lost and found ( for me ? )

Linux : small tips : blkid command


blkid command is a tool to display a UUID of block devices.

[ usage examples ]

Here’s /etc/fstab of my Fedora 16 machine.
# egrep -v ^# /etc/fstab | egrep -v ^$
UUID=ba2b7a10-73a2-4986-bcc5-964966fea960 /                       btrfs   defaults        1 1
UUID=0f9153b2-3a0a-472c-8766-d0a37755cbef swap                    swap    defaults        0 0


convert UUID to device name
[root@fc16 ~]# blkid -U ba2b7a10-73a2-4986-bcc5-964966fea960
/dev/sda1
[root@fc16 ~]# blkid -U 0f9153b2-3a0a-472c-8766-d0a37755cbef
/dev/sda2


list UUID , file system type
[root@fc16 ~]# blkid
/dev/sda1: UUID="ba2b7a10-73a2-4986-bcc5-964966fea960" UUID_SUB="d9f471c2-b4f9-400b-a604-aa0cb354b2b6" TYPE="btrfs"
/dev/sda2: UUID="0f9153b2-3a0a-472c-8766-d0a37755cbef" TYPE="swap"
/dev/sda5: UUID="eaf9e7cd-a2b7-4cb0-b589-ca3fb7f8c735" TYPE="swap"
/dev/sda6: UUID="b3a1ec63-246c-4711-b0ba-b14584205b71" TYPE="ext4"
/dev/sda7: UUID="5b301504-1784-418d-9c4f-1a48fdb37b22" TYPE="swap"
/dev/sdb1: UUID="a8ad29b7-93d9-4fbd-8ae0-977d2dc3f2e8" TYPE="ext4"
/dev/sdb2: UUID="7895c59c-8615-45bd-bb8d-164afb63dc26" UUID_SUB="f1271eaa-5dd2-44ab-9817-f72910ad50b0" TYPE="btrfs"


see the detailed info of block device
[root@fc16 ~]# blkid -p /dev/sda1
/dev/sda1: UUID="ba2b7a10-73a2-4986-bcc5-964966fea960" UUID_SUB="d9f471c2-b4f9-400b-a604-aa0cb354b2b6" TYPE="btrfs" USAGE="filesystem" PART_ENTRY_SCHEME="dos" PART_ENTRY_TYPE="0x83" PART_ENTRY_FLAGS="0x80" PART_ENTRY_NUMBER="1" PART_ENTRY_OFFSET="2048" PART_ENTRY_SIZE="286720000" PART_ENTRY_DISK="8:0"


edit /etc/fstab to mount /dev/sdb2 on a directory ( /var/Fedora16_USB_HDD ) when booting Fedora.

check UUID of /dev/sdb2
[root@fc16 ~]# blkid /dev/sdb2
/dev/sdb2: UUID="7895c59c-8615-45bd-bb8d-164afb63dc26" UUID_SUB="f1271eaa-5dd2-44ab-9817-f72910ad50b0" TYPE="btrfs"


edit /etc/fstab. add a red line.
[root@fc16 ~]# egrep -v ^# /etc/fstab

UUID=ba2b7a10-73a2-4986-bcc5-964966fea960 /                       btrfs   defaults        1 1
UUID=0f9153b2-3a0a-472c-8766-d0a37755cbef swap                    swap    defaults        0 0
UUID=7895c59c-8615-45bd-bb8d-164afb63dc26 /var/Fedora16_USB_HDD   btrfs   defaults 0 0


reboot Fedora16 to confirm /dev/sdb2 is mounted on /var/Fedora16_USB_HDD directory when booting.

after rebooting Fedora.
[root@fc16 ~]# egrep sdb /etc/mtab
/dev/sdb2 /var/Fedora16_USB_HDD btrfs rw,seclabel,relatime,nospace_cache 0 0

BIG-IP LTM VE : How to decrypt SSL traffic on LTM with ssldump


Here’s an explanation of how to decrypt SSL traffic with ssldump which has been installed on LTM devices.

Network topology
Client – vSW – LTM – vSW – Server*2


Client , LTM and two Servers are running on ESXi.
[root@ltm1:Active] ~ # b version | head -5
Kernel:
Linux 2.6.18-164.2.1.el5.1.0.f5app
Package:
BIG-IP Version 10.1.0 3341.1084
Final Edition


[ create Virtual Servers for HTTPS ]

Before creating a Virtual Server for HTTPS , create Nodes and Pools.

Here’s a Vitual Server for HTTPS

Choose “clientssl” , which has been install on LTM by default , as SSL Profile (Client)

bigip.conf
node 192.168.0.100 {
  monitor icmp
  screen s1-ipv4
}
node 192.168.0.101 {
  monitor icmp
  screen s2-ipv4
}

pool http-ipv4 {
  monitor all http
  members {
     192.168.0.100:http {}
     192.168.0.101:http {}
  }
}

virtual vs-https {
  pool http-ipv4
  destination 10.0.0.100:https
  ip protocol tcp
  persist cookie
  profiles {
     clientssl {
        clientside
     }
     http {}
     tcp {}
  }
}


[ access to the VIP from a client ]

confirm that you could access to the VIP.



[ ssldump on LTM ]
ssldump has been installed on LTM by default.

Please note that you could decrypt SSL traffic under the following conditions.
      ssldump  can  decrypt traffic between two hosts if the following
      two conditions are met:
             1. ssldump has the keys.
             2. Static RSA was used.


private key of “clientssl” profile is stored under /config/ssl/ssl.key directory.
[root@ltm1:Active] ~ # ssldump -k /config/ssl/ssl.key/default.key -i 1.1 port 443 -A -d   
New TCP connection #1: 10.0.0.10(42572) <-> 10.0.0.100(443)
1 1  0.0011 (0.0011)  C>SV3.1(89)  Handshake
     ClientHello
       Version 3.1
       random[32]=
         4f 26 54 e3 a8 e1 a4 d4 a0 8c c1 11 ad a2 fe cb
         c9 7f 3d ff 4b 58 65 6c 1c 28 c9 2c 4e 88 de 8c
       cipher suites
       Unknown value 0xff
       Unknown value 0x88
       Unknown value 0x87
       TLS_DHE_RSA_WITH_AES_256_CBC_SHA
       TLS_DHE_DSS_WITH_AES_256_CBC_SHA
       Unknown value 0x84
       TLS_RSA_WITH_AES_256_CBC_SHA
       Unknown value 0x45
       Unknown value 0x44
       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
       TLS_DHE_DSS_WITH_AES_128_CBC_SHA
       Unknown value 0x96
       Unknown value 0x41
       TLS_RSA_WITH_RC4_128_MD5
       TLS_RSA_WITH_RC4_128_SHA
       TLS_RSA_WITH_AES_128_CBC_SHA
       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
       TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
       Unknown value 0xfeff
       TLS_RSA_WITH_3DES_EDE_CBC_SHA
       compression methods
                 NULL
1 2  0.0013 (0.0002)  S>CV3.1(48)  Handshake
     ServerHello
       Version 3.1
       random[32]=
         4f 26 54 e3 99 85 29 14 f9 26 a2 a2 0d 68 7f 6e
         ae 49 2d 4c d0 3b af d4 7d 67 ff 83 a1 77 a3 9e
       session_id[0]=

       cipherSuite         TLS_RSA_WITH_AES_256_CBC_SHA
       compressionMethod                   NULL
1 3  0.0013 (0.0000)  S>CV3.1(692)  Handshake
     Certificate
1 4  0.0013 (0.0000)  S>CV3.1(4)  Handshake
     ServerHelloDone
1 5  0.0375 (0.0362)  C>SV3.1(134)  Handshake
     ClientKeyExchange
       EncryptedPreMasterSecret[128]=
         15 b1 e0 a9 db 90 19 49 12 82 3b e4 60 cd bf eb
         5d 6a fe 05 67 05 19 1f 07 1b 8d 0d ce 9e d4 0d
         2d 90 92 1a c8 5e 5d 57 18 b0 03 53 ad 19 a8 a1
         17 33 e0 25 30 71 3d 30 7e 07 67 ba c3 f4 ee 36
         6e d8 8a 42 5d 34 cc d1 82 30 ed 5a dc 4c 3f df
         9a 9b ed 53 a6 2c 62 9b b8 0f 72 43 02 a8 1c 60
         e5 aa 69 4a c7 b1 74 28 93 cb 1d dd 65 58 00 41
         2a 75 fb 33 17 32 59 3f ca 35 52 54 aa 95 d3 a1
1 6  0.0375 (0.0000)  C>SV3.1(1)  ChangeCipherSpec
1 7  0.0375 (0.0000)  C>SV3.1(48)  Handshake
     Finished
       verify_data[12]=
         97 48 73 91 a0 ea 37 d4 74 c8 9c c4

1 8  0.0408 (0.0033)  S>CV3.1(170)  Handshake
1 9  0.0408 (0.0000)  S>CV3.1(1)  ChangeCipherSpec
1 10 0.0408 (0.0000)  S>CV3.1(48)  Handshake
     Finished
       verify_data[12]=
         8c 91 bd e5 93 c4 36 34 80 53 49 24

1 11 0.0419 (0.0011)  C>SV3.1(416)  application_data
   ---------------------------------------------------------------
   GET / HTTP/1.1
   Host: 10.0.0.100
   User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111108 Red Hat/3.6.24-3.el6_1 Firefox/3.6.24
   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
   Accept-Language: en-us,en;q=0.5
   Accept-Encoding: gzip,deflate
   Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
   Keep-Alive: 115
   Connection: keep-alive
   
   ---------------------------------------------------------------
1 12 0.0443 (0.0023)  S>CV3.1(352)  application_data
   ---------------------------------------------------------------
   HTTP/1.1 200 OK
   Date: Mon, 30 Jan 2012 08:29:23 GMT
   Server: Apache/2.2.15 (Scientific Linux)
   Last-Modified: Mon, 05 Sep 2011 05:55:49 GMT
   ETag: "443e5-6-4ac2b5ce8a846"
   Accept-Ranges: bytes
   Content-Length: 6
   Connection: close
   Content-Type: text/html; charset=UTF-8
   Set-Cookie: lbcookie=1694542016.20480.0000; path=/
   
   ---------------------------------------------------------------
1 13 0.0443 (0.0000)  S>CV3.1(32)  application_data
   ---------------------------------------------------------------
   SL6-3
   ---------------------------------------------------------------
1    0.0443 (0.0000)  S>C  TCP FIN
1 14 0.0454 (0.0010)  C>SV3.1(32)  Alert
   level           warning
   value           close_notify
1    0.0486 (0.0032)  C>S  TCP FIN
New TCP connection #2: 10.0.0.10(42573) <-> 10.0.0.100(443)
2 1  0.0011 (0.0011)  C>SV3.1(281)  Handshake
     ClientHello
       Version 3.1
       random[32]=
         4f 26 54 e4 7e 4a 05 b5 ea f1 20 6c 13 39 a8 bf
         91 b9 6f 4b 19 a9 d1 d4 26 ee d1 45 a6 1a 5a b7
       resume [32]=
         b0 f9 74 fb 02 41 00 40 e8 28 b5 85 b5 5f 0b c9
         ed 7d 2f 7d 6c d1 78 37 e4 08 6d bf ca 22 22 2f
       cipher suites
       Unknown value 0xff
       Unknown value 0x88
       Unknown value 0x87
       TLS_DHE_RSA_WITH_AES_256_CBC_SHA
       TLS_DHE_DSS_WITH_AES_256_CBC_SHA
       Unknown value 0x84
       TLS_RSA_WITH_AES_256_CBC_SHA
       Unknown value 0x45
       Unknown value 0x44
       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
       TLS_DHE_DSS_WITH_AES_128_CBC_SHA
       Unknown value 0x96
       Unknown value 0x41
       TLS_RSA_WITH_RC4_128_MD5
       TLS_RSA_WITH_RC4_128_SHA
       TLS_RSA_WITH_AES_128_CBC_SHA
       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
       TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
       Unknown value 0xfeff
       TLS_RSA_WITH_3DES_EDE_CBC_SHA
       compression methods
                 NULL
2    28.1854 (28.1842)  C>S  TCP FIN
2    28.1854 (0.0000)  S>C  TCP FIN
New TCP connection #3: 10.0.0.10(42574) <-> 10.0.0.100(443)
3 1  0.0011 (0.0011)  C>SV3.1(281)  Handshake
     ClientHello
       Version 3.1
       random[32]=
         4f 26 54 ff c4 f5 10 80 9d 56 2d 64 66 e0 ff 29
         56 04 bf 1b 03 f6 5a 5e d0 25 c5 fc 1d 0b 69 d4
       resume [32]=
         b0 f9 74 fb 02 41 00 40 e8 28 b5 85 b5 5f 0b c9
         ed 7d 2f 7d 6c d1 78 37 e4 08 6d bf ca 22 22 2f
       cipher suites
       Unknown value 0xff
       Unknown value 0x88
       Unknown value 0x87
       TLS_DHE_RSA_WITH_AES_256_CBC_SHA
       TLS_DHE_DSS_WITH_AES_256_CBC_SHA
       Unknown value 0x84
       TLS_RSA_WITH_AES_256_CBC_SHA
       Unknown value 0x45
       Unknown value 0x44
       TLS_DHE_RSA_WITH_AES_128_CBC_SHA
       TLS_DHE_DSS_WITH_AES_128_CBC_SHA
       Unknown value 0x96
       Unknown value 0x41
       TLS_RSA_WITH_RC4_128_MD5
       TLS_RSA_WITH_RC4_128_SHA
       TLS_RSA_WITH_AES_128_CBC_SHA
       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
       TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
       Unknown value 0xfeff
       TLS_RSA_WITH_3DES_EDE_CBC_SHA
       compression methods
                 NULL
[root@ltm1:Active] ~ #

Fedora 16 : set up FreeNX server and connect to Linux machines from Windows through NX session


Here’s an explanation of how to set up FreeNX server on Fedora16.


[root@fc16 ~]# cat /etc/redhat-release
Fedora release 16 (Verne)

[root@fc16 ~]# uname -ri
3.2.1-3.fc16.i686.PAE i386

# /usr/libexec/nx/nxserver --list
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: 3.5.0)

Windows7 ( FreeNX Client ) --- Fedora16 ( FreeNX Server )

[ install FreeNX Server ]

install FreeNX server via yum.
[root@fc16 ~]# yum install -y freenx-server

set up the FreeNX server
[root@fc16 ~]# nxsetup --install --setup-nomachine-key
Setting up /etc/nxserver ...done
Generating public/private dsa key pair.
Your identification has been saved in /etc/nxserver/users.id_dsa.
Your public key has been saved in /etc/nxserver/users.id_dsa.pub.
The key fingerprint is:

The key's randomart image is:

Setting up /var/lib/nxserver/db ...done
Setting up /var/log/nx/nxserver.log ...done
Adding user "nx" to group "utmp" ...done
Setting up known_hosts and authorized_keys2 ...done
Setting up permissions ...done
Setting up cups nxipp backend ...done

edit node.conf
[root@fc16 sessions]# egrep -v ^# /etc/nxserver/node.conf | egrep -v ^$
ENABLE_PASSDB_AUTHENTICATION="0"
ENABLE_SSH_AUTHENTICATION="1"
ENABLE_CLIPBOARD="both"
NX_LOG_LEVEL=4
COMMAND_START_GNOME="/usr/bin/gnome-session --session=gnome-fallback"


In my case , I can’t access to the Fedora with GNOME3 though NX session.
I can use GNOME3 when logging on the Fedora machine locally.
I changed “COMMAND_START_CNOME” option from “gnome-session” to “gnome-session --session=gnome=fallback”  to fallback to classic gnome style from GNOME3 style through NX session.

change COMMAND_START_GNOME option

from
COMMAND_START_GNOME=gnome-session

to
COMMAND_START_GNOME="/usr/bin/gnome-session --session=gnome-fallback"

You could find what kind of options you could specify as the  “--session=” option by checking /usr/share/gnome-session/sessions directory.
# ls /usr/share/gnome-session/sessions/
gdm-fallback.session  gdm-shell.session  gnome-fallback.session  gnome.session


In that case , I can use --session=gdm-fallback or gdm-shell or gnome-fallback or gnome.

start freenx-server
[root@fc16 ~]# systemctl start freenx-server.service

[root@fc16 ~]# systemctl status freenx-server.service
freenx-server.service - FreeNX Server
         Loaded: loaded (/lib/systemd/system/freenx-server.service; disabled)
         Active: active (exited) since Sat, 28 Jan 2012 16:59:02 +0900; 6s ago
        Process: 4729 ExecStart=/usr/libexec/nx/nxserver --start (code=exited, status=0/SUCCESS)
        Process: 4656 ExecStartPre=/usr/libexec/nx/nxserver --cleanup (code=exited, status=1/FAILURE)
         CGroup: name=systemd:/system/freenx-server.service

make .Xmodmap for keyboaad mapping settings.
# xmodmap -pke > /home/user/.Xmodmap
# chown user.user /home/user/.Xmodmap


edit .Xmodmap to correct the keyboard mappings.

change keycode 123:

from
keycode 123 = XF86AudioRaiseVolume NoSymbol XF86AudioRaiseVolume

to
keycode 123 = backslash underscore

change keycode 133

from
keycode 133 = Super_L NoSymbol Super_L

to
keycode 133 = backslash bar backslash bar

You can check key codes by xev command.


[ NX client ]

Download NX client from http://www.nomachine.com/download.php.

launch NXClient and configure an NX session to access to the Fedora16 notebook like this:



edit the NX client configuration to use Japanese keyboard layout.

open *.nxs file with text editor
In my case , nxs files are stored under C:\Users\username\.nx\config folder.

add keyboard layout ( Fedora16 notebook.nxs )
<option key="Custom keyboard layout" value="jp" />

If your keyboard layout is still wrong even though you edited .Xmodmap file and nxs file ( NX client configuration) correctly , you might also check the keyboard layout of i-Bus settings via NX session.


To start freenx-server when booting the Fedora.
# systemctl enable freenx-server.service
ln -s '/lib/systemd/system/freenx-server.service' '/etc/systemd/system/multi-user.target.wants/freenx-server.service'

# /usr/libexec/nx/nxserver --list
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: 3.5.0)
NX> 127 Sessions list:

Server     Display Username        Remote IP       Session ID
------ ------- --------------- --------------- --------------------------------
127.0.0.1       2000    zzzz 192.168.11.5    zzzzzzzzzzzzzzzzzzzzzzzzz
NX> 999 Bye