Linux on Aaron's Worthless Words

Netbox Upgrade Play-by-play

Tue, 25 Apr 2023 00:00:00 +0000

I just upgraded my Netbox server from v2.7.6 to v3.4.8. This is just a record of what I did in case anyone want to know how I did it.

Environment

The source v2.7.6 server is an Ubuntu 18.04 VM. Yes, both are very old.
The destination v3.4.8 server is an Ubuntu 20.04 VM.
We have no media, scripts, or reports in Netbox.
I’m running Virtualbox on my laptop to do the data migrations.

A Quick Intro to Google's Capirca

Sun, 11 Apr 2010 00:00:00 +0000

Yeled left a comment earlier this week asking if I’d seen Google’s Capirca. I’d heard of it and checked out some presentation slides on it, but I’d never actually tried it out, so, in keeping with the script, I downloaded it to see what it could do. Remember, now, that I’ve been playing with it for about 2 hours now, so I’m no expert on its use.

Capirca is a Python-based solution that Google came up with to automate ACL creation on their many thousands of routers around the world. You can’t blame them for wanting to automate it, either. How many times do you think they ran into problems with typos or keying errors from their network guys across those devices?

An Interesting Problem with Multiple DCs on a Stick

Tue, 24 Mar 2009 00:00:00 +0000

We talked about running multiple data centers on a stick back in August, which is where you have multiple logical pairs of client and server VLANs on a single CSM for different tiers or functions. The big point of the article was that you had to do some fancy forwarding to get a server-initiated connection from one server VLAN to appear out the appropriate client VLAN. Well, we ran into an interesting issue with the given solution.

VLANs on Linux

Thu, 19 Feb 2009 00:00:00 +0000

My home network has a Linux box running IPTables as it’s center point, and, since there are four networks, it has 4 NICs and 4 cables into the switch. I kept running into problems with the NICs (they would reorder depending on what flavor of Linux was installed), so I wanted to consolidate the NICs down to 2 – one for the Internet link and one for the LAN segments with 802.1q tagging.

Unix Epoch + 1234567890 = Next Friday

Tue, 03 Feb 2009 00:00:00 +0000

I’m kind of an obsessive-compulsive when it comes to numbers (1, 2, 3, 4, 5…), so I’m fairly excited about next Friday (..6, 7, 8, 9, 10…) when Epoch time reaches 1234567890 at 18:31:30 on 13 February(…11, 12, 13, 14, 15…). I’m sure my ADD will kick in (Oh, look. A squirrel!) right before, but I’ll try to remember to run to a Linux box and type date +%s (…16, 17, 18, 19, 20! Made it!).

Leap Second

Fri, 02 Jan 2009 00:00:00 +0000

Did anyone notice (or care about) the leap second? I did neither. Here’s some cool output from Kevin Oberman on the NANOG list, though.

bash-2.05b# date Thu Jan 1 00:59:58 CET 2009 bash-2.05b# date Thu Jan 1 00:59:59 CET 2009 bash-2.05b# date Thu Jan 1 00:59:60 CET 2009 bash-2.05b# date Thu Jan 1 01:00:00 CET 2009 bash-2.05b# date Thu Jan 1 01:00:01 CET 2009 bash-2.05b#

Free and Awesome Network Tools

Sun, 18 Nov 2007 00:00:00 +0000

We all have limited budgets these days. Long gone are the days of unlimited resources and uncontrollable expansion of the network, so it’s important that any network dude or dudette pay attention to the open-source world. Below is a list of stuff I use at the office and at home to monitor, trend, and alert the network. All this stuff is free and runs on Linux to save even more cash.

A Simple BGP Lab with Dynamips/Dynagen

Sat, 10 Nov 2007 00:00:00 +0000

I assume you take every word I say to heart and that you’ve been using Dynamips/Dynagen for a few days now, right? Good. That’s a start, but let’s break down a simple lab to make sure everyone’s on the same page. I run my labs on Linux most of the time, so you’ll see my commands for that platform. You’re a smart one, so you can figure out what to do on Windows. :)

Finding Hosts on Layer 2

Thu, 27 Sep 2007 00:00:00 +0000

Most firewalls should block [tag]ICMP[/tag] requests to them, so how do you know that your router or server has layer-2 connectivity to one? It’s pretty elementary, actually, but I’ve found that not a lot of people know this trick. If you ping the firewall, it will receive the ICMP packet and drop it per the rulebase. In this process, though, the firewall has to answer [tag]ARP[/tag] requests, which will be stored in the router or server’s ARP table. If you see it in there, you have connectivity.

Using a Linux Box as a File Server

Thu, 30 Aug 2007 00:00:00 +0000

Ever heard of Samba? You should.

Samba is an open-source project “that provides seamless file and print services to SMB/CIFS clients.” That’s from the project’s website, but what the hell does it mean? In a nutshell, it’s an open-source application that lets non-Windows machines share files and printers with Windows machines. In most cases, people use Samba to share files on a Linux box in a really simple setup. I’ve read about several cases, though, where superhuman admins have used Samba machines to set up a Windows domain. I’m talking full-scale domain login, domain machine registration, and everything. I tried that once and all my Windows machines stopped working. It sucked.

Port Knocking

Sat, 11 Aug 2007 00:00:00 +0000

A few months ago, a friend of mine told me about the concept of port knocking, where you send packets to a server on certain ports to authenticate access to the box. A daemon running on your server detects the sequence of packets that you send and runs a script (usually IPtables commands), waits a certain amount of time, then runs another script (usually to take the IPtables commands out). This seems like a good way to get access to your home firewall from anywhere without having to open up access to the whole Internet.

The Principle of Least Privilege

Fri, 10 Aug 2007 00:00:00 +0000

The Principle of Least Privilege says that users or applications should only have access to the what it needs to access and that access should be as limited as possible. This idea can be applied to any number of things, but it is a very important topic when talking about security.

The idea is that processes, users, modules, or whatever can only access what they need to in order to function. This keeps users in check since they don’t have any access to anything outside their home directories (or whatever). It keeps developers in check since their code can only access a small set of files or processes. It keeps hackers in check since the Apache server they’re hacking can’t access the password file. It even keeps administrators in check since it forces them to use sudo, which is logged to syslog.

Using an Old Server as a Home Firewall

Fri, 10 Aug 2007 00:00:00 +0000

You can use an old PC as a firewall at home (and at work, I guess). It’s not that hard to do if you have a basic knowledge of Linux, DHCP, and IPtables, but that may be saying a lot.

Why would anyone want to do this, though? If you’re like me, you like to know what’s going on in the network. One of the Linksys routers you buy at Best Buy or Circuit City just doesn’t let you monitor very well. You can’t get very good logs off of it, so you don’t really know what it’s doing or complaining about. It also doesn’t let you query the interfaces, so you really don’t know how much bandwidth you’re using. If you have a Linux box as your router/firewall/gateway, you can get really good logs, monitor the interfaces with SNMP, and have some really great, granular control over your network.