Tuesday, July 26, 2005
Using apcupsd to monitor a UPS
By Vincent Danen, TechRepublic
Most server systems, regardless of what OS they are running, are connected to a UPS to ensure uptime in the event of power fluctuations, brief power outages, brown-outs, etc. Using a UPS is a great way to ensure data safety by preventing the machine from turning off immediately if the power goes out.
However, in an extended power outage--when the downtime exceeds the capacity of the UPS battery--unless you have a system in place to monitor the status of the UPS, all that is being done is delaying the amount of time it takes for the system to halt.
A tool such as apcupsd, from http://sourceforge.net/projects/apcupsd/, can be used to monitor the status of the UPS and trigger a shutdown event prior to the battery being drained. This allows the system to shut down clean in the event of an extended power loss.
Most Linux distributions come with apcupsd and if not, building it from source is as trivial as building most other software from source. Keep in mind that apcupsd only works with APC-brand UPS devices--both serial- and USB-based. To determine if the system recognizes your USB-based UPS, you can check the USB device table by executing:
By examining this list, you should see the APC USB listed when it is connected. You will also need to modify the configuration file, /etc/apcupsd/apcupsd.conf in most cases, and tell it the type of UPS you have with the UPSNAME, UPSCABLE, and UPSTYPE directives. The configuration file is well commented and you can define how much battery power must remain before initiating the shutdown, etc. A number of scripts are included in the /etc/apcupsd/ directory that control various aspects of what apcupsd does when it detects power loss, power return, etc.
Having a UPS is a good idea no matter what type of system you are running, but setting up the UPS for automated shutdowns will go a long way in preventing data loss or corruption due to unexpected power loss.
Vincent Danen has been using Linux for nearly two years and has obtained his Linux Administrator certification from Tekmetrics.com.
Most server systems, regardless of what OS they are running, are connected to a UPS to ensure uptime in the event of power fluctuations, brief power outages, brown-outs, etc. Using a UPS is a great way to ensure data safety by preventing the machine from turning off immediately if the power goes out.
However, in an extended power outage--when the downtime exceeds the capacity of the UPS battery--unless you have a system in place to monitor the status of the UPS, all that is being done is delaying the amount of time it takes for the system to halt.
A tool such as apcupsd, from http://sourceforge.net/projects/apcupsd/, can be used to monitor the status of the UPS and trigger a shutdown event prior to the battery being drained. This allows the system to shut down clean in the event of an extended power loss.
Most Linux distributions come with apcupsd and if not, building it from source is as trivial as building most other software from source. Keep in mind that apcupsd only works with APC-brand UPS devices--both serial- and USB-based. To determine if the system recognizes your USB-based UPS, you can check the USB device table by executing:
# cat /proc/bus/usb/devices
By examining this list, you should see the APC USB listed when it is connected. You will also need to modify the configuration file, /etc/apcupsd/apcupsd.conf in most cases, and tell it the type of UPS you have with the UPSNAME, UPSCABLE, and UPSTYPE directives. The configuration file is well commented and you can define how much battery power must remain before initiating the shutdown, etc. A number of scripts are included in the /etc/apcupsd/ directory that control various aspects of what apcupsd does when it detects power loss, power return, etc.
Having a UPS is a good idea no matter what type of system you are running, but setting up the UPS for automated shutdowns will go a long way in preventing data loss or corruption due to unexpected power loss.
Vincent Danen has been using Linux for nearly two years and has obtained his Linux Administrator certification from Tekmetrics.com.
Monday, July 18, 2005
Wireless Protocol Choices
There are three common wireless protocols right now. A protocol is a format for transmitting data. When you go to buy your wireless hardware, you will need to be familiar with the different protocols to choose the right hardware for the protocol you want to use.
802.11a
This protocol is mostly used in large offices right now. 802.11a is not nearly as common as b or g. You probably won't be using this.
802.11b
This is the most common protocol in use right now. At 11Mbps, 802.11b is slower than g, but b is the protocol used by most public wireless hot spots in coffeehouses, airports, hotels, and some college campuses. 802.11b cards also have the best support in Linux.
802.11g
The 54Mbps speed of 802.11g makes it the fastest protocol, but Linux support is lacking for many g network cards. Look around online to find which of the latest cards for the g protocol are supported. If you do buy 802.11g hardware and you have a laptop, buy hardware that also supports the b protocol; then you have flexibility when trying to get online when you are out and about.
802.11a
This protocol is mostly used in large offices right now. 802.11a is not nearly as common as b or g. You probably won't be using this.
802.11b
This is the most common protocol in use right now. At 11Mbps, 802.11b is slower than g, but b is the protocol used by most public wireless hot spots in coffeehouses, airports, hotels, and some college campuses. 802.11b cards also have the best support in Linux.
802.11g
The 54Mbps speed of 802.11g makes it the fastest protocol, but Linux support is lacking for many g network cards. Look around online to find which of the latest cards for the g protocol are supported. If you do buy 802.11g hardware and you have a laptop, buy hardware that also supports the b protocol; then you have flexibility when trying to get online when you are out and about.
Setting up a reverse SSH tunnel
By Vincent Danen, TechRepublic
SSH is an extremely useful tool in that it allows you to do many things in a secure fashion that you might not otherwise be able to do.
One of the things SSH allows you to do is to set up a reverse encrypted tunnel for data transfer. Typically, when you initiate an SSH tunnel, you forward a port on the local machine to a remote machine which can allow you to connect to an insecure service in a secure way, such as POP3 or IMAP. However, you can also do the reverse. You can forward a port on the remote machine to the local machine while still initiating the tunnel from the local machine.
This is useful if you have a service on the remote end that you want to have connected to something on the local machine, but you don't wish to open up your firewall or have SSH private keys stored on the remote machine. By using a reverse tunnel, you maintain all of the control on the local machine. An example usage for this would be for logging messages; by setting up a reverse SSH tunnel, you can have a logger on the remote system send logs to the local system (i.e., syslog-ng).
To set up the reverse tunnel, use:
What this does is initiate a connection to remote.mydomain.com and forwards TCP port 1100 on remote.mydomain.com to TCP port 1100 on local.mydomain.com. The "-n" option tells ssh to associate standard input with /dev/null, "-N" tells ssh to just set up the tunnel and not to prepare a command stream, and "-T" tells ssh not to allocate a pseudo-tty on the remote system. These options are useful because all that is desired is the tunnel and no actual commands will be sent through the tunnel, unlike a normal SSH login session. The "-R" option tells ssh to set up the tunnel as a reverse tunnel.
Now, if anything connects to port 1100 on the remote system, it will be transparently forwarded to port 1100 on the local system.
SSH is an extremely useful tool in that it allows you to do many things in a secure fashion that you might not otherwise be able to do.
One of the things SSH allows you to do is to set up a reverse encrypted tunnel for data transfer. Typically, when you initiate an SSH tunnel, you forward a port on the local machine to a remote machine which can allow you to connect to an insecure service in a secure way, such as POP3 or IMAP. However, you can also do the reverse. You can forward a port on the remote machine to the local machine while still initiating the tunnel from the local machine.
This is useful if you have a service on the remote end that you want to have connected to something on the local machine, but you don't wish to open up your firewall or have SSH private keys stored on the remote machine. By using a reverse tunnel, you maintain all of the control on the local machine. An example usage for this would be for logging messages; by setting up a reverse SSH tunnel, you can have a logger on the remote system send logs to the local system (i.e., syslog-ng).
To set up the reverse tunnel, use:
$ ssh -nNT -R 1100:local.mydomain.com:1100 remote.mydomain.com
What this does is initiate a connection to remote.mydomain.com and forwards TCP port 1100 on remote.mydomain.com to TCP port 1100 on local.mydomain.com. The "-n" option tells ssh to associate standard input with /dev/null, "-N" tells ssh to just set up the tunnel and not to prepare a command stream, and "-T" tells ssh not to allocate a pseudo-tty on the remote system. These options are useful because all that is desired is the tunnel and no actual commands will be sent through the tunnel, unlike a normal SSH login session. The "-R" option tells ssh to set up the tunnel as a reverse tunnel.
Now, if anything connects to port 1100 on the remote system, it will be transparently forwarded to port 1100 on the local system.
Wednesday, July 13, 2005
Wiki: Cygwin
Tuesday, July 12, 2005
我用FreeMind - 野路子::吴鲁加的blog
Ballmer: We are so much smarter now - Software - News - ZDNet Asia
Monday, July 11, 2005
Set up open source Jabber to run your own IM service
By Vincent Danen, TechRepublic
Instant messaging is perhaps one of the most popular forms of communication on the Internet outside of e-mail. A number of different protocols exist, but most of these protocols are controlled by large corporations: Microsoft controls MSN, AOL controls AIM, and so forth.
If you're in a corporate setting and feel the need for instant messaging for employees, or run a Web site and want to offer a private IM service, using these third-party-controlled IM services isn't the best way to go, especially if you may be discussing sensitive or private things. Instead, setting up a private, controlled-by-you service may be appropriate.
Jabber is an open source protocol with a number of clients for different platforms and a few different servers. The licenses of the servers and clients may vary, but the jabberd server, from the Jabber Software Foundation, is freely available and is simple to set up. You can download jabberd2 from http://jabberd.jabberstudio.org/2/. Compilation and installation is a breeze with the typical:
$ ./configure --prefix=/usr/local
$ make
# make install
You will need to have the IDN and OpenSSL libraries installed to build against, and by default, Jabber uses a MySQL database for the authentication back-end (although you can use PostgreSQL, OpenLDAP, Berkeley DB, or PAM instead).
The jabberd server uses a number of different programs to handle different parts of the whole service, and you will need to configure each of these. In the /usr/local/etc/jabberd/ directory you will find a number of XML files; these are the configuration files for each separate service. Setup is quite simple if you follow the excellent Installation and Administration Guide document on the home page.
Jabber has made it easy to run your own instant messaging service using an open protocol that anyone can implement and use. By controlling authentication on the server, you can write your own Web front-end to handle signups for accounts, and you can wrap the entire connection to the server in SSL to prevent snooping.
Vincent Danen has been using Linux for nearly two years. He has also obtained his Linux Administrator certification from Tekmetrics.com
Instant messaging is perhaps one of the most popular forms of communication on the Internet outside of e-mail. A number of different protocols exist, but most of these protocols are controlled by large corporations: Microsoft controls MSN, AOL controls AIM, and so forth.
If you're in a corporate setting and feel the need for instant messaging for employees, or run a Web site and want to offer a private IM service, using these third-party-controlled IM services isn't the best way to go, especially if you may be discussing sensitive or private things. Instead, setting up a private, controlled-by-you service may be appropriate.
Jabber is an open source protocol with a number of clients for different platforms and a few different servers. The licenses of the servers and clients may vary, but the jabberd server, from the Jabber Software Foundation, is freely available and is simple to set up. You can download jabberd2 from http://jabberd.jabberstudio.org/2/. Compilation and installation is a breeze with the typical:
$ ./configure --prefix=/usr/local
$ make
# make install
You will need to have the IDN and OpenSSL libraries installed to build against, and by default, Jabber uses a MySQL database for the authentication back-end (although you can use PostgreSQL, OpenLDAP, Berkeley DB, or PAM instead).
The jabberd server uses a number of different programs to handle different parts of the whole service, and you will need to configure each of these. In the /usr/local/etc/jabberd/ directory you will find a number of XML files; these are the configuration files for each separate service. Setup is quite simple if you follow the excellent Installation and Administration Guide document on the home page.
Jabber has made it easy to run your own instant messaging service using an open protocol that anyone can implement and use. By controlling authentication on the server, you can write your own Web front-end to handle signups for accounts, and you can wrap the entire connection to the server in SSL to prevent snooping.
Vincent Danen has been using Linux for nearly two years. He has also obtained his Linux Administrator certification from Tekmetrics.com
Friday, July 08, 2005
说一说如何配置Oracle的MTS Part1 [Oracle]
CSDN技术中心 继续说一说Oracle的MTS
Monday, July 04, 2005
Configure firewalls with Firestarter
July 4, 2005
Configure firewalls with Firestarter
Every computer needs a good firewall for protection against various threats on the Internet. One recommendation is to use a hardware-based device to protect your computer or network, but an "out-of-the-box" device is not always sufficient--it may not be powerful enough, or it may not require the features you need. Fortunately, Linux makes a secure firewall, and with some older hardware, you can set up a dedicated firewall system.
When you're working with a Linux firewall, manipulating iptables can be daunting. Even comprehensive packages like Shorewall require a fair amount of knowledge and time to configure. Using a GUI tool with a walk-through wizard, such as Firestarter, is typically much easier than fiddling with text-based configuration files and shell scripts. However, you should note that Firestarter still identifies iptables as a pre-requisite, because it simply configures iptables rules for your firewall.
Firestarter uses an intuitive GUI interface to explain, step-by-step, each item that's configured. The initial wizard tells Firestarter whether or not you use DHCP, whether or not to allow Internet Connection Sharing (which is a must if you use the machine as a dedicated firewall for your network), and which is the internet-connected interface.
Another nice feature about Firestarter is that you can define an outbound traffic policy, which allows you to be permissive or restrictive by default. You can fine-tune the services and sites that are denied or accessible. In addition, you can easily add a new rule by clicking on the list space in the Policy tab and selecting Add Rule. Common service names are listed for easy selection.
With a slick GUI and comprehensive help, both in the program and online, Firestarter is an excellent firewall management tool. To download or find out more information about Firestarter, visit this Web site.
Vincent Danen has been using Linux for nearly two years and obtained his Linux Administrator certification from Tekmetrics.com.
Configure firewalls with Firestarter
Every computer needs a good firewall for protection against various threats on the Internet. One recommendation is to use a hardware-based device to protect your computer or network, but an "out-of-the-box" device is not always sufficient--it may not be powerful enough, or it may not require the features you need. Fortunately, Linux makes a secure firewall, and with some older hardware, you can set up a dedicated firewall system.
When you're working with a Linux firewall, manipulating iptables can be daunting. Even comprehensive packages like Shorewall require a fair amount of knowledge and time to configure. Using a GUI tool with a walk-through wizard, such as Firestarter, is typically much easier than fiddling with text-based configuration files and shell scripts. However, you should note that Firestarter still identifies iptables as a pre-requisite, because it simply configures iptables rules for your firewall.
Firestarter uses an intuitive GUI interface to explain, step-by-step, each item that's configured. The initial wizard tells Firestarter whether or not you use DHCP, whether or not to allow Internet Connection Sharing (which is a must if you use the machine as a dedicated firewall for your network), and which is the internet-connected interface.
Another nice feature about Firestarter is that you can define an outbound traffic policy, which allows you to be permissive or restrictive by default. You can fine-tune the services and sites that are denied or accessible. In addition, you can easily add a new rule by clicking on the list space in the Policy tab and selecting Add Rule. Common service names are listed for easy selection.
With a slick GUI and comprehensive help, both in the program and online, Firestarter is an excellent firewall management tool. To download or find out more information about Firestarter, visit this Web site.
Vincent Danen has been using Linux for nearly two years and obtained his Linux Administrator certification from Tekmetrics.com.