NSFAQ (Not So Frequently Asked Questions)

You have configured authentication on outgoing mail (SMTP-AUTH) on your mailserver (postfix, in this case) and it works great. But when you put it on production, the users complain because they can't send emails.

What do you do? You try to follow the communication step by step. That is, you telnet to port 25 and follow step by step the authentication. The conversation goes like this (the lines beginning with "->" are written by me, without the "->" part):

A year ago we explained how to use Kubuntu 8.10 from a USB device. Now, a year later, I was in the same situation, but with Kubuntu 9.10 instead. And since then we've made some steps.

Ubuntu itself brings an application to make a USB device boots Ubuntu. In the panel there is the application "K-> Applications -> System -> USB Startup Disk Creator" (o also with /usr/bin/usb-creator-kde command), which is very simple

Sometimes, the amount of work you have pending doesn't allow you to update your blog. You won't event visit it. Then, a rabid spammers horde comes, with an unhealthy lust for flooding your blog selling Viagra, Cialis and this kind of shit. This has been exactly the case of this blog. Result? Above 350.000 commercial comments, a full database, nobody could add comments since months ago... a mess.

I've deleted the comments to start over. But five minutes later there were 20 new SPAM comments! Obviously, I should do something to prevent this from happening...

It seems the usual procedure for renewing HTTPS certificates for IIS is starting a renewal request, sending it to de CA (Verisign, for example), wait for a file in the reply and import it inside your IIS.

But, what can we do if we have the renewal certificate with a former CSR? You get an e-mail with a part like this:

How can we import this inside our IIS? We should follow this steps:

First we export the current certifical. In order to do this, we should go to site properties, tab "Directory Security":

We start the wizard clicking on "Server Certificate" and go to next screen:

We click on "Next" and go to the next screen:

Where we will choose "Export the current certificate to a .pfx file". After that, we will be asked where to put it:

And a password for the export. This way we have our certificate exported.

If we look inside the file, we will see it is binary. To convert it to the same format we received on the email, we can use openssl, with this command:

It will ask us for the password we've put before, and will ask for another password to put to the .pem resulting file.
If we edit this file with any text editor, we will see it contains a "certificate" part, delimited by "BEGIN CERTIFICATE" and "END CERTIFICATE" clauses, exactly the same as the part we got on the email. We just should change the former certificate text with the new one. Once we have done this, we can put it again to binary, "understandable" by IIS. In order to do this, we use again openssl:

It will ask us for the .pem password, and another password to put to the resulting .pfx. Now, to put it in the IIS site, first we shoult take out the former certificate. In "Directory Security" tab we should start the wizard again, but this time we will choose "Remove the current certificate":

Clicking "next next" we will take out former certificate:

Now we should import the new certificate. In the wizard we will see a new option: "Import certificate from a .pfx file":

It will ask us for the file to import, and we should choose cert-new.pfx. It will ask us for the password, the port to listen (usually we will use the default 443) and finally we will have the certificate imported:

If we look at certificate properties, we will see expiration date has changed. We have the certificate renewed!

I just found out, since debian lenny, and in Ubuntu/KUbuntu (I don't know if it was in 8.04, but it do is in 8.10), winexe application, of which we talked about and used, for instance, in our process killing scripts or remote shell scripts, comes with wmi-client package. That is, if you want to install it, you just should do:

And done! I guess RedHat and Suse have this package too... can anyone confirm this?

Instructions: We download the file with the tools, we unzip them in some directory, and run kubuntu810.bat. We choose drive letter, we choose architecture, and done! We need to do nothing more. The script itself downloads the ISO file if you don't have it.

Keep in mind that you must choose a drive being the first physical partition on the device, and it must have a FAT filesystem bigger than 750MB...

I think it could not be easier!!

Why am I publishing this? And so short? Well, yesterday I was told something off...

"What a boring post, Kubuntu-USB post! Why don't you put commands and nothing more? Don't you see nobody will read it this way?"

Ok, ok, ok... You don't need to get mad at me :D ACK. Hands on work...

I've taken PenDriveLinux instructions, published for Ubuntu, USB Ubuntu 8.10 install from Windows, and I've adapted it for KUbuntu. I've added some little things, such as choosing 32 or 64 bits architecture, and allowing the use of a proxy for the ISO downloading part (apart from adding a "-f" to syslinux command, because I was getting "Not a removable drive" error).

Update 5/11
PenDriveLinux has done it, with this article, so I no longer have the exclusive :P

Canonical has just released the new Ubuntu and Kubuntu 8.10. Like every new version, I like to see what's new (above all because upgrades tnd to break things apart from time to time). And this time I liked to see what's new even more, because Kubuntu 8.10 (intrepid ibex) changes KDE desktop version, and installs KDE 4.1 by default.

I've always thought that using a CD just for testing linux dist, and using it once, is wasting it. Everyone has an 1GB pendrive we've been given in some meeting, or we bought (even my father has one, I bought one for him, 8GB for 10€ the other day at MediaMarkt), and a device like that, with fast access and reusable, seems the best place where we can make our tests.

Installing Ubunto on a pendrive is very easy, there are lots of documentatios every were, for instance in PenDriveLinux, where they have an article for installing Ubuntu, with some scripts doing it all. I haven't found the same for Kubuntu, but you just need a few modifications.

First of all we need an USB device, that can be a hard drive, a pen drive, a mobile phone... anything.

We will use the first physical partition of the device. That is, if we have just logical partitions, we must remove them and create at least one physical partition. This is that way because logical partitions have values of 5 and up (the 4 first values al reserved for physical partitions), and we need it to be the first, the one with value 1. If we have just one partition, then nothing to worry about, go ahead!

We will also need this partition to have a FAT filesystem, either FAT16 or FAT32, big enough to fit the KUbuntu CD (750MB).

Once we have the device, with the first partition prepared, we need to download KUbuntu 8.10 ISO. When we're done downloading, we should access to the ISO filesystem. We can achieve that in windows by using 7zip for instance, and with a simple mount in linux:

Now we should copy to the root of the unit some directories: "casper dists install pics pool preseed .disk", also "isolinux" directory content and "md5sum.txt README.diskdefines install/mt86plus" files. From linux console, that would be:

In the graphical desktop of windows and linux, you should drag'n'drop them to the corresponding directory. We also should change the filename "isolinux.cfg" to "syslinux.cfg" and overwrite "text.cg" file with this data:
text.cfg

Finally we need to make this drive bootable. For this we need syslinux tool, which we can find at kernel.org website in all versions (windows and linux, but a simple apt-get install syslinux will do the trick). Once we got it, we run:

Where we should change "UNIT" for /dev/sX1 in linux and "X:"in windows (and also change the X for your letter!).

And that's it. We just need to check the computer will boot from USB devices, and done!

As it's this easy (maybe more easy than it's to explain it), maybe I'll do some scripts for installing from windows and linux... but this will be other day!

Following the path we were on former posts , if we have seed with psexec, noe it's very easy to make new tools. Three examples:

winshell.sh
With this tool we get a shell in windows servers. It doesn't use psexec because it haven't, cmd.exe is in system path.

wininfo.sh
With this tool we can get some server information. Physical RAM, SO version, uptime, number of processos, frequency of them, and video card driver. This last detail doesn't seems important at all, but it's very useful, because it can tell you wether if a server is physical or virtual. If video driver is something like "ATI Technologies Inc. 3D RAGE IIC PCI", then it's a physical machine. If video driver is something like"VMware SVGA II", then it's a virtual machine.

winkill.sh
As its name clearly stands, it's a process killing tool (we can previously know the PID useing winps.sh).

If we want to check the event log of a windows server from our linux console (without having to connect through terminal server, allowing us to grep the results, etc, etc, etc), here we have the tool!

We use psloglist with this parameters:
-d 1 so it shows just last day of logs (we don't want to be flooded with logs)
-f we so just warning and errors will be shown (usually, only those are interesting)
$2 this is the second parameter. If we wnat to see just "application" or "system" logs (usually the only interesting) you just type it there.

Let's be honest. Nagios has lots of good things. But it also have bad ones: it stores data in non-indexed text files, executes a compiled CGI, configuration files are unconfortable when adding and removing new machines (mainly removing them)... and mainly: it's ugly. Maybe ugly is not the word... it's austere, simple, not attractive.

I don't give a damn (and I'm pretty sure I'm not the only one), because it's a tool, and it does its work. I'm not here to enjoy watching it, but to warn me when things go wrong, and to explain me why are they going wrong. But in this world, the ones who take decisions and buy things, they frequently look at the appearance, sometimes beyond functionality. Then if you are trying to convince someone to use nagios, you'll have more chances if it was pretty.

Here is where nagios nuvola style comes, to give nagios another look, very different, and to make it nicer (in the full article you'll find two screenshots so you can compare). It's made by the same people that made nagiosql, and although it has a nagiosexchange page, the downloadable file there is corrupt (one css is bad, status.css, and it looks very different). I took it from this website, and you can download it here, too.

Installing it couldn't be easier. You just copy files inside "html" directory inside your nagios. In a debian, for instance, it's as easy as:

And that's it, you got your look-improved nagios!