Prefetch Technologies // Keeping your cache lines cozy

Archive

Posts from 2006

Monitoring DNS servers

networkingAug 20, 2006 1 min read

I recently started supporting several DNS servers running BIND 9. To ensure that these server are up and operational at all times, I wrote a small shell script named dns-check to test the operational state of each server. The script takes a file as an argument, and each line in the file contains the IP address of a DNS server (names will also work), a name to resolve, and the record type that should be requested. If the script is unable to resolve the name for one reason or another (any return code > 0 is a failure), the script will log a message to syslog, and send E-mail to the address listed in the $ADMIN variable, or an address passed to the "-e" option…

$ read more →
earlier

Expanding Solaris metadevices

storageAug 18, 2006 3 min

I recently had a file system on a Solaris Volume Manager (SVM) metadevice fill up, and I needed to expand it to make room for some additional data. Since the expansion could potentially cause problems, I backed up the file system, and saved a copy of the metastat and df output to my local workstation. Having several backups always gives me a warm fuzzy, since I know I have a way to revert back to the old configuration if something goes awry. Once the configuration was in a safe place and the data backed up, I used the umount command to unmount the /data file system, which lives on metadevice d100: After the file system was unmounted, I had to run the metaclear utility to remove the metadevice from the meta state database: Now that the metadevice was removed, I needed to add it back with the desired layout…

$ read more →

Using the ultimate boot disk to test hardware

hardwareAug 18, 2006 1 min

I have been using the Ultime Boot Disk for the past few months to test x86 and X64 hardware. The disk contains numerous awesome utilities that can be used to test memory, disks and CPUs. The following packages come on the CD, and are four of my personal favorites: Memtest86+ to test memory Darik's Boot and Nuke to securely erase data from a disk drive CPU burn to test CPUs PCI sniffer to identify the type of card in a system

$ read more →

Checking the integrity of Solaris binaries

securityAug 15, 2006 1 min

One new feature in Solaris 10 that doesn't get much press is the basic auditing and reporting tool (bart). Bart allows you to generate integrity checks for one or more files on a server. This allows you to compare two groups of file integrity checks (groups of file integrity checks are referred to as manifests in the bart documentation) to see what changed on a server. Bart is super easy to use, and comes with just two options, "create" and "compare." The "create" option can be used to create a new manifest, and the "compare" option can be used to compare the contents of two manifests…

$ read more →

Locking down the OS X firewall

macosAug 13, 2006 4 min

I attended Jay Beale's Discovering OS X weaknesses and fixing them with the new Bastille Linux port at Defcon last week. Jay did a great job presenting, and pointed out several HUGE flaws that are present with the default OS X "stealth" firewall rule set. The first major problem Jay pointed out was the fact that all UDP datagrams with source port 67 or 5353 are allowed in (this allows you to talk to ntpd and cups, which have a rocky security history). The second major flaw is the fact that the default configuration blocks ICMP type code 8 (ICMP echo requests), but allows all other ICMP traffic in…

$ read more →