How to reverse engineer a subnet
Oct 30th
Alright.. Alright! everbody have their own method to reverse engineer a subnet… Here is a technic and way that works for me and might work for you.
Let’s take a random private ip.
IP: 192.168.1.95/27
And let’s try to figure out its network range.
In such case, we will take the lowest subnet octect, which here is 224 (remember that a subnet bit of 27 is 255.255.255.224)… let’s therefore convert it into binary.
224 = 11100000 (decimal to binary)
[tip: a quicker way, would be since we have the bit size of the subnet, 27, we therefore know, we have have 27 bits.. which leaves us on the last octet with 3 bits of 1... which results in 11100000]
Now to find the increment that defines the IP range, we take the lowest network bit, which going from left to right is the third “1″… which results in 100000.
Now, let’s convert 100000 into decimal to find that network increment.
100000 = 32 (binary to decimal)
So our network range increment is 32. That means we have 30 possible hosts per network + the network IP + the broadcast IP.
To find the network range of our private IP 192.168.1.95, let’s start incrementing by creating the different possible ranges out of the 1.0 network
This gives us
192.168.1.0 – 192.168.1.31 (30 hosts)
192.168.1.32 – 192.168.1.63
192.168.1.64 – 192.168.1.95
—— etc….
Now we can see that our IP is found in the IP range 192.168.1.64 – 192.168.1.95, which gives us the information that the network of the subnet 255.255.255.224 and IP 192.168.1.95 is 192.168.1.64, which broadcast IP is 192.168.1.95.
Till later,
5 basic Apache security tips
Oct 29th
Here are just few things to keep in mind when setting up Apache and undergoing a quick security audit.
1. Turn off TRACE or TRACK Methods on Apache
A Trace or Track method is a debug method used to debug webserver connections. A server supporting Trace connections can be subject to cross-site scripting attacks, dubbed XST for “Cross-Site Tracing” (cf to http://www.apacheweek.com/issues/03-01-24)
To disable Trace or Track methods… make sure first that mod_rewrite is enabled, then
RewriteCond %{REQUES_METHOD]^(TRACE|TRACK)
RewriteRule .* – [F]
safe guard editor
Oct 29th
If you are like me, or a very experienced admin, you will realize that while running servers in production, you are more likely prompt to modify configuration files on the fly.
Now, one advise I give to any junior administrator, is to first of all backup any files they wish to modify. Running the cp command before editing a file, could be an hassle, especially when we are in a hurry.
The following tip isn’t a Bash scripting lesson as you will see but merely a safe guard concept, every admin could adopt to prevent downtime and headaches 
.
Here is a little bash script that I usually set up on servers whenever I am prompted to modify configuration files on the fly.
#!/bin/bash stamp=$(date +%s) /bin/cp $1 $1.$stamp /bin/vi $1 echo "Would you like to delete $1.$stamp ?" read choice if [ "$choice" = "yes" ]; then rm -f $1.$stamp fi
As you can see the script is very basic and straight forward, whenever the script is called such as “./vis filenameA”, it will make a copy of filenameA to filenameA. + the number of elapsed seconds since 01/01/1970 … it then opens up the file in my favorite editor ‘vi’ and prompt me later on if I wish to delete the backup file…
Now, you could modify this file, add more check conditions, spice up things but the idea behind it, is to create the automatic backup of files when they are being edited.
Save this script in a file.. chmod +x thescript (let’s call it vis)
Move it into the /bin folder and create an alias (alias vi=”vis”)
There you go…from now on, whenever you edit a file, you shouldn’t fear if you make a mistake or delete any important variable options.
Cheers,
Sqlite – install and hack fix
Oct 26th
Weather it is installing a software or recompiling a package, dependencies/libraries problems are always around the corner to make the life of a sys admin more complicated than it is.
This Howto is more of a fix type than an overview on how to configure Sqlite. One day I was confronted to the challenge to install sqlite on a server when I got this error after compilation “offset error”
To fix the problem, I have edited the sqlite.c file… looked for the method
static unsigned char arg3_force_ref[] = {3, BYREF_NONE, BYREF_NONE, BYREF_FORCE };
then commented it out like this
// static unsigned char arg3_force_ref[] = {3, BYREF_NONE, BYREF_NONE, BYREF_FORCE };
I have then followed to replace
function_entry sqlite_functions[] = {
PHP_FE(sqlite_open, arg3_force_ref)
PHP_FE(sqlite_popen, arg3_force_ref)
with
function_entry sqlite_functions[] = {
PHP_FE(sqlite_open, third_arg_force_ref)
PHP_FE(sqlite_popen, third_arg_force_ref)
Save the file, recompile and install with make / make install
and voila proceed to normal install.
cheers,
Quick Script to monitor a process
Oct 22nd
There are numerous programs such as monit which are widely used as to monitor processes and take certain actions in case of different events.
Here is a little tip as to quickly monitor an service/process if you aren’t wanting to go through the hassle to configure monit
#!/bin/bash
r=$(ps cax |grep -c NAME_PROCESS)
if [ $r -eq 0 ]; then
service NAME_PROCESS restart
echo “NAME_PROCESS has crashed” | mail -s “monitoring SERVERID” your_Email_Address
fi
Save this as an executable, set up a cron and voila
Good luck,