Thursday, June 25, 2009

Enable remote desktop in Server Core

Remote Desktop Protocol is a fantastic way to manage Windows based machines. Even though Windows Server Core 2008 runs with a reduced GUI, there is still a GUI present so RDP is still the solution to use for remote management of your Server Core machine. To enable RDP access to the server, you will need to run these commands:
cscript C:\Windows\System32\Scregedit.wsf /ar 0
This will enable access for machines running an RDP client that supports the enhanced security mode that Microsoft debuted with Windows Vista. If you need to support older clients, use this command instead:
cscript C:\Windows\System32\Scregedit.wsf /cs 0
Now you need to open a port in the firewall to enable connections to get through. This is done by entering this command:
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
If you want to check the existing RDP settings, use this command:
cscript C:\Windows\System32\Scregedit.wsf /ar /v
If the output of that command is a one (1), RDP is not enabled. If the output is a zero (0), then it is enabled.

Determine your version number in CentOS

Whenever CentOS has minor version updates (5.2 => 5.3), they get pushed out to your system with the rest of the system updates. You can go from one minor version to the next without realizing it just by performing regular updates. There is nothing wrong about this. Minor version upgrades are relatively infrequent and are important for system stability. To see which version you are running, use this command:
cat /etc/redhat-release
This will print out your release version in a nice and very human readable fashion. If you are looking for a more technical version number, use this command:
rpm -q centos-release

Check your memory usage in Linux

I have always loved keeping an eye on how much RAM my system is using. On Linux systems, there is a great tool for doing this. While it doesn't by itself provide real time usage, it does give you a snapshot of your current usage. Run this command:
free -m
The -m option formats all the numbers to megabytes so they are more human readable. This will give you a printout of your total, used and available system memory and swap memory.

Both my Ubuntu and CentOS servers are running on old systems that have only 512MB of RAM. When I ran this command on each of them, neither system was using any of its available swap space; they were both able to run without using all of their system memory.

Wednesday, June 24, 2009

Join a domain in Server Core

If you are running a system with Windows Server Core, then you probably, but maybe not, have a domain that you will want to join your server to. To join a domain, run this command:
netdom join [hostname] /domain:[domain name] /userd:[user name] /passwordd:*
The username you enter should be that of a user who has administrator privileges on the domain in question; normal users do not have the power to add computers to the domain, administrators do. If you want you can enter in your password, but if you use the asterisk (*) instead then you will be prompted to enter a password and so will not have to make your password visible.

Change hostname in Server Core

The installation process of Windows Server Core 2008 does not prompt you for a hostname of the computer. Instead, you end up with a hostname that looks something like this: "Win-39408347". Not exactly practical for use on the network. To check the current hostname, use this command:
hostname
To change your the hostname, use this command:
netdom renamecomputer [hostname] /newname [new name]
You will need to reboot for this to take effect.

Tuesday, June 23, 2009

Set a static IP in Windows Server Core

For Windows Server 2008, Microsoft finally decided to produce a server product that did not require a full GUI, called Server Core. The upside to this is that Server Core machines will run on less beefy hardware and will consume fewer system resources. The downside to this is that a almost all of the configuration will occur over the command line. On Linux GUI-less systems, this is fine because you are treated to using a rich and powerful command line interface. The Windows command line interface is, to put it nicely, less robust.

One of the first things you may want to do on a new Server Core installation is to set a static IP address. First you'll need to make sure your networking is working properly. Run this command to check your current networking configuration:
ipconfig
Once you have verified that all of your networking is, indeed, working correctly with the default DHCP settings, run this command to switch to a static IP:
netsh interface ip set address "Local Area Connection" static 192.168.1.125 255.255.255.0 192.168.1.1
This assumes you want to assign the static IP address of 192.168.1.125 to the Server Core machine and that 192.168.1.1 is the address of the gateway. It also assumes that you want to reconfigure the network adapter named "Local Area Connection". Next you need to specify a DNS server:
netsh interface ip set dns "Local Area Connection" static 192.168.1.1 primary
This assumes that 192.168.1.1 is the address of the DNS server you want to use. To verify your new settings, run ipconfig again.

Now if you want to switch the system back to using DHCP instead of a static IP address, run these commands:
netsh interface ip set address "Local Area Connection" source=dhcp
netsh interface ip set dns "Local Area Connection" source=dhcp
The first command will tell the network adapter to request an IP address from the DHCP server. The second command will tell the network adapter to request DNS information from the DHCP server as well.

If you want to change the name of one of your network adapters, use this command:
netsh interface set interface name="Local Area Connection" newname="Ethernet1"
This assumes that you want to rename your network adapter to "Ethernet1". Since many servers have multiple network adapters and the fact that names without spaces do not require quotes around them, it is probably a good idea to rename them to something obvious and without spaces.

Monday, June 22, 2009

Change the SSH welcome info in Ubuntu

The How-To-Geek tells how to alter the chunk of information that gets printed to the console when connecting to an Ubuntu system via SSH. The applicable portion you will likely want to change lives at "/etc/motd", which is actually a link to "/var/run/motd".

The first line of this file, and therefore the first line printed when connecting to an Ubuntu machine using SSH, is some system information. This is the same information printed when you run this command:
uname -snvrm
What follows is some boring warranty information. Go nuts and customize this to however your heart desires. I recommend making a back up first:
cp /etc/motd /etc/motd.orig

Disable Ubuntu's Update Manager auto-launch

A big thank you to Lifehacker for pointing out how to disable Ubuntu's update manager from auto-launching. In previous versions of Ubuntu, when there were updates available an icon would appear in the notification area, which is by default on the right side of the panel at the top of the screen. The folks at Canonical thought that too many users were ignoring or not noticing this and thereby leaving this systems vulnerable. For the 9.04 Jaunty Jackalope release, they took a new approach. Now, when updates are available, the update manager will pop-up automatically. I think something went wrong in their implementation, however, because it always seems to appear minimized. Its annoying.

To disable this behavior, run this command at the Terminal:
gconf-editor
This will open up a happy configuration tool. On the left side of the window, click the triangle next to "apps". Then scroll down and click on the entry that says "update-notifier". On the right, the first entry says "auto-launch". Uncheck the checkbox next to it.

That's it, now just be sure to manually check for updates on a regular basis.

Sunday, June 21, 2009

Turn your Mac into a wireless access point

I spent the weekend out of town and the hotel where I stayed included high speed Internet in each of the rooms via a supplied Ethernet cable. I had my MacBook Pro and iPod Touch with me. Using some of the features included out-of-the-box on my laptop I was able to turn it into a wireless access point, allowing my to get online with my iPod as well as my laptop. These directions should work for any computer running OS X 10.5 Leopard. If you are still running OS X 10.4 Tiger this functionality is still there but some of the menus have different names. My MacBook Pro is running OS X 10.5.7.

First, make sure the wired network connection is working properly on your Mac. Once you have verified that, open up System Preferences. Click on the Sharing button. This will open the Sharing preference pane. If the lock icon at the bottom left of the window is locked, click on it and enter an administrative password to unlock it.

On the left side of the windows is a list of available services to configure. Some of them may have check marks next to them, indicating that they are turned on, but for you none of them may be on. Click on "Internet Sharing" but don't click the checkbox yet.

Now on the right there is an option that says "Share your connection from:" with a drop down menu to choose the available network interfaces. Since you are most likely sharing from your wired Ethernet connection, like I did, choose "Ethernet". Below that is an option that says "To computers using:" followed by a list of interfaces to share your connection with. Click the checkbox next to AirPort to allow other devices to connect to a wireless network that will be broadcasted from your Mac.

Next click the button at the bottom right that says "AirPort Options...". In the top box you can specify the name of the wireless network you will be broadcasting. Leaving the Channel set to "Automatic" should be fine. Next you will probably want to enable some security. Unfortunately, OS X 10.5 Leopard only supports broadcasting with WEP encryption. WEP was one of the early attempts at wireless security and it is easily broken using tools like Aircrack-ng. Hopefully OS X 10.6 Snow Leopard will support WPA2 which uses AES and has yet to be broken.

Never-the-less, I still would recommend using the WEP encryption because it is better than nothing and will stop most users. Just be aware that someone who knows what he is doing will still be able to get access to your network. Click the checkbox that says "Enable encryption (using WEP)". At the bottom next to "WEP Key Length:", choose "128-bit". New enter a 13 character password. I recommend using upper and lower case letters in addition to numbers and avoid using dictionary words. Click OK to close the options box.

Now you are back at the Sharing preference pane. Since all of your options have been set the way you want, click the checkbox next to "Internet Sharing" on the left. If your AirPort is turned off you will get a pop-up asking if you want to turn on your AirPort card. Click "Turn AirPort On". Next you will get a pop-up asking if you are sure you want to turn on Internet sharing. Click "Start".

Now your laptop is all set for wireless devices to connect to it and share your network connection. When you are finished sharing your network connection you should be sure to turn "Internet Sharing" back off by unchecking the checkbox next to it in the Sharing preference pane.

Saturday, June 13, 2009

More .bashrc customization

I spent a good deal of time today working on my Bash configuration file ~/.bashrc. I first started doing bashrc customization a few months ago on my Mac laptop and I have been doing little tweaks here and there. Today was the first time in a while, though, that I really worked on a lot of the contents of it. I made a lot of the functions more robust and powerful by adding some complexity into them. Functions that before would only work with a single file will now work with multiple files. I also added some whole new functions and aliases.

I updated the bashrc file available on my website with the latest copy from my Ubuntu machine.
.bashrc

Scripted Ubuntu configuration

After only a few days with Fedora 11, I wiped my hard drive and installed Ubuntu 9.04. Using Fedora felt like work. Computing should be fun. Ubuntu is fun. Fedora was not.

Between virtual machines and full installations I have probably installed Linux more than 20 times in past few months. Getting a new system configured can be tedious and time consuming. This time around, I wrote a handy script to automate the installation process for Ubuntu. The real trick to it was setting it up so that the script would switch back and forth between my normal user and root.

The end result was a script that runs some commands as a normal user, then switches to root for system updates, application installation, and some other configuration commands, and finally switches back to my normal user to finish up the configuration. All with minimal user input.

ubuntu-setup.sh

Thursday, June 11, 2009

The First Few Milliseconds of an HTTPS Connection

I saw this great article this morning over on Digg about how TLS works. It is very thorough (long) and an interesting read.

The First Few Milliseconds of an HTTPS Connection

Wednesday, June 10, 2009

My philosophy of software usage

You have to use software that you like. If that software is free and open source then all the better. In reality though, you will always be best off using software that you are happy with than software that you are told is arbitrarily "better."

Now that isn't to say that you shouldn't try new things. For all you know, some piece of software that a friend suggests may be better for you than what you are using now. At the very least you got to play around with a new program and at best you found something better to use.

Customization is a good thing. By customizing your desktop, operating system, software, etc. you are able to make it work for you. One of the keys to increasing productivity is customization. Play around with settings until you get your individual setup to behave the way that is the best for you.

Customization can go too far. Something I am always conscious of is whether or not I will be able to recreate a particular configuration. If the answer is anything other than "yes" then there is a problem. Customizing your system to the point that you are unable to recreate it is debilitating. You will become afraid to reinstall your system or make new changes.

Operating systems will, eventually, need to be reinstalled. They break, become bloated and get outdated. Accept that fact and make your customizations accordingly. If you need to, write down what you did. One of my main reasons behind starting this blog was to catalogue what I know so that I can do it again.

A lot of the configuration I have done on my Linux systems has been command line or text based. This is much more difficult to do again than a graphical configuration utility with check boxes and menus. I always worried that I would have to constantly keep researching the same topics. By cataloguing my configuration steps here, on my blog, I can go back and look them up quickly and easily. I regularly look up information from my posts as reminders.

Make your system yours. By doing so you will be happier while using it and you will become more productive. Always ensure that you are able to reproduce your configurations later on lest you fear losing your system so much that it paralyses your options.

Install audio and video codecs in Fedora

Installing the necessary codecs for audio and video playback of some common formats is a bit of a pain in Fedora. The codecs I installed were obtained from the rpmfusion repository. To enable it, first download their key from here. Download the key titled "RPM-GPG-KEY-rpmfusion-free-fedora-11". You can save it to wherever you'd like on your system.

Import the key with this command:
sudo rpm --import /path/to/key/RPM-GPG-KEY-rpmfusion-free-fedora-11
Next, go to this page and click on the link that says "RPM Fusion free for Fedora 10 and 11". Save the file called "rpmfusion-free-release-stable.noarch.rpm" to somewhere convenient. Install it by double clicking the file or by typing:
rpm -i /path/to/file/rpmfusion-free-release-stable.noarch.rpm
Now run these commands to install the codecs:
yum check-update
sudo yum -y install gstreamer-plugins-ugly totem-xine xine-lib-extras-freeworld
sudo totem-backend -b xine
These commands will update the repository information, download and install the codecs, and enable them.

Enable SSH in Fedora

Fedora 11 includes SSH with its default installation but it is not automatically enabled. Strangely enough there is already a rule in the firewall allowing incoming SSH connections, however. To start SSH run this command:
sudo /etc/init.d/sshd start
To have it start automatically in the future, run this command:
sudo chkconfig sshd on
That's all there is to it.

Fedora 11 installation

Fedora 11 "Leonidas" was released this week. I decided my wipe a 250GB hard drive in my desktop and give it a try. The default filesystem is ext4. I have been using this since Ubuntu 9.04 came out. Ubuntu, however, still used ext3 as the default filesystem. The reason for this is because ext4 is still relatively new and not quite as stable as the tried and true ext3.

Fedora will not boot to an ext4 partition. This is strange because Ubuntu will. Fedora wants to have a separate ext3 partition for /boot and an ext4 partition for the rest of the system to live on. I created an additional ext4 partition for /home to reside. Aside from that complication the rest of the installation process was very fast.

Following that, everything was much more of a pain than I am used to with Ubuntu and Linux Mint. The first thing I had to setup was my graphics driver. I have an Nvidia video card in my desktop. In Ubuntu, almost immediately upon logging into the system for the first time I was notified that a closed source driver was available. A few click later followed by a reboot and my graphics worked flawlessly.

To get my graphics card working properly in Fedora, I had to manually download an installer from Nvidia's support page. This installer will not run while the X Window System is running. It also needs to do compile some code into the kernel. To install the necessary packages for this type:
su
yum install gcc kernel-devel
This will switch you to being the root user and then will install the necessary C compiler and kernel source code. Next, I had to get X11 shut down. I used this keyboard shortcut:
ctrl+alt+F2
This will open a new virtual session without X11. The pre-existing session is still running, however. So after logging into the new session as root, I used this command:
kill -9 -1
This kills all processes that can be killed. Now I was able to run my graphics installer program:
sh NVIDIA-Linux-x86-185.18.14-pkg1.run
When that finished I rebooted the system:
shutdown -r now
When the system came back up, graphics are enabled by going to System -> Preferences -> Desktop Effects. A window appears with a button that says "Enable Desktop Effects". To install the graphical configuration utility for desktop effects run this command:
su
yum install ccsm
Next I gave myself sudo powers by following the same steps as in this post.

Also, don't forget to install updates. I found it odd that there were so many updates the day it came out. Oh well. Here's how to install them:
yum check-update
sudo yum update

Saturday, June 6, 2009

Print system information to the console in OS X

All Mac users should know about the System Profiler application in OS X. You may not know it by that name, but you have probably seen it. If you click on the apple in the top left corner of the screen and select the "About This Mac" option a window will appear in the middle of the screen with some basic information about the system. Clicking the "More Info..." button will open the System Profiler app. This handy application hold all sorts of useful information about the system. It lives at /Applications/Utilities/System Profiler.app.

There is also a command line version of this application called system_profiler. If you run this program without any arguments it will print all of the system's configuration information, separated into logical groupings. Syntax looks like this:
system_profiler
You can specify how much detail you want like this:
system_profiler -detailLevel [mini/basic/full]
Running this tool without any arguments will provide the standard level of detail for the output. Specifying the detail level will alter this. The "mini" setting will exclude personal information. The "basic" level will only print basic hardware and network information. The "full" level will print everything. This is a lot. On my MacBook Pro the output from the "full" detail level was over 24,000 lines. The standard output was only 830 lines.

You can also specify which categories to print the information about. For example, if you are only looking for information about serial ATA devices you can designate to only print the information for that category. To print a list of available categories use this syntax:
system_profiler -listDataTypes
Once you know what the relevant data types are called, you can specify that like this:
system_profiler [type1] [type2] [...]
So what use is this? The other day I wrote a script using this tool to quickly collect desired information about a group of Macs. One of the pieces of information I wanted to collect was the serial number. To do so you would use this syntax:
system_profiler | grep -m 1 "Serial Number:" | cut -d: -f2- > ~/Desktop/serialNo.txt

Broadcast messages to other users in Linux

Ever been connected to a multiuser Linux machine and wanted to broadcast a message to other users? Well there are a couple of ways to to this. If you want to broadcast a global message to all users then you will want to use the wall program. This tool reads from the standard input, which means that you will need to use the pipe functionality to send the results of other commands into it. For example:
echo "my message" | wall
This will print "my message" onto the terminal of all other users. Really though you can output the results of any command into wall.

If you only want to broadcast a message to another specific user, you can use the write program. The syntax for this command looks like this:
write [username] [TTY]
The username will specify which user you want to send messages to. TTY tells the system how that user is connected. You can obtain this by using this command:
w [username]
This will print out the username, TTY, where they are connected from if it is a remote connection, when they logged in, how long they have been idle for, some information about process times and if they are running any programs right now. If you run the w program without a username as an argument it will print this information for all connected users.

So connecting to a user named "phil" might look something like this:
write phil pts/2
Your prompt will disappear and anything you type will be sent to phil. If the other user wants to send messages back, he will have to use the write program to connect to you first. The other user will also get to see who is sending him messages.

To stop using the write program press ctrl+c to kill the current foreground process. If you want to intermittently send messages to another user and work on something else you can keep the write session alive by pressing ctrl+z. This will send the foreground task to the background and until called back to the forground by typing:
fg
If you don't want to receive messages in this way you can turn it off or back on with:
mesg [y/n]
If you use "n" as an argument it will disallow messages and if you use "y" it will allow messages. To see the current value just use the mesg command without any arguments.

Friday, June 5, 2009

Restart X Windows in Linux

In Linux,there are a number of different graphical environments (GNOME, KDE, Xfce, Fluxbox), but all of these run on top of the X Windows System, also known as X and X11. One of the great things about running Linux is that it is very stable, making reboots rarely necessary. Individual applications and services can be killed or restarted as necessary for configuration changes or if there is a problem.

Much like any other service, the X Window System is capable of freezing. This is annoying. However, forcing a hard reboot of the system is rarely necessary. Most Linux distros include a convenient keyboard shortcut for restarting X when this happens...or if you have to restart X for another reason. On your keyboard simply press:
ctrl+alt+backpace
This will immediately kill the graphical window environment and you will likely see some next on the screen. Give it a few seconds, as X restarts, and you will be presented with the standard graphical login screen. Now just log back in and go back to what you were doing.

In the latest version of Ubuntu, Jaunty Jackalope, this shortcut is disabled by default. This should also work for other distributions where is shortcut is not enabled. To enable it, first make a backup copy of your X config file:
sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.orig
Now open that file with a text editor, keep in mind that you will need administrator privlidges to do so. I usually do it like this:
sudo gedit /etc/X11/xorg.conf &
In my Jaunty installation, I had to add this next section:
Section "ServerFlags"
Option "DontZap" "false"
EndSection
If the section is absent for you, add it. If yours is present but instead says "yes" rather than "false" then change it. You will need to restart X before this change takes effect. The easiest way to do this is to log out and back in. Or you could reboot.

Tuesday, June 2, 2009

Set a static IP address in Ubuntu

Even though relying on DHCP to assign IP addresses is usually easier, sometimes setting a static address at a local machine is the right thing to do. In Ubuntu, this is accomplished by editing a few system config files. Different Linux distributions handle network configurations differently. This should work for Debian, Ubuntu, and other Debian based systems. RHEL/CentOS use a different networking configuration so this will not work on those systems.

If you are going from using DHCP to setting a static address, make sure you know the existing network configuration. Determine your existing IP address with:
ifconfig
Also you will need to know your default gateway:
route -n
For more details how to interpret the results of this command, check this post. When the system boots, the networking daemon reads /etc/network/interfaces to determine whether to start DHCP or not. You need to edit this file and input your desired networking information. This assumes you are using a machine with only a single network adapter. If you have more than one in your computer this may be different.

Make a copy of the original file for backup purposes:
sudo cp /etc/network/interfaces /etc/network/interfaces.original
Now open /etc/network/interfaces with a text editor. It should look something like this:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp
If yours doesn't have the section at the bottom for eth0, that's ok, you can add it in. My Ubuntu server had that section but my Ubuntu desktop did not. You need to change the section dealing with eth0 so it looks like this:
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

This assumes that you want an IP address of 192.168.1.10 and the default gateway is 192.168.1.1. Your configuration will likely be different. If you need to adjust your DNS servers, that is located at /etc/resolve.conf. First, make a copy of that file:
sudo cp /etc/resolve.conf resolve.conf.original
The servers the system will use for DNS are specified with their address preceeded by the word "nameserver." To add your default gateway as a nameserver, as it likely may be for you, make sure the file contains this line:
nameserver 192.168.1.1
Now all of these changes you have made will not take effect instantly. They will certainly take effect after you reboot. However, you can put them into effect now by restarting the networking daemon by typing:
sudo /etc/init.d/networking restart