Compile your own droid – Part 1a

Published
by
ben
on January 15, 2010
in Android and Mobile
. Comments

android-logoHere's a confession. My inner geek woke me up the next morning at 3:00 wondering whether my android build had completed. In the end sanity took hold again, and I went back to sleep. Quite lucky really as when I checked in the morning, the java compiler had crashed with a meaningless error.

An exception has occurred in the compiler (1.5.0). Please file a bug at the Java Developer Connection (http://java.sun.com/webapps/bugreport)  after checking the Bug Parade for duplicates. Include your program and the following diagnostic in your report.  Thank you.

java.lang.AssertionError: writePool E

at com.sun.tools.javac.jvm.ClassWriter.writePool(ClassWriter.java:513)
at com.sun.tools.javac.jvm.ClassWriter.writeClassFile(ClassWriter.java:1333)
at com.sun.tools.javac.jvm.ClassWriter.writeClass(ClassWriter.java:1211)
at com.sun.tools.javac.main.JavaCompiler.genCode(JavaCompiler.java:325)
at com.sun.tools.javac.main.JavaCompiler.compile(JavaCompiler.java:474)
at com.sun.tools.javac.main.Main.compile(Main.java:592)
at com.sun.tools.javac.main.Main.compile(Main.java:544)
at com.sun.tools.javac.Main.compile(Main.java:58)
at com.sun.tools.javac.Main.main(Main.java:48)
make: *** [out/target/common/obj/APPS/VpnServices_intermediates/classes-full-debug.jar] Error 41
make: *** Waiting for unfinished jobs....

After trying the most recent update of Java 1.5 I made a cry for help in the XDA forums. The answer seemed simple enough, try JDK1.6. I installed it and modified /home/ben/mydroid/build/core/main.mk, commenting out the lines that checked for Java 1.5. Then after a "make clean", and another "make -j2" (-j4 made my laptop burn up ...) it was building again, and this time finished!

I make a nandroid backup and wiped to factory settings (using Amon_RA's recovery image) flashed the resulting boot.img and system.img to my phone using fastboot:

fastboot flash boot boot.img
fastboot flash system system.img
fastboot reboot

Rebooted my device, and it worked! A very basic system though, no Market or Google Apps.

Next steps ... getting root, creating an update.zip, making my own kernel with compcache ... the list is actually endless, it's nice just to get this far.

In fact next step could be building from Cyanogen's Eclair sources. Will give it a go and post if it works...

Compile your own droid (for HTC Sapphire) – Part 1

Published
by
ben
on January 13, 2010
in Android and Mobile
. Comments

android-logoI thought I'd have a go at building Android 2.0.1 from source for the HTC Magic (AKA MyTouch 3G and HTC Sapphire). Mine is the 32B board from UK Vodafone - Google branded. Current most recent firmware from HTC for the device is Android 1.6, although Android 2.0.1 source code is available from Google. Android 2.0 roms are already available from xda-developers.com, but I wanted to see how hard it was to do it myself. Also if I'm successful this will be a place where all information will be in one place.

This is not rocket science by the way - this is my experience in following the guides from Google and HTC on Ubuntu 9.10. All of this information is already out there, just not necessarily all in one place in this format or adapted for this environment.

Building on Windows is not supported. I'm using Ubuntu 9.10 (32bit) on my laptop. Java JDK 1.5 is required, using 1.6 is supported but you have to make additional steps changing instances of "1.5" to "1.6" in makefiles. 64bit Ubuntu users may want to follow a different guide, not sure if any differences here could cause a build to fail.

Setting up your environment ready for development, install the following packages (reference):

sudo apt-get install git-core gnupg sun-java5-jdk flex bison gperf libsdl-dev libesd0-dev libwxgtk2.6-dev build-essential zipcurl libncurses5-dev zlib1g-dev valgrind

In Ubuntu 9.10 you can't get Java 1.5 using apt any more. I downloaded it from java.com and installed it in /usr/local/java/jdk1.5.0. Then:

ln -s /usr/local/java/jdk1.5.0/bin/java /usr/local/bin/java

If you try "java -version" it should tell you "Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)". Finally, edit your ~/.bashrc using vim and add the following to the end of the file:

export JAVA_HOME=/usr/local/java/jdk1.5.0/
export ANDROID_JAVA_HOME=$JAVA_HOME
export PATH=$PATH:/home/ben/bin:$JAVA_HOME/bin

Reload your .bashrc file using ". ~./bashrc".

Setting up repo - a Google tool to manage your Android source code repository:

cd ~
mkdir bin
curl http://android.git.kernel.org/repo >~/bin/repo
chmod a+x ~/bin/repo
mkdir mydroid
cd mydroid
repo init -u git://android.git.kernel.org/platform/manifest.git -b eclair

Answer the questions where prompted and then fetch the source code using:

repo sync

This bit takes a while ... when finished:

gpg --import

Paste in the GPG key at the bottom of this page and then press ctrl+D. Now we need the HTC binaries and kernel source to build specifically for the Sapphire.

wget --referer=http://developer.htc.com/google-io-device.html http://member.america.htc.com/download/RomCode/ADP/signed-google_ion-ota-14721.zip?

# line commented -- wget --referer=http://developer.htc.com/ http://member.america.htc.com/download/RomCode/Source_and_Binaries/sapphire.hep-357975db.tar.bz2
 

Now to do the final bit of setup and start the build (reference here):

cd ~/mydroid/vendor/htc/sapphire-open
./unzip-files.sh
cd ~/mydroid
. build/envsetup.sh
lunch aosp_sapphire_us-eng

Yes that is supposed to say "lunch", not "launch". Now the build can be started! One final thing is required to stop the build from crashing (reference):

cd ~/mydroid/external/webkit
git cherry-pick 18342a41ab72e2c21931afaaab6f1b9bdbedb9fa

Now we can start the build:

cd ~/mydroid
make -j4

Bah, I've got an error: "Your version is: /bin/bash: javac: command not found.". There's a problem with my path (which I have corrected above already).

export PATH=$PATH:$JAVA_HOME/bin

Now it's building. The HTC website advises this is now a good time to make a cup of tea, or take a nap. I'll revisit this tomorrow I think!

Google Wave invite, anyone?

Published
by
ben
on November 27, 2009
in Random stuff
. Comments

Google_Wave_logoI just joined Google Wave this week and I have 8 invites if anyone wants one ... leave me a comment or get in touch via Twitter (@ben_stokes) with your email address and I'll send one over. Personally I am not that amazed with it, not sure if it will catch on ... I think it should handle SMTP mail as well as 'waves', it's a bit too exclusive in its current form.

In other news there's been too much happening to have time to write about the interesting techy bits, I do have some new and useful bash and vbscripts which I'll probably post up in one big batch this week as I have some time off (woo). I've also been meaning to write some stuff about Android, yesterday I got Google Navigation working on my HTC Magic in the UK (currently it's only officially working in the USA). This was courtesy of xda-developers.com, see the link for details. It works really well, I feel sorry for anyone that bought CoPilot Live from the Market for £20 (ouch) ... as it looks like Google will be giving this out for free with Android 2.0 in the very near future.

The thin client project

Published
by
ben
on September 12, 2009
in Desktop Linux
. Comments

TuxOn our small remote sites we use HP thin clients to connect to applications using Citrix. The thin clients are Linux based, with 1Gb of flash memory for storage and running an HP customised version of Debian. The distro is basically a cut down Gnome desktop with Iceweasel (Firefox), and some HP branding and tools for backing up and restoring the client and for connecting to HP printers.

We've recently had some downtime with ADSL connections in these sites and wanted a contingency for network problems. We came up with the idea of 3G USB dongles and had bought a Vodafone one, but after testing it, the conclusion was this would not work without a lot of hacking about with the packages available in the HP Distro. However, after some testing in Ubuntu we found it worked perfectly with the most recent version of Network Manager. With Network Manager you can basically just insert the key and after a minute right-click the tray icon, select 'Vodefone 3G' and you're off (yes, incredibly it really is that good). So ... the challenge was to reconfigure our thin clients, so that:

- It used Ubuntu and Network Manager
- It could be easily deployed by a user from booting a USB stick
- Had a system to allow IT to make changes to the image and re-image the USB stick
- The USB sticks should be easily cloned to distribute to all remote offices.

I can't resist a good challenge, expecially when it involves tinkering with Linux.

1. Installing a lean and mean Ubuntu machine
This step was a challenge in in itself - Ubuntu Jaunty would not boot into a live session on this computer, (kernel modules were failing to load right at the start) and doing a basic text based install (with no GUI elements) pretty much filled the entire drive, give or take a few Mb!

I had partitioned the disk with no swap partition, 100Mb for home and 70Mb for boot. I set off by removing unwanted locales from the system using 'locale purge':

sudo apt-get install localepurge
sudo apt-get clean

I decided I would go for XFCE for the Window manager, since it was impossible to install a Gnome desktop without hundreds of megs of bloat. All I really need is a desktop with a web browser so installing a Gnome desktop seems like overkill.

sudo apt-get install xfce4

This automatically pulls in all of the dependancies, like the X-Window system. Next to start reclaiming used disk space. To find out which directories were using the most space I used du:

sudo du / -h --max-depth=1 | grep M

The main culprets were /usr/share and /lib. Deleting items from /lib is not advisable, removing the dependant packages and then using an 'apt-get autoremove' will tidy them up the clean way. I prefer to use Synaptic to do this rather than apt-get, some things are just better and faster using a GUI.

sudo apt-get install synaptic
xfce4-session

From within XFCE, I launched Synaptic and removed everything that was unnecessary. Afterwards went back into /usr/share and used du to locate the large DIR's again. I removed gimp files and unnecessary locales:

cd /usr/share
sudo rm -rf gimp
sudo mv locale/en .
sudo mv locale/en_GB .
sudo rm -rf locale/*
sudo mv en locale
sudo mv en_GB locale

Removed unnecessary docs, myspell and redundant openoffice.org components. Have no idea why these were even installed in the first place since the openoffice suite was not installed ... totally unnecessary bloat!

sudo apt-get remove myspell-en myspell-en-gb
sudo rm /var/lib/dpkg/info/openoffice* -f
sudo dpkg -r --force-remove-reinstreq openoffice.org-hyphenation-en-us
sudo dpkg --purge openoffice.org-hypnenation-en-us
sudo tar fzvc /home/docs.tgz doc --remove-files

I deleted /home/docs.tgz after a reboot, since nothing stopped working. :-)

Next got rid of unwanted XFCE themes:

cd /usr/share/themes
sudo mkdir ../themes_OLD
sudo mv * ../themes_OLD/
sudo mv themes_OLD/Def* .
sudo mv themes_OLD/Xfce* .
sudo rm -rf themes_OLD

Installed Firefox, usplash (pretty startup screen) and the all-important Network Manager:

sudo apt-get install firefox usplash network-manager

To get the Network Manager tray icon in XFCE, you just have to configure 'nm-applet' to start when XFCE is started. Tested Network Manager using the Vodafone 3G dongle and success, it worked first time! Citrix sessions actually run quite well over 3G too.

Once last package cleanup, for good measure:

sudo apt-get remove synaptic
sudo apt-get autoremove
sudo apt-get clean

This left me around 30Mb free on /, which is pretty much what I had started with on the HP/Debian distro.

Last few bits were configuring the user to auto login, installing printers using CUPS, installing the Citrix client (this goes into the users /home directory), setting desktop background, and a few other customisations, like configuring Firefox to automatically purge data when closed ... that 100Mb home partition would fill up pretty quickly otherwise.

The autologon to XFCE without a login manager was a bit tricky since Ubuntu uses Upstart to manage the startup sequence rather than the traditional Linux sysinit, since this is a bit unfamiliar to me I had to follow some guides on the Ubuntu forums to get it working. The community support is excellent though, which is one other reason we chose it in the move away from the HP thin client distro. There always seems to be someone before you who has already had the same problem!

2. User friendly imaging from a bootable USB stick
My weapon of choice for this initially was the Linux tool 'dd', which does block level duplication of partitions or sections of a disk quite easily. For example to clone the second partition on disk 'hda' to a file, you could use:

dd if=/dev/hda2 of=/myimages/thin_client_hda2.img

dd can also be piped into tar or zip to compress the output. One drawback is dd does also duplicate white space into the output file, so it's not the most efficient tool for the job. My tests with dd were not very successful, creating the image was fine, but writing the image back to disk always failed complaining it had run out of disk space.

I dumped dd and started looking into CloneZilla. It's an open source partition and disk imaging tool that boots from CD or USB and can dump a disk image locally, or to an NFS or Samba share. It is comparible to norton ghost in features but not quite as friendly in the GUI department, since the menus are all text based and keyboard controlled. Clonezilla can dump an image to usb attached or to windows or NFS shares and can even be set up as a PXE server to multicast images across a network and image multiple machines at once, but it's most common form is imaging a single machine in live mode. To dump a disk image locally I has to split my usb stick into 2 partitions : 500Mb for Clonezilla (formatted in fat32) and 1.5Gb for the partition images (formatted in ext3). This was necessary as you can't write images to the filesystem clonezilla has booted from.

I used unetbootin (awesome utility) to write the Clonezilla iso to the usb stick and make it bootable. You may notice unetbootin already contains a Clonezilla option, I did try using this but the stick that was created was somehow missing important files from /etc/ocs, so I'd advise downloading the latest iso from clonezilla first, and then just using unetbootin wo write the iso file.

unetbootin
Unetbootin

Next boot from the stick but instead of going into an interactive session, choose the command line mode. Grant yourself root access by using:

sudo su -

Edit the syslinux.cfg file to customise the boot menu.

vi /live/image/syslinux.cfg

If you've ever created a Linux PXE server you'll recognise the layout of this file. By editing this and passing different options to the kernel at boot, you can launch custom clonezilla scripts without user interaction. My syslinux.cfg looked like this ... the top menu item becomes the default, so this configuration will automatically restore the thin client from the usb stick if there is no interaction for 10 seconds - perfect for sending to users on remote sites.

default vesamenu.c32
prompt 0
menu title UNetbootin
timeout 100

label restore
menu label Restore image from USB stick
kernel /ubnkern
append initrd=ubninit boot=live union=aufs vga=788 ip=frommedia ocs_live_run="/live/image/pkg/custom-ocs-restore" ocs_live_extra_param="" ocs_live_keymap="NONE" ocs_live_batch="yes" ocs_lang="en_us.UTF8"

label backup
menu label Backup image to USB stick
kernel /ubnkern
append initrd=ubninit boot=live union=aufs vga=788 ip=frommedia ocs_live_run="/live/image/pkg/custom-ocs-backup" ocs_live_extra_param="" ocs_live_keymap="NONE" ocs_live_batch="yes" ocs_lang="en_us.UTF8"

label unetbootindefault
menu label CloneZilla Live Session
kernel /ubnkern
append initrd=/ubninit boot=live union=aufs    nolocales ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_keymap="" ocs_live_batch="no" ocs_lang="" vga=791 ip=frommedia

The ocs_live_run parameter in each stanza points to the custom script you want to run. These scripts have to exist in /live/image/pkg and be marked as executable. They can be called anything you like. Some examples already exist on the live cd, can't remember the exact location but I found them using:

find / -name "custom-ocs*"

My backup and restore scripts looked like this:

/live/image/pkg/custom-ocs-backup

#!/bin/bash

DRBL_SCRIPT_PATH="${DRBL_SCRIPT_PATH:-/opt/drbl/}"

. $DRBL_SCRIPT_PATH/sbin/drbl-conf-functions
. $DRBL_SCRIPT_PATH/conf/drbl-ocs.conf
. $DRBL_SCRIPT_PATH/sbin/ocs-functions

if [ -e /etc/ocs/ocs-live.conf ]; then   . /etc/ocs/ocs-live.conf; fi
ask_and_load_lang_set en_US.UTF-8

mkdir -p /home/partimag
mount /dev/sda2 /home/partimag

/opt/drbl/sbin/ocs-sr -q2 -c -j2 -z1 -i 2000 -p true savedisk "maverick-img" "hda"

/live/image/pkg/custom-ocs-restore

#!/bin/bash

DRBL_SCRIPT_PATH="${DRBL_SCRIPT_PATH:-/opt/drbl/}"

. $DRBL_SCRIPT_PATH/sbin/drbl-conf-functions
. $DRBL_SCRIPT_PATH/conf/drbl-ocs.conf
. $DRBL_SCRIPT_PATH/sbin/ocs-functions

if [ -e /etc/ocs/ocs-live.conf ]; then   . /etc/ocs/ocs-live.conf; fi
ask_and_load_lang_set en_US.UTF-8

mkdir -p /home/partimag
mount /dev/sda2 /home/partimag

/opt/drbl/sbin/ocs-sr -g auto -c -p true restoredisk "maverick-img" "hda"

I got stuck in a few places, the project maintainer (Steven Shiau) helped me out on the clonezilla forums (thanks Steven).

3. Cloning the USB stick

Gah ... well I've got this working using dd ... but I need a Windows tool that can do this since the IT Service Desk are all on Windows machines! Provided the partitions on the USB stick are the correct size, one can use:

dd if=/dev/sda1 of=/dev/sdb1 conv=notrunc
dd if=/dev/sda2 of=/dev/sdb2 conv=notrunc

What Windows tool can I use to do this ... don't really have the time to spend but I am thinking a 3rd option in the Clonezilla boot menu for duplicating the stick. Perhaps a 2nd part in the future to this already too long blog post!

Managing multiple PuTTys

Published
by
ben
on September 9, 2009
in Enterprise Linux
. Comments

I don't have any Linux cluster servers to look after but do manage 2 Linux server farms. They are similar to clusters in that they are both groups of RHEL servers that all have to have an identical config. The larger of these farms is 12 RHEL 5.3 servers, and to roll out changes to them all, I wanted to be able to make the change once, and after it was verified, make the same change on the other 11 servers. I started off by writing this script on server1:

#!/bin/sh

echo -n "Enter command to run (on one line): "
read STRING

for SERVER in server2 server3 server4 server5 server6 etc; do

echo -e "\033[1;31m$SERVER says:\033[m"
ssh $SERVER "$STRING"

done

echo -n "Do you want to run the command locally? (y/n) :"
read ANSWER

case "$ANSWER" in

y|Y) echo -e "\033[1;31mlocalhost says:\033[m"; $STRING ;;
N|n) exit 1 ;;
esac

For this to work I had to create ssh keys on each server using:

ssh-keygen -t dsa

And then install the newly generated key (~/ssh/id_dsa.pub) into the authorized_keys file on server1. This works for running simple commands one at a time.

For other tasks its sometimes necessary to manage multiple ssh sessions at once, for example to monitor resources using htop or tailing log files. On Linux you can use ClusterSSH (cssh) but this turned out to be a royal pain in the butt to get working on CentOS or RHEL. It worked OK in an Ubuntu VM but was a bit clunky and I felt there would be a better way of managing multiple PuTTy windows, since I am using a Windows 7 laptop for my day-to-day stuff.

There are quite a few goodies for this on the Links page on the Putty website and this is where I found Putty Command Sender. Quite simply you type your command into the command sender, and much like clusterssh, it sends it to all the putty windows you have open.

puttys
Putty Command Sender

It's not so great for editing files in Vi on 12 servers at once but it is possible - you can send cursor movements as well as lines of code or single commands. The only thing you have to watch out for in PuttyCS is that all Putty windows have updated before you start typing your next command, otherwise the last window to update may miss the first few characters of the next command.

Finally to launch my sessions in groups I'm using Putty Session Manager. Other alternatives are available but I found this one to be the best. It's lightweight nature fits in with Putty nicely.

I’ve had it with Vista.

Published
by
ben
on August 12, 2009
in Rants and Windows Vista
. Comments

My Vista computer is configured to automatically update every Tuesday at 5:00pm. Today it downloaded and installed the following patches:

- Windows Malicious Software Removal Tool - August 2009 (KB890830)
- Update for Windows Mail Junk E-mail Filter [August 2009] (KB905866)
- Security Update for Windows Vista (KB973540)
- Update for Microsoft Office Outlook 2007 Junk Email Filter (KB972691)
- Security Update for Windows Vista (KB971557)
- Security Update for Microsoft .NET Framework 2.0 Service Pack 2 (KB972594)
- Security Update for Windows Vista (KB956744)
- Security Update for Windows Vista (KB971657)
- Security Update for Windows Vista (KB973507)
  • - Windows Malicious Software Removal Tool - August 2009 (KB890830)
  • - Update for Windows Mail Junk E-mail Filter [August 2009] (KB905866)
  • - Security Update for Windows Vista (KB973540)
  • - Update for Microsoft Office Outlook 2007 Junk Email Filter (KB972691)
  • - Security Update for Windows Vista (KB971557)
  • - Security Update for Microsoft .NET Framework 2.0 Service Pack 2 (KB972594)
  • - Security Update for Windows Vista (KB956744)
  • - Security Update for Windows Vista (KB971657)
  • - Security Update for Windows Vista (KB973507)

One of these updates broke my network connectivity. The NIC was still available but DHCP was broken, and assigning a static address would not help. The device itself was functioning normally and nothing in the event log gave any clues. Looking in the update history in the Windows Update application, all of these security updates have the same description:

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it.

Microsoft, how about telling me what the hell is being patched, since I can't use the links to the technet articles as my network stack was broken. Not very helpful when I am trying to figure out which patch has wrecked the system.

Cold light of day edit: I realise this is a Microsoft problem, not neccessilary a Vista problem.

Luckily System Restore actually works, and returned me to where I started at 5:00 this afternoon, with everything working.

One final thing. Why is Vista such a resource pig? This computer is a dual core AMD64 2.30Ghz but it runs like its been eating pastry all day. As I am typing this, I have 4 apps open, my CPU is boiling over and my memory usage is over 1Gb. Why?! This PC is only used for web surfing, email and music.

Capture
Vista ... why oh why

OK - so ending the apps in my tray (Skype, Gladinet, MSN and Avast) have recovered a few hundred Mb, but I don't see why Vista is so bad at memory management compared to Windows XP, Windows 7 ... or for that matter any Linux distro ...

Well thats it, I can't be arsed troubleshooting it. I'm through with Vista. Time to backup, wipe and move on.

Install RHEL with Kickstart and no DHCP

Published
by
ben
on June 25, 2009
in Enterprise Linux
. Comments

I've been installing 16 RHEL 5.3 servers on a DR site, owned by our sister company. There is no DHCP server on the subnet which has stopped us using HP Rapid Deployment Pack to roll out the servers, but it was still possible to use Kickstart, by specifying the IP information as a parameter when booting from the RHEL CD (disk 1). The syntax goes like this:

boot: linux ks=http://server/kickstart.cfg ksdevice=eth0 ip=xx.xx.xx.xx netmask=xx.xx.xx.xx gateway=xx.xx.xx.xx dns=xx.xx.xx.xx

DNS servers can be comma separated if you want to specify more than one.

Scripts to make en mass changes to profile paths

Published
by
ben
on June 11, 2009
in Scripting
. Comments

We've been migrating shares on our main file server to a DFS share to give us some flexibility with our storage. Part of these changes involve migrating Profile Paths and Terminal Server Profile Paths to the new DFS share location. After the data was being synchronised by DFS we needed a way to change the Profile Path and TS Profile Path attribute on all accounts in part of our Active Directory. This cannot be done using AD Users and Computers - if you bulk select users in ADUC and bring up the collective properties, you will notice the TS Profile Path is not available for editing. There are a few free tools that can do this, notibly ADModify.NET, but we needed a way to script it so it could be run overnight, and also only make changes to the paths if one existed already.

ChangeProfilePaths.vbs.txt
ChangeTerminalServerPaths.vbs.txt

The scripts are pretty much identical, the only bits you need to change are these lines at the top:

SMTPServer = "mail.ukstokes.ad"
Set domain = GetObject("LDAP://OU=Company Users,DC=ukstokes,DC=ad")
NewTSPath = "\\ukstokes.ad\data\profiles$\users\"

The LDAP string needs to be changed to the starting point in your AD tree. Every OU underneath will be affected.

Also these 2 lines at the bottom:

objEmail.From = "ben@------.ad"
objEmail.To = "ben@------.ad"

The script will send an email at the end with a summary of the changes so you will need to change the From and To addresses accordingly.

Before making any mass changes like remember the golden rule to test it in an isolated environment first.

Set up a ‘honeypot’ router using Netfilter (iptables)

Published
by
ben
on June 4, 2009
in Enterprise Linux
. Comments

We're in the process of moving all servers from a legacy flat network to a new server VLAN. Each time a server is moved and is assigned a new IP address, there is a risk that some applications in the building might still try and connect to the server's old IP address rather than the DNS name. To log any attempts to reach the old IP address I've set up a 'honeypot' router using iptables and CentOS (as a small VMware machine). Each time a server is moved, the old server IP is added to the CentOS machine and and 2 rules are added in the iptables firewall to drop and log the incoming IP connections. The failed connections would usually logged to the console and the 'messages' log file, but alternatively these could be sent to a remote syslog server by specifying:

kern.*        @xx.xx.xx.xx

in the syslog.conf. In our case we're logging to our Cacti server and using the Cacti syslog plugin (from here) to view our Linux server and network switch syslogs in a central location.

iptables configuration
In a default installation of CentOS, iptables is already installed and running by default. There are only 2 changes to make; The first is to bind your additional IP address to your network card (usually eth0). This is done by creating a virtual device called eth0:1, by inserting this text into new file etc/sysconfig/network-scripts/ifcfg-eth0:1 (10.10.2.17 is the destination address of the incoming traffic that I want to log):

IPADDR=10.10.2.17
NETMASK=255.255.0.0

And then bringing up the virtual device using:

ifconfig eth0:1 up

In the iptables config file (etc/sysconfig/iptables) I added these lines in the RH-Firewall-1-INPUT chain:

-A RH-Firewall-1-INPUT -d 10.10.2.17 -j LOG --log-level 4 --log-prefix "OLD SRV1"
-A RH-Firewall-1-INPUT -d 10.10.2.17 -j DROP

Any traffic to 10.10.2.17 will now be logged in messages and the lines will be prefixed with "OLD SRV1".

Note about file paths: I'm getting an odd error when posting Linux file paths in Wordpress - putting a leading / in the path gives a 404 error. The paths I mentioned above should have a leading forwardslash "/".

Test post

Published
by
ben
on May 25, 2009
in Blogging and Random stuff
. Comments

Just a quick test so see if posting and collection via RSS is working since I have migrated to a new webhost. 

mingthecat

A cat selected at random