May 302011
Where is SysRQ?

Where is SysRQ?

First of all.

It happens.

Don’t panic.

When the Kernel sees an error that can’t be avoided with his casual means, Kernel panics.

This can be seen as an error message in console and with blinking “Caps lock” and “Scroll lock” indicators on your keyboard. Even if something happened, you are in and you can’t see the console Panic message but see the blinking LED indicators – Kernel has panicked. You don’t have access to your system anymore.

Again. Don’t panic. This error is sometimes seen as often as BSOD in Windows vintage ’98.

Most of the present day editors will auto-save your work often, so you probably have a work copy of your document from 5 minutes ago. This is not a reason to panic. The only reason to be a bit wary is, the hard drive needs to be synchronized with the cache. To execute the command “sync” with panicked Kernel is actually quite possible (see below).

The system invokes Panic when there is unrecoverable error. It’s locked out, so there is no future harm, data loss or security breach. It’s not necessarily something bad. You only need to restart and have a look what actually broke.

There are few things you need to do for graceful restart.

  • Get back control of your system (keyboard)
  • Synchronize the cache with the disk.
  • Issue a clean sigTerm and sigKill on all processes.
  • Reboot, so you can have a look at logs and what the hell broke.

There are magic key strokes, that can do all of this and they are invoked by holding “Alt + SysRq” and pressing some of the buttons of the character keyboard.

  • Alt + SysRq + R will try to Retake back the keyboard,
  • Alt + SysRq + E will try to gracefully tErminate all processes so they flush and clean,
  • Alt + SysRq + I will send signal kIll to all processes,
  • Alt + SysRq + S will Sync,
  • Alt + SysRq + U will Unmount and
  • Alt + SysRq + B will reBoot.

If you have a look at the letters REISUB and read backwards, you will get BUSIER. So just remember BUSIER for next time the system goes BUSY with Kernel Panic 😀

There is longer way to remember it, but I never liked it. It’s “Reboot Even If System is sUper Broken”. In my opinion BUSIER is much easy to remember. Just remember to apply it backwards or you will simply just reboot with Alt + SysRq + B.

So, now we can have a look, what happened to our Kernel that led to panic. Have a look at /var/log/messages and search for the last restart logged. (less uses the slash-sign for searching. Just press “/” and write “restart”. Then with “/” and “Enter” you issue find-next, until no more are found)

Something obviously gone bad with the Bluetooth USB I inserted in the machine. Problem found, but I will not try to bore you to death with details.

Anyway. If you try to execute those Keystrokes without panicked Kernel (REISUB while holding Alr+SysRq), you will make graceful sync + reboot on your machine. If you do only the “RE” part while in X, you will close everything and make it to Login screen really fast. And if you do Alt+SysRq+S, you will sync all unsaved cache to HDD. Good to know.

If yow want to learn all possible Alt + SysRq key strokes and what they do, refer to the Kernel archives here, and happy hacking 😉

 Posted by at 3:50 pm
May 252011

WordPress is so far the blog software that I liked most. Tried few others, but this one beats them with easiness and intuitive work. Supports tons of good stuff and is very often updated by the developers team.

I assume you already have latest Apache and MySQL installed. If you don’t, please get the latest packages from Slackware and install them:

(Edit 01 march 2012) You may also need to edit httpd.conf and enable the php application manually by typing this in the end of file:

(Missed it, and added it thanks to gr1ph for posting it in LinuxQuestions forum).

There, you are set with a web server and a database server. If you are using an old Slackware, I suggest full update to -current. First of all, latest Apache has all the security quirks and perks for a lazy Administrator like me and mod-PHP built-in which can be enabled with 1 command in total. And second – What I’ve learned in the last 10 years of system administration is “Don’t be a victim to exploits of old and obsolete software packages, when you are running your own servers”. The script kiddies never sleep. My own server is scanned for open exploits 10 to 15 times each day.

There was once a bug, that created the directories in /var/lib/mysql with owner root:root. Please check if this is so and make them to mysql:mysql. No databases will be created if you leave them this way and even your root account will not be able to use the mysql. (you may want to have a look at this guide too)

If you know or can do alone all of the above – The WordPress itself in few steps.

What we need in this config file? Imagine you did everything I suggested above, the file should look like this:

… but of course, I suggest you don’t use the user and password from this howto 🙂 at least I did not.

So, that’s it. Everything in the backend is set and working.

The only thing left is to set WordPress from its wp-admin panel. Start a browser and go to this address
Set the title of your new blog and setup an user and password for login (not necessarily the same as the ones we used above, this will be your web-admin user). When you are done, check your new blog is there.

Login and set various settings as your site name, your design template and so on.

If this whole article is a bit hard and look like gibberish in japanese – try installing it in Windows. It’s not “that hard”.

 Posted by at 4:54 pm
May 182011

What is a transparent bridge and why to use it?

Few lines of dry theory first:

  • Transparent bridges are used for various tests and security applications.
  • Sniffing traffic. (I did this a lot when I worked as QA)
  • Delaying traffic and adding loss for testing purposes.
  • Logging part of the traffic, without the user notice.
  • Firewalling packets, not intended for your network without additional routing.
  • Other, we don’t want/need explained (as shaping your GF PC, because she uses too much BW for music while you play MMORPG, or simply spying on her chat logs.)
Simple bridge

Simple bridge

Basically, we need a Slackware (or any other) Linux box with 2 NICs (network interface cards). In this scenario, we will make a transparent bridge suitable for sniffing traffic and introduce you to some software for this needs. The PC behind the Slackware box should be set with the TCP/IP settings to access the Internet. The bridge we set in front of this PC will be absolutely transparent for any packets passing between the PC and your service provider switch. Have a check if you have the following commands: tc, brctl, tcpdump:

The packages we need for this are coming with your distribution and no additional software is needed. Those packages are probably already installed. However, if you made minimal install or did not put category Network, now is the time:

What’s left to do is to enable the linux box to bridge the connection between the Internet and our PC:

The bridge is actually up and running after 10 to 15 seconds depending on how fast your Linux box is and what kernel you use. If your ISP is filtering your MAC address in his database, change yours according to the one of your PC’s network card:

In this case, you need to rewrite your PC’s MAC address with something else (even random one). Because there will be duplicate MAC address and your Linux box will complain about it. With this set, your home PC will have bridged connection to the ISP with one transparent linux box in between.

The sniffing itself, can be done in 2 ways. With tcpdump and with Wireshark. The first is quick and elegant, the second is pretty and powerful.

The above explained, -c 100 means get 100 packets (c=count), -i br01 does not need explaining and -w writes at a specific dump file. More for the .pcap extension, below.

Capture interfaces

Capture interfaces

If we want the same done with Wireshark, we need to have some Xorg installed and some neat window manager as xfce4 (my own preference since KDE 4.x become one hell of a process spawning Hydra too big for a pentium 4 single core with some cheap video card). You may get this powerful software from its  website. The best  part in Wireshark is compatibility with tcpdump files captured with console. They are both based on the library libpcap and don’t need much transformation of the data they operate with.

Captured file

Captured file

So if you need more depth in the packet analysis, get Wireshark and learn how to use it. If the Linux box has console only (You may prefer it that way), use tcpdump to capture traffic and analyze it in Wireshark. The only minus is, Wireshark is more useful on the bridge, much more interactive and can create an ACL list for you directly from the captured traffic. If you want specific address, that’s bugging you filtered – go to the ACL menu and generate iptables rule with 2 clicks and just apply it. It works like a charm.

Now, if we want to delay the traffic a bit, we need to set some additional rules for traffic control. In a nut shell:

Lots of other stuff can be done with this bridge and Netem (network emulator) but it is far beyond this simple guide.

For further reading.

 Posted by at 6:32 pm