Crea sito

Posts tagged notes

Sort IP Addresses with GNU sort

0

On UNIX like operating systems, an IP address can be sorted using the utility sort, part of the GNU Core utils

 sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4

-n, –numeric-sort          compare according to string numerical value

-t, –field-separator=SEP  use SEP instead of non-blank to blank transition

-k, –key=POS1[,POS2] start a key at POS1 (origin 1), end it at POS2

If you like a well written explanation of this, I invite you to read this article by Paul Heinlein.

Network notes.

0

Partially taken from http://www.tomax7.com/mcse/neteworking2005.htm

TCP/IP

Internet Protocol and the Transmission Control Protocol.

IP address is a 32-bit logical number to address a network device. IP are normally represented by decimal numbers, but could be useful sometimes to represent them in binary.

10101100.00010011.01011000.01001001
172. 19. 88. 73

An IP address is divided in 4 parts (each 8 bits), these parts are called octets. In the IPV4 there are 5 address classes:

Class A from 1 to 126, in binary the octet start with 0xxx
127 Reserved for loopback, 01111111
Class B from 128 to 191, in binary the octet start with 10xx
Class C from 192 to 223, in binary the octet start with 110x
Class D from 224 to 239, in binary the octet start with 1110 Don’t use. Reserved for the future.
Class E from 240 to 254, in binary the octet start with 1111

IANA reserved 4 address ranges to be used in private networks, these addresses won’t appear on the Internet avoiding IP address conflicts.

10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 that means:

– 10.0.0.0 through 10.255.255.255
– 172.16.0.0 through 172.31.255.255
– 192.168.0.0 through 192.168.255.255
– 169.254.0.1 through 169.254.255.254 (reserved for Automatic Private IP Addressing)


The meaning of 8,12 and 16 is

8 = 255.0.0.0
12 = 255.240.0.0
16 = 255.255.0.0

These are subnet mask.

A subnet mask is used to determine which part is the network (n) part and which is the host (H) part.
Default subnet masks:
Class A 255.0.0.0 that is nnnnnnnn.HHHHHHHH.HHHHHHHH.HHHHHHHH
Class B 255.255.0.0 that is nnnnnnnn.nnnnnnnn.HHHHHHHH.HHHHHHHH
Class C 255.255.255.0 that is nnnnnnnn.nnnnnnnn.nnnnnnnn.HHHHHHHH

Subnetting

Bitwise (logical AND) between IP address and subnet mask to have the IP of the network

10101100.00010011.01011000.01001001 172.19.88.73
11111111.11111111.11111111.00000000 255.255.255.0
———————————————————————————————–
10101100.00010011.01011000.00000000 172.19.88.0

To calculate how many subnet in a net mask I can have use the formula (2^n) -2 where n is the number of bits in either field. For example the subnet 255.255.240.0 (11111111.11111111.11110000.00000000 could have (2^4) – 2 = 14 subnets.

 

Disk Volume Manager notes

0

Some notes to use Veritas Volume Manager on Solaris

View configuration:

vxprint -th

List disks:
vxdisk list
vxdisk -o alldgs list (shows deported disks)

Replace a failed drive:

vxprint to see which disk is failed. Take note of disk media (dm) and disk group (dg) name.
vxdiskadm to remove (item 4) the failed disk. If there are not hot spare disks answer “none”

Replace phisically the disk.

vxdiskadd to initialize (just initialize) the disk. Say “not” (n) to default disk name, make it as spare disk and to encapsulate it. Don’t set the media disk name but just exit. The new disk is now initialized.

vxdiskadm to substitute the failed/removed disk (option 5).

  • Enter the media disk name.
  • The access name (like c#t#d#s#).

Just some notes to work on cisco equipments

0

These are just some useful notes to work on Cisco equipments.

The above link is really well written and with lots of information.

If you know almost nothing about network (like me) or if you are sure to know everything about it, it’s better if you take some time to study this field and keep your hands far from switches and routers.

How to set your “terminal emulator program

  • VT100 Emulation
  • 9600 Baud
  • No Parity
  • 8 Data Bits
  • 1 Stop Bit

Enter Privileged Exec Mode

Submit the commad enable (or just ena)

To go back in User Mode disable or just dis.

Set line passwords

  • Console port

Router# configure terminal
Router(config)# line console 0
Router(config-line)# login
Router(config-line)# password your-line-password-here

  • Aux port


Router# configure t
Router# line aux 0
Router(config-line)# login
Router(config-line)# password your-aux-password-here

  • Virtual ports from 0 to 4


Router# configure t
Router# line vty 0 4
Router(config-line)# login
Router(config-line)# password your-vty-password-here

  • “Enable” password

Router# configure t
Router(config)# enable password your-enable-password-here


Show Commands

Router# show interfaces
Router# show startup-config
Router# show conf
Router# show run

Copy, restore and save commands

Router# copy run start
Router# reload

In the next part some useful commands to configure interfaces.


Life with CPAN

0

Life with CPAN: “Reconfiguring CPAN”

Remember to reconfigure the CPAN you can manually edit the Config.pm file or just execute:

cpan> o conf init

Tunneling cvs through http proxy

0

As I usually work in environments where firewalls are configured to block access to cvs servers, I need to set my cvs client to tunneling the connection through an http proxy server.

Before to take advantage of this feature check your company policies!!! Ask before to risk your carer!

First of all, what do you need?

1. A cvs version that support the http proxy tunneling, the posted link should give you an idea on which version you need. Actually I’m using cvs client 1.12.12 .
2. You need an http proxy that support http tunneling.

Now, if you have an http proxy that support http proxy tunneling you can set your CVSROOT.

export CVSROOT=:pserver;proxy=192.168.10.10;proxyport=8080:[email protected]:/cvsroot/elc

And finally you can
play with your source code.

cvs checkout elc

The next time hopefully I’ll explain how to do the same with ssl.

SSH Senza password

0

La rete è piena di guide su come utilizzare l’agent di ssh e spesso la grande quantità di informazioni ne complica la comprensione.
Io ne scrissi una su LinuxDesktop un pò di mesi fà e lo scopo, più che altro, era di avere sempre a mia disposizione degli appunti veloci da utilizzare, spero che possa essere utile anche a voi.

Eccola con alcune modifiche sull’originale:

In ambienti sicuri l’accesso alle macchine di produzione, solitamente, avviene passando da una macchina “ponte” situata fuori dalla DMZ o via VPN. Cio’ permette agli amministratori di rendere le operazioni di monitoraggio e di gestione molto piu’ semplici e molto piu’ complicate per cracker, hacker e noi poveri utenti. Con ssh e’ possibile automatizzare il processo di autenticazione, vediamo come…

Chiamerò l’host da cui ci si collega “macchina ponte”

– Operazioni preliminari. 1. Generazione della chiave privata e della chiave pubblica. Collegarsi alla macchina ponte

[email protected]# ssh-keygen -t dsa -f ~/.ssh/id_dsa -C “[email protected]

-t dsa : specifica l’algoritmo da utilizzare per la generazione delle chiavi
-f ~/.ssh/id_dsa: il percorso e il file in cui salvare le chiavi (~ sta per $HOME)
-C “[email protected]” : e’ un commento Questo e’ il risultato del comando:

Generating DSA keys: Key generation complete.
Enter passphrase (empty for no passphrase): !!!! DIGITARE UNA PASSPHRASE !!!!
Enter same passphrase again: !!!! RIDIGITARE LA PASSPHRASE !!!!
Your identification has been saved in ~/.ssh/id_dsa
Your public key is:
1024 35 [really long string] [email protected]
Your public key has been saved in ~/.ssh/id_dsa.pub

2. Copia delle chiavi pubbliche sui server remoti Dalla macchina ponte:

[email protected]# cat ~/.ssh/id_dsa.pub | ssh [email protected] ‘cat – >> ~/.ssh/authorized_keys’

Idem per la authorized_keys2

[email protected]# cat ~/.ssh/id_dsa.pub | ssh [email protected] ‘cat – >> ~/.ssh/authorized_keys2’

5. Configurazione agent. – Inserire le seguenti linee in ~.bashrc (.profile per ksh e cugine)

SSHAGENT=/usr/bin/ssh-agent SSHAGENTARGS=”-s”
if [ -z “$SSH_AUTH_SOCK” -a -x “$SSHAGENT” ]; then
eval `$SSHAGENT $SSHAGENTARGS`
trap “kill $SSH_AGENT_PID” 0
fi

– Eseguire ssh-add per aggiungere la chiave all’agent

[email protected]# ssh-add

A questo punto se fate

[email protected] # ssh-add
Enter passphrase for /home/user/.ssh/id_dsa: Identity added: /home/user/.ssh/id_dsa (/home/user/.ssh/id_dsa)

Non vi verrà chiesta la password Sicurezza: La cartella .ssh deve avere permission 700 e i file al suo interno 600

[email protected]# chmod 700 .ssh
[email protected]# chmod 600 .ssh/*

Conservate la chiave privata gelosamente!!!”

Securing History File

0

I’ve set some different options to securing the history file in comparison with the original document.

data=`date +%EY%m%d_%H%M%S`
control=`who -m |tr -s ‘_’ ‘!’ |tr -s ‘ ‘ ‘_’|tr -s ‘ ‘ ‘_’|tr -s ‘(‘ ‘_’ |tr -s ‘)’ ‘_’ |cut -d ‘_’ -f 1,6 | tr -s ‘!’ ‘_’`

HISTFILE=/var/tmp/history/sh_history_$control.$data
HISTSIZE=100000000000000000
HISTFILESIZE=10000000000000000
readonly HISTFILE
readonly HISTSIZE
readonly HISTFILESIZE
export HISTFILE HISTSIZE HISTFILESIZE

Hope this can help!

Go to Top