
Setting cpu affinity on linux

Here is a simple way to bind a proc to a cpu. The taskset command is part of the util-linux package.

Bind process 2225 to processor 0:

taskset -p -c 0 2225

Bind process 2225 to processor 1:

taskset -p -c 1 2225

Bind process 2225 to processor 0 and 1:

taskset -p -c 0,1 2225

You can also bind a process at execution:

taskset -c 0 sshd

Retrieving the pids current affinity:

[root@localhost ~]# taskset -p 2225
pid 2225’s current affinity mask: 3


ftp vs. ftps performance data

In a previous entry Enabling ftps on vsftpd I showed how to turn on ftps in vsftpd. I have since did a little sample to see how this would affect cpu by turning on secure transfers. The results are odd, but I ran it twice and it is correct…

The ftp get script I used was a simple curl script that did 5 transfers and slept for 2 seconds then did another 5 transfers … etc .. for 10 loops, so a total of 50 transfers. I did this because i didnt want to flood the machine. This way the machine can take a break between transfers.

Here is the script:


for i in $(seq 1 10)
        for i in $(seq 1 5)
                curl -# -u ftptest:ftptest ftp://ftphost/10M.file > file
                #curl -# -u ftptest:ftptest ftp://ftphost/10M.file > file
                #curl –ftp-ssl-reqd –insecure -# -u ftptest:ftptest ftp://ftphost/1M.file > file
                #curl –ftp-ssl-reqd –insecure -# -u ftptest:ftptest ftp://ftphost/10M.file > file
        sleep 2

And here are the results:

FTP 1M File – View image

FTPS 1M File – View image

FTP 10M File – View image

FTPS 10M File – View image


Example kickstart file with lvm

I was having some trouble creating a kickstart file with lvm partitions so I finally got it working, i dont know what i did, but I think it had something to do with sizing. I set the pv to grow over the entire disk and then sliced up the lv’s.

url –url=
bootloader –location=mbr
clearpart –all
firewall –disabled
firstboot –disable
selinux –disabled

key –skip
lang en_US.UTF-8
keyboard us
network –device eth0 –bootproto dhcp –onboot=on
rootpw –iscrypted $1$O9sasdfe$fdadsfdsadqW4CMdO0jk0
firewall –disabled
authconfig –enableshadow –enablemd5
timezone –utc America/Los_Angeles

part /boot –fstype ext3 –size=100
part pv.01 –size=1 –grow
volgroup rootvg01 pv.01
logvol / –fstype ext3 –name=lv01 –vgname=rootvg01 –size=1000
logvol /tmp –fstype ext3 –name=lv03 –vgname=rootvg01 –size=1000
logvol swap –fstype swap –name=lv00 –vgname=rootvg01 –size=1000
logvol /home –fstype ext3 –name=lv02 –vgname=rootvg01 –size=1000
logvol /usr –fstype ext3 –name=lv04 –vgname=rootvg01 –size=5000
logvol /var –fstype ext3 –name=lv05 –vgname=rootvg01 –size=1000




Creating a file based swap

First create a file "swapfile" with the input file of /dev/zero and the output file of "swapfile"
Byte Size is 1 gig and the loop count is 1, so it will create a file that is 1 GB.

Create the file:

dd if=/dev/zero of=swapfile bs=1G count=1

Then we permission it:

chmod 600 swapfile

Format it:

mkswap swapfile

And turn it on!:

swapon swapfile


Replace Notepad with Notepad2

I find that Notepad2 from is a vast improvment on the notepad that ships with Windows.

But as usual MS has made it very difficult to replace any system file so here’s a quick and easy way to replace your regular notepad with notepad2.

  1. First download Notepad2 and extract it.
  2. Rename notepad2.exe to notepad.exe
  3. Open Explorer and navigate to %systemroot%\ServicePackFiles\I386
  4. Rename notepad.exe in that folder to notepad.exe.old and copy the new notepad.exe
  5. Do the same for %systemroot%\system32\dllcache and %systemroot%\system32

You will need to ensure that you have "Display contents of system folders" and "Show hidden files and folders" checked and "Hide protected operating ssytem files" unchecked.

When you make the switch you may get a pop up warning you that some system files maybe be changed, just cancel and and your good to go.


Easy way to get Display name from list of UserID’s from AD

This is a quick one line command that I created to return a list of Display names when all I had was UserID’s.

It’s a simple DSQUERY command piped into a DSGET to return the Display Name and SAMID of the user. Just have a look of at the DSGET command you can see all the different attributes that i can return for you.

First you need a text file with UserID’s one per line. Then just open a command prompt in the same directory where you have the text files and run this command, don’t forget to change the USERID.TXT to the name of your text file:

FOR /F %i in (userid.txt) DO DSQUERY user -samid %i | DSGET user -display -samid >> displayname.txt

You’ll now find a text file in that directory named displayname.txt with all your Display Names.


Quick and simple iptables gateway setup

This is just a simple open setup with a block drop on eth0, I am using this as a simple gateway for my vmware "Host-Only" network to get out to the real world, but not allowing traffic back in that wasnt requested for..

First off make sure you turn on forwarding in the /etc/sysctl.conf:

net.ipv4.ip_forward = 1

Then execute a sysctl -p

sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296

Then here is the ruleset that i am currently using:

/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F

/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A INPUT -i eth0 -p tcp -s 0/0 -d 0/0 –dport 22 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp -s 0/0 -d 0/0 –dport 1:65535 -j DROP
/sbin/iptables -A INPUT -i eth0 -p udp -s 0/0 -d 0/0 –dport 1:65535 -j DROP

This allows ssh back in on the outside interface but blocks everything else, and still allows internal traffic to freely flow out…

Save the iptables commands into a file and then execute the file and it will apply the rules. If on a redhat base, you can issue a iptables-save > /etc/sysconfig/iptables then you will be able to use the "service iptables start"/"service iptables stop" commands to start and stop the firewall for future use.


Audit a file on rhel5 with auditd

Obviously you would need the audit package installed…

Lets say I wanted to audit "test.file" for read, write, execute, and access:

auditctl -w /root/test.file -k test-file -p rwxa

-w: adds the "watch" rule
-k: is the key that you can use to filter the audit logs on
-p: is the permissions that you would like to audit

If you would like this to be a permanent rule .. then you must add it to /etc/audit/audit.rules in  the following format:

-w /root/test.file -k test-file -p rwxa

Now we can take a look at the rules:

auditctl -l

LIST_RULES: exit,always watch=/root/test.file perm=rwxa key=test-file

Now i am going to add some text to test.file and see what the audit says.. I run the ausearch tool to find this out:

ausearch -k test-file
ausearch -f test.file

Here are the results:

time->Thu May  1 15:04:33 2008
type=PATH msg=audit(1209679473.817:1252): item=0 name="test.file" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679473.817:1252):  cwd="/root"
type=SYSCALL msg=audit(1209679473.817:1252): arch=c000003e syscall=191 success=no exit=-61 a0=7fff2baf6ba0 a1=3872404d67 a2=0 a3=0 items=1 ppid=16271 pid=16881 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ls" exe="/bin/ls" key="test-file"
time->Thu May  1 15:04:33 2008
type=PATH msg=audit(1209679473.817:1253): item=0 name="test.file" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679473.817:1253):  cwd="/root"
type=SYSCALL msg=audit(1209679473.817:1253): arch=c000003e syscall=191 success=no exit=-61 a0=7fff2baf6ba0 a1=3872404d38 a2=0 a3=0 items=1 ppid=16271 pid=16881 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ls" exe="/bin/ls" key="test-file"
time->Thu May  1 15:04:39 2008
type=PATH msg=audit(1209679479.812:1254): item=0 name="test.file" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679479.812:1254):  cwd="/root"
type=SYSCALL msg=audit(1209679479.812:1254): arch=c000003e syscall=2 success=yes exit=3 a0=1d6cb910 a1=0 a2=0 a3=0 items=1 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"
time->Thu May  1 15:04:39 2008
type=PATH msg=audit(1209679479.813:1255): item=0 name="test.file" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679479.813:1255):  cwd="/root"
type=SYSCALL msg=audit(1209679479.813:1255): arch=c000003e syscall=89 success=no exit=-22 a0=7fff0814a7f0 a1=7fff0814abf0 a2=3ff a3=1 items=1 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"
time->Thu May  1 15:04:45 2008
type=PATH msg=audit(1209679485.992:1256): item=0 name="test.file" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679485.992:1256):  cwd="/root"
type=SYSCALL msg=audit(1209679485.992:1256): arch=c000003e syscall=191 success=no exit=-61 a0=1d6cb910 a1=3872404d67 a2=7fff0814aff0 a3=84 items=1 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"
time->Thu May  1 15:04:45 2008
type=PATH msg=audit(1209679485.992:1258): item=3 name="test.file~" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1209679485.992:1258): item=2 name="test.file" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1209679485.992:1258): item=1  name="/root" inode=84869121 dev=fd:00 mode=040750 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1209679485.992:1258): item=0  name="/root" inode=84869121 dev=fd:00 mode=040750 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679485.992:1258):  cwd="/root"
type=SYSCALL msg=audit(1209679485.992:1258): arch=c000003e syscall=82 success=yes exit=0 a0=1d6cb910 a1=1d6f6d80 a2=2 a3=1 items=4 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"
time->Thu May  1 15:04:45 2008
type=PATH msg=audit(1209679485.992:1260): item=1 name="test.file" inode=84869202 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1209679485.992:1260): item=0  name="/root" inode=84869121 dev=fd:00 mode=040750 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679485.992:1260):  cwd="/root"
type=SYSCALL msg=audit(1209679485.992:1260): arch=c000003e syscall=2 success=yes exit=3 a0=1d6cb910 a1=241 a2=1a4 a3=0 items=2 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"
time->Thu May  1 15:04:45 2008
type=PATH msg=audit(1209679485.996:1261): item=0 name="test.file" inode=84869202 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679485.996:1261):  cwd="/root"
type=SYSCALL msg=audit(1209679485.996:1261): arch=c000003e syscall=90 success=yes exit=0 a0=1d6cb910 a1=81a4 a2=0 a3=0 items=1 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"
time->Thu May  1 15:04:45 2008
type=PATH msg=audit(1209679485.997:1262): item=0 name="test.file" inode=84869202 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679485.997:1262):  cwd="/root"
type=SYSCALL msg=audit(1209679485.997:1262): arch=c000003e syscall=188 success=yes exit=0 a0=1d6cb910 a1=3872404d67 a2=1d6f6da0 a3=1c items=1 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"

Also aureport will give us a report of activity:

Summary Report
Range of time in logs: 05/01/2008 15:04:33.817 – 05/01/2008 15:04:45.997
Selected time for report: 05/01/2008 15:04:33 – 05/01/2008 15:04:45.997
Number of changes in configuration: 0
Number of changes to accounts, groups, or roles: 0
Number of logins: 0
Number of failed logins: 0
Number of authentications: 0
Number of failed authentications: 0
Number of users: 1
Number of terminals: 1
Number of host names: 0
Number of executables: 2
Number of files: 3
Number of AVC’s: 0
Number of MAC events: 0
Number of failed syscalls: 4
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of crypto events: 0
Number of process IDs: 2
Number of events: 9



Enabling ftps on vsftpd

First you must generate a ssl certificate:

openssl req -new -x509 -nodes -out ftps.pem -keyout ftps.pem

Copy the ssl certificate to your vsftpd directory:

cp ftps.pem /etc/vsftpd

Add the following to vsftpd.conf:


*Note ftps will only work with authenticated users, eg users with a valid account, not anonymous


Welcome to | Introduction

My friend, Rod and I, were thinking that after being in the IT industry for almost a decade, we needed to start keeping a repository of all the technical information that we have come across and/or figured out.

I’m sure many of you IT people out there have recovered from an issue but then a month, 6 months, a year later you came across the same issue but couldn’t remember how you solved the problem.

This is why we decided to start up our blog repository. We will try to update this blog whenever we come across one of those issues so that not only we have a place to store the information but perhaps it may help other IT people help them solve thiers.

Bear with us as we experiment with different blog formats and get this site going.

If you’d like any information on myself or Rod feel free to send us an email at
