Installing, Configuring and using Git

Posted by & filed under Programming, Server Admin.

I’ve been brushing up in git as of late.

Basic git use: progit.org/book/ch2-0.html
git refrence cheetsheet: gitref.org/

Server Install/Config: progit.org/book/ch4-.html

Branching operations: progit.org/book/ch3-0.html

git videos: chacon.blip.tv/posts?view=archive&n…

Controlling git user access: gitosis (or a branch)
gitosis config: progit.org/book/ch4-7.html
gitosis config: www.ivankuznetsov.com/2010/05/setting-up…

accessing git over ssh with windows and public key auth: serverfault.com/questions/194567/how-to-…

git web ui’s:
Indefero (looks promising): www.indefero.net/open-source/
Viewgit (standard kit)
–> Install Guide (down the page): help.ubuntu.com/community/Git
–>Website: viewgit.sourceforge.net/

Configuring Yii to exclude index.php in the URL

Posted by & filed under PHP, Programming.

First of all, mod_rewrite needs to be enabled, and Apache configured to allow the use of .htaccess files (AllowOverride).

Secondly .htaccess in the root of the Yii app should be as such:


Options +FollowSymLinks
IndexIgnore */*
RewriteEngine on
RewriteBase /

# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

# Or just forward to index.php
RewriteRule . index.php

As a note, RewriteBase needs to be changed if the Yii app is located in a directory other than the site’s root.

Datacenter Management Tools

Posted by & filed under Networking, Server Admin.

I have been researching datacenter management tools as of late that will allow us to track and manage our racks/ipspace/network connections etc.

  • NetDotnetdot.uoregon.edu/trac/ – Netdot is an open source tool designed to help network administrators collect, organize and maintain network documentation.
  • OpenNetAdminopennetadmin.com/ – OpenNetAdmin provides a database managed inventory of your IP network. Each host can be tracked via a centralized AJAX enabled web interface that can help reduce tracking errors. A full CLI interface is available as well to use for scripting and bulk work. We hope to provide a useful Network Management application for managing your IP subnets and hosts. Stop using spreadsheets to manage your network! Start doing proper IP address management!
  • Rack Monkeyflux.org.uk/projects/rackmonkey/ – RackMonkey is a web-based tool for managing racks of equipment such as web servers, video encoders, routers and storage devices. Using a simple interface you can keep track of what’s where, which OS it runs, when it was purchased, who it belongs and what it’s used for. No more searching for spreadsheets or scribbled notes when you need to find a server: RackMonkey can quickly find any device and draw a rack diagram of its location. RackMonkey is free and open source (licensed under the GPL).

CIDR Subnetmask Cheat sheet and ICMP type codes

Posted by & filed under Networking.

RFC 1918

Posted by & filed under DNS, Networking, Server Admin.

I recently setup a BIND dns server and after monitoring the logs for some time found lines like this:

RFC 1918 response from Internet for 0.10.168.192.in-addr.arpa

This means one of two things… either the bind server itself is querying the internet for local subnets and leaking info the the internet, or a DNS client queried them. Since the logs indicate the source IP, I know it is not the BIND server.

To remedy this, I enabled RFC1918 zones on the server to catch the queries before the leak to the internet. It ended up looking something like this:

zone "10.IN-ADDR.ARPA" {
type master;
file "empty";
};

zone "16.172.IN-ADDR.ARPA" {
type master;
file "empty";
};

...

zone "31.172.IN-ADDR.ARPA" {
type master;
file "empty";
};

zone "168.192.IN-ADDR.ARPA" {
type master;
file "empty";
};

empty:
@ 10800 IN SOA . . (
1 3600 1200 604800 10800 )
@ 10800 IN NS .

IPTables Fun

Posted by & filed under Firewalls, Networking.

I had to add some rules to IPtables on a new server I built. As a refresher, IPtables like most hardware firewalls, uses stateful packet inspection. It will read the rules in order from top to bottom. This is why we put a blanket deny all (0.0.0.0/0) at the end if we want to restrict access to only specific IP addresses.

To insert a rule at the top of the chain:
iptables -I INPUT -p tcp -m tcp -s 192.168.0.254/26 –dport 22 -j ACCEPT

Insert the same rule, but at the bottom:
iptables -A INPUT -p tcp -m tcp -s 192.168.0.254/26 –dport 22 -j ACCEPT

To deny access to the world (again this should be the last rule in the chain):
iptables -I INPUT -p tcp -m tcp -s 0.0.0.0/0 –dport 22 -j DROP

To determine rule order:
iptables -L INPUT -n –line-numbers

To drop a rule based on the line number acquired above:
iptables -D INPUT <>