Iodine server with public IP:

#> apt-get install iodine

For "good" connection i used a mtu of 256 through my provider DNS.
On local network no mtu change was necessary.

/etc/default/iodine

START_IODINED="true"
IODINED_ARGS="-m 256 -l IODINE_SERVER_IP 10.0.0.1 tunnel.DOMAIN"
IODINED_PASSWORD="mypassword"

#> sysctl -e net.ipv4.ip_forward=1
#> iptables -t nat -A POSTROUTING -s 10.0.0.0/255.255.255.0 -o eth0 -j MASQUERADE

Bind9 server:

zonesfile:

zone "DOMAIN" in {
    type master;
    file "/etc/bind/zones/DOMAIN";
    allow-query { any; };
};

zone "tunnel.DOMAIN" in {
    type forward;
    forward only;
    forwarders {
        IODINE_SERVER_IP;
    };
};

zonefile:

tunnel      1D   IN   NS    tunnelhost
tunnelhost  1D   IN    A    IODINE_SERVER_IP

Client:

#> apt-get install iodine
#> iodine -m 256 -P mypassword tunnel.DOMAIN
#> route add default gw 10.0.0.1


Well it seams that my provider drop's packets with some payload in it:

#> ping -c1 -s 109 10.0.0.1 fails

but

#> ping -c1 -s 109 -p ff 10.0.0.1 succeeds


[ view entry ] ( 1429 views )   |  print article

---

Each partition of plugged in usb stick's should be accessible with automount.

My mountpoints will be /media/usb/part0, /media/usb/part1, ...

Example:

The fist plugged stick has two partitions. The second only one.

/media/usb/part0 ... first stick partition one
/media/usb/part1 ... first stick partition two
/media/usb/part2 ... second stick partition one

If the second stick is plugged in first:

/media/usb/part0 ... first stick partition one
/media/usb/part1 ... second stick partition one
/media/usb/part2 ... second stick partition two

/etc/udev/rules.d/90-local.rules

ACTION=="add", BUS=="usb", SUBSYSTEM=="block", KERNEL=="sd?[0-9]*", \
NAME="%k", PROGRAM="get_usbdisc_symlink", SYMLINK+="%c", OPTIONS+="nowatch"

OPTIONS+="nowatch" avoids removal by udev of the symlink after unmounting

/lib/udev/get_usbdisc_symlink

#!/bin/sh -e

. /lib/udev/rule_generator.functions

[ -h /dev/usbpart0 ] && \
echo usbpart$(raw_find_next_available $(ls /dev/usbpart[0-9]*)) || \
echo "usbpart0"

exit 0

#> apt-get install autofs5

/etc/auto.master

#+auto.master
/media/usb /etc/auto.usb --timeout=5 --ghost

My usb sticks will be unmounted after 5 seconds not being in use.
With "--ghost" /media/usb/partX will automatically created.

/etc/auto.usb

part0 -fstype=auto,noexec,nodev,nodiratime,noatime,nosuid :/dev/usbpart0
part1 -fstype=auto,noexec,nodev,nodiratime,noatime,nosuid :/dev/usbpart1
part2 -fstype=auto,noexec,nodev,nodiratime,noatime,nosuid :/dev/usbpart2
part3 -fstype=auto,noexec,nodev,nodiratime,noatime,nosuid :/dev/usbpart3
part4 -fstype=auto,noexec,nodev,nodiratime,noatime,nosuid :/dev/usbpart4
part5 -fstype=auto,noexec,nodev,nodiratime,noatime,nosuid :/dev/usbpart5
part6 -fstype=auto,noexec,nodev,nodiratime,noatime,nosuid :/dev/usbpart6
part7 -fstype=auto,noexec,nodev,nodiratime,noatime,nosuid :/dev/usbpart7

To have readwrite access for users add ",uid=$UID,gid=$GID"

For more partitions extend the lines.



[ view entry ] ( 2106 views )   |  print article

---

useradd -s /bin/false -m SFTPUSER
mkdir /home/SFTPUSER/.ssh
ssh-keygen -t rsa -b 2048 -N '' -f /home/SFTPUSER/.ssh/id_rsa
chown -R SFTPUSER:SFTPUSER /home/SFTPUSER/.ssh
chmod 600 /home/SFTPUSER/.ssh/id_rsa

/etc/ssh/sshd_config:

Subsystem       sftp    internal-sftp

Match user SFTPUSER
    PasswordAuthentication no
    AllowTcpForwarding no
    X11Forwarding no
    ForceCommand internal-sftp
    ChrootDirectory /chroot

chown root:root /chroot
mkdir /chroot/SFTPUSERDIR
chown SFTPUSER:SFTPUSER /chroot/SFTPUSERDIR

echo "put FILENAME" | \
sftp -oIdentityFile=/home/SFTPUSER/.ssh/id_rsa \
     -oTCPKeepAlive=no -oServerAliveInterval=15 \
     SFTPUSER@localhost:SFTPUSERDIR

[ view entry ] ( 2452 views )   |  print article

---

* do partition alignment

Check if aligned at http://www.techpowerup.com/articles/other/157

Theodore Ts'o's blog post is somewhat misleading, as even that manufacturer's MLC SSDs have an erase block size of 512KiB (PDF), like OCZ's drives - not 128KiB. You're better off running fdisk -H 32 -S 32 /dev/sda, which will align partitions to 512KiB, and mke2fs -b 4096 -E stride=128,stripe-width=128 -t ext4 (128 * 4096B = 512KiB).

for partitioning see http://www.ocztechnologyforum.com/forum ... sing-fdisk

But without ATA TRIM your drive writes will decrease (depending on write usage)

The only solution seams to secure erase the whole drive and do a reinstall

* add "elevator=noop" to /boot/grub/menu.lst


Some tips i found but think this came from a myth:

* use a tempdir for logs

/etc/fstab
tmpfs /var/log tmpfs defaults,noatime,mode=0755 0 0
tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0
tmpfs /var/tmp tmpfs defaults,noatime,mode=1777 0 0

/etc/rc.local
for dir in apparmor apt ConsoleKit cups dist-upgrade fsck installer news samba unattended-upgrades; do
mkdir -p /var/log/$dir
done

* Set Firefox Cache to RAM
in about:config set browser.cache.disk.enable to false

* change the file system mount options on SSDs to "noatime"

[ view entry ] ( 2156 views )   |  print article

---

I want to rsync to a remote host to a given directory.

local-host:

ssh-keygen -t rsa

keyfilename: ~/.ssh/rsync
ssh-copy-id -i .ssh/rsync rsyncuser@remote-host

rsync files with ssh:

rsync -vaHxr --delete \
      -e "ssh -i ~/.ssh/rsync -c arcfour -o Compression=no -x" \
      LOCALDIR rsyncuser@remote-host:

remote-host

/home/rsyncuser/.ssh/authorized_keys:

from="192.168.0.2,",command="/home/rsyncuser/validate-rsync.sh",
 no-pty,no-agent-forwarding,no-port-forwarding
 ssh-dss 012345678...

limit access with from (optional).
On sucessfully ssh login command is executed.
Read More...

[ view entry ] ( 2472 views )   |  print article

---

<<First <Back | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | Next> Last>>

- Page Generated in 0.0436 seconds | Site Views: 15734