Adding Memory to a Solaris Zone on the fly

Well good morning and god bless everyone. This is a quick tutorial on how to Add memory to a Solaris Zone on the fly while its running without a reboot, Solaris Zones is some pretty cool technology well enough chatter from me lets get to it.

prctl, rcapadm can modify a running zone. and the zonecfg defines the resource parameters of the zone when it boots.

So in order to make changes dynamically you will have to do the following:
1. Update the zonecfg.
2. Use the prctl, rcapadm commands to modify the zone while it is online. make sure that everything matches the changes you've made to the zonecfg.

Below are the detail steps to add the capped-memory  to the running zone container.

zonecfg -z blah 
zonecfg:blah; select capped-memory
zonecfg:blah:capped-memory> info 
capped-memory:
physical: 1G
[swap: 2G]
[locked: 512M]
zonecfg:blah:capped-memory> set physical=2g
zonecfg:blah:capped-memory> set swap=3g
zonecfg:blah:capped-memory> info 
capped-memory:
physical: 2G
[swap: 3G]
[locked: 512M]
zonecfg:blah:capped-memory> end
zonecfg:blah> exit


Modify the zones running settings:

blah:/
# rcapadm -z blah -m 2048m

blah:/
# sleep 60

blah:/
# rcapstat -z 1 1 

blah:/
prctl -n zone.max-swap -v 3g -t privileged -r -e deny -i zone blah

Verify that the settings have taken effect

zlogin -C blah 

Then run the top command 

#top -c 

Well its about that time, i hope you enjoyed and really got something out of this tutorial. 
 until next time i wish you nothing but happiness and success. 

Java 7 Release Update 11

Good Morning hope everyone is having a great day. Well the Java 7 Security Vulnerability issue has finally been resolved with the release of Java 7 update 11. Java update 10 and earlier has an big security hole that allows the attacker to remotely exploit a system without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. With that being said please head over to http://www.java.com/en/download/manual.jsp to download the latest update.
Also Note: JDK and JRE 6, 5.0 and 1.4.2, and Java SE Embedded JRE releases are not affected. by this vulnerability.

Understanding ZFS (Zpools)

Good Morning everyone hope everyone is enjoying the weekend, This is a quick tutorial on the zfs filesystem mainly focusing on zpools. But before jumping into command and how things work let me give you a little background on the zfs filesystem, ZFS which stands for Zetabyte File System is a 128bit filesystem that is also a volume manager rolled up in on. In reality this is the Sun Volume manager on steroids. With the Sun Volume Manager the admin had to use soft partitioning in order to expand disk space on the ufs filesystem, this is not so with the zfs filesystem. By simply adding a disk to the disk pool automatically adds disk space to the volume this is such a cool filesystem. Over time developers have ported zfs over to linux and freebsd which in my most humble opinion is the best OS(bsd) :). Well enough of this chatter let me show some of the cools stuff that zfs has to offer beginning with zpools. Zpools are the heart of the zfs filesystem , without zpools there is no zfs period, in order to use zfs you  will have to create a zpool by typing in the following command.

# zpool create (which in my case is nixpool :) )  

#zpool create nixpool c1t0d0s0

List all zpools 

# zpool status -xv 

all pools are healthy

Creating a mirrored zpool 

#zpool create nixpool mirror c0d0 c1d0

Creating a mirrored zpool with a hot spare#Note: These devices are not actively used in the pool, but when an active device fails, it is automatically replaced by a hot spare zfs rocks :).

#zpool create pool mirror c0d0 c1d0 spare c2d0 c3d0

Create a zpool with log devices. log devices come in handy sometimes for example databases often require their transactions to be a on a stable storage devices when returning from a system call. Multiple log devices can also be specified and they can be mirrored. 

# zpool create nixpool c0d0 c1d0 log c2d0 

Another cool thing about zpools is that their properties can be modified. you can get a list of zpool properties by running their following command:

# zpool get all testpool

Adding a Mirror to a Zfs Storage Pool Note: The following command addss two mirrored disks  to the 

pool nixpool, assuming the pool is already made up of two-way mirrors.

# zpool add nixpool mirror c1t0d0 c1t1d0

Destroying a zpool Note: the following command destroys the pool nixpool and any datasets contained within. 

# zpool destroy -f nixpool 

well this will conclude  the zpool tutorial, if you desire to know more about the zpool command. Please go through and read the man pages on your local unix system  

man zpool :).

Automating Port Installs in Freebsd

Happy New Year Everyone, last year i did not do a good job in blogging and keeping things posted but  year im looking to do a better job with this blog site. Well i  Just spent most of my day messing around with freebsd and talking with a few people on irc who stated that they were having issue installing ports without have to answer any of the menu based questions. so i figured i would do a quick tutorial on automating the installation of ports of a freebsd system.  Well enough talking on this end lets get to it. 

Step1.  im going to assume that you already have the ports tree installed on the system, If you do not have the port tree installed you can do so with the following commands 

portsnap fetch 

portsnap extract 

for more information regarding the portsnap command please check out the man pages.

Step2. cd /usr/ports/mail/postfix  (or whatever port you are trying to install) 

Step3.  make config ( this will create a configuration file in the /var/db/ports/postfix directory) 

Step4. modify the config file if there is one and make all the changes that you would like to that file.

Step5. Once you are satisfied with your config file run the following command 

cd /usr/ports/mail/postfix; env BATCH=yes make install clean 

Note: This is the more cleaner way of automating port installation rather than putting the "BATCH = yes" into the /etc/make.conf file.

NOTE: This procedure has been tested on freebsd 8.2 so as far as i know this should work on other versions of freebsd.

Well thats all for right now. I'm to go watch a movie i hope someone gets something out of this tutorial. 

The Adventures of the BsdJedi.

 Well today is Decemeber 3rd alot has happend with me since the last time ive posted
anything on this blog. Well lets see I got married on Nov 11, 2012 :) that was the best thing i could have ever done in my life.
I'm really enjoying my life. Also i have decided to take the plunge into the Security Area and really give this Pentesting Stuff a go.
ive been dabbling a bit for a while with security and pentesting but now im going to make this my lively hood. First Step will be the OSCP certification
which is a hands on pentration testing cert. So over the course of the rest of this yr and into 2013 i will be posting sample code as well as any security issues that i might
stumble across along the way. Well im Off to work :)

New Direction

I've been away from blogging for a while. life has just been a roller coaster. Ive been planning for my Wedding which is around the corner nov 10th and then trying to run my own business which is doing pretty well so far so good, im just feeling thankful and blessed for everything that i have accomplished. Just been looking into a new direction of becoming a pentester and focusing on programming mainly python for the time being im starting to realize that my passion is with coding and creating things. I've just recently purchased a Rasberry pi and that got my fire back. Currently in the process of Studying for my CEH, and then finish off the RHCSA and RHCE. just trying to make it happen. This my new adventure and mission taking one day at a time and changing the world with open source and coding. Well its time for work everyone enjoy your day and be blessed. :)

A New Day

Well i'm finally back i haven't blogged since april its been a while a lot has happened since my last post. Well i decided to leave Nasa and go into business for myself. Ive been planning to make this move for a long time, but i did not think i was going to do it this soon. But There were just so many wrong things happening that i just could not take it anymore. Sometimes i wonder about IT and its direction you get these corporate guys that come in and think they know Technology but only to find out that they are just button pushers waiting on your next big idea so they can take it and say that they created it. Well enough rambling about that, I'm very excited about my new adventure this is going to be very interesting to see where this is going to go. Well thats all for now time for breakfast and starting the day. Later

CentOS/RHEL EPEL Repo Install Tutorial

This is quick blurb about CentOS/RHEL EPEL repo, this tutorial walks you through the process of installing the EPEL Repository on versions 4, 5 & 6 of CentOS/RHEL Linux. The EPEL repository gives you access to RPM’s which allows you to install unsupported software.

How to install EPEL on CentOS/RHEL (all version)

CentOS 4 EPEL Install

How to install EPEL on Centos 4 / RHEL 4:

rpm -Uvh http://download.fedoraproject.org/pub/epel/4/i386/epel-release-4-10.noarch.rpm
CentOS 5 EPEL Install

How to install EPEL on Centos 5 / RHEL 5:

rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
CentOS 6 EPEL Install

How to install EPEL on Centos 6 / RHEL 6:

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
Once installed just run the following command:

yum install package-name

SSD Drives and Mac OSX

Good Morning World, I've been missing for a while but its great to be back to normal. Between planning for a wedding, working, and running a consulting business I've been going 100% per hour non stop. Well anyway just want to share my experience on sad and macbook pro. I'm a virtual machine nut thats all i use my macbook pro for now a days for running virtual machines. So i went out bought a 120gb sad intel drive. i must say if you have a mac and no sad drive you a doing your self a huge disservice. i would recommend going with an sad drive. my boot time is a lot faster , as well as compile time for my code I'm loving it.

Openbsd PF on Mac OSX Lion

Once Again Happy New Year. I've been playing around with the PF firewall on mac osx lion. I have to say that this is a great feature thats built into Mac OSX Lion that a lot of users do not take advantage of. Many People feel that they don't need a firewall just because they are not running windows which is the biggest mistake anyone could ever make. The PF firewall was originally developed for the Openbsd unix OS. Previous version's of Mac OSX were running the now obsolete ipfw firewall software which was also developed on the Openbsd platform. Well lets get to the topic at hand, This is a quick tutorial on how to setup and configure the PF firewall on Mac OSX Lion. In order to setup and configure PF you must have root or sudo access. Everything you need is located in the /etc/pf.conf file this is the main configuration file that PF reads when carrying out its packet filtering duties, All configuration settings are done in the pf.conf file. Now if you need more information on the pf.conf file and what configuration settings are needed in order to get your firewall up and running type the following command man pf.conf or go to openbsd.org which has excellent documentation as well on the PF firewall. Once you have the pf.conf configured the way you like it its now time to upload the conf file into the pf engine, first we have to make sure that pf has been enabled which can be done with the following command pfctl -e Once the PF has been enabled you can upload your config file to the pf engine using the following command:
pfctl -f /etc/pf.conf.


# pfctl -f /etc/pf.conf Load the pf.conf file
# pfctl -nf /etc/pf.conf Parse the file, but don't load it

# pfctl -sr Show the current ruleset
# pfctl -ss Show the current state table
# pfctl -si Show filter stats and counters
# pfctl -sa Show EVERYTHING it can show


below is a sample of my pf.conf file.


################################
#My PF Wireless Configuration #
################################


#################
#Variables #
#################

wi_if="en1"
loop_if="lo0"

####################################
#Lets get to the Filtering #
####################################


##################################
#Blocking Everything by Default #
##################################
block in all
block out all



###################################
#Selective Traffic #
###################################
pass in quick on $wi_if from any to any
pass out quick on $wi_if from any to any
pass in quick on $wi_if proto icmp
pass out quick on $wi_if proto icmp


As i said before the PF firewall has a lot of cool features just too many to go over in this tutorial. If you want to know more just let these 3 things be your guide man pf.conf google.com or openbsd.org :)

The Price of Passion

Lately I've been a CNN junkie just looking at whats going around the world. And began thinking about my own life and how many would consider me rich. But really none of that stuff matters to me. not status, not money. Only thing i can think about is love,
having compassion for others, helping others. I starting to focus more on writing code for others and try to help solve the issues of the world by writing useful code. I'm reverting back to a child's heart where things are simple no complications only love. Many will look at this post and say that im crazy but i dont care. I think of deeds like a boomerang. what every deed you throw out there it will come back to you weather good or bad. Well enough rambling from me now off to pack and get ready for Thanksgiving.