Openwall Community Wiki internal

How to create a user-local build of recent GCC

These days, GCC stands for the GNU Compiler Collection, but here we're only interested in the C and maybe C++ compilers. The following applies to gcc versions 4.x (last tested with gcc 4.5.0 on Owl-current installed from the 2010/03/23 OpenVZ container template, but should work on other Linux systems with essential “development” tools installed as well).

Incremental backups with GNU tar

Our backup scripts use GNU tar's --listed-incremental (or -g) option. Each Sunday, we remove the “snar” files prior to invoking tar. Then we make 6 levels of incrementals for Monday through Saturday. Our backup scripts also use --no-check-device (available in recent versions of GNU tar only) in order to avoid unintended effectively-full backup dumps after reboots of OpenVZ containers (which result in changed “device” number on simfs inodes). Yes, we backup the containers from the ins…

How to reboot a Linux server stuck into the Big Kernel Lock

We encountered a situation where a remote server's Linux kernel Oops'ed with the Big Kernel Lock acquired , and we used the following program to reboot that server: #include int main(void) { iopl(3); outb(0xfe, 0x64); return 0; }

Linux kernel netconsole setup with LILO and netcat

Here's a tested combination of settings, assuming that the kernel has netconsole support compiled in (not a module): In /etc/lilo.conf, the section may look like: image=/boot/vmlinuz-2.6.18-194.8.1.el5.028stab070.2.owl3 label=070.2.owl3 append="panic=10 netconsole=444 [at] 192 [dot] 168 [dot] xxx [dot] src/eth1,666 [at] 192 [dot] 168 [dot] xxx [dot] dst/00:11:22:33:44:55"

Pre- and post-reboot actions/checklist for remote Linux servers

These instructions apply primarily to Owl systems. Many other modern Linux distributions use GRUB instead of LILO by default, but we intentionally keep using LILO in Owl. Before the reboot * Take note of the running services and OpenVZ containers (if applicable), optionally make sure that all of them and no others are configured to start upon bootup * Sanity-check and save the NTP-synchronized system time to the RTC/NVRAM with ”/sbin/clock -uw” * Make sure that an fsck won't be for…

Shell tricks

How to redirect stderr but not stdout to a pipe (taken from csh-whynot) exec 3>&1; grep yyy xxx 2>&1 1>&3 3>&- | sed s/file/foobar/ 1>&2 3>&- grep: xxx: No such foobar or directory grep's normal output (on stdout) will be unaffected. We're closing fd 3 in case a program actually cares about this fd (although most programs don't). We send stderr to sed's stdin, and then put sed's stdout “back” to stderr.

SSH (Secure Shell) usage policies, as well as tips & tricks

How to generate key pairs for use with public key authentication The current “Openwall standard” is to use SSH-2 2048-bit RSA keys. These may be generated with ssh-keygen(1) from OpenSSH as follows: ssh-keygen -t rsa -b 2048 -C TARGET-NICK -f .ssh/identity.TARGET where TARGET is a short name (identifier) for the “target” company/network/project that this key is intended for, and NICK is your “nickname” (e.g., your typical login name). Setting the comment in this way is both inf…

VIM settings (.vimrc) and VIM usage tips & tricks

Line wrapping and text formatting We commonly use the VIM text editor for composing e-mail messages in Mutt. To have lines auto-wrap at a reasonable length (to allow for quoting them a few times, yet fit an 80-character wide terminal window), put this in ~/.vimrc: