Increasing Partition Size on a VMWare Linux Virtual Machine

Naively, when creating my new VMWare ESXi virtual machines, I was expecting to be able to resize the disks with a one-liner as I have done in the past with container based virtualisation. Unfortunately it’s not quite that simple, the VM partitions will need manually resizing:

Increase the virtual disk size via Vsphere to the relevant amount (VM > edit > hard disk 1). This can be done whilst the VM is live.

Reboot the vm so it picks up the new disk size:
shutdown -r now

Check new disk size, for example this 10GB disk has been increased to 15GB, but its not yet allocated:
fdisk -l

Disk /dev/sda: 15.0 GB, 15032385536 bytes

Install Linux Guest Support (CD2) after Citrix Xenserver installation

If you forget to install the Linux Guest Support cd during Xenserver installation, there are a few ways to install it post install.

Mount the CD in your KVM/DRAC etc and do:
cd /
mount /dev/cdrom /mnt/CD
cd /mnt/CD
./install.sh
follow the installation....
cd /
umount /mnt/CD

Or wget the ISO then:
mkdir -p /mnt/iso
mount -o loop XenServer-5.5.0-Update2-linux-cd.iso /mnt/iso
cd /mnt/iso
./install.sh
follow the installation....
cd /
umount /mnt/iso

Citrix Xenserver [Errno5] Input/Output error during install

During installation of Citrix Xenserver 5 over DRAC (Dell Remote Access Controller) using amounted ISO, I got the error:

[Errno5] Input/Output error during install

The initial install phase started properly and it allowed me to enter all configuration settings, but failed at the end of installation. Presumably this is either an issue with the DRAC or the connection speed over which the ISO is being mounted. To get around this, you need to start the installation process as normal with the mounted ISO, then when prompted, select to continue installation from a HTTP/FTP/NFS repository. Creating a repository is easy, just grab the following files off the ISO’s and stick them on a webserver:

(ISO1)/boot/isolinux/mboot.c32 -> (WEBROOT)/xen/mboot.c32
(ISO1)/boot/vmlinuz -> (WEBROOT)/xen/vmlinuz
(ISO1)/boot/xen.gz -> (WEBROOT)/xen/xen.gz
(ISO1)/install.img -> (WEBROOT)/xen/install.img
(ISO1)/packages.main/ -> (WEBROOT)/xen/packages.main/
(ISO2)/packages.linux/ -> (WEBROOT)/xen/packages.linux/

3 Reasons not to use UK2

Today I was lured into using UK2 dot net by the temptation of a .com domain for only £5.99. Bargain I thought to myself as I clicked through the checkout. All is not as it seems though and a bargain is not always a bargain. This is why I will never be using UK2 again:

1. Although the initial domain registration is very cheap, they sting you with add-ons wherever possible. When first logging into my UK2 control panel, I noticed a total lack of functionality. All I could really do was update my nameservers or buy more stuff. In order to administer my DNS settings on their nameservers, it became apparent that I needed to buy a “DNS Management Package” for a further £9.99. Rip off or what!

2. Disgusted at the hidden costs, I decided to move my domain away from UK2. Navigating through the crappy control panel and help section, there were no domain transfer away options to be seen. In order to find the procedure for transferring my domain away, I had to contact their support team who emailed me the details. The email then indicated that there is a further £12.99 charge to transfer domains out. Sigh, more hidden costs!

3. Their support is awful. It took me 20 minutes on live chat with a monkey that didn’t understand what DNS is, to be told that I had to pay them more money to change my DNS. I considered complaining a bit more but didn’t fancy wasting hours of my time.

Thankfully one of my other good providers offers a free DNS management service even for domains not registered with them, so I was able to switch to their nameservers. /Rant /Complaint :(

Disable weak ciphers in Tomcat

PCI compliance requires that weak and medium strength SSL ciphers are disabled, along with SSLv2 functionality. To achive this, just add the following to your SSL connector within server.xml and restart tomcat. sslProtocol should be set to TLS or SSLv3 and the ciphers setting should be added as below.

Typically the server.xml will be in:
/usr/share/tomcat5/conf/server.xml
/etc/tomcat5/server.xml

Spell check your website with Firefox

I came across a little trick today to spell check a website you are browsing in Firefox.  It’s pretty handy if you have a live site and want to give it a once over without loading up all of your code.  To spell check the page just go to it, then paste this in the address bar:

javascript:document.body.contentEditable='true'; document.designMode='on'; void 0

If you add this code as a bookmark on your bookmarks toolbar, then you will be able to spell check a site just by clicking on the bookmark button :)

This javascript makes the whole webpage editable, and therefore runs it thought the spellchecker. Nice!

Fix CSS Browser Compatibility using conditional comments

I’ve never had any incompatibly issues with different browsers whilst working on websites before – until today. For some reason IE7 decided it wanted totally misjudge my margins by about 30 pixels – totally distorting the site. Strange how it worked fine in any other browser (Including IE6 and IE8!). Anyway, conditional comments can be used to hack the CSS based on the browser being used. As this isn’t technically CSS, it’s HTML comments, it must be added in the headers tag on your HTML page. My fix was:

<!--[if IE]>
<style>
.item {
margin: 5px;
padding: 10px;
}
</style>
<--[EndIf]-->

Check how old a Linux password is using chage

I came across a command today that I’ve never really had a use for before.  chage can be used to check when a password was last modified and also shows any password expiration rules etc.  It can also be used to implement password expiration. A very useful tool if password policies are required, although PAM is probably the best thing to use.

Example:
chage -l username
Last password change : Jan 29, 2010
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

Force user to change password when they next log in:
chage -d 0 username

Delete a file older than X days using mtime

List files older than 5 days:
find ./ -mtime +5

To count all files older than 5 days
find ./ -mtime +5 |wc -l

To move files to an archive directory:
find ./ -mtime +5 -exec mv {} /var/archive \; -print

To delete the files
find ./ -mtime +5 -exec rm {} \; -print

Prevent brute force attacks using SSHBlack

SSHBlack is a very useful script which monitors the system logs for repeated failed logins and then blocks the source IP.  This can pretty much negate basic brute force attacks.  There are plenty of similar other applications such as BruteLock, but I think SSHBlack works well.  The following is a very handy article which shows how to run it as a service:

http://wiki.oss-watch.ac.uk/InstallingSshblack

Remember to add your IP’s/network to the whitelist and modify the paths to any logfiles as needed.