Technology

HOW TO : Find the clients connecting to a NFS server

Quick tip to find out the clients connecting to a NFS server.

Check the ports that NFS uses

[code] grep -i nfs /etc/services [/code]

Check the clients connecting to the server using the port from above

[code] netstat -an | grep 2049 [/code]

HOW TO : Search ownership of files in Linux

Say you have a directory with a bunch of sub directories and files and you want to see if all the files are owned by a particular user, you can use the following set of commands

[code]ls DIRECTORY_PATH -l -R | awk {‘print $3’} | grep -v USER_NAME[/code]

The set of commands do the following

ls -l -R shows the list of files and directories
awk prints the name of the owner of the file (it is the third column)
grep shows only the lines where the owner name doesn’t match

And yeah.. this works in most variants of Linux :).

September 1, 2011 by admin HOWTO Linux Technology Uncategorized 2

Unimaginative Error Pages : HP.com

One of the largest tech company in the world

Fortune 100 Company

Supposedly earns billions in consulting services

and what happens when thousands (and let’s imagine millions) hit their web app store?

August 31, 2011 by admin Management Rantings Technology Uncategorized 0

HOW TO : Apache and SELinux

Quick note for future reference..

If you ever run into errors like this

[code]
<pre>Starting httpd: Warning: DocumentRoot [/var/www/html/static] does not exist
Warning: DocumentRoot [/var/www/html/static] does not exist
Warning: DocumentRoot [/var/www/html/static] does not exist
Warning: DocumentRoot [/var/www/html/static] does not exist
(13)Permission denied: httpd: could not open error log file /etc/httpd/logs/error_log.
Unable to open logs
[FAILED]
[/code]
And you are scratching your head why Apache is throwing these errors, even when the said directory and files exist. And you have the right permissions!! Check if you have SELinux running and being enforced.
On RHEL, you can check if SELinux is running by
[code]cat /selinux/enforce [/code]
The two values are 0 and 1. 0 means, SELinux is not being enforced and 1 means it is.
You can quickly disable SELinux temporarily by
[code]echo 0 >/selinux/enforce [/code]
If you want to disable it permanently (i.e. survive reboots), you have to edit the file /etc/selinux/config and change the SELINUX line from enabled to disabled.

August 22, 2011 by admin HOWTO Linux Networking Technology Uncategorized Web 4

Overheard : Random comments about technology

Here are some interesting titbits from a executive summary event hosted by Redhat/Intel that I attended yesterday.

We decreased the execution times for our orders from 1.5 seconds to 5 milliseconds

This from an executive managing the technology organization for a large trading company. Imagine the geekiness in accomplishing this :).

For every 450 smartphones that get activated a server is added to support them

This from an Intel executive. So if there are 500000 android phones being activated every day.. that’s around 1111 servers being added just to serve the android fans :).

1 in 4 servers currently runs Linux

This from a Redhat executive. If anyone doubts that Linux is mainstream.. they are living under a rock 🙂

August 19, 2011 by admin Linux OverHeard Technology Uncategorized Web 0

HOW TO : Use grep to search for credit card numbers

I was looking for a quick way to search for credit card numbers in a file and ran across this excellent post by Adrian Rollett. I tweaked his suggestion a bit to show some additional data.

Original suggestion

[code] grep ‘$^\|[^0-9]$\{1\}$[345]\{1\}[0-9]\{3\}\|6011$\{1\}[-]\?[0-9]\{4\}[-]\?\[0-9]\{2\}[-]\?[0-9]\{2\}-\?[0-9]\{1,4\}$$\|[^0-9]$\{1\}’ FILE_TO_SEARCH [/code]

My modification

[code] grep ‘$[345]\{1\}[0-9]\{3\}\|6011$\{1\}[ -]\?[0-9]\{4\}[ -]\?[0-9]\{2\}[-]\?[0-9]\{2\}[ -]\?[0-9]\{1,4\}’ –color -H -n FILE_TO_SEARCH [/code]

The modified command will show the name of the file the number was found and at which line. You can tweak it further using additional options for grep. A good reference guide can be found here.

August 17, 2011 by admin HOWTO Linux Technology Uncategorized 0

HOW TO : Export and import certificates using keytool

Keytool is a java utility to manage SSL key databases (stores). Here are a couple of options for using this tool

List the certificates in the keystore

[code]keytool -list -keystore NAME_OF_KEYSTORE_FILE [/code]

Export a particular certificate from the keystore

[code]keytool -export -alias ALIAS_NAME_OF_CERT -keystore NAME_OF_KEYSTORE_FILE [/code]

Import a certificate into the keystore

[code]keytool -import -alias ALIAS_NAME_YOU_WANT -keystore NAME_OF_KEYSTORE_FILE -file NAME_OF_CERT_FILE_TO_IMPORT [/code]

July 20, 2011 by admin HOWTO Networking Technology Uncategorized 1

HOW TO : Use netcat (nc) on Windows 7

netcat is a swiss army tool for network/security professionals. You can use it to listen on certain ports or connect to certain ports. For example, say, you configured your firewall to allow TCP 80 traffic to your web server. But your web server is not built yet and you want to validate the rule. You can run netcat on your workstation to listen on port 80, assign the IP address of the web server to your workstation and test the rule.

If I am not mistaken, nc comes as a default tool in most of the Linux distros. You can download the windows port of the tool at http://www.securityfocus.com/tools/139

The command to have netcat listen on a specific port is “nc -l PORT_NUMBER”. If you run this on a Windows 7 machine, you will get this dreaded message “local listen fuxored: INVAL”. The fix is to run it with a -L option. So the command would like this

[code]nc -L -p 80[/code]

The -L means “listen harder, re-listen on socket close” :).. Have to dig deeper and see what it really means though. I will leave that for another blog post.

And if you want to validate that netcat is indeed listening on that port, you can connect to that port from another workstation by using nmap.

July 14, 2011 by admin HOWTO Networking Technology Uncategorized Windows 17

Facebook is popular…but still

I wanted to signup for the service offered by the Techcrunch 2011 Disrupt winner, GetAround (which by the way is a pretty cool service) and went to their website. And what do I see? I need a facebook account to use their service. I know Facebook is popular, but how fair is it to require a potential customer to have a Facebook account??

May 25, 2011 by admin Rantings Technology Uncategorized Web 2

HOW TO : Enable global reverse proxy with certain exclusions in Apache

Say you want to enable reverse proxy on a site powered by Apache Web Server where all traffic to the web site it reverse proxied to a different server, but you want to exclude certain paths from being reverse proxies. I don’t know why you would want to do that :).. but we ran into that scenario at work and I wanted to document the config for future reference. The picture below shows a high level view of the traffic

Ensure the following modules are being loaded in Apache.

[bash]

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so

[/bash]

In the virtual host configuration for kudithipudi.org add the following lines

[bash]

ProxyRequests Off

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass /static !
ProxyPass /media !
ProxyPass / http://INTERNAL_SERVER:8888
ProxyPassReverse / http://INTERNAL_SERVER:8888