Category Archives: Technology junk

I’m a SAN administrator. Stuff relating to system/network/storage administration goes here.

Dell Bluetooth 365 on Windows 10

Motorized junk, Technology junk, , , , ,

I’m desperately waiting for my parts from Short Block Technologies so that I can get going on the 750sx project. The good news is their ridiculously slow service/shipping gave me all of last weekend to try to get the Bluetooth working properly on my trusty old Latitude E4200. I was at the verge of just buying a new laptop, but I really, really, really hate spending money on portable computers in 2015. I hated it in 2010, I wish they’d just die already. To make matters worse my mom let me borrow her modern Latitude 7350 – it made me beyond the shadow of a doubt not want to buy anything new.

Thus I spent no doubt a good 4 hours or so troubleshooting/uninstalling/fiddling/thissing/thatting the Bluetooth device and software on my trusty old beast. There are a few forum posts indicating this and that, try Lenovo software, try Broadcom’s update, try old drivers in compatibility mode. It all sucked.

Backing up a step it’s worth outlining the symptoms – after the Win10 upgrade both my Microsoft Sculpt Bluetooth mouse and my Microsoft Curve Bluetooth keyboard worked somewhat, but the features weren’t right. I unpaired and discovered no ability to re-pair.

All of my searching led me here – a forum post more about Windows 8, but similar problem. The solution is to use some older Lenovo software.

No compatibility, no BS, it just worked. I did have to unpair then re-pair when finished. Also at the end of the install it did indicate failure, but that is apparently not the case.

Quick link: http://tinyurl.com/b8fptwr

Now back to being angry about my missing boat parts.

 

Stop brute force SSH attacks from filling your authlog OpenBSD

Technology junk, ,

I run OpenBSD on Soekris devices and have yet in my life to have this proven to be a poor choice of hardware. For my builds I use flashrd. Part of the design of flashrd is that /var is built from scratch during each boot and is mounted as a memory filesystem:

# mount | grep /var
mfs:14425 on /var type mfs (asynchronous, local, nodev, nosuid, size=131072 512-blocks)

While this is a really cool way to do things it does limit the size of your /var filesystem. In my case – on this box is slightly less than 62 MB. Usually this is way more than adequate, but there have been times that the script kiddies have caused me grief by filling /var/authlog with failed ssh login attempts:

Jan 24 06:35:34 firewall sshd[29119]: Invalid user hscroot from 180.131.138.32
Jan 24 06:35:34 firewall sshd[29119]: input_userauth_request: invalid user hscroot [preauth]
Jan 24 06:35:34 firewall sshd[29119]: Failed password for invalid user hscroot from 180.131.138.32 port 57894 ssh2
Jan 24 06:35:35 firewall sshd[29229]: Invalid user hscroot from 180.131.138.32
Jan 24 06:35:35 firewall sshd[29229]: input_userauth_request: invalid user hscroot [preauth]
Jan 24 06:35:35 firewall sshd[29119]: Connection closed by 180.131.138.32 [preauth]
Jan 24 06:35:35 firewall sshd[29229]: Failed password for invalid user hscroot from 180.131.138.32 port 48309 ssh2
Jan 24 06:35:35 firewall sshd[29229]: Connection closed by 180.131.138.32 [preauth]

Once /var is full all sorts of weird things start happening. In my case the firewall would still pass traffic, but dhcpd quits working properly (most likely due to its inability to log and place leases in /var/db/dhcpd.leases) and slowly the hosts on the network relying on dhcp die of attrition as they can no longer renew their leases. It’s gotta be fixed…

The most secure way to go about things would be to close ssh to the outside world. In my case that isn’t really an option, there are times that I’m out of town and if the S hit the F I could potentially lose one of my multiple ways inside the network to fix things. SSH on the outside firewall may someday (albeit it hasn’t yet) become my last hope. My solution is not unique, but it isn’t so ununique that it’s not worth mentioning. It’s all handled inside OpenBSD’s pf.conf file:

1) Create a table to hold the abusers:

table <abuse> persist

2) Make an addendum to your ssh rule that will limit the rate at which connections are allowed. For connections exceeding that limit put the source address in your abuse table  using the overload directive. Make sure the scope of the rule is such that it won’t limit other types of connections and also make sure it’s far enough down in your ruleset that other rules won’t hijack your ssh traffic. In my case I used a maximum of 2 connections per 15 minutes. You may wish to loosen that up a bit in case you find yourself remotely connecting to that  box often. I’d also suggest making the scope of that rule such that it doesn’t apply to connections coming from trusted networks:

pass in on em2 inet proto tcp from any to (em2) port ssh flags S/SA keep state (max-src-conn-rate 2/15, overload <abuse> flush)

3) Block the abuse table at or near the bottom of your pf.conf. Make sure you don’t have any quick rules up higher that might override this rule. You could put it higher up and use a quick rule, but I like to keep quick out of my ruleset as much as I can just as a matter of preference.

block in from <abuse>

Of course once you’re done setting it all up reload pf:

# pfctl -f /etc/pf.conf

I setup this configuration about 18 hours ago (by necessity, not forward thinking) and have since seen some fun additions to the abuse table:

# pfctl -t abuse -T show
 4.49.58.41
 54.146.218.7
 54.215.165.55
 61.160.247.8
 87.106.50.214
 103.41.124.18
 103.41.124.30
 103.41.124.31
 103.41.124.37
 103.41.124.111
 104.152.188.150
 123.57.134.96
 212.83.131.138
 221.235.188.205
 222.186.34.202
 222.219.187.9

Yay it works.

This is just a rehash from the official OpenBSD PF documentation, but unfortunately the search term “block ssh brute force OpenBSD” won’t lead you there.

B2B Credit Nonesense

Technology junk, ,

Recently in my workplace we made some pretty serious gear shifts with regard to storage.  Being vendor agnostic as I always strive to be I will say that our go-to fabric vendor changed as well as our go-to disk vendor. Since the change things work, but the more I dig into what’s going on under the hood, the more I feel like I’m living in a house of cards.

The change came as the result of 2 companies merging and coalescing on one hardware platform for all systems. Going in with the blinders on I was absolutely indifferent to the fabric change since I’ve worked with the new vendor’s gear in the past and took a liking to it, and as for the storage vendor they had a clean slate to start with so I had no reservations there either. In erecting our new gear some months ago we worked with staff from the company we merged with so as to build like for like environments to ease the merging environments down the road. One thing that made me quite suspect of either the gear we were installing or the practices of the personnel in the other organization was their suggestion to modify b2b credits on the storage side switch ports. Scratching my head I said that I prefer to leave port settings default and only make adjustments AFTER we’ve seen a symptom arise that suggests a need to deviate from default.

Fast forward about 3 quarters and we have 3 new arrays from ACME Storage, 2 directors and 6 pizza box FC switches from ACME SAN. Everything *works* but now that I’ve had time to breath I’m finding things in our environment I don’t like. Let’s compare counters from the busiest ISL links (primaries for a MetroCluster FCVI), before and after. Note that the before counters were last reset about 18 months prior to the dismantling of the ISL while the counters for the new ISL port are reset daily by a script run by our peers:

        Frames Transmitted   B2B Credit Zero Errors   B2BC0 Percentage
Old     2657260246611        2377700058               .089%
New     2851542621           1306395534               45.8%

Both of these ISLs were configured with the staff from the switch manufacturer onsite and configured per best practices published by NetApp. As a matter of fact on the new configuration the B2B credit allocation was padded above and beyond the 150% padding that NetApp recommends. This is the ugliest counter to look at. Other ports have seen similar increases in errors, and seemingly for no good reason. Our production EMR has 8 host ports allocated for both the active and standby nodes, and the standby node is truly standby. Even still I’m seeing many b2b credit zero errors every second on those host ports, not the storage ports.

Mostly this is a pointless diatribe about changes I’m seeing. I’m truly concerned that I’m going to get to start micro-managing my FC ports in order to maintain performance and keep error counters low. If I reach that point I will no doubt be writing another post titled “Don’t buy this vendors junk unless you like being in the business of keeping the lights on.” Watch for that one.

Bacula or Bareos query for all backup copies of files in a directory

Technology junk, , ,

A customer gave me a vague description of where some files that he needed restored were, and also a vague timeline for when they needed to be restored from. I wanted to give him a list of all the files under a specific path and moreover all the dates from whence those files were backed up.

First ID the Path you care about:

SELECT * FROM Path WHERE Path LIKE 'C:/YOUR/PATH/HERE%'

Make note of the resulting PathIds. In my case the ones I care about are 16221 and 16220.

SELECT File.FileId, Path.Path, Filename.Name, Job.StartTime
FROM File
INNER JOIN Path ON Path.PathId=File.PathId
INNER JOIN Filename ON File.FilenameId=Filename.FilenameId
INNER JOIN Job ON File.JobId=Job.JobId
WHERE
File.PathID='16221'
OR File.PathID='16220';