Featured Articles

WordPress Multisite on the Darknet (Mercator .onion alias)
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
Detecting (Malicious) Unicode in GitHub PRs
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
Introducing BusKill: A Kill Cord for your Laptop
Hardening Guide for phpList
previous arrow
next arrow

xen hung at "Checking for hardware changes"

So, xen is really beginning to piss me off. I turned off all my machines to do a snapshot, and when I tried to bring them back up, they were all in the 'blocked' state. Upon further investigation (using virt-manager/xm console), I found that they were hung at the "Checking for hardware changes" item in their boot process. This could be a CentOS/RHEL 5 issue, but I'm putting my money on xen.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: xen hung at "Checking for hardware changes"

Enabling SELinux strict on RHEL5

I've been playing around with SELinux at work recently. Not surprisingly, I was struggling to get SELINUXTYPE=strict to work properly. Unfortunately, all "google results for 'enabling selinux strict' would return were dead ends. People would enable selinux strict, kernel panic, and 'fix' it by disabling selinux.

Well, a co-worker of mine *was* able to successfully enable selinux's strict policy on RHEL5 (CentOS 5). He gave me this guide to post to the world for others to see how (thanks Mykola):

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Enabling SELinux strict on RHEL5

Install "build-essential" on RHEL/CentOS and OpenSolaris

Debian

If you want to be able to compile packages in debain/ubunutu, you can issue the following command:

apt-get install build-essential

 

Red Hat

If you want to be able to compile packages in red hat/centos, you can issue the following command:

yum install make gcc gcc-c++ kernel-devel

...or, if you don't care about maintaining a small footprint, you can get *all* of the development packages (including X devs--eww):

yum groupinstall "Development Tools"

 

Open Solaris

If you want to be able to compile packages in open solaris, you can issue the following command:

pkg install SUNWgcc Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael

tech.michaelaltfield.net/

Clone Xen RHEL5 (CentOS 5.2) VM

Hello world! I just updated my whole server environment and, my, things are looking good. Anyway, I had to run through these steps a half dozen times, so I thought I would post it here for myself and (maybe even) others.

Here's the commands I ran to turn a clone of my base RHEL5 (CentOS 5.2) Xen image into another working virtual machine on my RHEL5 (CentoOS 5.2) Xen Host:

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael

tech.michaelaltfield.net/

Sabayon, KDE, and Evolution

I recently reformatted my hard drive--switching from pure Gentoo to the Sabayon fork. Sabayon did for Gentoo what Ubuntu did for Debian. It's generally a lot easier to use, but--unlike Ubuntu--it doesn't sacrifice functionality for ease-of-use.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Sabayon, KDE, and Evolution

kmhssoccer.org Update

To a degree, I still actively work on my high school soccer team's website (which I created back in 2005). I started working on it on and off since summer 2008, and 71 hours of development later, I finally pushed my changes to the live server in January 2009.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: kmhssoccer.org Update

Smooth Wall

I've wanted to setup a serious linux-based firewall for my home network for some time now, and I finally got around to it yesterday.

There are TON of linux router distros out there, but instead of spending 8 hours picking & choosing, comparing & contrasting, nitpicking & debating, I asked someone else ;). Two buddies of mine have a similar setup at their homes: one uses Smooth Wall; one uses IPCop. I arbitrarily chose Smooth Wall (after actually setting it up, though, I think IPCop would have been a better choice--c'est la vie.

The installation is supposed to be quite painless, and it was--for the most part. The documentation and install process was intuitive and easy to follow, but it didn't work OOTB. I probably only had so much difficulty because of hardware issues (fried NICs?) which is by no means Smooth Wall's fault. Nevertheless, it took ~5 hours of bang-your-head-against-the-table troubleshooting 'till I could finally unhook the monitor & keyboard, shove it in a corner, and get some sleep.

I was also disappointed with two things that didn't work as I had expected OOTB:

DHCP DNS VPN Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and
. . . → Read More: Smooth Wall

eHome -- are you home?

Alright, this is bullshit.

I bought an eHome wireless NIC a while ago for really cheap. Haven't heard of eHome? Neither had I, but it didn't take me long to realize that it was actually part of D-Link Corporation when I sent my rebates to a DLink corporate address, and when I read the message: "Copyright © D-Link Corporation/D-Link Systems, Inc. All rights reserved. eHome Networking and the eHome Networking logo are registered trademarks of D-Link Corporation or its subsidiaries in the United States and other countries..."

So, I figured: D-Link is a popular company, they're not going anywhere, they sell tons of devices, so my chipset is probably well supported in Linux, right? Wrong.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: eHome -- are you home?

ext3 journal recovery

Every now and then, linux crashes (and consequently, hell feels a little cold). I'm not sure how to diagnose the issue, but I'm almost certain it's a result of some unstable openGL screensaver, some faulty X app, or basically anything but hardened command-line driven applications (which is simply to say: linux is perfectly stable without a GUI).

Anyway, even fewer times than a crash occurs, I sometimes cannot boot my system following the crash due to a corrupt journal on my main, root partition. To fix it, I have to boot to a live-cd (typically my gentoo minimal install CD), and type one simple command that I have scrawled in huge writing, double boxed on a desk pad. I can't tell you how many times this little command has saved my life.

Type this to fix an ext3 journal corruption:

e2fsck -b 32786 /dev/sda3

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael

tech.michaelaltfield.net/

`ps` fail with sys-process/procps

Today, I ran an `emerge -uDN world`, and mysql kept failing on the ./configure step because it couldn't properly execute `ps`.

For as long as I can remember, my gentoo box has been unable to run `ps`. Every time I did, I'd get a "No such file or directory" error regarding /lib64/libproc-3.2.6.so

Upon further investigation, I found that an `ls /lib64/libproc*` showed two files:

/lib64/libproc-3.2.7.so /lib64/libproc.so

...so, `ps` was trying to access 3.2.6, and I had 3.2.7. Obviously something was out of whack--probably an environment variable. I tried creating a /lib64/libproc-3.2.6.so symlink back to the /lib64/libproc-3.2.7, but `ps` only failed with a different error.

So, naturally, I figured I would simply unmerge and re-emerge the package. An `emerge --search libproc` reveled only one package: dev-libs/libproccpuinfo. After unmerging and re-emerging this package a dozen times, I fell back to google. Turns out that the REAL package for the libproc.so file is sys-process/procps. When I got the...

!!! 'sys-process/procps' is part of your system profile. !!! Unmerging it may be damaging to your system.

>>> Waiting 10 seconds before starting...

...message, I was sure that I'd break my system, but I continued, finished the unmerge, re-emerged the package, crossed my fingers, and
. . . → Read More: `ps` fail with sys-process/procps