Ridiculously obvious shell function for Quagga users

The response to my recent tweet about trying to run Cisco commands on Linux got me thinking: why shouldn’t i be able to type show run on my Linux routers?  For those of us who switch between Linux & Cisco (and possibly others) a lot and use the Quagga routing suite, here’s a ridiculously obvious snippet to add to ~/.bashrc:

VTYSH="`which vtysh 2>/dev/null`"
if [ -x "$VTYSH" ]; then
        function show
                $VTYSH -c "show $*"

Why didn’t i think of this before?  It doesn’t handle quoting very well (i coudn’t find a way to make "$@" do the right thing), but it should be good enough to make lots of commands work pretty well, like:

  • show ip protocols
  • show ip route (the output of which seems much more natural to me than netstat -rn since i’ve been doing CCNA & CCNP studies)
  • show running-config
  • and even show ip ospf neighbor

The above code will not define the show function if it can’t find vtysh on the PATH, so on hosts without quagga installed, it will have no effect (other than setting the VTYSH variable to the empty string).  Hat tip to Rob Gilreath for sparking the thought.

Source: libertysys.com.au

HOWTO: Convert Windows Server 2008 from bare metal/GPT to VMware/MBR

I’ve been working on a server consolidation project over the past few months in preparation for moving a small corporate server room into a hosted data centre.  I spent much of last night and this morning working on one of the final milestones, P2V (physical-to-virtual conversion) of a bare metal Windows 2008 system running SQL Server 2008.

All of our previous bare metal Windows systems have been virtualised with the VMware converter, but is was a newer server than most (an IBM x3650 M2), and it has EFI firmware rather than a traditional BIOS.  VMware does not support P2V of GPT systems, so we were stuck with finding another method.  There have been reports that people have done it successfully however (with appropriate repairs of the MBR and the boot sector), so we had good reason to believe it was possible.

Our bare-metal Linux servers had been virtualised with a basic disk copy technique:

  • boot Ubuntu live CD on source and destination
  • install ssh server on destination
  • Run on source: dd if=/dev/sda bs=1024k | ssh destination ‘dd of=/dev/sda bs=1024k’

This was quite effective for our Linux servers, since Linux distributions tend to include drivers in their initial RAM disks for the SCSI controllers that VMware emulates.  I decided to try the same thing at the partition level to get the Windows system copied: create the new partitions on the destination, copy the individual partitions, and then repair the Windows boot process.

I’ll claim bad memory about what happened around this point (it was late, and i was tired), but it was not successful.  After a little searching, i came up against a parted alternative called GPT fdisk (known as gdisk in Ubuntu), which claimed to be able to convert from GPT to MBR partition types, as long as the drive was a supported size (which this one was).  So i started a copy of the entire drive using the dd process described above, and went to bed, leaving the 500 GB server to copy overnight.

This morning, after a little messing around with different versions of the Ubuntu live CD to find a more recent version of gdisk, i was able to convert my partition table using a hybrid partition table (which the author takes pains to point out: don’t try this at home, kids).  GPT fdisk allows selecting which GPT partitions to represent in the MBR, so i simply selected all of the Windows drives, without the reserved partitions at the beginning.  (This wastes whatever space was taken by those partitions, but 400 MB out of 500 GB was not too high a price to pay for avoiding backing out this change and waiting for the next maintenance window to have another crack at converting this system.)

As expected, the Windows VM would not boot.  I booted from the Server 2008 DVD and performed a repair of the MBR and boot sector using bootrec.exe.  This got little further along in the boot process, resulting in the error message that “BOOTMGR is missing”.  Fortunately, this is a known problem with a straightforward fix: startrep.exe.

This got the system booting, but after loading several device drivers it produced a blue screen STOP 0x0000007B.  Searches on VMware suggested this was a disk driver issue, and a common problem after P2V conversions.  Unfortunately, VMware’s advice about it was to inject the drivers on the source server, and re-run the P2V conversion, which i wasn’t prepared to do due to the multi-hour copy process involved.

Enter the offline registry editor.  This 4 MB boot CD allows Windows password resets and general registry edits without needing Windows to be running.  Armed with the knowledge that the LSI SAS driver was likely already installed, i found that simply enabling the driver (by setting HKLMSYSTEMCurrentControlSetservicesLSI_SASStart to 0!) was all that was needed.  This is a little confusing in the offline registry editor because SYSTEM is not the default registry hive (you have to select it manually), and there is no “CurrentControlSet”, only “ControlSet001” and “ControlSet003” on the system i was converting.  (I enabled the LSI SAS driver in both ControlSets.)  After this, Windows 2008 was able to boot successfully in our ESXi 5 system.

After installing VMware tools, we tried the paravirtual SCSI driver, but that caused a blue screen again, so we reverted to the LSI SAS driver, which on this system has offered pretty good performance anyway.  The paravirtual NIC driver (vmxnet3) seems to work fine.

Looking back, i can’t help but think that i probably could have done this better, by creating the MBR partitions manually and persevering longer with getting it booted that way, or by investigating VMware’s support for UEFI/GPT within VMs, or maybe there are even pre-built tools out there to manage this.  But this experience served to reinforce to me that despite several seemingly large obstacles, lots of problems are soluble with persistence and logic.  And Microsoft and VMware’s knowledge bases.  And people documenting their experiences on forums.  And great Free Software tools that solve specific problems.  And Linux live CDs.  And Google.  🙂

Source: libertysys.com.au

Secure wiping of tapes on Linux

At one client site, we’ve recently moved from tape to disk for our offline backup storage medium.  We debated what to do with the old tape loader and tapes, and concluded that we would never go back and so should get rid of them entirely.  I was given the task of working out how to securely wipe the old tapes.

My first choice was to try ‘wipe‘, the usual Linux utility for wiping files and hard disks on a live Linux system.  (I generally use Darik’s Boot and Nuke, a.k.a. DBAN, as an offline wiper.)  To my surprise, wipe did not function at all with /dev/st0 as its target device.  After some brief searching of Google, i concluded that i was not likely to find a pre-existing utility.  I ended up hacking up a quick little script:

for i in $(seq 1 7) ; do
        mtx load $i
        for j in $(seq 1 4); do
                dd if=/dev/urandom of=random.block bs=1k count=1
                for k in $(seq 1 10240); do
                        cat random.block
                done > big.random.block
                while true; do cat big.random.block; done | dd of=$DEVICE bs=1024k
        mt -f $DEVICE erase
        mtx unload $i

A rundown of some salient points:

  • We have a 7-slot SCSI tape autoloader, hence the $(seq 1 7); they’re loaded and unloaded via mtx.
  • I wanted multi-pass wiping using random data, but didn’t want to keep pulling more and more pseudo-random data from /dev/urandom.  The system i was using had only 30 bytes of entropy available in /dev/random, so my data block was probably not highly-random anyway.
  • I started with using just the same 1KB file of random data, but found that the bash loop to cat the file was a performance bottleneck, so the innermost loop is used to repeat the same random block 10K times to make the wipe more efficient.
  • At the end of 4 passes of random data, we do a normal erase.  I assume this writes zeroes to the tape, but i’m not sure.  (The script is still working through our 7 tapes at about 25 GB/hour, so it will be several days before it’s finished.)

Hope this helps someone.  I was surprised that i couldn’t find a better alternative easily.  Suggestions for improvement gratefully accepted.

Source: libertysys.com.au

How not to write to your partners

or, “How to look like a phishing attack without even trying.”

I recently received this (redacted) email with the title “ACTION REQUIRED – PASSWORD RESET”.  The email headers bear all the signs of a legitimate email, yet this seems to be virtually identical to the dozens of phishing emails which litter my junk folder on a regular basis.  I actually wonder whether HP have been the victims of an insider attack, given this sort of incompetence.  Has anyone else seen anything like this?

Clip here

Please click here if you cannot view this email



Dear HP partners,

Please note that your HP Partner Portal password will expire within 30 days. To ensure continued access to the portal, click here and follow the steps below for a hassle-free password reset process.

How to Reset Your Password:

Thank you for your continued support and cooperation in making this partnership a success.


System Administrator


We respect your privacy. If you don’t wish to receive any information from HP, you may unsubscribe here. Please click here to see our privacy policy.

© 2012 Hewlett-Packard Asia Pacific Pte Ltd. Registration No.: 198703164G. All rights reserved. All product and company names referenced herein are trademarks of their respective owners. THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED. This document may be copied provided all text is included and copies contain HP’s copyright notice and any other notices provided herein.


Source: libertysys.com.au