administration
Cisco IOS replace running config instead of merge
By default, if you do
# copy startup-config running-config
the startup config would be merged to the running one. The same happens if you use tftp:// or flash:// instead of startup-config. Eventually, there is a way to replace the running config. The command is:
# configure replace ftp://192.168.1.1/dyn1_bgp
Juniper Network Connect Eerror nc.windows.app.23711 Fix
Diagnosis for me was getting error nc.windows.app.23711 after a random amount of time running VPN to IVE.
According to Juniper forums and burgtrack [1, 2], The error message is caused by something changing your computer’s route table. It may be any application. hen it happens, you are going to receive similar message in a network connect log (when set to ‘Detailed info’ level: Advanced View -> Logs):
00218,09 2012/04/12 23:20:43.001 1 SYSTEM dsNcService.exe dsNcService p1612 t690 routemon.cpp:582 - 'rmon' Unauthorized new route to 10.95.48.228/192.168.1.7 has been added (conflicts with our route to 0.0.0.0), disconnecting
The message is not going to be the last one before you receive the error, you have to scroll a bit up to find it.
Since I had no Bonjour installed, I had to find anything what could change my routing table. I searched registry for IP address appeared in logs. It should have pointed me to a software abusing my routing. In the registry of mine the address appeared few times, all in printing settings. Most of the branches having ’10.95.48.22′ record had ‘Hewlett Packard’ record, or appeared in HP branch, or had other relation to HP. Since the soft belonged to HP, I had to prevent anything developed by HP from starting up with my system. I used autoruns by Sysinternals to disable all the HP-vendored soft. After the reboot I discovered my VPN connection would not interrupt. After enabling services one by one, I found out the issue was caused by
c:\windows\system32\hptcpmon.dll
I suppose it is some kind of driver or so. Most likely it is a part of printing driver ver 61.93.1.67 for HP LaserJet M2727 MFP Series PCL 6 on Windows 7 64 bit. But I’m still not 100% sure that the issue cause by the driver itself. It may be caused by Windows 7, who attempts to add a route to the installed TCP/IP printer.
Perl error “isvstring is only available with the XS version of Scalar::Util” fix
I faced the subj error after updating Perl package. It appears, Scalar::Util package is shipped with C-compiled modules which are not properly updated by yum. The workaround is manual package reinstalling:
wget http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Scalar-List-Utils-1.23.tar.gz && \ tar zxvf Scalar-List-Utils-1.23.tar.gz && \ cd Scalar-List-Utils-1.23 && \ perl Makefile.PL && \ make test install && \
Bringing Cisco IOS CLI to Linux CLI
There are few people on the globe who loves to work with Cisco and Linux via CLI. These people might have issues with trying to apply Bash/Vim syntax to IOS and vice versa. I’m certainly one of them. That’s why I can do the followng in my Bash:
$ show .bashrc | i return [[ "$-" != *i* ]] && return # return 0 # [[ -z $adir ]] && return 1 # [[ $? -ne 0 ]] && return 1 # [[ $? -ne 0 ]] && return 0 # return 0
It’s very handy for checking Cisco configs, stored on a Unix machines, without inverting your mind out. In fact, if you are in rush and tried to apply IOS syntax to Bash, you won’t be distracted by an error message, but you’d get a result you reqired.
$ show samle_conf.cfg | i spanning-tree spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id spanning-tree pathcost method long spanning-tree portfast spanning-tree portfast spanning-tree portfast spanning-tree bpduguard enable ...
It’s achieved very easily. You need to add some aliases to your ~/.bashrc file and relogin:
echo 'alias show="cat"' >> ~/.bashrc echo 'alias i="grep --color"' >> ~/.bashrc
Fixing SSH access on cisco via SNMP
Sometimes you may ecounter a situation, when your SSH is not properly configured, for example, if you forgot to generate SSL certificate before enabling transport input ssh on all vty lines, as I recently did. In this situation you might be lucky enough to have SNMP RW community string configured. In this situation you can fix literally everything.
There are no many configurable settings on cisco can be done via SNMP. But you can copy a prepared config to device via TFTP, RCP etc. You may download current device’s config to tftp server, edit necessary lines and upload it back. You may upload it to either running config, startup config or a flash file.
To download running config:
snmpset -v 1 -c rw_community hostname ccCopyProtocol.13 i 1 snmpset -v 1 -c rw_community hostname ccCopySourceFileType.13 i 4 snmpset -v 1 -c rw_community hostname ccCopyDestFileType.13 i 1 snmpset -v 1 -c rw_community hostname ccCopyServerAddress.13 a tftp_serv_ip snmpset -v 1 -c rw_community hostname ccCopyFileName.13 s "file_name" snmpset -v 1 -c rw_community hostname ccCopyEntryRowStatus.13 i 1
Edit on the server, and upload it back by the following commands. Be careful! If you upload to startup-config, IOS will not merge the uploaded config and the startup one, it will replace it instead. Do not upload partial sets of commands!. TO be on a safe side always I recommnd to never upload partial configs. Only necessary lines should be added/cancelled/corrected and the whole config should be uploaded.
snmpset -v 1 -c rw_community hostname ccCopyProtocol.13 i 1 snmpset -v 1 -c rw_community hostname ccCopySourceFileType.13 i 1 snmpset -v 1 -c rw_community hostname ccCopyDestFileType.13 i 4 snmpset -v 1 -c rw_community hostname ccCopyServerAddress.13 a tftp_serv_ip snmpset -v 1 -c rw_community hostname ccCopyFileName.13 s "file_name" snmpset -v 1 -c rw_community hostname ccCopyEntryRowStatus.13 i 1
If you ecountered situation with SSH with no generated certificate, You config might look like this:
line vty 0 4 length 0 transport input ssh line vty 5 15 transport input ssh exit
You should fix it to:
line vty 0 4 length 0 transport input telnet line vty 5 15 transport input telnet exit
Some commands can be cancelled with “no ” statment before the command. Some, as in above case, not.
Fedora LXDE UI Improvement Tips
Touchpad vertical scroll:
in file /usr/share/X11/xorg.conf.d/50-synaptics.conf
Section "InputClass"
Identifier "touchpad catchall"
Driver "synaptics"
MatchIsTouchpad "on"
MatchDevicePath "/dev/input/event*"
Option "VertEdgeScroll" "1"
EndSection
Option “VertEdgeScroll” “1″ – adds vertical scrolling
Restart X to take effect.
Adding keyboard layouts:
In file /etc/X11/xorg.conf.d/00-system-setup-keyboard.conf
Section "InputClass"
Identifier "system-setup-keyboard"
MatchIsKeyboard "on"
Option "XkbModel" "pc105+inet"
Option "XkbLayout" "us,ru"
Option "XkbOptions" "grp:caps_toggle,grp_led:num,terminate:ctrl_alt_bksp"
EndSection
Define layouts to be used
Option “XkbLayout” “us,ru”
Define switching keys:
Option “XkbOptions” “grp:caps_toggle,grp_led:num,terminate:ctrl_alt_bksp”
grp – key to switch
grp_led – Keyboard LED to highlight a layout
terminate – shortct to kill X
Restart X to take effect.
Doomer
С прошедним днем сисадмина, братья!
Windows-like Behavior in Fedora
Fedora did a thing I hated in Windows. It collected enough system files to flood my root partition over the years of usage.
[root@hp ~]# df -h
Filesystem Size Used Avail Use% Mounted on
rootfs 15G 14G 403M 98% /
udev 996M 316K 996M 1% /dev
tmpfs 1004M 1.5M 1003M 1% /dev/shm
/dev/sda2 15G 14G 403M 98% /
/dev/sda1 485M 166M 294M 37% /boot
/dev/mapper/luks-6e55a54f-c3c6-45d9-99d3-a6d8015b2baa
97G 16G 76G 18% /home
/dev/sda6 117G 105G 5.9G 95% /home/t1/media
Top space consumers are:
[root@hp ~]# du -sh /* 156M /boot 370M /lib 7.3G /usr 5.3G /var [root@hp ~]# du -sh /usr/* 550M /usr/bin 1.2G /usr/lib 1.9G /usr/lib64 3.4G /usr/share [root@hp ~]# du -sh /var/* 3.9G /var/cache 890M /var/lib 407M /var/spool [root@hp ~]# du -sh /var/cache/* 1.1G /var/cache/abrt-di 2.8G /var/cache/yum
A workaround:
[root@hp ~]# rm -rf /var/spool/abrt/* [root@hp ~]# rm -rf /var/cache/abrt-di/usr/lib/debug/.build-id/* [root@hp ~]# rm -rf /var/cache/yum/* [root@hp ~]# df -h Filesystem Size Used Avail Use% Mounted on rootfs 15G 9.3G 4.5G 68% /
Enough for preupgrade now!
Linux random passwords generation
This post is more a note to myself than a message I want to deliver to me struggling readers. There are two utilities for generating random passwords and one hack-around.
pwgen
Generates MANY passwords simultaneously. Very handy if somebody is behind your back watching you.
[root@hp ~]# pwgen OVo4jiev Cohkah0r Iesev0ec thefuz0F asho6Zai em3tok5I Quoogh2k leeRuhi1 Eica7gie aew1ieTh Ukeewie3 Tee3aesa zasiCie7 iey9Ugho Eex5phae aip2ohHe uL8AGee2 bux8rohX Aiv1voo2 AeS5thie uli1Shai aeWee0ai sha6aeV2 ni2Oong4 ahji7AiW rei0za9A uK1eih8a phoo4Aih taiGh0ab uod2ho8I tooX9coh jeeC5pie ohxiCh7u oluif8Co OhTieC7e Phuro0sh eeca7Atu yee3Aeve Iwi1nige aiyu3Ein AiCee0ba eC5Saehi voa2Aina ge4eiWee che8EeD2 Ait5ohth aQuahp4o oosou2Si wa3aitiZ fah2oGhu do8oor5A Ied9Erob Caizei5a meeFai6b roh8WooW Lah8ieph Eixoh6zi Cee8eidi eeChah6I eMohrij7 Zeisu0ha oech6Ae9 cioreT6p ee2Ohsha Uu6yae5V zohShea8 Eizubo9r Reek2eiv Aak0veb7 phei3Ife onaeh7Oo jaiMopi9 Phohm9vi Ai3EeYie aequeeN8 eCiug9ei keiRee6I Aikei9wo tugh5Pae yie4maTu eiH5Jei4 aeChia4I ahs3seeS eeg6Pa7M pei8Jooy ih1phiDu jee1ai4U uuY6eRai wee5si4I ui2AhSoa Shee9EeB ahV4oof9 cei3pheZ iB5daw3u saegh4Lo Waroo1ah aeth1Loo ohReesh4 Saidae7o meB7tha6 Eetae9Oh meiyiR5e AeTooc3c Bu0ou0se Ahree5Of eiwuJie9 Cuogh7ae eekeeB8V ruu0Yoqu angie1Ki Oang3eeb Oobe9jiP Loo3Oova yieNee0n moo2aiSh aem6ooD3 Paehoh2w xee6Ooph acahph2A kooGu5Ie hag2Buon chah4Bii xaequ4In Ooy9Lohk oophoh4N Oo5Roh4a Phe8choo xa2Thoo4 XahBoo4j eeHah2ai Quaico6D Lauh0eiF Eiv9ga9c ih9pooPh aedeLaS3 ohleiGo2 aPh7wivi le4Xah9d lahl4Hei shu2Kuch OhfeDi7z Aengaej7 Phie4oom eige6Fae Xaesh2Ju iN7Coh3S The8Ij4z kae0OGhi Shei6ohp RooReim6 Pheih3Ai Aikah8sh taiph4Ei kaoRoh1f om0moh3S uaphee7E lab4Xu9k kahh3saZ ain8Zeic Uu1fohvo
apg
Generates few random passwords.
[root@hp ~]# apg johebud6 VuwejThig1 TegtuIdNi FlabEpNeec bytjeewk voyHatadd5
Unix hacker’s way.
This way is considered to be insecure, but Jesus! Who would know you have used this freaking way!
for ((n=0;n<10;n++)); do dd if=/dev/urandom count=1 2> /dev/null | base64 | sed -ne 2p | cut -c-8; done