UNIX Administratosphere

Renaming a host is not, in general, a pleasant experience. The general requirement is that you must find everywhere that your hostname is specified and change it.

In OpenVMS, this can be an extensive process, and even require relicensing if you have licenses that depend on your hostname. It can also require rebooting of an entire VMS cluster if you miss changing a parameter. The full details are in the VMS FAQ such as this one (dated from 2001) from faqs.org or this one from HP (undated). Hoffman Labs has a copy from September 2006; there is information on changing a node name in section 5.7.

Not that in changing the OpenVMS hostname in a cluster, you must change the SCSNODE parameter (which changes the cluster node’s nodename). If you change the SCSNODE parameter, you must change the SCSSYSTEMID as well or the entire cluster will refuse to function until it is reconfigured. The cluster tracks the pairing between these two parameters, and if the pair changes, then the cluster stops working normally.

For UNIX in general, one way to do it is to go to the /etc directory as root and run a search:

$ su -
Password:
# cd /etc
# find . -type f -print | xargs grep -i myhost

After running this, change all of the instances of myhost that is found.

This is the way to change hostnames in Solaris, including Solaris 9 and Solaris 10. Debian and derivatives (including Ubuntu and Linux Mint) and HP-UX make it simpler.

In Debian, there is a file called /etc/hostname. This will contain the current setting of the hostname. Change this to your desired new hostname, then run the shell script /etc/init.d/hostname.sh.

In HP-UX, change to root and run the program set_parms with the hostname option:

# set_parms hostname

For all of these possibilities, the best thing to do is to reboot afterwards: this will test the new setup as well as change any in-memory hostname settings.

Changing a hostname is a drastic measure, and will include much in the way of system modification and updates. Changing the actual hostname is very likely only the beginning; there may be clients that are set up to contact the host, and any services that the server provided (e.g., NTP server, FTP server, web server, NIS server, etc.) will require reconfiguration on the clients to use the new hostname.

In summary, the very best thing to do is to get the name right in the first place.

Powered by ScribeFire.

GNU Screen is a fantastic utility; however, if you want to use multiuser sessions – that is to share your screen session with another user – you’ll have to set it up.

First, you have to make sure that multiuser capabilities are in the screen binary. We’ll assume for purposes of this article that screen has already been compiled with multiuser capabilities – it appears that most prepackaged versions of GNU screen should have these capabilities already built in.

Make sure that the screen binary is properly configured to use the multiuser capabilities with these steps:

• Make screen suid: chmod u+s $(which screen). This can be dangerous: you have to trust screen not to have anything in it (such as bugs) that will permit a user to take over as root.
• Make sure that the directory /var/run/screen exists and has permissions of 755.

Now that screen is set up, run the initial screen session and prep it for multiuser access:

• As a regular user, run GNU screen.
• Start multiuser mode with the multiuser on screen command.
• Allow a user to access the session by using the screen command acladd user with the appropriate user name or names.

Finally, the user who wants to access your screen session needs to run screen on the same system thusly:

screen -x shareduser/

This assumes that you ran the initial screen session as shareduser – and don’t leave off the final slash as that is necessary to make this work.

If you want to give this session a name (to separate it from your normal screen session perhaps), then use this command to start the session:

screen -S shared

Then let the other user use this command to connect:

screen -x shareduser/shared

That is, the user running the screen session is shareduser and the session name is shared.

There are more screen commands that are useful in multiuser mode; they are described the manual in section 8.4. There is also another web page that provides some tips on using screen, mostly focusing on multiuser mode – including how to create read-only users.

This little utility is a wonder. It lets you highlight items in text files or other text streams, using regular expressions and multiple configurations. I’ve seen other highlighting utilities, but none offer the flexibility of the remark program (short for regex-markup).

Unfortunately, it hasn’t been updated in two years – but it doesn’t really need it. The current Debian package works fine on Ubuntu. The utility was written by Oskar Liljeblad.

For example, the Debian package comes preconfigured for text output from diff, make, ping, traceroute, and syslog. The regular expressions are the same as used in regex(7) and the syntax for creating the rules files is very flexible and is explained well in the man pages for remark(1).

When looking at highlighted output such as remark puts out (as well as others) you’ll want to utilize the -R (raw) option to less. I use the command


less -RSXmg


With a preconfigured ruleset, you can change the foreground and background colors of anything you can match with a regular expression.

This becomes very useful when you want to scan a lot of text for certain output on a regular basis: things that are not all that important – but that you don’t necessarily want to leave out – can be left in with an appropriate color scheme so that the more important stuff isn’t missed.

Unfortunately, this tool is almost unheard of and is always a pain for me to relocate – but now I won’t lose it again! Give it a try and see if you like it. Kudos to Oskar for a beautiful package!

Synergy is a program to combine a number of host displays together (using one keyboard and mouse). Using the network, it allows you to move your mouse seamlessly from one system’s display to another – including combining many displays in this way. However, there are some trips for the unwary – or just plain surprises. None of this should make you stop using synergy; but knowing about it and what to do about it can make your use of synergy better. If you aren’t already using synergy, you should be.

The network data used by synergy is unencrypted. This means when you type in passwords on a synergy client, the passwords are sent in the clear across the network. To take care of this, use an ssh tunnel:

$ ssh -R 24800:syn-server:24800 syn-client

Then on the synergy client host, use 127.0.0.1 for the synergy server address:

$ synergyc 127.0.0.1

This will encrypt the traffic between the two hosts.

If any process hogs the processor on the machine your mouse is active on, you won’t be able to switch to another display. This makes sense when you think about it, but it still can come as a surprise. What is happening is that the synergy client program is not able to run, so it doesn’t respond when you hit the edge of the screen. Still, it would be nice if the server would recognize a client in this state and relocate the mouse somewhere you can use it.

The mouse can spontaneously relocate. This can happen for a variety of reasons – the most common is that while the synergy “mouse” has a different location than the actual mouse. When you switch from one to the other, the operating system thinks the mouse has “jumped” and moves the mouse pointer on screen accordingly. On inactive systems (where synergy does not have a pointer) the “physical” mouse pointer is usually put at the center of the screen (and usually hidden). Again, this is a little bit of a surprise, but not damaging.

The Windows-based synergy server may stop handling remote clipboards. This has been a bug with the Windows version of synergy, and can be “fixed” be restarting synergy.

XWindows clipboards may appear to not transfer. This is because XWindows has two clipboards. When you select a string of text in an xterm, for example, the data is put into a particular clipboard. However, this is not the primary clipboard and thus synergy does not transfer it. You can copy the selected text with a right-click menu and selecting “Copy…” or you can use a program like xclip to move the clipboard data into the right place.

With all of those desktops together, you’ll find that you may lose the location of the mouse from time to time. This is where the capability of “locating” the mouse with the press of a key comes in handy. Windows will do this, as will GNOME and KDE. Windows is configured to answer to a single press of the Control key. Some systems show you where the mouse is with a ever-shrinking set of rings (Windows) or squares (Fedora); Linux Mint is set up to flash a disk around the cursor.

When moving the mouse cursor across all of the different desktops, the speed and acceleration of each controls how the mouse moves when it is in that desktop. This can present itself in the form of a desktop acting like “quicksand” – the mouse moves fast until it gets to a desktop, then on that desktop the mouse moves slower until it gets to the other side. Adjust the mouse properties of each system until the mouse acts appropriately. You still won’t be able to (probably) shove the mose over and have the mouse go all the way from right to left (or vice versa) but moving will be nicer.

Watch where your mouse focus is. When you select a text box on one system, you typically then may move the mouse “out of the way.” However, if “out of the way” means the mouse is now on another system, then when you type the characters will go somewhere you don’t want them to go. This can be dangerous if you are typing in a password; don’t let your password go out over IRC or something because the wrong system’s desktop is active. It may be a good idea to break off the habit of moving the mouse off to the side; you don’t need to do this.

If you don’t know where to look, OpenVMS networking information can seem to be confined inside a mysterious black box. It doesn’t have to be.

The ANALYZE command can provide a lot of good information. Be sure to have a large enough scroll-back buffer on your terminal when you do this:


$ ANALYZE /SYSTEM
SDA> SHOW LAN /FULL


You can also find out a lot of good information in a hurry with the LANCP command:


$ RUN SYS$SYSTEM:LANCP
LANCP> SHOW CONFIGURATION


You can also look up information using the TCPIP command:


$ TCPIP
TCPIP> ifconfig -a


However, while this information is all good, it isn't complete without marking the back of the computer in some way so that you know which port is which. If you have to, you can hook up a laptop with a network cable and watch the traffic: the DECNet clustering traffic is such that you'll see it on every active interface - which provides you with the MAC address for that port.

I’ve discovered two new question and answer resources for administrators: one is specifically for system administrators, and one is for programmers.

These are StackOverflow.com and ServerFault.com. These sites look and work similarly, though the topics and logos and color schemes are different, so while it is as easy to use one as it is the other, there is no doubt as to which one you are using.

These sites combine a number of things together to provide excellent community answers to questions posed by anyone. There is no registration required (!) but if you register, you can do more and you can build a reputation that allows you to do quite a lot. If you get a high enough reputation, you almost have full access – just like the administrators of the system.

The answers are excellent and the Q&A sets are building rapidly.

Having given up Perl at one time to use Ruby almost exclusively, I have returned to Perl in recent years since Ruby is not available for HP-UX 11i v3 nor for OpenVMS 8.3. Perhaps some Ruby folks are listening; it is abominable that HP-UX 11i has gone without Ruby for so long. It would be nice to be able to say that it is shameful that Ruby doesn’t exist on OpenVMS 8.3 – but we know how popular OpenVMS is…

Here are some of the things I’ve discovered in bits and pieces about Perl since my “return”:

• HP-UX does not use the Perl core, but rather ActiveState Perl. This may not sound like much, but it can be important when using modules. For instance, the Net::FTP module has a bug in it that causes the last character of ASCII transfers to be “snipped”, and several Perl core modules are missing entirely.
• It is possible for Perl to quietly abort without warnings. This makes no sense, but I’ve experienced it. Only stepping through the code with the debugger will show what line it is – and removing the line in question makes the program start working again.
• Using CPAN can corrupt your HP-UX Perl installation. I suspect this is because CPAN assumes that you are using the Perl core, and if not, then things can break. In my case, the module Data::Dumper was hosed so bad I needed to reinstall Perl.
• Perl requires an additional module to emulate Ruby’s p command. This was a real disappointment; attempting to print data in a readable format (no matter what its type) is a simple command in Ruby; in Perl, you must include an additional module and use a function with a confusing name (is it Dump? or is it Dumper? or is it dump?) – I often have to correct my code to use the right one.
• Testing for a module’s existance is easy. Use the command perl -e 'use My::Module;' to see if the module is there.
• Don’t think of $var as the name of a variable, but as the value of a variable. Just this one change in thinking has made a tremendous amount of difference in programming. When you think this way, you see an entry like @myarray[4] for what it is: a list with a single element in it. Likewise, $mine{entry} is a scalar value returned from a hash. The same “variable” can be found with differing leading punctuation based on its value, not on its type.
• If your script needs to be portable across platforms, then write it in Perl. The Korn shell is nice and even more ubiquitous than Perl, and Ruby is (in my opinion, anyway) much nicer than Perl, but Perl is where ksh and Ruby are not. Being there is a significant part of the battle: if that snazzy scripting language isn’t installed, you can’t use it – and Perl is there.
• The documentation (in perldoc) is tremendous! Use perldoc whenever you can: it includes more than a man page would. It includes tutorials, frequently asked questions (FAQs), module documentation, function documentation, and more.

Though I’d still write in Ruby at the drop of a hat, I have indeed rediscovered the joy of Perl. Part of this is due to a book that has illuminated the dusty corners of my knowledge: Effective Perl Programming by Joseph Hall with Randal Schwartz – an awesome book!

Over at Mark Kolich’s blog, he wrote several months ago about using a source of randomness (/dev/urandom) to generate passwords. The idea is simple enough: take the random data, strip out only the printable characters, and then print the desired length of characters for a password.

Shortly thereafter, he described how to use a simple shell script to generate many passwords – such as for setting up many different accounts.

Working with HP-UX and OpenVMS as I do, I immediately thought: how could I do this in Perl, making the idea portable and making a program that will work on both UNIX and OpenVMS? It was easy – and easy to make it flexible as well. Here is the program that I came up with:

#!/usr/bin/perl

# code released by David Douthitt into the public domain

use Getopt::Long;

Getopt::Long::Configure('bundling');
GetOptions( 'l=i' => \$opt_l,
            'p=s' => \$opt_p,
            'm=i' => \$opt_m );

$pat{"ext"} = "[[:alnum:][:punct:]]";
$pat{"alnum"} = "[[:alnum:]]";
$pat{"alpha"} = "[[:alpha:]]";
$pat{"simple"} = "[a-km-z2-9]";
$pat{"normal"} = "[a-km-z2-9A-HJ-NPR-Z]";

if (defined($opt_p)) {
   if (defined($pat{$opt_p})) {
      $pat = $pat{$opt_p};
   } else {
      print "undefined pattern!\n";
      exit(1);
   }
} else {
   $pat = $pat{"normal"};
}

$max = (defined($opt_m) ? $opt_m : 1000);
$len = (defined($opt_l) ? $opt_l : 6);

$x = $len;

for $i (0..$max) {
   $c = chr(int(rand(255)));
   if ($c =~ /$pat/o) {
      $s .= $c;
      if (--$x == 0) {
         print "$s\n";
         $x = $len;
         $s = "";
      }
   }
}

Note that since OpenVMS does not use the “#!” notation, that this line will be ignored as a comment and the program needs to be invoked via direct invocation of perl itself.

As an aside, Mark says how he prefers random passwords. Me, I prefer “pronouncable” passwords – still random, but using phoenemes which makes the generation process just that more complicated – and complicates internationalization. Apple’s MacOS X comes with a password generator that can generate random and pronouncable passwords.

However, with the proper password storage system a fully randomized password is good – or is it? A completely random password of eight characters could be zzzzzzzz as much as anything else. Perhaps a password with a random distribution of characters (rather than a random selection of characters) would be better. I’m not aware of any password generators that guarantee a random distribution instead of a random collection.

Powered by ScribeFire.

Using a password vault or a password safe can provide some ease and can simplify our lives nicely. However, what is the point of saving all these passwords when we can just type it in – or use Firefox or Opera to do it for us?

Let’s look at several and consider what they offer – and the hidden surprise that makes them most valuable. There are several that are worth considering depending on your environment – Apple’s Keychain, GNOME’s Keyring, KDE’s Kwallet, KeePass and KeePassX, and Passpack. The first three belong to that set of tools that provide for password vaults that are unlocked when you log into your computer. As long as you are logged in – and perhaps only until the screen saver kicks in or you log out – these tools will be active and your passwords automatically available.

KeePassX is part of a small set of tools that provide this capability, though in a cross-platform way.

Lastly, PassPack is an online password vault which is easy to use and provides for exports to other systems like KeePassX and its ilk.

What is it that provides a surprisingly high level of security with the use of these vaults? Simply this:

You can generate random passwords of arbitrary length that you need not even try to remember.

This is very powerful. Passwords no longer need to be memorized: so why try? The passwords can be generated by the associated password generator, and then copied or otherwise placed into the password field of whatever process is requesting authorization.

There is no pattern which makes it easier to crack – no combinations of words, numbers, etc – just pure randomness (or as close as one can get on a non-random entity like a computer).

Once you have a tool like a password manger in place, you can use a different password – a random password – for every site and every location that a password is needed.

There are a number of things within Nagios that I did not know it could do until I had used it for some time.  I thought I would pass these facts on to you.  Once you know them, it seems simple – but only afterwards.

For example, consider the Host and Service Status Totals at the top of the screen.

All text (except the title) is clickable.  If you click on “All Problems” it will show the appropriate problem entries (assuming they can be seen in the current view!).

Another example is the Service Overview: if you click on the extended title for a service group, you’ll see all details for that service group.  However, if you click on the short title for a service group, you’ll be able to take actions on the entire service group as a whole (very nice!).  You can schedule downtime, enable or disable notifications, and enable or disable active checks.

This capability extends to the Host Groups as well: you can (at the appropriate screen) enable downtime for a hostgroup, enable or disable notifications for a hostgroup or for all services in a hostgroup, and enable or disable active checks for all services in a hostgroup.

Don’t forget to look at the inocculous-looking info box at the top left of the main Nagios data window; this window often provides ways to look at details of the current view.  For example, when looking at the Service Details for a particular host group, you can switch to a number of other views relating to the current host group, or for all host groups.

There is also the ability to sort the Status Details report.  This allows you to answer questions like these:

• What is the most recent check completed?  (order by “Last Check”)
• What is the longest status duration? (order by “Duration”)

Any column can be sorted except “Status Information” – click on the arrows at the title.  Normally this report is sorted alphabetically by Host then by Service.

However, suppose you want only one particular service group?  Click on the Service name, then under “Member of” in the next screen click on the group name.  Thus you see the Service Overview for that service group.  From there you can see the Service Details (by clicking the full title) or Actions (by clicking on the short title).

With all of these ways to view problems, you can answer your questions quicker and view the results faster.

Powered by ScribeFire.