Forgot your password?

Close
typodupeerror
Red Hat Software

Saint Aardvark's Journal: e133t HA0rZ! 5

Journal by Saint Aardvark
So here it is, 8.30pm, and I'm restoring a Cobalt Raq 4 to something approaching virginity. It belongs toa colo'd customer, and it got cracked; we offered, for a modest cost, to restore it, and here I am.

It's Linux under the hood of course -- Red Hat, or at least they use RPM --and it's interesting to see what's been done with it. The management page is pretty slick, though it always leaves me wanting to log on. To do that, I need to telnet -- shudder -- and of course the cust. hasn't got SSH on it. (Confirmation that we had a cracker was nmap showing lots of open ports that responded with an SSH banner. Seems weird to me that a cracker would install ssh, but oh well.) But all the web functionality seems to be there, and it seems pretty and easy to use.

The cust. kept up to date with the patches from Sun (part of what I'm reinstalling right nww), but Ithink there's still a few holes; I'm pretty sure there's an old version of Apache, for instance. And would it kill them to have OpenSSH? Or firewalling tools?

Anyhow, it's the first time I've worked with an automatic patch installer that wasn't Windows, and I must admit I'm impressed. Download the patch -- which is a tarball of script + rpms + patches -- clicky-click install on the web interface, and away you go. I'm sure it's not news for most of you, but it's neat for me. The only thing is that it reboots between a lot of them -- c'mon guys, I thought this was Linux! :-)

Random idea for a program: I'm hooked up to this thing by a crossover cable to another Linux box, just to keep it off the 'net while it's having everything reinstalled. I telnet in occasionally to make sure things are working, but the damn prompt always takes so long to come up. It's the Raq doing a reverse lookup on my DNS, of course, but because it's just on an Xover cable it sits there until the queries time out. We're talking a minute or so to time out, which is unacceptable. I'm an important man, after all.

So my idea is to have a program listening for queries like that and answering them, masquerading as whatever DNS server the query was directed at. Basically, just fake 'em out with whatever info they want. In cases like this (which I can see coming up, oh, at least once a year), it'd speed things up immensely. Anyone heard of anything like this, or is it just full of Crak(tm)?

...urghh. Just rebooted for a patch that alleges fixing Apache and OpenSSL problems. Why the hell does this need a reboot?

This discussion has been archived. No new comments can be posted.

e133t HA0rZ! More

e133t HA0rZ!

Comments Filter:
  • Do they use patchadd on those boxes or is it the rpm install?
    • I'm not sure what patchadd is. I think the patches are all installed by a program called cobalt-patch or some such. The programs themselves were all in rpm format.

      (Hope I answered your question...)

  • 1. Run BIND on your box.
    2. Use IP aliasing to make your box also respond to the IP address of the DNS server this raq is trying to query.

    e.g
    # ifconfig eth0:1 <some ip>

    This will create a pseudo-interface linked to eth0 that will also answer the new ip address.

    • Two comments, w00t! Feel the love, everyone.

      Bind: okay, good idea, I hadn't thought of that. I'm hoping for something a bit more lightweight, and easier to set up, and single-tasking. I've got Debian on my desktop at work, so I prolly coulda done apt-get install bind, but that seemed so much work.

      (And now here I am mulling over writing the damn thing, when I'm a programmer in nobody's book, 'cos that's less work. Heh.)

      • If you want something really light weight, try DNRD [ttp]. It reads your /etc/hosts file for IP addressed and forwards other lookups onto a real DNS server. It's even in Debian main (at least in sid).

Necessity has no law. -- St. Augustine