dhclient and /etc/resolv.conf being overwritten.

In ubuntu 12.12 (the one I'm currently using), dhclient is used to get a dhcp lease.  For most people this works just dandy.  However if you use it for routing, and/or running your own dns server inside your network, or just want to have some dns servers used for whatever reason that the dhcp server doesn't issue you can do the following.  

If you go into the /etc/dhcp directory you will see a file called dhclient.conf

somewhere (anywhere really), in the file put the following line:

prepend domain-name-servers 8.8.8.8;

if you want just your custom dns server:
supersede domain-name-servers 8.8.8.8;

This will put the 8.8.8.8 dns server at the top of the list of dns servers in the /etc/resolv.conf file, in addition the to usual ones that the dhcp server gave to your computer. 

Of course for your network you will probably replace 8.8.8.8 with the ip address of another dns server (unless you really want to use one of google's dns servers).  

In fedora you have to go to /etc/sysconfig/network-scripts/, and find the file for your network device (something like ifcfg-ethX, where X is a number usually 0).

change the line PEERDNS=yes to =no.

installing ssh fedora

Fedora nowadays doesn't have the ssh server by default, if you want it here's how (fedora no longer uses /etc/init.d):

yum install openssh
service sshd start
service sshd enable

note: if you want to start/enable other services on fedora you can replace sshd with the name of the other service.

proxmox tips

To force a vm to shutdown you can't do it from the web interface so instead you'll have to ssh in and use your root username and password.  Once you're ssh'd in type:
qm shutdown <vmid> -forceStop
more details at: http://pve.proxmox.com/wiki/Manual:_qm




Proxmox is a nice setup overall, but the java vnc interface to view the desktop of the vm is just lousy.  A way around that is to ssh in and go to the /etc/pve/nodes/proxmox/qemu-server directory.  In the 1##.conf file (where 1## is the id of the VM), put the following lines:
args: -vnc 0.0.0.0:10
You can do this with each vm, just make sure the change the number after the last colon, as
each vnc connection has to be on it's own port.  Then you can vnc using your favorite vnc viewer, and use the ip address/hostname of the proxmox server followed by a : and the number that's at the end of the line you put in the VM's config file.  In this case it would be "vncviewer proxmox-machine:10"

More details on your vnc options and proxmox are at: http://pve.proxmox.com/wiki/Vnc_2.0


For tips on how to deal with the screen resolution of linux in a VM (both X and console):
http://thescriptingadmin.blogspot.com/2013/04/fedora-too-high-resolution-in-vm.html

ssh-agent in cygwin

If you do command line work like I do, and remote into a linux machine via ssh, you may or may not be aware of ssh keys.  If you use an ssh key you can log into the machine without a password.  However to keep things secure, you really should use a password on your ssh key, but if you had to type in the password every time you used the key, that would sort of defeat the purpose of the ssh key.  So they have ssh-agent for linux and cygwin (if you're using putty use pagent instead).

Normally you first run ssh-agent, then run ssh-add (or just have it loaded via kde, gnome, or .bash_profile if you don't use a gui at all on linux).  On cygwin though you might encounter the error message "Could not open a connection to your authentication agent" when you type in ssh-add.  The solution is apparently to run the following command: "exec ssh-agent bash", and once you get a new bash shell then type ssh-add.

enable remote registry service on windows 7

Windows 7 by default disables the remote registry service (probably for security reasons).  To enable it from  the command line type the following:

sc \\computername config remoteregistry start= auto
make sure you have a space between the = sign and auto
if you're doing this on your local computer you can drop the \\computername part
you can also replace "remoteregistry" with the name of another service to enable or disable it.


once you've enabled the service you can either reboot the computer, or just start it now with:

sc \\computername start remoteregistry


If you want to know why we want to enable this service, it's so that you can pull up the registry of a remote computer that's currently in use (normally hkey_local_machine) via regedit on your local machine.  This way you don't have to interrupt whoever is currently at the computer by using RDP, VNC, or kicking the user out of their chair, at most you may have to tell them to reboot their machine at some point.

printer statistics via SNMP

At work we have some multi-function copiers that do the whole print, scan, copy, deal.  What do you do if you want to track printer usage?.  You can either enable monitoring of print jobs on the print server, if your users go through a print server, or you can track the page counts on the printers themselves, if they are network printers.

In addition to tracking page counts, this script tracks how many sheets of paper are left in each of the trays (if your network printer is advanced enough to do that), and dumps all the information to a csv file.  Right now I'm running the script every hour or so to track what happens if I adjust some default settings.

For this you will need net-snmp, which you can get at: http://sourceforge.net/projects/net-snmp/files/net-snmp%20binaries/ if you're using windows, if you're using linux do apt-get install snmp or yum install net-snmp depending on your distro so that you get snmpwalk installed.

For linux you'll probably need to create a bash script of your own, based on the nagios script I used at:  http://exchange.nagios.org/directory/Plugins/Hardware/Printers/SNMP-Printer-Check/details

Without further ado here's my batch script (for windows):



@echo off
set snmpexe=c:\usr\bin\snmpwalk.exe
rem make sure to include the .exe at the end
rem netsnmp binaries are available from:
rem http://sourceforge.net/projects/net-snmp/files/net-snmp%20binaries/
rem shouldn't need to change anything between this and ":appendfile"
set prnip=%1
echo checking on the amount of paper left in the trays for printer %prnip%
for /f "tokens=2" %%W in ('date /t') do set dater=%%W
for /f "tokens=1,2 delims=:" %%t in ('echo %time%') do set timer=%%t:%%u
for /f "tokens=1-3 delims=/" %%d in ('echo %dater%') do set curdate=%%f%%d%%e
for /f "tokens=3 delims=/" %%y in ('echo %dater%') do set curyear=%%y
rem reset variables for when we run this multiple times (usually on different printers),
rem in the same enviroment (don't want previous valuse affecting this run).
set tray0=x
set tray1=x
set tray2=x
set tray3=x
set tray4=x
set pgcount=x
if "%1" == "" goto usage
if NOT exist %snmpexe% goto usage

if exist prn-%prnip%-%curyear%.csv goto appendfile
:newfile
echo this tells you how many sheets are still in each input tray/cassette in a printer
echo date ,time ,envelope ,tray1 ,tray2 ,tray3 ,tray4 ,pagecount >> prn-%prnip%-%curyear%.csv


:appendfile
rem this is for a printer with 4 regular trays and a "multi-purpose" tray, you
rem many need to change this a bit if your printer hardware is a little different
rem this is based on code from
rem http://exchange.nagios.org/directory/Plugins/Hardware/Printers/SNMP-Printer-Check/details
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.1') do set tray0=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.2') do set tray1=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.3') do set tray2=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.4') do set tray3=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.5') do set tray4=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.10.2.1.4.1.1') do set pgcount=%%c

echo %date% ,%timer% ,%tray0% ,%tray1% ,%tray2% ,%tray3% ,%tray4% ,%pgcount% >> prn-%prnip%-%curyear%.csv

goto end

:usage
echo usage: input-tray-count.bat ip-of-printer
echo this requires snmpwalk in the specified location
echo this will tell you how many sheets you have left in each input tray/cassette in a printer

:end

company CA without a cert server

For those who administer a network, sometimes you need to create a root certificate.  This can be for an internal web-server, or for deploying internal software, or for other reasons.  In many places you have a server setup who's sole purpose it get generate SSL and maybe other certificates for the company.  If you don't wan't to dedicate an entire server to this task though because you don't need to be constantly generating new certificates there is an alternative.

OpenSSL is an open source program (hence the Open part), that allows you to generate SSL certificates, everything from a root certificate (for your company root CA), to a regular certificate that's signed by the root CA.

If you're on a linux machine do your usual apt-get install openssl or yum install openssl, and skip the next paragraph for windows.

If you're on windows, you'll need to go to: http://www.openssl.org/related/binaries.html, and follow the links till you can download the openssl binary (full version) for window at  http://slproweb.com/products/Win32OpenSSL.html (you may need to download and install the visual C++ redistrutable).  You'll also want to add c:\openssl-win32\bin to your system's path or have the DLL's installed to the c:\windows\system32 directory.

To create a root certificate go to the c:\openssl-win32\bin directory and type:
openssl req -nodes -new -x509 -keyout my-ca.key -out my-ca.crt -days 3650 -config openssl.cfg
-leave the e-mail address blank.
-the above root ca will be valid for 13 years.

make the following directories, demoCA, demoCA\newcerts, and demoCA\private
under c:\openssl-win32\bin?
so you should have c:\openssl-win32\bin\demoCA\newcerts as one of your paths



move the *-ca.crt file to demoCA
the *-ca.key file to demoCA\private
in the openssl.cnf file go to the CA_default section and make sure that private_key = $dir/private/my-ca.key
and change certificate = $dir/my-ca.crt
(change my-ca.key to whatever you typed in the openssl command above)


type echo 01 > \demoCA\serial
and in explorer navigate to the demoCA folder and create a new text file
and name it index.txt (don't put anything in it).



to create server certificates for wsus:
openssl req -nodes -new -keyout servername.key -out servername.csr -days 1825 -config openssl.cfg
for Common Name enter servername.company.com
leave email address blank, and hit enter for challenge password and optional company name.

then sign it using the ca (certifies for 5 yesrs)
openssl ca -out server.crt -in server.csr -days 1825 -config openssl.cfg

then export it to pfx format for iis:
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile my-ca.crt
type in a password for the pfx
ignore message about "unable to write 'random state'