GRG's Miscellany

To explain why and how I've done this, I'm going to talk a little about my home-security measures/architecture, which I'm not too comfortable about.  However, security-through-obscurity isn't security at all so here goes... I've used AIDE ( the intrusion detection program , not the Android IDE) for years now to improve my confidence that nobody is poking around on the home machines I have open to the internet. I have my internet-visible machines on their own separate subnet under a dedicated router.  I call it a DMZ , even though I'm not 100% sure that's technically accurate in my case. Anyway, my normal trusted subnet sits under a different router, so I can be fairly confident nothing can get in from the DMZ to my trusted subnet.  However, to run the intruder detection checks, I have a machine on the trusted subnet ssh in to each of the DMZ machines in turn (copying the static-linked binary and database over each time before running the check). Ubu...

Mumble is beautiful.  It is simple and does exactly what it says on the tin. Something new I discovered about it today is that the static linux release works out-of-the-box on TinyCore ! I got an old thin client off ebay a while back (an IGEL D200 ) and it's so crap it wouldn't even boot with a USB plugged in.  Maybe that's some security BS I haven't found the BIOS switch for, but I gave up on trying to find a way round it. So what I did was set up a VM in VirtualBox which had the right RAM/HDD sizes, then install TinyCore and do the setup. Then, I followed the instructions here (but with VirtualBox not VMware) to clone the VM onto the CF card from the thin client (using CloneZilla ).  I had to use the command line instructions from here to create a raw disk vmdk file for the VM.  I also had to change the permissions on the vmdk file and the block device (/dev/sdd in my case) so I didn't have to run VirtualBox as root. ...but then I slotted the CF c...

I got myself in a bit of a pickle sorting this one out, but I got there in the end. The issue: To update TinyCore extensions (packages), you need to boot into a special mode (base norestore) .  Then, you need to run tce-update. This is a piece of cake to do manually, but a pain to automate. How I did it (overview): backup extlinux.conf create extlinux.conf and script to switch to boot into 'update mode' create script to switch back to normal boot add check to /opt/bootlocal.sh to see if the system is booting normally, or into 'update mode' create crontab job to regularly reboot into 'update mode' How I did it (details):

OMFG, NFS servers are SUCH a pain in the backside.  But anyway, here are some useful tricks: On server:     netstat -l lists which services are listening on which port.    rpcinfo -p also lists rpc processes, with program numbers and ports     /etc/services The file portmapper uses to see which port the services should run on.  Names of the relevant services are: mountd lockd and status HOWEVER:     sysctl -w fs.nfs.nlm_tcpport=blah    sysctl -w fs.nfs.nlm_udpport=blah might be needed to set the port of nlockmgr.  Why it doesn't listen to portmapper, I've no idea. Debug logs:    - kill the server process (nfsd, mountd, or whichever)    - run the server process with a -F or without the -D to force it to run in the foreground (you also might have to include a debug or verbose mode option.    - try to mount the nfs share from the client.  Now you should get a load of mean...