Category Archives: Unix/Linux

Posts about Unix/Linux

Install Latest Varnish Cache From Source

Leave a reply

Varnish Cache is rad.. but the packages available on the repositories of most platforms are for older versions. Never fear, compiling it from source is piece of pie. Read on and give it a shot yourself.

Update: @ruben_varnish reminded me via Twitter that the Varnish people keep a repository for RHEL and CentOS at http://repo.varnish-cache.org/redhat/varnish-3.0/el6/. Swap that “6″ for a “5″ if you’re running RHEL/CentOS 5.x.

Grab the code (substitute for the current file name found at https://www.varnish-cache.org/releases):
wget http://repo.varnish-cache.org/source/varnish-3.0.3.tar.gz

Install the dependencies if you don’t have them already:
yum install -y pcre-devel gcc

Unpack, compile, and install the code:
tar -xvzf varnish.tar.gz
cd varnish-3.x
./configure && make && make install

Add a Varnish user
useradd varnish

Download this configuration file, edit it to your needs, and move it to /etc/sysconfig/
The main thing to adjust here is the memory / size of the cache on the line beginning with ‘-s’. Read a word from the Varnish developers on that to guide you.
wget ../varnish
vim varnish
mv varnish /etc/sysconfig/

You’ll need to edit the VCL file at . Go here for an explanation of how it’s configured.

You can use this init script to easily start, stop, and restart the service. Just copy it to /etc/init.d/ on your system.
wget ../varnish
mv varnish /etc/init.d/

Fire it up and test it out:
/etc/init.d/varnish start

If you have trouble, you can try launching Varnish from the interactive console to see if the problem lies with your init script (or items it points to) or something else:
varnishd -f /usr/local/etc/varnish/default.vcl -s malloc,256M -T 127.0.0.1:2000 -a 0.0.0.0:80
This page explains what all those parameters do.

Varnish has a quite different way of logging, designed for speed. Here is a reference for that.

The Varnish documentation can be referenced here as well: https://www.varnish-cache.org/docs/3.0/installation/install.html#compiling-varnish-from-source

Set Up LVM on Software RAID in Ubuntu Installer

Leave a reply

Software RAID can be pretty confusing, especially when you are accustomed to dealing with hardware RAID like I am. Adding to the confusion is LVM on top of software RAID. A big key to understanding how this works and how to configure it is that with software RAID, partitions comprise the array, whereas with hardware RAID, it is the physical disks that comprise the array. So we are taking two physical disks, partitioning them for software RAID, then creating a RAID array and adding these “low-level” partitions to the array, then creating an LVM volume group, creating LVM volumes and adding them to the group, and finally creating partitions and file-systems on those volumes. Once all those steps are complete, the operating system can be installed.

Got all that?! It takes a moment to get your head around how this RAID method works but once you do, you’re on your way and things are much less confusing. If you haven’t got all that, don’t worry — I’ll take you through each step right here with screen-shots.

These instructions are for RAID 1 using the server image of the Ubuntu installation media though they can be adapted for other RAID levels (such as 5) and/or the desktop installation media. I’ve tested these instructions on versions 12.04 and 12.10 of Ubuntu.

Get started:

    • Install two drives in your system. Preferably, both drives are the same size. I am using a pair of two terabyte SATA disks.
    • Complete the initial steps of the install process as you normally would.
    • When you arrive at the partition screen, select manual partitioning.

 

    • Select the first disk (actually the line under it representing the partition) and create one partition that takes up all the space on the entire drive. If these drives are brand new and have no partions, you’ll get a prompt asking, “Create empty partition table on this device?” Say yes.
    • Designate your new partition for RAID bur selecting “Physical volume for RAID” at the “How to use this partition:” prompt. This process will create a new RAID device.

 

  • Repeat the previous step for the other physical disk.

Here’s the overview of my partiion layout and settings:

Next, enter the LVM configuration:

    • At the prompt asking, “Write the changes to disks and configure LVM?” Select yes.
    • Create an LVM volume group on the new RAID device (/dev/devname). Give it any name you wish. A prompt will appear asking which devices should belong to the new volume group. Select both devices by pressing [space] as shown. Again, you’ll be asked, “Write the changes to disks and configure LVM?” Select yes.

 

    • Create an LVM volume in your new volume group. I typically create a swap volume first and name it “swap.” Here I am setting the swap volume at 16GB.

 

  • Create an LVM “root” volume. Here, I normally create one volume that consumes the remaining space on the drive. If you’ve already created a swap partion at this point — or don’t want one — you can simply select “continue.”
  • Take a quick check at the LVM summary screen to verify you have the right number of everything. In my case shown and described in these instructions, there should be two used physical volumes, one volume group, and two logical volumes. Make sure your screen shows the desired result then select “finish.”

We’re almost there! Next, partition the swap volume:

    • Go to the LVM volume in the normal partition screen as shown. Set the filesystem type (under “Use as”) as swap.

 

  • Partition the root volume. Set filesystem type as ext4 (or whatever you prefer) and the mount point as ‘/’.
  • Now you can write these changes to the disks and continue the OS installation.

Voilà! You now have a fully redundant and performant RAID array, without the expense of a fancy hardware controller. Enjoy!

Fix Broken Display After Ubuntu 12.10 Upgrade

Leave a reply

After updating my trusty Lenovo X100e to the latest version of Kubuntu (which is actually presently in the final pre-release), my display resolution was locked in at a very sub-optimal 1024 x 768 and I couldn’t change it.

What happened: It appears some FGLRX (ATI proprietary drivers) packages were installed or changed during the upgrade process and were not functioning properly. Since I’m not a big gamer and this machine really isn’t made for graphics-heavy games anyway, I just removed the driver packages. After that process was complete, I rebooted and my sharp, high-resolution configuration was back!

Here’s how it’s done via the command console:

sudo apt-get remove –purge fglrx fglrx_* fglrx-amdcccle* fglrx-dev*

That should remove all the FGLRX packages. I just rebooted and went on with life from there since I can do with the default video drivers but if you want to re-install the proprietary ATI drivers again, the following should get you there:

sudo apt-get update && sudo apt-get install fglrx

 

These actions work for Ubuntu and all or most variants (Kubuntu, Edubuntu, Xubuntu, Lubuntu, etc) as well.

For more information on the ATI binary drivers, see the Ubuntu wiki.

 

 

Wireless Site Survey With Free Tools

Leave a reply

Between characteristics of modern buildings (block walls, walls with metal studs, cement floors, and the like) and the large numbers of wireless networks assailing the airwaves, setting up a reliable wireless network can be a real challenge. Site surveys — where technical architects / network administrators examine a given physical environment’s suitability for wireless networks — can really help identify potential WiFi issues.

Unfortunately, many of the tools traditionally employed for performing wireless site surveys cost thousands of dollars. Not to worry! Here, we’ll discuss how to perform a wireless site survey for 802.11 networks using free open source tools so you can build a rock-solid set-up, regardless of budget. This article focuses on the tools, rather than the process of WiFi surveys. For information on the process, check the links at the bottom of this article.

WiFi Analyzer is a tool that basically turns your Android phone into a spectrum analyzer. With it you can easily see what access points are nearby, the channels they are on, and their signal strength — all through clear, colourful real-time graphs. This is one of the fastest and easiest ways to see what’s going on in the airwaves near your home or office and how to avoid interference on your network. WiFi Analyzer can be found on Google Play (https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer&hl=en) for free (the program is ad-supported).

To take things a step further, you can break out Kismet, a powerful wireless utility that can not only do all of the above but possesses an array of capabilities for wireless security auditing as well as intrusion detection. Kismet is in the repositories of several popular Linux distributions and you can download the source from http://www.kismetwireless.net as well. The links page of project web site also includes a link to a Windows port of the front-end to Kismet. If you just need to use the tool occasionally and don’t have a Linux machine handy, I recommend using a Linux live CD or VM. Heck, maybe you can use this as an excuse to take the plunge into the awesome world of Unix.  ;)

To use Kismet for a simple wireless survey, you really only need to use a few of its features. Let’s go through running Kismet for this purpose, step-by-step.

* Launch Kismet as root. If you are using Ubuntu, type “sudo kismet” at the command line. If you are using pretty much any other Linux distribution, become root by typing “su -” [enter] at the command line. Then type “kismet”.

* After pressing the space bar to dismiss the introduction message, we are presented with the list of networks found so far. As Kismet is a passive discovery tool, it will find more networks as time passes and it observes traffic moving across them.

* Pressing “h” brings up the help window, which explains commands and what the items on screen mean. We’ll go through most of those relevant to wireless auditing here to make it easy for you to get started.

* A quick check to look at first is the statistics window. Press “a” and it appears, presenting a nice high-level view of what Kismet is detecting – number of networks, packets transmitted, maximum packet rate, and the all important channel usage. There is even a nice graph showing the concentration of APs on each channel. A table with exact numbers of APs on each channel is to the right. With this, we can get most of the information we need to see how crowded a given area is with wireless access points and what channels everyone is on. If you need to dig deeper, read on.

* Sort the results by typing “s.” Then select how you would like them to be sorted. I usually sort by channel when doing a wireless survey. You actually must sort in some fashion in order to actually navigate the list of access points (APs).

You may see an item in the list labelled “Probe Networks” (often marked with a “G” in the network type (T) column because they are in a group, otherwise, they are labelled as the “P” network type). This shows wireless clients in range attempting to access networks that may or may not be in range. So they are not really relevant in a wireless audit. The probe networks detection feature is more useful for security auditing. It can reveal information about networks that are intended to be hidden, among other things. To see these networks, highlight the Probe Networks entry and press the space bar.

Other common network types are ad-hoc networks (designated by an “H” in the type column), and access points (designated by an “A” in the type column). Of course, APs are the type of networks you should be paying particular attention to. Ad-hoc networks are typically of less concern in wireless surveys because they are usually temporary.

There you have it! With WiFi Analyzer and Kismet, you can perform a very effective wireless network survey without spending a dime (as long as you have an Android device already). Once your survey is complete, chose the least crowded channel available.. It’s best to chose one that is farther away from occupied channels. For example, if other networks are on channel one and five, it is best to set your network to channel three, if it’s open. Then, you should have a relatively interference-free connection to your network. You can often check signal-to-noise ratios on your AP (especially if you have an AP running DD-WRT. See www.dd-wrt.com). Kismet also reports noise but it always seems to be 0 when I check it, which is not right.

More information on wireless surveys and the tools covered here are available via the links below.

 

WiFi survey process links:

http://en.wikipedia.org/wiki/Wireless_site_survey

http://www.wi-fiplanet.com/tutorials/article.php/3761356

http://www.computerworld.com/s/article/9004641/Six_steps_to_a_wireless_site_survey?taxonomyId=15&pageNumber=2

 

WiFi Analyzer Google Play page: https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer&hl=e

Kismet project page: www.kismetwireless.net

Cisco VPN with Certificate Authentication on Ubuntu

Leave a reply
A quick web search on the subject reveals the Cisco VPN client for  Linux kinda sucks. Installing and configuring it is a pain and often problematic and sometimes it causes kernel panics/system lock-ups. Nevertheless, it is (as far as I can tell, anyway) needed if you have to authenticate to the VPN with certificates. Here’s how it’s done.
First, update your system:
  • sudo apt-get update && sudo apt-get dist-upgrade
  • Then, download the Linux Cisco VPN client.
  • Download this patch. BTW: I did not write this patch and though I am sure it will not harm your machine or data since I use it myself, use it at your own risk.
  • Unpack the client source code:
  • tar -xvzf vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
  • Copy the patch file to the VPN client install directory:
  • cp vpnclient-linux.2.6.31.diff vpnclient
  • Apply the patch:
  • cd vpnclient
  • patch < vpnclient-linux.2.6.31.diff
  • sudo touch /usr/src/linux-headers-2.6.[whatever-version-you're-using]-generic/include/linux/autoconf.h
  • Run the install script:
  • sudo ./vpn_install
  • The VPN client should now be installed and you should not have gotten any errors during the compile.
  • Start the VPN client service:
  • sudo /etc/init.d/vpnclient_init start
  • Copy your PCF files (Cisco VPN profiles) to /etc/opt/cisco-vpnclient/Profiles/
  • If you have any VPN connections that do not use certificates, now is a good time to try them.
  • To connect to a VPN with Cisco  VPN client:
  • vpnclient connect profilename (where profilename is the file name before the “.pcf” bit.
  • Make sure that works. If it doesn’t troubleshoot until you get that part working before proceeding.
  • Copy the certificate (pfx file) to to /etc/opt/cisco-vpnclient/Certificates/
  • Import your certificate:
  • cisco_cert_mgr -U -op import
  • Then follow the prompts.
  • After importing, ensure the certificate appears in your certificate store:
  • cisco_cert_mgr -U -op list
  • If your certificate doesn’t appear in that list, try again, noting any errors.
  • Try connecting to your VPN with certificates now.
  • vpnclient connect profilename (where profilename is the file name before the “.pcf” bit.
  • When prompted for a password, make sure you are using the password you set for the certificate locally, *not* the one you may have set when you created the certificate, otherwise, it won’t work.
Hopefully it works! If not, the unfortunate thing is that the Cisco VPN client has very vague error messages. Make sure the certificates are in the store and you have not gotten any errors during the installation/configuration process. If you did, read onward for using the logging facility and see if you can piece together the symptoms, error messages, and log events for clues as to what might be wrong.
.
.
If you have problems, here’s how to use the Cisco VPN client logging facility. It’s a pain to use if you don’t know how so this should save you from banging your head against the wall a bit.
At the command line, enter:
  • ipseclog filename  – where filename is any file name you choose.
Then tail filename on another virtual terminal
  • tail -f filename
Then try connecting or importing — whatever you are having trouble with — in another virtual terminal. Go back to the terminal where you are tailing the log file and see what it says. That might give you some clues as to what the problem might be.
.
.
The following sites/blogs were very helpful in drafting this post:
http://leifmadsen.wordpress.com/2009/11/27/cisco-vpn-client-on-ubuntu-karmic-9-10/
http://ilapstech.blogspot.com/2009/09/cisco-vpn-client-on-karmic-koala.html
http://www.lamnk.com/blog/vpn/how-to-install-cisco-vpn-client-on-ubuntu-jaunty-jackalope-and-karmic-koala-64-bit/