melnikov.net.ru

1. Shutdown your UPS monitoring software.
2. Contact your UPS directly using some terminal program such as minicom with the settings 2400 8N1 (2400 baud, 8 bits, no parity, 1 stop bit). Be extremely careful what you send to your UPS as certain characters may cause it to power down or may even cause damage to the UPS.
3. Try sending to the UPS an upper case ‘Y’ (without quotes and return at the end; the same applyes to all following commands). It should respond with ‘SM’. If you fat finger the ‘Y’ and enter ‘y’ instead, no cause for alarm, you will simply get the APC copyright notice.
4. When you are sure you are properly connected send an upper case ‘D’. This will put the UPS into calibration mode, and it will drain the battery down to 25% capacity (35% for a Matrix) at which point it will go back on the mains. In doing so, it will recompute the runtime calibration.
5. (If you wish to abort the calibration, enter a second ‘D’ command.)
6. When you are done, restart your monitoring software.

Notes:

• Does not apply to voltage-signalling or dumb UPSes such as the older BackUPS models.
• In a future release of apcupsd this procedure will be replaced by a daemon operation.
• Do not run the recalibration command more than once or twice per year as discharging these kinds of batteries tends to shorten their life span.
• While recalibrating you should supply a load of about 30 to 35% but not more than 50%. You can determine the load by looking at the output of the apcaccess status command while apcupsd is running.

Now i’m migrating from Windows XP to Ubuntu Linux. For some time I will need both OSes to work with minimal time to switch between. As solution, I decide to setup VirtualBox on Windows, and run Ubuntu inside virtual machine. This is quite common situation, but one detail is specifical: Ubuntu is alreday set up on separate hard drive partition. So I need to run VirtualBox virtual machine from “raw” partition.

The trick was simple — all steps described in VirtualBox User Manual, see chapter 9.9.

I done such steps:

(pathtovboxprogramfolder)\VBoxManage internalcommands listpartitions -rawdisk \\.\PhysicalDrive0

which gives:

Number Type StartCHS EndCHS Size (MiB) Start (Sect)
1 0x07 0 /1 /1 694 /239/63 5131 63
5 0x83 695 /1 /1 1023/239/63 9856 10508463
6 0x82 1023/1 /1 1023/239/63 1026 30693663
7 0x07 1023/1 /1 1023/239/63 136611 32795343

Partitions Ubuntu VM needs access are 5 (root fs) and 6 (swap). Next command makes special .vmdk file for such partitions:

(pathtovboxprogramfolder)\VBoxManage internalcommands createrawvmdk -filename (pathtovboxdisksfolder>)\raw5and6.vmdk -rawdisk \\.\PhysicalDrive0 -partitions 5,6

And, for last, this .vmdk file could be registered with VirtualBox “Virtual Disk Manager” and used for VM.

By default (on Debian system) Xen uses ttyS0 as serial console, and that causes conflict with kernel module 8250.ko. I personally met this trying to setup ‘nut’ package for UPS handling. The solution was found on XenSource page. Actually you just need to add # xenkopt=xencons=ttyS16 line to /boot/grub/menu.lst, do ‘update-grub’ and reboot.

Now I am on Sun Tech Days at St-Petersburg. Just 10 minutes ago I win the Solaris book authographed by Ian Murdok, creator of Debian Linux, currently Sun employee working on Sloaris), who is one of the speakers of this event. The site of the book is here.

Wifi coverage is everywhere in the building, so I could write it right now. The whole event is very well organized and very interesting, so thanks to Sun Microsystems!

Oftenly network services give away information on what platform thay run. If you look what SSH daemon replies on your telnet request, you’ll see string like this probably:

SSH-1.99-OpenSSH_3.8.1p1 Gentoo-8.2.4

It is obvious that as on of security measures it is good idea to may harder for attacker to gain any information about system we protect; for example, well-known Linux Iptables Tutorial says: “The best thing to do, is to give as little material as possible for the attacker to get a proper fingerprint on.” I could imagine only one reason for such unsecure behaviour of SSH service: to allow collect statistic information. But if you are admin of this host, you know what OS is there. If you are not, it’s not your business, right?

In most OSes and distros there is no command-line or config file option to turn off such verbosity. So, at first, there are the one way to do this: get sshd source, patch it, compile it, and install it. And you should do this after each security update.

But we could apply the simple patch right on the sshd binary executable, because we know exactly what to change. SSH daemon is written in C, so all the text strings are plain text strings, starting at fixed offset fron begin of file are ended by zero-byte. We could easily modyfy such string, if it is unique in binary file an if new text will be no longer than original one. At the and we will put a zero byte, it will be interpreted as the end.

What exactly would we like our SSH to answer? Theoretcally, it should be anything starting with ‘SSH’, but in practice there are some restrictions. There are different ssh server implementations, and many clients use that banner string to recognize specific servers with specific bugs (i.e, if you have Putty (ssh client), look to “Connection”>”SSH”>”Bugs” screen in settings window). This topic on commercial SSH implementation forum states that minimal safe string would be ‘SSH-2.0-0′. My own expirience is limited, but there was no problem with such banner string.

Searching for tool, my first look was at unix utility ’sed’, but it is wrong tool for this job. As sed documentation says:

Specifically, use awk or perl if you need to: (…) handle binary data (control characters). (perl: binmode)

So, I use perl one-liner (look at ‘perlrun’ for more explanation):

PERLIO=':raw'; export PERLIO; perl -pi.bak -e 's{(OpenSSH)_([^\x00]+Debian)}{$1\x00$2}’ /usr/sbin/sshd

.