstract

The following is a Quick n’ Dirty method at implementing a very simple firewall.

Locate IPTables

Depending on your server, first locate iptables:

 [root@vps /]# which iptables 

Create IP Based Accept/Deny

Create a whitelist (ignored by firewall) or blacklist (packet dropped) if you wish:

 [root@vps /]# vi /usr/local/etc/whitelist.txt 

And/Or…

[root@vps /]# vi /usr/local/etc/blacklist.txt 

In each file, add each IP per line, for instance:

 4.2.2.2 66.35.15.20 

firewall.sh Script

Then put the following in /etc/init.d/firewall.sh, and edit to fit your needs:

#!/bin/sh
#
## Quick n Dirty Firewall
#
## List Locations
#

WHITELIST=/usr/local/etc/whitelist.txt
BLACKLIST=/usr/local/etc/blacklist.txt

#
## Specify ports you wish to use.
#

ALLOWED="22 25 53 80 443 465 587 993"

#
## Specify where IP Tables is located
#

IPTABLES=/sbin/iptables

#
## Clear current rules
#

$IPTABLES -F
echo 'Clearing Tables F'
$IPTABLES -X
echo 'Clearing Tables X'
$IPTABLES -Z
echo 'Clearing Tables Z'
echo 'Allowing Localhost'

#Allow localhost.
$IPTABLES -A INPUT -t filter -s 127.0.0.1 -j ACCEPT

#
## Whitelist
#

for x in `grep -v ^# $WHITELIST | awk \'{print $1}\'`; do
        echo "Permitting $x..."
        $IPTABLES -A INPUT -t filter -s $x -j ACCEPT
done

#
## Blacklist
#

for x in `grep -v ^# $BLACKLIST | awk \'{print $1}\'`; do
        echo "Denying $x..."
        $IPTABLES -A INPUT -t filter -s $x -j DROP
done

#
## Permitted Ports
#

for port in $ALLOWED; do
        echo "Accepting port TCP $port..."
        $IPTABLES -A INPUT -t filter -p tcp --dport $port -j ACCEPT
done

for port in $ALLOWED; do
        echo "Accepting port UDP $port..."
        $IPTABLES -A INPUT -t filter -p udp --dport $port -j ACCEPT
done

#
## Drop anything else
#

$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -p udp -j DROP
$IPTABLES -A INPUT -p tcp --syn -j DROP

Start Firewall

[root@vps /]# chmod 700 /etc/init.d/firewall.sh
[root@vps /]# /etc/init.d/firewall.sh 

As you may know, I’ve been taking a few of the MCSE:Security tests when I have time.  This afternoon I passed the 70-291, which is claimed to be the hardest of all the tests (and of the one’s I’ve taken so far, I would concur).

 I’m taking my tests at the Geego Systems center.  If you are in Taipei for some reason, and needing a place to take some tests, this place is a safe bet.  Their staff is pretty darn cool, and they let me drink as much tea as I want.

 Anyways, the test.  I can’t talk about any of the questions, ‘cause I’ve “signed” an NDA, and Microsoft will take away my certification(s).  But, I’ll tell you what I did to study.

I took three approaches, as I do to all the tests.

1. Get an Exam Cram2 70-291 book, and read it through, cover-to-cover.  This, in my opinion, is a great way to get to know the language used, and some of the concepts.  Exam Cram 2 books do a pretty good job of cutting out the fluff.
2. I have a copy of Mastering Windows Server 2003 that I picked up in Hong Kong last year.  It doesn’t do a good job of cutting out the fluff, which makes it a great resource to flip through.  It is seems to have almost every tutorial you could imagine.  The one downside though, as there always is one, is that the book is starting to get a little dated.  Either way, this has to be one of the most complete books on 2003 I have ever flipped through.
3. It is all fine and dandy to read, but it is my belief that everything you read, you should do.  My little lab (see end of post for my cool diagram) seems to suite me quite well.  If you have read this far, and want some things to do in your test lab, this is what I would recommend:

• DNS - Know how to add CNAME’s, A records and play with MX records.  Know how to prioritize mail servers.  Know how to create aliases.
• WSUS - Sadly, many of the books I’ve seen (or the two listed above), don’t talk about WSUS.  I believe Microsoft just made the change on their tests, but it is on there.  And they hit this topic pretty hard, so be prepared.
• Security Templates  - Creating baselines and doing audits
• Network Security - Configuring firewalls, configure VPN between two networks (RRAS)
• DHCP - Creating scopes, relay agents and reserving client addresses
• TCP/IP -This test has a pretty big backbone of TCP/IP.  Know how to subnet, and general networking terms/methods.  Picking up a book on the Network+ certification, such as the Exam Cram2 Network+ book (which I read to refresh myself, and pass the Network+ test), could be useful.

Luckily I was able to get a few years of some real life hands-on experience with installing, implementing and managing AD through a previous I.T. position.   Practice always helps though.  Good luck!

So, you need a TFTP server for something? Cool, you must be doing something fun. I need a TFTP server to copy Cisco IOS images onto the routers; hopefully you are doing something cooler.

1. Enable TFTP in inetd.conf
   Open up /etc/inetd.conf and look for the following line:

kelvin@pluto:~$ vi /etc/inetd.conf

#tftp  dgram   udp     wait    root    /usr/sbin/in.tftpd  in.tftpd -s /tftpboot -r blksize

This is on line 72 for me (hint: in vi press ctrl+c, then :set number). Uncomment it. If you don’t have this line, bummer. Search for in.tftpd and use that as a substitute.

kelvin@pluto:~$ which in.tftpd
/usr/sbin/in.tftpd
kelvin@pluto:~$

2. Create the TFTP directory
   As you can see, we need the directory tftpbood. Create it.

 kelvin@pluto:~$ sudo mkdir /tftpboot 

3. Restart inetd

kelvin@pluto:~$ sudo kill -1 [inetd pid]

You can get the inetd pid by typing:

kelvin@pluto:~$ ps -aux | grep inetd 

Cheers.

Edit: A colleague in New Zealand was searching for something and stumbled upon this page. I gave him the tip that if you need to find the tftp server (or any service), you can do it based on port:

lsof -i :69