After long holiday; i'm back at the office. One of the guy from ITHelpdesk asked me; why his newly installed freebsd 6.1 failed to start. So i tried to boot into his freebsd, but found that there was no kernel to boot to. What i did was; boot using freebsd 6.1 installer and using sysintall; i chose fixit option -> Live cd.
then i need to mount the harddisk.
#mkdir /tmp/bsd
#mount /dev/ad4s1 /tmp/bsd
From there i changed directory to /boot. There was no kernel folder in boot directory. Oh baby, who stole your soul(kernel)?
Then i decided to copy kernel folder in the installer cd ( Before that i already copy the kernel folder into thumb drive).
#mkdir /tmp/usb
#/tmp/bsd/sbin/mount_msdos /dev/da0s1 /tmp/usb
#cp -Rf /tmp/usb/kernel /tmp/bsd/boot
That's it. I restored back your soul ; but who gonna gimme back my soul, baby?
Disclaimer: I cannot be held responsible if this method failed to give any reader satisfaction, pleasure or may cause mayhem, self destruction, world domination or even human destruction that may lead to apocalypse.
Monday, October 30, 2006
Tuesday, October 17, 2006
ICMP L3retriever Ping
My IDS keep on alerting on this : ICMP L3retriever Ping. What the heck is this. Using google; i stumble upon this mailing list.
It active directory related - if you have Win XP systems/and possibly win2000
as well, you will have these. You might
want to examine your rule and/or look and see if the "computer browser" service
is enabled on non-domain controllers
(i.e. all the workstations, etc).
Based on this answer; i have to stop and disable almost 100 machine from running Computer Browser. What i did was:
runas /user:domainname\userid cmd
net view | findstr "^\\\\" >hostlist
for %i in (hostlist) do start /wait psexec %i cmd /C "net stop browser"
for %i in (hostlist) do start /wait sc %i config Browser start= disabled
Let see what will happen.
It active directory related - if you have Win XP systems/and possibly win2000
as well, you will have these. You might
want to examine your rule and/or look and see if the "computer browser" service
is enabled on non-domain controllers
(i.e. all the workstations, etc).
Based on this answer; i have to stop and disable almost 100 machine from running Computer Browser. What i did was:
runas /user:domainname\userid cmd
net view | findstr "^\\\\" >hostlist
for %i in (hostlist) do start /wait psexec %i cmd /C "net stop browser"
for %i in (hostlist) do start /wait sc %i config Browser start= disabled
Let see what will happen.
Wednesday, October 11, 2006
PHP Syslog NG
PHP SyslogNG is web interface query for syslog data that been stored in mysql database. It's lack treshold capabilities and alerting system; but hey; it's got what i need. The current implementation is just like this:
I export any available syslog including Cisco router, windows event viewer (using evtsys), *nix family into a "so called" server that run Syslog NG + Mysql + PhpSyslogNG. The latest release is 2.8 (at the time of writing); come with several enhancement including user access(control user login and session ID) and cache search (to help speeding database query). When upgrading from 2.5 to 2.8 i need to add a user table and also make adjustment in syslog-ng configuration by combining time and date fielf into one field (datetime).
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, datetime,
program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
I also have to add another field which is datetime into syslog.logs . Everything went smooth until when I add another host into the system. The system did not update the new hosts information. I just wonder why. It might be the network problem, system problem, firewall blocking or natural disaster! Running tcpdump #tcpdump -i ifwhateva host the.ip.of.newhost. The Tcpdump results show; there is data coming in from the.ip.of.newhost but there is still no update from Php-syslog-NG. Hmmm... i think i need to clear the search_cache tables in the syslog.search_cache. $mysql -u root -p syslog -e "truncate table `search_cache`" should do the job.
I export any available syslog including Cisco router, windows event viewer (using evtsys), *nix family into a "so called" server that run Syslog NG + Mysql + PhpSyslogNG. The latest release is 2.8 (at the time of writing); come with several enhancement including user access(control user login and session ID) and cache search (to help speeding database query). When upgrading from 2.5 to 2.8 i need to add a user table and also make adjustment in syslog-ng configuration by combining time and date fielf into one field (datetime).
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, datetime,
program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
I also have to add another field which is datetime into syslog.logs . Everything went smooth until when I add another host into the system. The system did not update the new hosts information. I just wonder why. It might be the network problem, system problem, firewall blocking or natural disaster! Running tcpdump #tcpdump -i ifwhateva host the.ip.of.newhost. The Tcpdump results show; there is data coming in from the.ip.of.newhost but there is still no update from Php-syslog-NG. Hmmm... i think i need to clear the search_cache tables in the syslog.search_cache. $mysql -u root -p syslog -e "truncate table `search_cache`" should do the job.
Sunday, October 08, 2006
New Firewall, come with headache + loads of funs!
I have to setup several firewalls for my offside data center. So we bought this 1U machine,NSA; that come with 4 network cards and one extra PCI slot (WAN,LAN,DMZ,CARP). I planned to setup 2 firewalls powered by OpenBSD PF and using CARP function for High Avaibility. But during the implementation process, we made some adjustment and settle for PFSense without CARP(PFsense do have CARP capabilities) . Below are the summary of installation process.
1. Take out the harddisk from the NSA
2. Connect to windows machine using IDE-USB cable.
3. write image to harddisk -> physdiskwrite -u image ( follow the prompted question).
4. Put the hardisk back into NSA.
5. Turn on the NSA and configure the interface ip using null modem cable F/F( normal config like baud rate 9600).
6. After configuring through console, you can start browsing to PFSense web base configurator.
7. The default login is admin:pfsense
8. What i did was, turn on bridge mode firewall by bridging WAN interface with OPT1(named as bridge)
9. LAN interface is used for management.
10. The rules is quite simple though (actually not for me, since i'm kind of lazy to read the PFSense RTFM). Allow everything on WAN interface, allow several thing on OPT1(Bridge) and the last rule is to disable all(deny explicit) on OPT1 interface.
11. Thats it.. Very simple process but took my whole weekend to setup the firewall due to my laziness in reading the RTFM.
Some good referance to read:
http://www.pfsense.com/index.php?id=36
http://www.benzedrine.cx/pf.html
Subscribe to:
Posts (Atom)