Greg Albrecht

Systems generate a lot of email. If you’re a sysadmin, you already know this. If you work with sysadmins, then you’re to blame (ok, maybe not). In either case, dealing with system email is time consuming, and the signal-to-noise ratio is low. More often than not these emails are ignored (procmail FTW!).
Is this a good thing? No.
Why?
These emails are generated for a reason, and that reason is usually that there’s something amiss on your system. Instead of /dev/null’ing all of these useful nuggets, why not mine them with Splunk?

In this How To we’ll setup a catch-all Postfix server and use it to Splunk all of your system generated email.
Read More »

From Bruce Perens K6BP:

Dear Fellow Amateurs,
You may have seen the news that Interop has returned its IP address
block to ARIN. See
http://arstechnica.com/business/news/2010/10/embargoed-interop-gives-back-a-months-worth-of-ipv4-addresses.ars

This was done as a means of prompting other organizations that hold
large, mostly-unused blocks – that means us – to return them now that we
are approaching the exhaustion of available IPV4 addresses.

Amateur Radio holds a block of 16 million IP addresses that are mostly a
relic of past operation. When TCP/IP over 1200 baud packet was
interesting, the IP address pool was far from exhaustion and holding
that block had no cost to the general public. Now, Amateur Radio is a
very significant contributor to the problem of global IPV4 address
exhaustion.

Obviously it is true that everybody must convert to IPV6. As Amateurs,
technically competent and in complete control of our own networking
infrastructure, this is an easy place for us to lead. It isn’t so for
the global internet. Commercial internet providers must struggle with a
tremendous technically-naive user pool who must be guided through
conversion or provided with address translation kludges that will cause
service problems, routing hardware that can’t be converted to IPV6, and
a tremendous expense of converting all of this infrastructure and
training users and their own staff that has come at a really bad time
economically.

Thus, I suggest that Amateurs would be fulfilling their social duty to
the public by returning an address pool that they no longer need as soon
as possible, and leading in conversion of their remaining and future
TCP/IP operations to IPV6.

This isn’t like giving up a frequency band that will never be returned -
equivalent IPV6 address blocks are available to us, and the IPV6 address
space is astronomical in size compared to IPV4.

Many Thanks

Bruce Perens K6BP

WHO: VOLUNTEERS ARE NEEDED FOR THE FOLLOWING OPPORTUNITIES

Caregivers –  must have current CPR Pro or BLS certification, in addition to professional license / certifications.

Recorders -  must have current lay CPR certification and First Aid.

Communicators -  need to be FCC licensed HAM radio operators and have a dual band HAM hand held radio.

WHAT: Nike Women’s Marathon, San Francisco

WHEN: Sunday, October, 17th 2010

3:30 AM – (time to be  confirmed) until 2:30 pm

Note:    This is 3:30 AM Sunday morning until 2:30 p.m. Sunday afternoon

WHERE: Staging Area: Pier 54, San Francisco

Free T-shirt, Breakfast, Lunch & much more!

REGISTRATION IS TO BE COMPLETED ONLINE :

http://www.surveymonkey.com/s/2010NikeMarathon

Please scan & email copies (front and back) of certificates and licenses to NikeStaffing@redcross-bayarea.org or FAX them to (415) 963-4430.

Any questions, email Nikestaffing@redcross-bayarea.org or call (415) 427-8092.

According to San Francisco’s very own @sf311, the Public-Safety Answering Point (PSAP) Emergency number is 415-553-8090. The Non-Emergency number is 415-553-0123. Enjoy.

…and I’m only publishing this here because it’s near impossible to find via Google on an iPhone.

Required Packages

From the Solaris 10 OS Companion Software CD install the packages below, this will get you up and running with Ruby 1.3.5:

1. SFWruby
2. SFWrline
3. SFWncur
4. SFWcoreu

Install & Update RubyGems

In this step we’ll install a version of RubyGems compatible with our version of Ruby, 1.3.5.

cd /tmp
wget http://production.cf.rubygems.org/rubygems/rubygems-1.3.5.tgz
gtar -zxf rubygems-1.3.5.tgz
cd rubygems-1.3.5
/opt/sfw/bin/ruby setup.rb
/opt/sfw/bin/gem install rubygems-update
/opt/sfw/bin/gem update --system

Who the hell is Steve?

To avoid the error message below, run:

mkdir -p /export/home/steve/work/usr/src/tools
ln -s /usr/sfw/bin/gcc /export/home/steve/work/usr/src/tools/gcc

make
/export/home/steve/work/usr/src/tools/gcc -I/usr/sfw/include -I/export/home/steve/work/proto/root_i386/opt/sfw/include -I. -I/opt/sfw/lib/ruby/1.8/i386-solaris2.10 -I/opt/sfw/lib/ruby/1.8/i386-solaris2.10 -I. -fPIC -g -O3 -Wall -c generator.c
sh: /export/home/steve/work/usr/src/tools/gcc: not found

Install Chef with RubyGems

gem install chef

Oh no!

At this point you’ll get this error when attempting to run ‘chef-client’:

ld.so.1: ruby: fatal: relocation error: file /opt/sfw/lib/ruby/gems/1.8/gems/json-1.4.2/ext/json/ext/json/ext/parser.so: symbol RSTRING_PTR: referenced symbol not found
Killed

Worry not! See below.

Replace json with json_pure

gem uninstall json
gem install json_pure --version 1.4.2
cat /opt/sfw/lib/ruby/gems/1.8/specifications/json_pure-1.4.2.gemspec | sed s/json_pure/json/g > /opt/sfw/lib/ruby/gems/1.8/specifications/json-1.4.2.gemspec
cp -pr /opt/sfw/lib/ruby/gems/1.8/gems/json_pure-1.4.2 /opt/sfw/lib/ruby/gems/1.8/gems/json-1.4.2

Victory!

chef-client

[Wed, 08 Sep 2010 17:21:09 -0700] INFO: Client key /etc/chef/client.pem is not present – registering
[Wed, 08 Sep 2010 17:21:10 -0700] WARN: HTTP Request Returned 404 Not Found: Cannot load node stress10.
[Wed, 08 Sep 2010 17:21:11 -0700] INFO: Starting Chef Run (Version 0.9.8)
[Wed, 08 Sep 2010 17:21:11 -0700] WARN: Node stress10. has an empty run list.
[Wed, 08 Sep 2010 17:21:11 -0700] INFO: Chef Run complete in 0.830921 seconds
[Wed, 08 Sep 2010 17:21:11 -0700] INFO: Running report handlers
[Wed, 08 Sep 2010 17:21:11 -0700] INFO: Report handlers complete

Done!

ANNOUNCEMENT: Upcoming Disaster Communications Treasure Hunt on Saturday, September 18th from 9:00AM to 1:00PM.

The American Red Cross Bay Area (ARCBA) San Francisco Disaster Communications Team (DComms) is holding a Communications Treasure Hunt on Saturday, September 18th from 9:00AM to 1:00PM at Pier 54, San Francisco, CA. The goal if this exercise is to gain experience in these areas:

1. Radio communications in a dense urban environment.
2. Formal message handling.
3. Establishing and operating a radio traffic net.
4. Working with communications volunteers of different skill levels.
5. Incident Management techniques.
6. Radio programming and theory.

THIS EVENT IS OPEN TO ALL RED CROSS VOLUNTEERS. All existing Red Cross volunteers are invited to attend, prior radio experience nor possession of a radio license is required. This will be a field exercise, so please bring comfortable walking shoes or a personal mode of transportation (bicycle, skates, scooter, etc). Lunch will be served!

If you are interested in attending this exercise, please RSVP by Friday, September 17th:

• RSVP by email: arcba.dcomms@gmail.com
• RSVP by phone: 1-415-504-2721

For more information please contact the ARCBA SF Disaster Communications Team:

• Email: arcba.dcomms@gmail.com
• Phone: 1-415-504-ARC1 (1-415-504-2721)
• Twitter: http://twitter.com/dcomms
• Web: http://arcba.net/teams/sfo
• Calendar: (web): http://bit.ly/dcomms-cal
• Calendar (iCal): http://bit.ly/dcomms-ical

Sincerely,
Greg Albrecht & Lawrence Lin
SF Disaster Communications Leads
American Red Cross Bay Area
85 Second Street, 8th Floor
San Francisco, CA 94105

Following up on my article on single booting Solaris on a MacBook Pro, what follows are almost identical instructions for single booting Ubuntu 10.04 Lucid Lynx on a MacBook Pro. There are two key differences with this procedure:

1. A Master Boot Record (MBR) partition table is not necessary to boot Ubuntu.
2. The hard drive must be blessed after installation.

Prerequisites

1. MacOS X Install DVD (any version, OEM or full)
2. Ubuntu 10.04 Install CD (server or desktop)

Overview

• Using a MacOS X Install DVD format the disk with a single partition. (Phase I)
• Boot from the Ubuntu 10.04 Install CD and install Ubuntu. (Phase I)
• Boot from the MacOS X Installation DVD once more and bless the hard drive. (Phase II)

Read More »

“Health Care Is A Right, Not A Privilege”

Outside of my day job I spend a vast amount of my time providing volunteer disaster response and communications for the American Red Cross Bay Area. This past weekend, however, I was invited to embed with the Rock Medicine team at San Francisco’s Outside Lands 2010 festival in Golden Gate Park. This volunteer group of medical professionals and care takers provide free-of-charge emergency medical services at large events throughout California. (For more information on Rock Medicine please see the Haight Ashbury Free Clinic or the San Francisco Medical Society.) What follows are observations I made while in the field with Rock Med. Read More »

In this article I’ll describe how I use Splunk and Notifo to alert me whenever someone tries to login to my system with invalid credentials. Notifo is push-based notification service for mobile phones, in our example we’ll be using the iPhone.

Overview

1. Setup a Notifo account.
2. Install the Notifo app on your iPhone.
3. Install the notifo.py Python module.
4. Install the splunknotifo.py Python alert script.
5. Setup splunknotifo.py
6. Setup saved search.

Assumptions

• This process assumes that you’ve got Splunk installed and monitoring a file containing sshd log messages.

Steps

Read More »

Say you’re working at a log search company and you need to quickly generate some SSH Invalid User errors for searching or alerting within your product.

while true; do 
  ssh -o PreferredAuthentications=publickey bob$RANDOM@localhost;
  sleep 240;
done

This should generate some messages in your logs (/var/log/secure.log under MacOS) like:


Aug 10 10:06:03 jupiter sshd[73325]: Invalid user bob30582 from ::1