ubuntu 8.10 (intrepid ibex) troubles with an old Acer Travelmate 630 
I could not run the ubuntu live installcd and also the alternate hang sometimes. After a successful install X freezes. I tried to boot with various boot options. Only with acpi=off my system seams to working but with fan running and no battery info. An older knoppix was running, so i decided to install older ubuntu kernels and saw my system running with a gutsy kernel (2.6.22) but not with a hardy kernel (2.6.24).

What changed inside the kernel?

After searching a lot i found pci=nommconf.

It seams that something in the way pci is configured has changed.

script to rescue/backup a raid1 system and restore from a cd with initramfs 
Searching for a rescue system that creates a bootable CD to restore my system i found mkcdrec. Because sometimes things (mkcdrec/debian/ubuntu) changes and i had to test and patch for new mkcdrec versions, so i droped it.

Then i started to make a live CD with debian-live and make my install script by myself. I also dropped it (long boottime and had too much to hack to let it work like i wanted).

Now i had the idea to build my own script that tar's my system and builds a bootable cd. I liked the idea of initramfs to extend it like i will and it boots much faster. The only drawback is that all things are hardcoded and have to be changed for every system i backup. But its only a single script: Read More...

block ssh brute force attacs / prevent synflooding 
With iptables module recent you can limit the count of tcp connection attempts. In my case i allow only 3 ssh connection attempts per minute. This stops script kiddies doing ssh brute force attacs.
iptables -N synflood
iptables -A synflood -p tcp --dport ssh -m recent --set --name SSH
iptables -A synflood -p tcp --dport ssh -m recent --update \
--seconds 60 --hitcount 4 --name SSH -j DROP

iptables -A INPUT -p tcp -m state --state NEW -j synflood
iptables -A FORWARD -i $OUT -p tcp -m state --state NEW -j synflood

Wildcard certificate with virtual hosts and one IP 
NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:443>
ServerName one.domain.at

SSLEngine on
SSLCertificateFile /etc/ssl/certs/domain.at.pem
SSLCertificateKeyFile /etc/ssl/private/domain.at.key

CustomLog /var/log/apache2/one.access.log combined
ErrorLog /var/log/apache2/one.errors.log

<VirtualHost *:443>
ServerName two.domain.at

SSLEngine on
SSLCertificateFile /etc/ssl/certs/domain.at.pem
SSLCertificateKeyFile /etc/ssl/private/domain.at.key

CustomLog /var/log/apache2/two.access.log combined
ErrorLog /var/log/apache2/two.errors.log
$SERVER["socket"] == "" {
ssl.engine = "enable"
ssl.use-sslv2 = "disable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.at.pem"
ssl.ca-file = "/etc/lighttpd/ssl/cacert.pem"
$HTTP["host"] == "one.domain.at" {
server.name = "one.domain.at"
server.errorlog = "/var/log/lighttpd/one_error.log"
accesslog.filename = "/var/log/lighttpd/one_access.log"
server.document-root = "/var/www/one"

$HTTP["host"] == "two.domain.at" {
server.name = "two.domain.at"
server.errorlog = "/var/log/lighttpd/two_error.log"
accesslog.filename = "/var/log/lighttpd/two_access.log"
server.document-root = "/var/www/two"

postfix with no local delivery 
All mails for local accounts should be transfered to a central mailserver.

Sender email should look like USER@HOST.DOMAIN and all mails should be delivered to root@DOMAIN.

Usually /etc/aliases is used, but in my case local delivery is disasbled.

myhostname = HOST.DOMAIN
myorigin = $myhostname
relayhost = $mydomain
mydestination =
local_recipient_maps =
inet_interfaces =
local_transport = error:local delivery is disabled
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical


