Converting from m4a to mp3

Converting from m4a to mp3 on a whole bunch of files recursively

 
Convert to wav first:
find . -name \*.[Mm]4[Aa] -exec faad {} \;
Clean up the m4a's:
find . -name \*.[Mm]4[Aa] -exec rm -rf {} \;
Convert to mp3
find . -name \*.[Ww][Aa][Vv] -exec lame {}  \;
 
 

Getting ulimit to work with SSH and s...

Getting ulimit to work with SSH and stick across reboots
 

Add the following to /etc/sysctl.conf
 
fs.file-max = 104032  (substitute 104032 for whatever is appropriate to your environment)
 
then run:
sysctl -p
 
Add the following to /etc/security/limits.conf: (note that ulimit -n always reports the soft limit so if no soft limit is set it will always report the default of 1024)
  *  soft  nofile   4096
  *  hard  nofile  104032
 
Add the following to /etc/pam.d/login:
 session    required     pam_limits.so
 
Add the following to /etc/pam.d/sshd:
 session    required     pam_limits.so
 
Add the following to /etc/ssh/sshd_config:
 UsePAM yes
 
then run:
service sshd restart
 
 
 
 

Boot From SAN on RedHat with PowerPat...

Boot From SAN on RedHat with PowerPath and EMC Clarion

Boot From SAN with LVM and Multipath

SEE http://www.thogan.com/site/index.php?option=com_content&view=article&id=5:ubuntu-multipath-boot-from-san-experiment&catid=2:uncatagorized&Itemid=2 for information on our experience with Ubuntu :)

 

Before getting started, you will need to make sure that you have to proper installation materials, and that the SAN configuration is appropriately setup for a system install.

 

Install Media

 

RHEL 4, Update 6 (RHEL 4.6) or RHEL 5.  Earlier versions of RedHat, including earlier update versions, have an improperly functioning QLogic driver.  Use this specific installation media for this document.  Also, depending on the version of the QLogic driver, the SAN devices may be laid out before or after the local storage, use fdisk and look at the volume sizes to identify the local storage and remember which it is.

 

SAN Configuration

 

One path to the SAN.  There cannot be multiple paths to the SAN during an install as it will cause problems with mounting /boot and finding the LVM partitions.  The system must be booted in order to correct the configuration, so you must perform the install with only one path configured.  Once the system boots, the appropriate adjustments can be made to fstab and the LVM to allow the system to boot properly with multiple paths.

 

Location of SAN Boot Card

 

You must know in which PCI slot the HBA that you will be booting off resides.  You will need to configure the BIOS to boot from here.  You must also make sure that this is the card with the active path, and you will need to configure that specific card to have boot enabled.

 

Three things that need to line up:

 

BIOS boot device = HBA w/active path = HBAconfigured to boot

 

BIOS Configuration

 

This section is written based on an installation on IBM x86 hardware.  If you are using another platform these menus may be different.

 

Setting The Boot Device

 

Boot the system and enter the system BIOS.  You will need to make sure that the SAN card is a valid boot device.

 

Select “Start Options”

Go To “PCI Device Boot Priority”

                Modify this field to reflect the PCI slot number in which the boot HBA resides.

Go To “Startup Sequence Options”

                Under “Primary Startup Sequence”, set the four devices as follows:[1]

                “CD ROM”

                “Hard Disk 0”

                “Hard Disk 1”

                “Network”

Escape back to the main menu.

Select “Save Settings” then “Exit Setup”

 

Configuring the HBA

 

The HBA will now need to be configured to be bootable.  On the next boot, enter the HBA BIOS.  This document was written against QLogic 2460 HBAs.  If you are using a different HBA, the process may vary.

 

Enter the BIOS with a <CTRL-Q> when prompted.

Select the adapter with the active path (also should be the slot configured for boot in the BIOS)

Select “Configuration Settings”

Select “Adapter Settings”

                Set “Host Adapter BIOS” to “Enabled”

Return to the previous menu.

Select “Selectable Boot Settings”

                Set “Selectable Boot” to “Enabled”

                Set each boot device by selecting the field, pressing Enter, then selecting a LUN.

Escape back to the main menu, and select “Save Changes” when prompted.

Select “Select Host Adapter”

Select the other adapter this time (the NON boot one)

Repeat the process as with the first adapter, EXCEPT:

                Disable the Host Adapter BIOS”

                Disable “Selectable Boot”

Escape to the main menu and save changes again.

Exit the utility and reboot the system.

 

Starting the Linux Install

 

Have the appropriate RedHat media in the optical drive and boot the system.  Boot to the default graphical install.  Watch when the “Loading SCSI Drivers” screen appears, you should see the module for the HBAs get loaded.  For the QLogic cards, this is qla2xxx or qla2400.

 

Once the graphical installer is fully started and prompting you to click next to begin, switch to the terminal by pressing “CTRL-ALT-F2”.

 

At the console, enter “ls /dev/sd*”.  You should see at least /dev/sda and /dev/sdb.  There may be more.  Identify the SAN and local devices.  The local device will usually be /dev/sda.  You can test this by entering “fdisk /dev/sda”, then at the menu enter “p” to print the partition table.  It will also tell you the size of the volume.  Look for a size that indicated a SAN LUN or local storage and remember which devices are which.

 

Addendum to Standard Linux Build – Partitioning

 

The name of the volume group created on the SAN device should be “sanvg”.  The /boot partition should be create on the SAN device as well.

 

Continue with the install from this point as described in “Standard Linux Build”.

 

First Boot After Install

 

The first boot of the system after installation will likely FAIL.  This is normal, as the installer did not choose the appropriate boot device when installing GRUB.  To boot the system you will need to modify the GRUB commands.

 

After you are informed of the failed boot, hit enter to get the GRUB menu.

 

OH NO!  GRUB comes up and the screen is all wiggedy wack!  Read Appendix A at the end of the document for help!

 

With the first boot option selected, press “e” for edit.

                The first line in the next menu should be something like “root (hd1,0)”.

                Press “e” to edit this line.

                                Change the line to read “root (hd0,0)”

                                Hit enter to accept your changes

                Press “b” to boot the system with the modified commands.

 

Later in this document we will edit grub.conf to permanently make this modification.
 
If you see GRUB in upper left of screen after reboot:
Grub may fail to install to the correct path so it may be necessary to bootup from the DVD/CD in rescue mode using linux rescue at the promt and then performing a grub install as follows:
    chroot /mnt/sysimage
    grub-install /dev/sdb

 

Install EMC PowerPath

 

The PowerPath software will perform failover functions as well as create special /dev devices allowing unambiguous access to the active path.

 

Fetch the install archive EMCpower.LINUX-5.1.2.00.00-021.tar.gz and extract it.  Then use rpm to install the appropriate package onto the system:

 

Verify EMC PowerPath Install

 

PowerPath should now be installed.  To verify, type “lsmod | grep emc”  You should see a lot of modules with names beginning with emc.  This indicates that PowerPath has loaded successfully.

 

Start PowerPath with its init script.  Afterward you should see it coalesce the available paths to the SAN into a new virtual device.  Verify that this is your SAN device by reading the partition table with fdisk.

 

[root@ ~]# service PowerPath start

Starting PowerPath:  done

[root@ ~]# ls /dev/emcpower*

/dev/emcpower  /dev/emcpowera  /dev/emcpowera1  /dev/emcpowera2

 

As you can see above, there are now devices for /dev/emcpowera, a block device representing the SAN which is backed by /dev/sdb - /dev/sde.

 

[root@ ~]# fdisk /dev/emcpowera

 

The number of cylinders for this disk is set to 9137.

There is nothing wrong with that, but this is larger than 1024,

and could in certain setups cause problems with:

1) software that runs at boot time (e.g., old versions of LILO)

2) booting and partitioning software from other OSs

   (e.g., DOS FDISK, OS/2 FDISK)

 

Command (m for help): p

 

Disk /dev/emcpowera: 75.1 GB, 75161927680 bytes

255 heads, 63 sectors/track, 9137 cylinders

Units = cylinders of 16065 * 512 = 8225280 bytes

 

         Device Boot      Start         End      Blocks   Id  System

/dev/emcpowera1   *           1          19      152586   83  Linux

/dev/emcpowera2              20        9137    73240335   8e  Linux LVM

 

Command (m for help): q

 

A quick run of fdisk above shows that this is definitely our SAN volume.  The boot partition /dev/sdb1 is now available as /dev/emcpowera1.  
 

Modify modprobe.conf

 

At the end of /etc/modprobe.conf add the following line:

 

options scsi_mod max_scsi_luns=256

 

 

Modify grub.conf

 

Open the file and make the following edits:

 

Change any occurrence of “(hd*,0)” to “(hd0,0)”. (Where * is any number that is not 0).

 

On any line that starts with kernel, remove “rhgb quiet” from the end of it.

 

Comment out the “hiddenmenu” option with a “#” at the start of the line.

 

When you are finished, the file should look something like this:

 

# grub.conf generated by anaconda

#

# Note that you do not have to rerun grub after making changes to this file

# NOTICE:  You have a /boot partition.  This means that

#          all kernel and initrd paths are relative to /boot/, eg.

#          root (hd1,0)

#          kernel /vmlinuz-version ro root=/dev/sanvg/rootlv

#          initrd /initrd-version.img

#boot=/dev/sda

default=0

timeout=5

splashimage=(hd0,0)/grub/splash.xpm.gz

#hiddenmenu

title Red Hat Enterprise Linux AS (2.6.9-67.ELsmp)

        root (hd0,0)

        kernel /vmlinuz-2.6.9-67.ELsmp ro root=/dev/sanvg/rootlv

        initrd /initrd-2.6.9-67.ELsmp.img

title Red Hat Enterprise Linux AS-up (2.6.9-67.EL)

        root (hd0,0)

        kernel /vmlinuz-2.6.9-67.EL ro root=/dev/sanvg/rootlv

        initrd /initrd-2.6.9-67.EL.img

 

Modify the LVM Config

 

Finally, you must modify the LVM config file in /etc/lvm/lvm.conf to ignore the raw paths to the SAN and only use the PowerPath devices.

 

Find the line that sets up the default filter:

 

filter = [ "a/.*/" ]

 

Comment it out with a “#” at the start of the line, then put in the following line to tell LVM to only look at the emcpower devices and local storage:

 

filter = [ "a/sda/", "a/emcpower/", "r/.*/" ]

 

This is assuming that /dev/sda is local storage, you may have to modify this line if another device is local storage.

 

To make sure that the filter is working, run “vgscan” and verify that there are no messages about a “Duplicate PV”.

 

[root@mnsvliapp003 ~]# vgscan

  Reading all physical volumes.  This may take a while...

  Found volume group "sanvg" using metadata type lvm2

 

Setting Failover Policy

 

The appropriate failover policy will need to be set depending on the type of SAN.  Up to this point, only one path to each service processor should show as “active”, the rest show a state of “unlic”.  Running “powermt display dev=all” will show this information:

 
If the PowerPath license has not been installed do so with:
    emcpreg --install
 

[root@~]# powermt display dev=all

Pseudo name=emcpowera

CLARiiON ID=APM00064800054 [prod_jboss1]

Logical device ID=60060160A9D01A00A2AD9882F5ACDC11 [prod_jboss1_lun20]

state=alive; policy=BasicFailover; priority=0; queued-IOs=0

Owner: default=SP A, current=SP A

==============================================================================

---------------- Host ---------------   - Stor -   -- I/O Path -  -- Stats ---

### HW Path                 I/O Paths    Interf.   Mode    State  Q-IOs Errors

==============================================================================

   1 qla2xxx                   sdb       SP A4     active  alive      0      0

   1 qla2xxx                   sdc       SP B5     active  alive      0      0

   2 qla2xxx                   sdd       SP A5     unlic   alive      0      0

   2 qla2xxx                   sde       SP B4     unlic   alive      0      0

 

For a CLARiiON array, issue the following command to set the failover policy to “CLARiiON Optimal”.  this will cause all other paths to become active.  You will then need to save the configuration, and it will then persist across reboots.

 

[root@ ~]# powermt set policy=co

[root@ ~]# powermt display dev=all

Pseudo name=emcpowera

CLARiiON ID=APM00064403323 [dr_epicdb]

Logical device ID=600601602E811900C8E4B43C79AADC11 [dr_epicdb_LUN_100]

state=alive; policy=CLAROpt; priority=0; queued-IOs=0

Owner: default=SP A, current=SP A

==============================================================================

---------------- Host ---------------   - Stor -   -- I/O Path -  -- Stats ---

### HW Path                 I/O Paths    Interf.   Mode    State  Q-IOs Errors

==============================================================================

   1 qla2xxx                   sdb       SP B4     active  alive      0      0

   1 qla2xxx                   sdc       SP A5     active  alive      0      0

   2 qla2xxx                   sdd       SP B4     active  alive      0      0

   2 qla2xxx                   sde       SP A5     active  alive      0      0

 

Error displaying HBAs and associated devices.

 

[root@ ~]# powermt save

 

CABLE PULL TEST

 

At this point in the document, the configuration should be correct to survive a cable pull test.  If the system cannot recover from the I/O errors after a cable pull at this point, something is wrong with the configuration.  Review all steps and ensure that the output from the diagnostic commands is consistent with what is documented here.

 

Finishing Up

 

The system should be configured to boot and handle multiple paths now.  Have the extra paths configured on the SAN then reboot the system.

 

During the system startup, PowerPath may report failure to start.  This is fine, all that failed was the module load, which is because the modules were already loaded in the initrd.

 

Checking the PowerPath Configuration

 

PowerPath should now see all the active paths to the storage.  To verify this, run the command “powermt display dev=all”.  This should return the expected number of paths and show what raw devices are backing each path.

 

[root@ ~]# powermt display dev=all

Pseudo name=emcpowera

CLARiiON ID=APM00064403323 [dr_epicdb]

Logical device ID=600601602E811900C8E4B43C79AADC11 [dr_epicdb_LUN_100]

state=alive; policy=CLAROpt; priority=0; queued-IOs=0

Owner: default=SP A, current=SP A

==============================================================================

---------------- Host ---------------   - Stor -   -- I/O Path -  -- Stats ---

### HW Path                 I/O Paths    Interf.   Mode    State  Q-IOs Errors

==============================================================================

   1 qla2xxx                   sdb       SP B4     active  alive      0      0

   1 qla2xxx                   sdc       SP A5     active  alive      0      0

   2 qla2xxx                   sdd       SP B4     active  alive      0      0

   2 qla2xxx                   sde       SP A5     active  alive      0      0

 

Error displaying HBAs and associated devices.

 

Appendix A – GRUB Problems on IBM

 

On some of the IBM x86 hardware, when going into the GRUB menu after a failed boot, the screen goes berserk and it is difficult to read.  The menu gets somewhat broken too, but it is still possible to modify the GRUB commands and boot the system:

 

When selecting the “root (hd1,0)” line, after you hit “e” to edit the line, the line you are presented with in the editor reads “initrd /init”, NOT “root (hd1,0)”.  You CANNOT edit this line, follow this process:

 

Hit enter to accept the weird line.  Then press “b” to boot the system.  IT WILL FAIL AGAIN.  This is fine, now hit “e” to edit the line again, and this time you should be presented with the correct line.  Make the modifications described in “First Boot After Install”, and again press “b”.  This time, the system should boot.

 

The screen will return to normal after RedHat startup loads the font files.



[1]               Many BIOSes have an option for “PCI” or “Additional Boot Devices”, or even names the HBA.  If this is the case on the target system, use that selection instead of “Hard Disk”.  On the IBM hardware the PCI boot device magically becomes Hard Disk 0 or 1 in the boot order, so make sure they are both in there.  Boot from SAN may fail if there are bootable partitions on ANY local storage device.

 
To upgrade the Kernel:

Move /etc/init.d/PowerPath to /root.

Comment out references to PowerPath pseudo (emcpower?) devices from system configuration files such as /etc/fstab and /etc/lvm/lvm.conf.

Reboot the machine.

Stop the Navisphere agent (CLARiiON only)
# /etc/init.d/naviagent stop
 
Stop the ECC Master Agent (Symmetrix only)
# /etc/init.d/eccmad stop
Kill any remaining "mlragent" processes.

Uninstall the EMCpower.LINUX rpm package
# rpm -e EMCpower.LINUX

Upgrade the kernel.

Reboot the machine.

Stop the Navisphere agent (CLARiiON only)
# /etc/init.d/naviagent stop
 
Stop the ECC Master Agent (Symmetrix only)
# /etc/init.d/eccmad stop
Kill any remaining "mlragent" processes.

 

Uncomment references to PowerPath pseudo devices from system configuration files such as /etc/fstab and /etc/lvm/lvm.conf.

Reboot the machine.
 

RedHat NIC bonding

RedHat NIC bonding

/etc/modprobe.conf or /etc/modules.conf for RHEL3 and below
alias bond0 bonding
options bonding mode=1 miimon=100 downdelay=200 updelay=200 
alias eth0 tg3 
alias eth1 tg3 
alias scsi_hostadapter megaraid_mbox 
alias usb-controller ohci-hcd

/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
USERCTL=no
BOOTPROTO=none
HWADDR=00:14:5E:57:98:8E
ONBOOT=yes
MASTER=bond0
SLAVE=yes
TYPE=Ethernet


/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
USERCTL=no
BOOTPROTO=none
HWADDR=00:14:5E:57:98:90
ONBOOT=yes
MASTER=bond0
SLAVE=yes
TYPE=Ethernet

/etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
USERCTL=no
BOOTPROTO=static
BROADCAST=10.3.1.255
IPADDR=10.3.1.235
NETMASK=255.255.255.0
NETWORK=10.3.1.0
ONBOOT=yes
TYPE=Ethernet
 
/etc/sysconfig/network-scripts/ifcfg-bond0:1
DEVICE=bond0:1
USERCTL=no
BOOTPROTO=static
BROADCAST=10.3.1.255
IPADDR=10.3.1.237
NETMASK=255.255.255.0
NETWORK=10.3.1.0
ONBOOT=yes
TYPE=Ethernet

run rmmod bonding then service network restart

Linux SSH hangs on exit or for rsync


Linux SSH hangs on exit or for rsync

 
Add shopt -s huponexit in either /etc/bashrc or ~/.bashrc

OBAMA INFOMERCIAL

Foundry ServerIron SSL Troubleshooting

Foundry ServerIron SSL Troubleshooting

 Logon to the serveriron and enter enable mode:
 
    rconsole 1 1 

    url debug 3  <client ip>   #client ip is the address you will initiate the traffic from using browser, etc

Generate traffic  # connect to the site through load-balancer address (make a hosts file entry if necessary)
After generating some traffic copy the output from the putty terminal and then turn off debugging with:
    url debug 0

    rconsole-exit

 

Review output for errors and send to foundry if necessary
 
 
If you see

Error "You are about to be redirected to a connection that is not secure."  for pages on your ssl protected sites you may want to try the following:

 

Create  csw rules for Redirects

    csw-rule "r6" response-status-code 301 302

     csw-rule "r7" response-header "Location" pattern "http://www.sysxperts.com"

 

Create a csw policy to rewrite the headers so that all redirects are sent via https instead of http

    csw-policy "sysxperts-301" type response-rewrite

      ! matches all status codes 301-302 for redirects

      match "r6" response-header-rewrite

      ! this takes the first four characters (offset 0 length 4 which is http) and replaces them with "https"

      match "r7" rewrite response-header-replace "https" offset 0 length 4

 

Bind the policy to your virtual server    

    server virtual sysxperts.com

      port ssl response-rewrite-policy "sysxperts-301"


Show tech

Rconsole 1 1
show server session
show server debug
show server traffic
show server proxy
wsm show cpu
wsm dm resource
sh ssl key *
sh ssl cert *
sh ssl stat counter
sh ssl stat alert
sh ssl stat crypto
sh ssl stat client
sh socket stat
sh vm mem
sh vm deb
sh cp deb
sh ssl deb
sh tcp buf
sh cp stat
sh vm stat
sh sock list
sh ssl con
rconsole-exit


Foundry ServerIron SSL Certificate Management

Foundry ServerIron SSL Certificate Management

After generating CSR on Apache server and obtaining certificate from Verisign use the following procedure to upload certificates and keys to the Foundry and update the configuration.

Make a note of the existing certificates and keys on the Foundry as follows:

logon to each load balancer with putty and perform a sh config

192.168.5.60 and 192.168.5.80 are prod devices
192.168.7.60 and 192.168.7.80 are test devices
en
sh config

You just need to look at the ssl profile section (see items in bold)

ssl profile www-sysxperts-org2
 keypair-file sysxperts-key2
 certificate-file sysxpertsnew
 cipher-suite all-cipher-suites
 disable-ssl-v2
 session-cache off
 enable-certificate-chaining
ssl profile pvalentino
 keypair-file pvalentino-key
 certificate-file pvalentinochain
 cipher-suite all-cipher-suites
 disable-ssl-v2
 session-cache off
 enable-certificate-chaining

Make a not of the existing keypair-file and certificate-file names because you cannot use the same name when uploading the new certs and keys. Given the output above and the need to install a new cert for www.sysxperts.org:

Logon to apache web server mnsvlwwwp001 as a regular user (uploads will not work as the root user)

cd to the /data/web/certs folder or wherever you stored the keys and certs. The following uploads must be done as a regular user and in the proper order.

scp ./www.sysxperts.org.key pvalentino@192.168.5.60:sslkeypair:sysxperts-key3:sysxperts:pem
scp ./www.sysxperts.org.key pvalentino@192.168.5.80:sslkeypair:sysxperts-key3:sysxperts:pem
scp ./www.sysxperts.org.crt pvalentino@192.168.5.60:sslcert:sysxpertsorg3:pem
scp ./www.sysxperts.org.crt pvalentino@192.168.5.80:sslcert:sysxpertsorg3:pem
scp ./verisign_inter.crt pvalentino@192.168.5.60:sslcert:sysxpertsorg3:pem
scp ./verisign_inter.crt pvalentino@192.168.5.80:sslcert:sysxpertsorg3:pem

Verify that the new keys and certs have been uploaded to the Foundry devices as follows:

rconsole 1 1
sh ssl cert *
Output >
pvalentinochain 2944
sysxpertsnew 2826
sysxpertsorg3 2826 # here is the new cert chain
sh ssl key *
Output >
pvalentino-key 1209
sysxperts-key2 1197
sysxperts-key3 1209 # here is the new key
rconsole-exit


After uploading all the keys and certs to both devices and verifying, update the config on both devices as follows:

First unbind the ssl policy
server virtual webprd
 no port ssl ssl-terminate www-sysxperts-org2
ssl profile www-sysxperts-org2
 no certificate-file sysxpertsnew
 no keypair-file sysxperts-key2
 

Perform a save with:

end
wr mem
Update ssl profile:
conf t
ssl profile www-sysxperts-org2
 keypair-file sysxperts-key3
 certificate-file sysxpertsorg3
 cipher-suite all-cipher-suites
 disable-ssl-v2
 session-cache off
enable-certificate-chaining
Bind virtual server to the updated profile:
server virtual webprd
 port ssl ssl-terminate www-sysxperts-org2

Perform a save with:

end
wr mem

Test configuration and burn-in for at least 7 days before cleaning up old certs and keys.

Cleaning up:

en
rconsole 1 1
sh ssl key *
clear ssl key oldkey #removes named key
sh ssl cert *
clear ssl cert oldcert #removes named cert chain
rconsole-exit

Ctrl-H is the backspace key on the Foundry - you can update putty keyboard properties to use Ctrl-H if you find this as annoying as i do :)

 


VMWare ISO storage

VMWare ISO storage and mounting

By far the easiest thing to do is make your workstation the iso storage facility, whether you are mapped to a windows network share or using local disk does not matter.  Just enable the cdrom as a client device in VMWare vi client under Edit Settings for the Virtual Machine you want to setup.  Then restart the Virtual Host, clicking ESC very quickly to get the boot prompt.  Then click the CD/DVD button and map it to an ISO by browsing to your network share or local disk and selecting the appropriate ISO file.


sftp to the esx server and cd to /vmimages

mput *.iso # from directory where your iso's are

Go to virtual machine in VMWare and click it

Choose edit settings

Click DVD on the Hardware tab

Select Datastore ISO file radio button and browse to the vmimages folder to locate your iso and make sure connect at power on is selected

you can mount up to 4 ISO's on a single VM at a time

Reboot the virtual machine and hit escape if necessary to get boot prompt and select the CD/DVD device with the iso you would like to boot from


There are three primary options for storing ISO's.

1) Create a ISO directory on one of your VMFS volumes and store them there.

2) Create a samba mount to a Windows Server and store them there.

3) Create a NFS VMFS volume using a Windows Server and store them there.


How do I create a ISO mount point that points to a Windows Server for storing ISO files for my VM’s?

You can create a mount point inside /vmimages so your VM’s can access ISO files when needed. You could just create a directory on your VMFS volume and copy them there but this takes valuable disk space away from the ESX server. You can also use this technique to create other mount points on the ESX server if you need to copy files from a Windows server to or from it for patches and other things.

• First you will have to open the firewall port in ESX by typing in the service console “esxcfg-firewall -e smbClient”. This opens outbound TCP ports 137 – 139 and 445.

• Next make sure the Local Security Policy on the Windows Server you are going to map to has the following settings under Security options. If you do not do this you may get a “Stale NFS Handle” or “Permission denied” error when trying to mount.

o Microsoft network client - digitally sign communications (always) – DISABLED

o Microsoft network client - digitally sign communications (if server agrees) – DISABLED

o Microsoft network server - digitally sign communications (always) – DISABLED

o Microsoft network server - digitally sign communications (if server agrees) – DISABLED

• Next type “cd /vmimages” and then “mkdir ISO”  

• Next type “mount -t smbfs -o username=<local windows username> //windows server/share /vmimages/ISO” you can also use a windows domain username by typing “username=<windows domain username>,workgroup=<windows domain name>”

• You will be prompted for a password for the user account you are using.

• You can type “cd /vmimages/ISO” and do “ls” and you should see all your files. You can now map your VM’s CD-ROM using the Datastore ISO file device type and select the /vmimages/ISO folder.

• If you no longer need this mount point you can un-mount it by typing “umount /vmimages/ISO”

• To automatically have your ESX server mount this when it restarts do the following:
o Edit /etc/fstab using Nano or Vi

o Add the following line to the bottom of the file: “//windows server/share /vmimages/ISO smbfs noauto,username=<windows username>,password=<windows username password> 0 0”

o Edit /etc/rc.local using Nano or Vi

o Add the following line to the bottom of the file “mount –a”

How do I create a NFS volume on a Windows Server to use for storing ISO files for my VM’s? – You can do this if you have Windows 2003 Server R2 which has built-in NFS Services

• On the Windows 2003 Server make sure “Microsoft Services for NFS” in installed. If not you need to add it under Add/Remove Programs, Windows Components, Other Network File and Print Services

• Next go to folder you want to share and right-click on it and select Properties

• Click on the NFS Sharing tab and select “Share this Folder”

• Enter a Share Name, check “Anonymous Access” and make sure the UID and GID are both -2

• In VirtualCenter, select your ESX server and click the “Configuration” tab and then select “Storage”

• Click on “Add Storage” and select “Network File System” as the storage type

• Enter the Windows Server name, the folder (share) name and a descriptive Datastore Name

• Once it finishes the configuration you can now map your VM’s CD-ROM devices to this new VMFS volume


man SELinux, semanage, and restorecon

man SELinux, semanage, and restorecon

selinux(8)            SELinux Command Line documentation            selinux(8)



NAME
       selinux - NSA Security-Enhanced Linux (SELinux)


DESCRIPTION
       NSA  Security-Enhanced Linux (SELinux) is an implementation of a flexi-
       ble mandatory access control architecture in the Linux  operating  sys-
       tem.   The  SELinux  architecture  provides  general  support  for  the
       enforcement of many kinds of mandatory access control policies, includ-
       ing  those  based  on  the  concepts  of Type Enforcement®, Role- Based
       Access Control, and Multi-Level Security.  Background  information  and
       technical    documentation    about    SELinux    can   be   found   at
       http://www.nsa.gov/selinux.

       The /etc/selinux/config configuration file controls whether SELinux  is
       enabled  or  disabled, and if enabled, whether SELinux operates in per-
       missive mode or enforcing mode.  The SELINUX variable may be set to any
       one  of  disabled,  permissive,  or  enforcing  to  select one of these
       options.  The disabled option completely disables  the  SELinux  kernel
       and  application  code,  leaving the system running without any SELinux
       protection.  The permissive option enables the SELinux code, but causes
       it  to  operate in a mode where accesses that would be denied by policy
       are permitted but audited.  The enforcing option  enables  the  SELinux
       code  and causes it to enforce access denials as well as auditing them.
       Permissive mode may yield a different set  of  denials  than  enforcing
       mode,  both  because enforcing mode will prevent an operation from pro-
       ceeding past the first denial and because some  application  code  will
       fall back to a less privileged mode of operation if denied access.

       The /etc/selinux/config configuration file also controls what policy is
       active on the system.  SELinux  allows  for  multiple  policies  to  be
       installed on the system, but only one policy may be active at any given
       time.  At present, two kinds of  SELinux  policy  exist:  targeted  and
       strict.   The  targeted  policy is designed as a policy where most pro-
       cesses operate without restrictions, and  only  specific  services  are
       placed  into distinct security domains that are confined by the policy.
       For example, the user would run in a completely unconfined domain while
       the  named  daemon or apache daemon would run in a specific domain tai-
       lored to its operation.  The strict policy  is  designed  as  a  policy
       where  all processes are partitioned into fine-grained security domains
       and confined by policy.  It is anticipated in  the  future  that  other
       policies  will  be created (Multi-Level Security for example).  You can
       define which policy you will run by setting the SELINUXTYPE environment
       variable within /etc/selinux/config.  The corresponding policy configu-
       ration   for   each   such   policy   must   be   installed   in    the
       /etc/selinux/SELINUXTYPE/ directories.

       A given SELinux policy can be customized further based on a set of com-
       pile-time tunable options and a set of runtime policy  booleans.   sys-
       tem-config-securitylevel  allows  customization  of  these booleans and
       tunables.

       Many domains that are protected by SELinux  also  include  selinux  man
       pages explainging how to customize their policy.


FILE LABELING
       All files, directories, devices ... have a security context/label asso-
       ciated with them.  These context are stored in the extended  attributes
       of  the  file  system.  Problems with SELinux often arise from the file
       system being mislabeled. This can be caused by booting the machine with
       a  non  selinux kernel.  If you see an error message containing file_t,
       that is usually a good indicator that you have a serious  problem  with
       file system labeling.
       The  best  way  to  relabel  the file system is to create the flag file
       /.autorelabel and reboot.  system-config-securitylevel, also  has  this
       capability.   The  restorcon/fixfiles  commands  are also available for
       relabeling files.


AUTHOR
       This manual page was written by Dan Walsh <dwalsh@redhat.com>.


SEE ALSO
       booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restore-
       con(8),       setfiles(8),      ftpd_selinux(8),      named_selinux(8),
       rsync_selinux(8), httpd_selinux(8),  nfs_selinux(8),  samba_selinux(8),
       kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)



FILES
       /etc/selinux/config



dwalsh@redhat.com                 29 Apr 2005                       selinux(8)
semanage(8)                                                        semanage(8)



NAME
       semanage - SELinux Policy Management tool


SYNOPSIS
       semanage {login|user|port|interface|fcontext|translation} -l [-n]
       semanage login -{a|d|m} [-sr] login_name
       semanage user -{a|d|m} [-LrRP] selinux_name
       semanage port -{a|d|m} [-tr] [-p protocol] port | port_range
       semanage interface -{a|d|m} [-tr] interface_spec
       semanage fcontext -{a|d|m} [-frst] file_spec
       semanage translation -{a|d|m} [-T] level



DESCRIPTION
       semanage  is used to configure certain elements of SELinux policy with-
       out requiring modification to or  recompilation  from  policy  sources.
       This  includes the mapping from Linux usernames to SELinux user identi-
       ties (which controls the initial security  context  assigned  to  Linux
       users  when they login and bounds their authorized role set) as well as
       security context mappings for various kinds of objects, such as network
       ports,  interfaces,  and nodes (hosts) as well as the file context map-
       ping. See the EXAMPLES section below for some examples of common usage.
       Note  that the semanage login command deals with the mapping from Linux
       usernames (logins) to SELinux user identities, while the semanage  user
       command  deals  with the mapping from SELinux user identities to autho-
       rized role sets.  In most cases, only the former mapping  needs  to  be
       adjusted by the administrator; the latter is principally defined by the
       base policy and usually does not require modification.


OPTIONS
       -a, --add
              Add a OBJECT record NAME

       -d, --delete
              Delete a OBJECT record NAME

       -f, --ftype
              File Type.   This is used with fcontext.  Requires a  file  type
              as  shown  in  the  mode  field by ls, e.g. use -d to match only
              directories or -- to match only regular files.

       -h, --help
              display this message

       -l, --list
              List the OBJECTS

       -L, --level
              Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Sys-
              tems only)

       -m, --modify
              Modify a OBJECT record NAME

       -n, --noheading
              Do not print heading when listing OBJECTS.

       -p, --proto
              Protocol for the specified port (tcp|udp).

       -r, --range
              MLS/MCS Security Range (MLS/MCS Systems only)

       -R, --role
              SELinux  Roles.   You must enclose multiple roles within quotes,
              separate by spaces. Or specify -R multiple times.

       -P, --prefix
              SELinux Prefix.  Prefix  added  to  home_dir_t  and  home_t  for
              labeling users home directories.

       -s, --seuser
              SELinux user name

       -t, --type
              SELinux Type for the object

       -T, --trans
              SELinux Translation


EXAMPLE
       # View SELinux user mappings
       $ semanage user -l
       # Allow joe to login as staff_u
       $ semanage login -a -s staff_u joe
       # Add file-context for everything under /web (used by restorecon)
       $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
       # Allow Apache to listen on port 81
       $ semanage port -a -t http_port_t -p tcp 81


AUTHOR
       This  man page was written by Daniel Walsh <dwalsh@redhat.com> and Rus-
       sell Coker <rcoker@redhat.com>.  Examples by Thomas Bleher  <ThomasBle-
       her@gmx.de>.




                                  2005111103                       semanage(8)
restorecon(8)                                                    restorecon(8)



NAME
       restorecon - restore file(s) default SELinux security contexts.


SYNOPSIS
       restorecon [-o outfilename ] [-R] [-n] [-v] [-e directory ] pathname...

       restorecon -f infilename [-o outfilename ] [-e directory  ]  [-R]  [-n]
       [-v] [-F]


DESCRIPTION
       This manual page describes the restorecon program.

       This  program  is  primarily used to set the security context (extended
       attributes) on one or more files.

       It can be run at any time to correct errors, to  add  support  for  new
       policy,  or  with the -n option it can just check whether the file con-
       texts are all as you expect.


OPTIONS
       -i     ignore files that do not exist

       -f infilename
              infilename contains a list of files to be processed by  applica-
              tion. Use - for stdin.

       -e directory
              directory  to  exclude  (repeat  option for more than one direc-
              tory.)

       -R -r  change files and directories file labels recursively

       -n     don’t change any file labels.

       -o outfilename
              save list of files with incorrect context in outfilename.

       -v     show changes in file labels.

       -vv    show changes in file labels, if type, role, or user  are  chang-
              ing.

       -F     Force  reset  of  context to match file_context for customizable
              files, or the user section, if it has changed.


       ARGUMENTS
              pathname...  The pathname for the file(s) to be relabeled.

NOTE
       restorecon does not follow symbolic links.


AUTHOR
       This man page was written by Dan Walsh  <dwalsh@redhat.com>.   Some  of
       the content of this man page was taken from the setfiles man page writ-
       ten by Russell Coker <russell@coker.com.au>.  The program  was  written
       by Dan Walsh <dwalsh@redhat.com>.


SEE ALSO
       load_policy(8), checkpolicy(8) setfiles(8)



                                  2002031409                     restorecon(8)




Sed Example

Sed Examples

 
To prepend a character to the beginning of every line in a file i.e. a ":" for wiki formatting purposes:
sed 's/\(.*\)/:\1/' filename  #to preview what sed will do
sed -i 's/\(.*\)/:\1/' filename #to commit the change to the file
 
or add a " to the beginning and end of every line
sed 's/\(.*\)/"\1"/' filename
sed -i 's/\(.*\)/"\1"/' filename
 

To replace /usr/bin with /usr/local/bin in all files ending in .pl use:

for i in *.pl ; do sed s^\/usr\/bin^\/usr\/local\/bin^g < $i > $i.new; done

Now read the files... they should read /usr/local/bin instead of /usr/bin

 

to remove all instances of /usr from a file

for i in *.pl ; do `sed s^\/usr^^g < $i > $i.new && mv $i.new $i`; done

 for i in *.conf; do sed s^webtest^www^g < $i > $i.new;done




 

-------------------------------------------------------------------------
HANDY ONE-LINERS FOR SED (Unix stream editor)               Apr. 26, 2004
compiled by Eric Pement - pemente[at]northpark[dot]edu        version 5.4
Latest version of this file is usually at:
   http://sed.sourceforge.net/sed1line.txt
   http://www.student.northpark.edu/pemente/sed/sed1line.txt
This file is also available in Portuguese at:
   http://www.lrv.ufsc.br/wmaker/sed_ptBR.html

FILE SPACING:

 # double space a file
 sed G

 # double space a file which already has blank lines in it. Output file
 # should contain no more than one blank line between lines of text.
 sed '/^$/d;G'

 # triple space a file
 sed 'G;G'

 # undo double-spacing (assumes even-numbered lines are always blank)
 sed 'n;d'

 # insert a blank line above every line which matches "regex"
 sed '/regex/{x;p;x;}'

 # insert a blank line below every line which matches "regex"
 sed '/regex/G'

 # insert a blank line above and below every line which matches "regex"
 sed '/regex/{x;p;x;G;}'

NUMBERING:

 # number each line of a file (simple left alignment). Using a tab (see
 # note on '\t' at end of file) instead of space will preserve margins.
 sed = filename | sed 'N;s/\n/\t/'

 # number each line of a file (number on left, right-aligned)
 sed = filename | sed 'N; s/^/     /; s/ *\(.\{6,\}\)\n/\1  /'

 # number each line of file, but only print numbers if line is not blank
 sed '/./=' filename | sed '/./N; s/\n/ /'

 # count lines (emulates "wc -l")
 sed -n '$='

TEXT CONVERSION AND SUBSTITUTION:

 # IN UNIX ENVIRONMENT: convert DOS newlines (CR/LF) to Unix format
 sed 's/.$//'               # assumes that all lines end with CR/LF
 sed 's/^M$//'              # in bash/tcsh, press Ctrl-V then Ctrl-M
 sed 's/\x0D$//'            # gsed 3.02.80, but top script is easier

 # IN UNIX ENVIRONMENT: convert Unix newlines (LF) to DOS format
 sed "s/$/`echo -e \\\r`/"            # command line under ksh
 sed 's/$'"/`echo \\\r`/"             # command line under bash
 sed "s/$/`echo \\\r`/"               # command line under zsh
 sed 's/$/\r/'                        # gsed 3.02.80

 # IN DOS ENVIRONMENT: convert Unix newlines (LF) to DOS format
 sed "s/$//"                          # method 1
 sed -n p                             # method 2

 # IN DOS ENVIRONMENT: convert DOS newlines (CR/LF) to Unix format
 # Can only be done with UnxUtils sed, version 4.0.7 or higher.
 # Cannot be done with other DOS versions of sed. Use "tr" instead.
 sed "s/\r//" infile >outfile         # UnxUtils sed v4.0.7 or higher
 tr -d \r <infile >outfile            # GNU tr version 1.22 or higher

 # delete leading whitespace (spaces, tabs) from front of each line
 # aligns all text flush left
 sed 's/^[ \t]*//'                    # see note on '\t' at end of file

 # delete trailing whitespace (spaces, tabs) from end of each line
 sed 's/[ \t]*$//'                    # see note on '\t' at end of file

 # delete BOTH leading and trailing whitespace from each line
 sed 's/^[ \t]*//;s/[ \t]*$//'

 # insert 5 blank spaces at beginning of each line (make page offset)
 sed 's/^/     /'

 # align all text flush right on a 79-column width
 sed -e :a -e 's/^.\{1,78\}$/ &/;ta'  # set at 78 plus 1 space

 # center all text in the middle of 79-column width. In method 1,
 # spaces at the beginning of the line are significant, and trailing
 # spaces are appended at the end of the line. In method 2, spaces at
 # the beginning of the line are discarded in centering the line, and
 # no trailing spaces appear at the end of lines.
 sed  -e :a -e 's/^.\{1,77\}$/ & /;ta'                     # method 1
 sed  -e :a -e 's/^.\{1,77\}$/ &/;ta' -e 's/\( *\)\1/\1/'  # method 2

 # substitute (find and replace) "foo" with "bar" on each line
 sed 's/foo/bar/'             # replaces only 1st instance in a line
 sed 's/foo/bar/4'            # replaces only 4th instance in a line
 sed 's/foo/bar/g'            # replaces ALL instances in a line
 sed 's/\(.*\)foo\(.*foo\)/\1bar\2/' # replace the next-to-last case
 sed 's/\(.*\)foo/\1bar/'            # replace only the last case

 # substitute "foo" with "bar" ONLY for lines which contain "baz"
 sed '/baz/s/foo/bar/g'

 # substitute "foo" with "bar" EXCEPT for lines which contain "baz"
 sed '/baz/!s/foo/bar/g'

 # change "scarlet" or "ruby" or "puce" to "red"
 sed 's/scarlet/red/g;s/ruby/red/g;s/puce/red/g'   # most seds
 gsed 's/scarlet\|ruby\|puce/red/g'                # GNU sed only

 # reverse order of lines (emulates "tac")
 # bug/feature in HHsed v1.5 causes blank lines to be deleted
 sed '1!G;h;$!d'               # method 1
 sed -n '1!G;h;$p'             # method 2

 # reverse each character on the line (emulates "rev")
 sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//'

 # join pairs of lines side-by-side (like "paste")
 sed '$!N;s/\n/ /'

 # if a line ends with a backslash, append the next line to it
 sed -e :a -e '/\\$/N; s/\\\n//; ta'

 # if a line begins with an equal sign, append it to the previous line
 # and replace the "=" with a single space
 sed -e :a -e '$!N;s/\n=/ /;ta' -e 'P;D'

 # add commas to numeric strings, changing "1234567" to "1,234,567"
 gsed ':a;s/\B[0-9]\{3\}\>/,&/;ta'                     # GNU sed
 sed -e :a -e 's/\(.*[0-9]\)\([0-9]\{3\}\)/\1,\2/;ta'  # other seds

 # add commas to numbers with decimal points and minus signs (GNU sed)
 gsed ':a;s/\(^\|[^0-9.]\)\([0-9]\+\)\([0-9]\{3\}\)/\1\2,\3/g;ta'

 # add a blank line every 5 lines (after lines 5, 10, 15, 20, etc.)
 gsed '0~5G'                  # GNU sed only
 sed 'n;n;n;n;G;'             # other seds

SELECTIVE PRINTING OF CERTAIN LINES:

 # print first 10 lines of file (emulates behavior of "head")
 sed 10q

 # print first line of file (emulates "head -1")
 sed q

 # print the last 10 lines of a file (emulates "tail")
 sed -e :a -e '$q;N;11,$D;ba'

 # print the last 2 lines of a file (emulates "tail -2")
 sed '$!N;$!D'

 # print the last line of a file (emulates "tail -1")
 sed '$!d'                    # method 1
 sed -n '$p'                  # method 2

 # print only lines which match regular expression (emulates "grep")
 sed -n '/regexp/p'           # method 1
 sed '/regexp/!d'             # method 2

 # print only lines which do NOT match regexp (emulates "grep -v")
 sed -n '/regexp/!p'          # method 1, corresponds to above
 sed '/regexp/d'              # method 2, simpler syntax

 # print the line immediately before a regexp, but not the line
 # containing the regexp
 sed -n '/regexp/{g;1!p;};h'

 # print the line immediately after a regexp, but not the line
 # containing the regexp
 sed -n '/regexp/{n;p;}'

 # print 1 line of context before and after regexp, with line number
 # indicating where the regexp occurred (similar to "grep -A1 -B1")
 sed -n -e '/regexp/{=;x;1!p;g;$!N;p;D;}' -e h

 # grep for AAA and BBB and CCC (in any order)
 sed '/AAA/!d; /BBB/!d; /CCC/!d'

 # grep for AAA and BBB and CCC (in that order)
 sed '/AAA.*BBB.*CCC/!d'

 # grep for AAA or BBB or CCC (emulates "egrep")
 sed -e '/AAA/b' -e '/BBB/b' -e '/CCC/b' -e d    # most seds
 gsed '/AAA\|BBB\|CCC/!d'                        # GNU sed only

 # print paragraph if it contains AAA (blank lines separate paragraphs)
 # HHsed v1.5 must insert a 'G;' after 'x;' in the next 3 scripts below
 sed -e '/./{H;$!d;}' -e 'x;/AAA/!d;'

 # print paragraph if it contains AAA and BBB and CCC (in any order)
 sed -e '/./{H;$!d;}' -e 'x;/AAA/!d;/BBB/!d;/CCC/!d'

 # print paragraph if it contains AAA or BBB or CCC
 sed -e '/./{H;$!d;}' -e 'x;/AAA/b' -e '/BBB/b' -e '/CCC/b' -e d
 gsed '/./{H;$!d;};x;/AAA\|BBB\|CCC/b;d'         # GNU sed only

 # print only lines of 65 characters or longer
 sed -n '/^.\{65\}/p'

 # print only lines of less than 65 characters
 sed -n '/^.\{65\}/!p'        # method 1, corresponds to above
 sed '/^.\{65\}/d'            # method 2, simpler syntax

 # print section of file from regular expression to end of file
 sed -n '/regexp/,$p'

 # print section of file based on line numbers (lines 8-12, inclusive)
 sed -n '8,12p'               # method 1
 sed '8,12!d'                 # method 2

 # print line number 52
 sed -n '52p'                 # method 1
 sed '52!d'                   # method 2
 sed '52q;d'                  # method 3, efficient on large files

 # beginning at line 3, print every 7th line
 gsed -n '3~7p'               # GNU sed only
 sed -n '3,${p;n;n;n;n;n;n;}' # other seds

 # print section of file between two regular expressions (inclusive)
 sed -n '/Iowa/,/Montana/p'             # case sensitive

SELECTIVE DELETION OF CERTAIN LINES:

 # print all of file EXCEPT section between 2 regular expressions
 sed '/Iowa/,/Montana/d'

 # delete duplicate, consecutive lines from a file (emulates "uniq").
 # First line in a set of duplicate lines is kept, rest are deleted.
 sed '$!N; /^\(.*\)\n\1$/!P; D'

 # delete duplicate, nonconsecutive lines from a file. Beware not to
 # overflow the buffer size of the hold space, or else use GNU sed.
 sed -n 'G; s/\n/&&/; /^\([ -~]*\n\).*\n\1/d; s/\n//; h; P'

 # delete all lines except duplicate lines (emulates "uniq -d").
 sed '$!N; s/^\(.*\)\n\1$/\1/; t; D'

 # delete the first 10 lines of a file
 sed '1,10d'

 # delete the last line of a file
 sed '$d'

 # delete the last 2 lines of a file
 sed 'N;$!P;$!D;$d'

 # delete the last 10 lines of a file
 sed -e :a -e '$d;N;2,10ba' -e 'P;D'   # method 1
 sed -n -e :a -e '1,10!{P;N;D;};N;ba'  # method 2

 # delete every 8th line
 gsed '0~8d'                           # GNU sed only
 sed 'n;n;n;n;n;n;n;d;'                # other seds

 # delete ALL blank lines from a file (same as "grep '.' ")
 sed '/^$/d'                           # method 1
 sed '/./!d'                           # method 2

 # delete all CONSECUTIVE blank lines from file except the first; also
 # deletes all blank lines from top and end of file (emulates "cat -s")
 sed '/./,/^$/!d'          # method 1, allows 0 blanks at top, 1 at EOF
 sed '/^$/N;/\n$/D'        # method 2, allows 1 blank at top, 0 at EOF

 # delete all CONSECUTIVE blank lines from file except the first 2:
 sed '/^$/N;/\n$/N;//D'

 # delete all leading blank lines at top of file
 sed '/./,$!d'

 # delete all trailing blank lines at end of file
 sed -e :a -e '/^\n*$/{$d;N;ba' -e '}'  # works on all seds
 sed -e :a -e '/^\n*$/N;/\n$/ba'        # ditto, except for gsed 3.02*

 # delete the last line of each paragraph
 sed -n '/^$/{p;h;};/./{x;/./p;}'

SPECIAL APPLICATIONS:

 # remove nroff overstrikes (char, backspace) from man pages. The 'echo'
 # command may need an -e switch if you use Unix System V or bash shell.
 sed "s/.`echo \\\b`//g"    # double quotes required for Unix environment
 sed 's/.^H//g'             # in bash/tcsh, press Ctrl-V and then Ctrl-H
 sed 's/.\x08//g'           # hex expression for sed v1.5

 # get Usenet/e-mail message header
 sed '/^$/q'                # deletes everything after first blank line

 # get Usenet/e-mail message body
 sed '1,/^$/d'              # deletes everything up to first blank line

 # get Subject header, but remove initial "Subject: " portion
 sed '/^Subject: */!d; s///;q'

 # get return address header
 sed '/^Reply-To:/q; /^From:/h; /./d;g;q'

 # parse out the address proper. Pulls out the e-mail address by itself
 # from the 1-line return address header (see preceding script)
 sed 's/ *(.*)//; s/>.*//; s/.*[:<] *//'

 # add a leading angle bracket and space to each line (quote a message)
 sed 's/^/> /'

 # delete leading angle bracket & space from each line (unquote a message)
 sed 's/^> //'

 # remove most HTML tags (accommodates multiple-line tags)
 sed -e :a -e 's/<[^>]*>//g;/</N;//ba'

 # extract multi-part uuencoded binaries, removing extraneous header
 # info, so that only the uuencoded portion remains. Files passed to
 # sed must be passed in the proper order. Version 1 can be entered
 # from the command line; version 2 can be made into an executable
 # Unix shell script. (Modified from a script by Rahul Dhesi.)
 sed '/^end/,/^begin/d' file1 file2 ... fileX | uudecode   # vers. 1
 sed '/^end/,/^begin/d' "$@" | uudecode                    # vers. 2

 # zip up each .TXT file individually, deleting the source file and
 # setting the name of each .ZIP file to the basename of the .TXT file
 # (under DOS: the "dir /b" switch returns bare filenames in all caps).
 echo @echo off >zipup.bat
 dir /b *.txt | sed "s/^\(.*\)\.TXT/pkzip -mo \1 \1.TXT/" >>zipup.bat

TYPICAL USE: Sed takes one or more editing commands and applies all of
them, in sequence, to each line of input. After all the commands have
been applied to the first input line, that line is output and a second
input line is taken for processing, and the cycle repeats. The
preceding examples assume that input comes from the standard input
device (i.e, the console, normally this will be piped input). One or
more filenames can be appended to the command line if the input does
not come from stdin. Output is sent to stdout (the screen). Thus:

 cat filename | sed '10q'        # uses piped input
 sed '10q' filename              # same effect, avoids a useless "cat"
 sed '10q' filename > newfile    # redirects output to disk

For additional syntax instructions, including the way to apply editing
commands from a disk file instead of the command line, consult "sed &
awk, 2nd Edition," by Dale Dougherty and Arnold Robbins (O'Reilly,
1997; http://www.ora.com), "UNIX Text Processing," by Dale Dougherty
and Tim O'Reilly (Hayden Books, 1987) or the tutorials by Mike Arst
distributed in U-SEDIT2.ZIP (many sites). To fully exploit the power
of sed, one must understand "regular expressions." For this, see
"Mastering Regular Expressions" by Jeffrey Friedl (O'Reilly, 1997).
The manual ("man") pages on Unix systems may be helpful (try "man
sed", "man regexp", or the subsection on regular expressions in "man
ed"), but man pages are notoriously difficult. They are not written to
teach sed use or regexps to first-time users, but as a reference text
for those already acquainted with these tools.

QUOTING SYNTAX: The preceding examples use single quotes ('...')
instead of double quotes ("...") to enclose editing commands, since
sed is typically used on a Unix platform. Single quotes prevent the
Unix shell from intrepreting the dollar sign ($) and backquotes
(`...`), which are expanded by the shell if they are enclosed in
double quotes. Users of the "csh" shell and derivatives will also need
to quote the exclamation mark (!) with the backslash (i.e., \!) to
properly run the examples listed above, even within single quotes.
Versions of sed written for DOS invariably require double quotes
("...") instead of single quotes to enclose editing commands.

USE OF '\t' IN SED SCRIPTS: For clarity in documentation, we have used
the expression '\t' to indicate a tab character (0x09) in the scripts.
However, most versions of sed do not recognize the '\t' abbreviation,
so when typing these scripts from the command line, you should press
the TAB key instead. '\t' is supported as a regular expression
metacharacter in awk, perl, and HHsed, sedmod, and GNU sed v3.02.80.

VERSIONS OF SED: Versions of sed do differ, and some slight syntax
variation is to be expected. In particular, most do not support the
use of labels (:name) or branch instructions (b,t) within editing
commands, except at the end of those commands. We have used the syntax
which will be portable to most users of sed, even though the popular
GNU versions of sed allow a more succinct syntax. When the reader sees
a fairly long command such as this:

   sed -e '/AAA/b' -e '/BBB/b' -e '/CCC/b' -e d

it is heartening to know that GNU sed will let you reduce it to:

   sed '/AAA/b;/BBB/b;/CCC/b;d'      # or even
   sed '/AAA\|BBB\|CCC/b;d'

In addition, remember that while many versions of sed accept a command
like "/one/ s/RE1/RE2/", some do NOT allow "/one/! s/RE1/RE2/", which
contains space before the 's'. Omit the space when typing the command.

OPTIMIZING FOR SPEED: If execution speed needs to be increased (due to
large input files or slow processors or hard disks), substitution will
be executed more quickly if the "find" expression is specified before
giving the "s/.../.../" instruction. Thus:

   sed 's/foo/bar/g' filename         # standard replace command
   sed '/foo/ s/foo/bar/g' filename   # executes more quickly
   sed '/foo/ s//bar/g' filename      # shorthand sed syntax

On line selection or deletion in which you only need to output lines
from the first part of the file, a "quit" command (q) in the script
will drastically reduce processing time for large files. Thus:

   sed -n '45,50p' filename           # print line nos. 45-50 of a file
   sed -n '51q;45,50p' filename       # same, but executes much faster


 
-------------------------------------------------------------------------

 


Foundry ServerIron 4G-SSL config

!Using 8832 out of 393214 bytes

!

ver 10.1.00TI2

!

!

!

trunk switch ethe 3 to 4 

!

!

!

ssl profile workplace-ssh

 keypair-file workplace-key

 certificate-file workplacechain

 cipher-suite all-cipher-suites

 disable-ssl-v2

 session-cache off

ssl profile corp1-ssl

 keypair-file corp1-key

 certificate-file corp1chain

 cipher-suite all-cipher-suites

 disable-ssl-v2

 session-cache off

ssl profile groupware

 keypair-file groupware-key                                      

 certificate-file groupwarechain

 cipher-suite all-cipher-suites

 disable-ssl-v2

 session-cache off

!

server backup ethe 3 0012.f27c.5400 vlan-id 100

server no-graceful-shutdown

!

!

server port 80

 tcp

 udp

server port 8080

 tcp

server port 8081

 tcp

server port 8083                                                  

 tcp

server port 8084

 tcp

server port 8085

 tcp

server port 8087

 tcp

server port 8089

 tcp

server port 8090

 tcp

server port 8086

 tcp

server port 8082

 tcp

                                                                  

server port 8088

 tcp

server port 8092

 tcp

server port 8093

 tcp

server port 8094

 tcp

server port 81

 tcp

 tcp keepalive use-master-state

server port 82

 tcp

 tcp keepalive use-master-state

server source-nat-ip 192.168.5.62 255.255.255.0 192.168.5.1 port-range 2

server source-nat-ip 192.168.5.63 255.255.255.0 192.168.5.1 port-range 2 for-ssl

server source-nat-ip 192.168.5.64 255.255.255.0 192.168.5.1 port-range 2 for-ssl

!

!

!

csw-rule "r1" url prefix "html" 

csw-rule "r15" url prefix "/sales" 

csw-rule "r17" url prefix "/PVWeb" 

csw-rule "r2" header "Host" pattern "webtest.corp1.com" 

csw-rule "r21" url prefix "/finance" 

csw-rule "r25" url prefix "/edocs" 

csw-rule "r3" header "Host" pattern "webtest.corp1groupware.com" 

csw-rule "r30" url prefix "/acctg" 

csw-rule "r35" url prefix "/eforms" 

csw-rule "r45" url prefix "/custdb" 

csw-rule "r50" url prefix "/estatement" 

csw-rule "r55" url prefix "/ecosts" 

csw-rule "r60" url prefix "/ereports" 

csw-rule "r65" url prefix "/ebenefits" 

csw-rule "r70" url prefix "/elabels" 

csw-rule "r75" url prefix "/etraining" 

csw-rule "r80" url prefix "/eordering" 

!

!

!                                                                 

csw-policy "app-forward" 

 match "r15" forward 11

 match "r25" forward 25

 match "r21" forward 21

 match "r30" forward 30

 match "r35" forward 35

 match "r45" forward 45

 match "r50" forward 50

 match "r55" forward 55

 match "r60" forward 60

 match "r65" forward 65

 match "r70" forward 70

 match "r75" forward 75

 match "r80" forward 80

 match "r2" forward 2

 match "r3" forward 3

 default forward 2

!

csw-policy "redirect" 

 match "r15" redirect "*" "*" ssl

 match "r17" redirect "PVweb.corp1.com" "*" ssl

 match "r25" redirect "*" "*" ssl

 match "r21" redirect "*" "*" ssl                                 

 match "r30" redirect "*" "*" ssl

 match "r35" redirect "*" "*" ssl

 match "r45" redirect "*" "*" ssl

 match "r50" redirect "*" "*" ssl

 match "r55" redirect "*" "*" ssl

 match "r1" forward 1218

 match "r1" rewrite request-insert client-ip

 match "r60" redirect "*" "*" ssl

 match "r65" redirect "*" "*" ssl

 match "r70" redirect "*" "*" ssl

 match "r75" redirect "*" "*" ssl

 match "r80" redirect "*" "*" ssl

 default forward 1

 default rewrite request-insert client-ip

!

!

server real pvwwwt001 192.168.5.40

 source-nat

 port http

 port http keepalive

 port http url "HEAD /"

 port http server-id 1218

 port http group-id  1 1                                          

 port 8080

 port 8080 keepalive

 port 8080 group-id  11 11

 port 8080 url "GET /sales/includes/isalive.html"

 port 8081

 port 8081 keepalive

 port 8081 group-id  21 21

 port 8081 url "GET /finance/isalive.html"

 port 8082

 port 8082 keepalive

 port 8082 group-id  25 25

 port 8082 url "GET /edocs/isalive.html"

 port 8083

 port 8083 keepalive

 port 8083 group-id  30 30

 port 8083 url "GET /acctg/isalive.html"

 port 8084

 port 8084 keepalive

 port 8084 group-id  35 35

 port 8084 url "GET /eforms/isalive.html"

 port 8086

 port 8086 keepalive

 port 8086 group-id  45 45                                        

 port 8086 url "GET /custdb/isalive.html"

 port 8087

 port 8087 keepalive

 port 8087 group-id  50 50

 port 8087 url "GET /estatement/isalive.html"

 port 8088

 port 8088 keepalive

 port 8088 group-id  55 55

 port 8088 url "GET /ecosts/isalive.html"

 port 8089

 port 8089 keepalive

 port 8089 group-id  60 60

 port 8089 url "GET /ereports/isalive.htm"

 port 8092

 port 8092 keepalive

 port 8092 group-id  65 65

 port 8092 url "GET /ebenefits/"

 port 8090

 port 8090 keepalive

 port 8090 group-id  70 70

 port 8090 url "GET /elabels/"

 port 8094

 port 8094 keepalive                                              

 port 8094 group-id  80 80

 port 8094 url "GET /eordering/isalive.html"

 port 81

 port 81 group-id  2 2

!

server real pvwwwt003 192.168.5.50

 source-nat

 port http

 port http keepalive

 port http url "HEAD /"

 port http server-id 1211

 port http group-id  1 1

 port 8080

 port 8080 keepalive

 port 8080 group-id  11 11

 port 8080 url "GET /sales/includes/isalive.html"

 port 8082

 port 8082 keepalive

 port 8082 group-id  25 25

 port 8082 url "GET /edocs/isalive.html"

 port 8081

 port 8081 keepalive

 port 8081 group-id  21 21                                        

 port 8081 url "GET /finance/isalive.html"

 port 8083

 port 8083 keepalive

 port 8083 group-id  30 30

 port 8083 url "GET /acctg/isalive.html"

 port 8084

 port 8084 keepalive

 port 8084 group-id  35 35

 port 8084 url "GET /eforms/isalive.html"

 port 8086

 port 8086 keepalive

 port 8086 group-id  45 45

 port 8086 url "GET /custdb/isalive.html"

 port 8087

 port 8087 keepalive

 port 8087 group-id  50 50

 port 8087 url "GET /estatement/isalive.html"

 port 8088

 port 8088 keepalive

 port 8088 group-id  55 55

 port 8088 url "GET /ecosts/isalive.html"

 port 8089

 port 8089 keepalive                                              

 port 8089 group-id  60 60

 port 8089 url "GET /ereports/isalive.htm"

 port 8092

 port 8092 keepalive

 port 8092 group-id  65 65

 port 8092 url "GET /ebenefits/"

 port 8090

 port 8090 keepalive

 port 8090 group-id  70 70

 port 8090 url "GET /elabels/"

 port 8094

 port 8094 keepalive

 port 8094 group-id  80 80

 port 8094 url "GET /eordering/isalive.html"

 port 81

 port 81 group-id  2 2

!

server remote-name pvwwwt002 192.168.4.70

 source-nat

 port http

 port http keepalive

 port http url "GET /"

!                                                                 

server remote-name pvwwwt004 192.168.4.71

 source-nat

 port http

 port http keepalive

 port http url "GET /"

!

server real t001-groupware 192.168.5.101

 source-nat

 port http

 port http keepalive

 port http url "HEAD /"

 port http group-id  1 1

 port 8093

 port 8093 keepalive

 port 8093 group-id  75 75

 port 8093 url "GET /etraining/isalive.html"

 port 82

 port 82 group-id  3 3

!

server real t003-groupware 192.168.5.102

 source-nat

 port http

 port http keepalive                                              

 port http url "HEAD /"

 port http group-id  1 1

 port 8093

 port 8093 keepalive

 port 8093 group-id  75 75

 port 8093 url "GET /etraining/isalive.html"

 port 82

 port 82 group-id  3 3

!

!

server virtual webtest1 192.168.5.61

 port default sticky

 port http

 port http cookie-name "ServerID"

 port http csw-policy "redirect"

 port http csw

 port http request-insert client-ip "X-Forwarded-For"

 port ssl sticky

 port ssl ssl-terminate corp1-ssl

 port ssl csw-policy "app-forward"

 port ssl csw

 bind http pvwwwt001 http pvwwwt003 http

 bind ssl pvwwwt001 81 real-port http pvwwwt003 81 real-port http pvwwwt001 8080 pvwwwt003 8080

 bind ssl pvwwwt001 8081 pvwwwt003 8081 pvwwwt001 8082 pvwwwt003 8082

 bind ssl pvwwwt001 8083 pvwwwt003 8083 pvwwwt001 8084 pvwwwt001 8087

 bind ssl pvwwwt003 8087 pvwwwt001 8088 pvwwwt003 8088 pvwwwt003 8084

 bind ssl pvwwwt001 8086 pvwwwt003 8086 pvwwwt001 8089 pvwwwt003 8089

 bind ssl pvwwwt001 8092 pvwwwt003 8092 pvwwwt001 8090 pvwwwt003 8090

 bind ssl pvwwwt001 8094 pvwwwt003 8094

!

server virtual salestest 192.168.5.67

 port default sticky

 port http

 bind http pvwwwt002 http pvwwwt004 http

!

server virtual groupware 192.168.5.100

 port default sticky

 port http

 port http cookie-name "ServerID"

 port http csw-policy "redirect"

 port http csw

 port http request-insert client-ip "X-Forwarded-For"

 port ssl sticky

 port ssl ssl-terminate groupware

 port ssl csw-policy "app-forward"

 port ssl csw                                                     

 bind http t001-groupware http t003-groupware http

 bind ssl t001-groupware 8093 t003-groupware 8093 t001-groupware 82 real-port http t003-groupware 82 real-port http

!

!

!

!

!

vlan 1 name DEFAULT-VLAN by port

 no spanning-tree

!

vlan 100 name HOT-SYNC by port

 untagged ethe 3 to 4 

 no spanning-tree

!

!

aaa authentication web-server default local

aaa authentication login default local

no enable aaa console                                             

hostname foundry1

ip address 192.168.5.60 255.255.255.0

ip default-gateway 192.168.5.1

ip dns domain-name corp1.com

ip dns server-address 192.168.1.11 192.168.1.10

logging buffered 1000

telnet server

snmp-server

clock summer-time

clock timezone us Central

web-management

!

!

!

!

ip ssh  idle-time 240

!

!

end