There is this great software for doing remote unattended Windows installs called, well, Unattended. It allows you to boot/install different windows versions without any intervention which is great if you are doing a number of Windows installs. This is a bit different than MSFN’s Unattended install which mainly is done off of CD media. MSFN’s site is still a great source of information on these types of installs but we are focusing on the network Unattended software since we are too lazy to have to/want to physically be at the datacenter to do the installs!

If the windows included drivers.cab does not include your drivers, then once unattended (I’ll refer to the sourceforge network version of unattended from now on) installs windows, you will not be able to use the network card to access the PC any more. Therefore, you need a way to install 3rd party drivers directly into the install I386 directory on your server. This article explains the process from a CD standpoint. But let me clarify for our network Unattended install.

First you need to locate the driver that the hardware needs to be usable on this system. Once you are positive which driver the system needs, place the files into /usr/local/unattended/install/os/INSTALLDIR/I386/$OEM/$1/Drivers/DRIVERNAME
Where INSTALLDIR is the name of the windows version you are installing (w2k3 for example) and DRIVERNAME is a unique name for the driver.

Now, according to the previous article you may think that you need to modify the WINNT.SIF file in the I386 directory. However for our remote unattended install server, this file is not used. You need to modify the /usr/local/unattended/install/site/unattend.txt file.

In the [Unattended] section, add the following lines if you do not have them:

OemPreinstall = "Yes"
OemPnpDriversPath= "Drivers\DRIVERNAME;Drivers\SOMEOTHERDRIVER"
DriverSigningPolicy = Ignore

Add each driver using this syntax, separate them using the semi-colon. During the install, it will copy the files in the $OEM$\$1\Drivers directory to C:\Drivers, and because we placed the above lines in unattend.txt, Windows knows to use these drivers during the PNP phase of the install.

Also to clarify the driver types, there are 2 different kinds of drivers during the windows install. The TEXT (TXT) mode drivers are used in the initial phase of the install (like where you hit F6 to install 3rd party drivers), and then there are Plug-and-Play (PNP) mode drivers. The PNP drivers are loaded later in the install process once the system goes to set up the network configuration.

Feel free to contact me if you have any questions on this!

Not dead as in dead, but dead as in the user has logged out of the system and for some reason their shell is still open. This might happen if your system crashes before you can log out, there are network problems and you are disconnected, or a number of other reasons. This article explains how to log these “dead” shell users out.

I use the command “w” to find out who is logged in and how long they have been idle. Compare this to the “who” command:

# w
07:47:18 up 73 days, 9:15, 2 users, load average: 0.43, 0.17, 0.11
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 pool-ip-addr 07:44 0.00s 0.04s 0.00s w
root pts/2 pool-ip-addr 07:45 1:26 0.02s 0.02s -bash
# who
root pts/0 Sep 22 07:44 (pool-ip-addr.phlapa.fios.verizon.net)
root pts/2 Sep 22 07:45 (pool-ip-addr.phlapa.fios.verizon.net)
#

You can also see the command they are currently running, and the TTY they are on. In this case you can see I ran the “w” command, so you can tell that pts/0 is the current session - and pts/2 is the “other” connection. You get this information from the “who” command as well, but “w” adds the idle time (which you can get with who -i, actually). Anyway you can can use either one, it is just a matter of preference.

First find the process list:

# ps fax

10585 ? Ss 0:05 /usr/sbin/sshd
16984 ? Ss 0:00 \_ sshd: root@pts/0
16986 pts/0 Ss 0:00 | \_ -bash
17068 pts/0 R+ 0:00 | \_ ps fax
17033 ? Ss 0:00 \_ sshd: root@pts/2
17035 pts/2 Ss+ 0:00 \_ -bash


If you are a system administrator of a linux system, you may find the following log entries familiar:
Sep 15 02:00:30 sol sshd[16364]: Failed password for invalid user test from ::ffff: 61.167.x.x port 53382 ssh2
Sep 15 02:00:30 sol sshd[16365]: Failed password for invalid user test from ::ffff: 61.167.x.x port 53394 ssh2
Sep 15 02:00:30 sol sshd[16366]: Failed password for invalid user test from ::ffff:61.167.x.x port 53396 ssh2
Sep 15 02:00:28 sol sshd[16366]: Invalid user test from ::ffff: 61.167.x.x
Sep 15 02:00:28 sol sshd[16370]: Invalid user test from ::ffff:61.167.x.x

Many, many times over. These are caused by an brute force attack from the remote host. Most likely this is another compromised machine, checking your machine for easy to guess username and password combinations. It could be someone manually trying to run a password cracking program on your ssh server too. In either case, the remote system really has no business touching your machine. This situation needs an automated solution to block this IP from even getting to your machine. Doing this real-time is essential as well.

Enter the Free APF + BFD scripts from R-fx Networks. These programs work in conjunction with one another to monitor for brute password attempts on your system, then ban the attacking host.

First install the APF (Advanced Policy Firewall) script [Download]

Then install the BFD (Brude Force Detection) script [Download]

When it finds a host that has tried and failed to log in too many times, or has tried too many users who don’t exist on your system, it blocks them in your firewall and e-mails you a message:

The remote system 61.167.x.x was found to have exceeded acceptable login
failures on somehost.com; there was 63 events to the service sshd. As such the
attacking host has been banned from further accessing this system. For the integrity
of your host you should investigate this event as soon as possible.

Sep 15 02:00:27 sol sshd[16364]: Invalid user test from ::ffff:61.167.x.x
Sep 15 02:00:27 sol sshd[16365]: Invalid user test from ::ffff: 61.167.x.x
Sep 15 02:00:28 sol sshd[16366]: Invalid user test from ::ffff: 61.167.x.x
Sep 15 02:00:28 sol sshd[16370]: Invalid user test from ::ffff:61.167.x.x
Sep 15 02:00:30 sol sshd[16364]: Failed password for invalid user test from ::ffff: 61.167.x.x port 53382 ssh2
Sep 15 02:00:30 sol sshd[16365]: Failed password for invalid user test from ::ffff: 61.167.x.x port 53394 ssh2
Sep 15 02:00:30 sol sshd[16366]: Failed password for invalid user test from ::ffff:61.167.x.x port 53396 ssh2
Sep 15 02:00:31 sol sshd[16370]: Failed password for invalid user test from ::ffff:61.167.x.x port 53412 ssh2
Sep 15 02:00:31 sol sshd[16372]: Invalid user test from ::ffff:61.167.x.x
Sep 15 02:00:32 sol sshd[16373]: Invalid user test from ::ffff: 61.167.x.x

In my experience it works great and is a very easy to install!

You have to check out the Envive E-Center Pro [eHomeUpgrade] home theater machine. It comes with Windows XP Media Center Edition (Vista Ultimate Ready) but I would rather throw Beyond TV on this puppy.

Check out these beefy stats…

E-Center Pro Features:

• Intel Viiv Certified Platform utilizing Intel Core 2 Duo Processors
• Up to 8GB DDR2 @ 677MHz or 4GB of DDR2 @ 800MHz Memory
• Windows Media Center 2005, Vista Ultimate Ready
• Also available with EnviveOS
• 2 NTSC Tuners and 2 ATSC Tuners under MCE 2005
• 4 NTSC Tuners and 4 ATSC Tuners under EnviveOS*
• 500GB to 4.5TB (6 x 750GB SATAII) of Storage, RAID Optional
• DVI/HDMI Video Output with HDCP Support, Optional
• Dolby Home Theater Certified High Definition Audio featuring 7.1 Audio Output with SPDIF
• Dual Layer DVD+/- RW Standard, Blu-ray Disc Drive optional, HD-DVD drive Available Late Q4 ‘06
• Rack mounting Kit, Optional
• Gigabit (10/100/1000 Mbits/sec) LAN powered by Intel, Additional NIC is Optional.
• Built in VFD and IR receiver

Envive is taking preorder 9/20/2006 (tomorrow) - so go get one if you can afford it, lucky you!

E-Center Pro Preorders [Envive]

Related: does anyone know what EnviveOS is?

If you need to find a string in a file, you would typically use:
grep -H "string to find" filename.ext
However, grep doesn’t handle a large number of files well. If you specify grep "string" * or even grep "string" `find ./`you may find yourself facing this error:
bash: /bin/grep: Argument list too long
If you need to search for a string in a lot of files then you can use a simple bash script to do the searching for you.

In this sample, I am looking for a string “sample string” in a directory named “./sample/”:
for i in `find ./sample/`; do grep -H "sample string" $i; done
This uses the find command to do the searching. It actually returns a list of filenames, which we can then grep one-by-one. The -H option tells grep to let us know the filename it found the string in so we can go right into that file to find the location of it.

Here is a handy little shortcut I recently figured out (it took me long enough, didn’t it!).

You can mount an ISO image as a directory in linux. Very nice for when you are remote and want to have a CD on that system.

mount -t iso9660 -o loop imagename.iso /mnt/isoimage

Don’t you hate it when your browser locks up because you unknowlingly clicked on a PDF File? Let’s face it - Adobe’s PDF Format rocks but the reader takes way to long to load and also locks your PC up.

Foxit Software just released Foxit PDF Reader 2.0. If you haven’t tried it already, you need to get this software (Windows Only). Trust me, you won’t be dissapointed.

Download Foxit PDF Reader 2.0

I recently had a problem where I was opening a browser window from an e-mail client. After taking a survey, I wanted a button to close this same window. In IE, it was fine to simply use window.close(); to close the window. However, Firefox, the evil genius that it is, will not let you do that because it believes you did not click to open this window in the first place. In order to trick it, you quick load a blank page then close it. The code:

<a href="javascript:window.open('','_parent','');window.close();">
Close this window</a>

So now, when you click the link, it closes the browser window. It works in both IE and Firefox 1.5 (and I believe others as well, but not personally tested). Finding that snippet of code saved me a lot of time! So I hope someone else finds it useful.

Update, May 1 2008:

This code only works on Firefox 1.5 and IE. In Firefox 2.0, Unless a website opened up a window - it can not close it. So, in my case I want to close the window after a user takes a survey, opened from an email window. Firefox 2.0 gives this error: Scripts may not close windows that were not opened by the script. I’m not sure what the right answer is here. They are doing it to prevent malicious scripts from closing windows. But even if they added an option to change that, most users wouldnt have it enabled by default.

So… where does that leave us? Please let me know if anyone knows of code that can close a window with Javascript in Firefox 2.x or 3.x.

Don’t you hate it when you try to visit a digg story and the site has been dugg? Use the greasemonkey firefox plugin and this duggmirror greasemoney script to add three links to each digg entry - the duggmirror archive, Coral NYU Mirror, and the Google Cache of the page, all with a nice graphical interface. It’s easy too:

1. Install Firefox (you mean you haven’t already?)
2. Install Greasemonkey plugin
3. Restart Firefox
4. Visit the duggmirror script’s page and click “install this script”. A little box will pop up at the top of the browser screen, asking you for permission to install it.

That’s it! When you visit digg - you will see the extra links next to the post title. It works in any OS that firefox support (I’ve personally tested on Windows XP, Vista, and Ubuntu).

I am using the Visual.Syntax code highlighting plugin by Matthew Delmarter. There were some code highlighter plugins out there, but they were all pretty complicated and the output was fancier - a little too fancy. I wanted something simple to copy/paste from and Visual.Syntax won the day for me. iG:Syntax Hiliter is a close second and I may still use it some day. It does neat things like line numbering and highlighting for a large amount of languages; but I did not find it as simple to use as Visual.Syntax. In case you were wondering, both of them work with Wordpress 2.x.