Friday, January 12, 2007

OpenLDAP Commands

Search ldap database:
view everything anonymously authenticated
ldapsearch -x -b 'dc=example,dc=com'
-x : unauthenticated
-b : baseDN
-h : host
-p : port (389 normal; 636 secure)

Same as above but more explicit
ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

The test in the parens can be used to restrict the search and return only records for which that test is true. For example, the following will only return the record whose uid is set to joeuser.
ldapsearch -x -b 'dc=example,dc=com' '(uid=joeuser)'

Sunday, January 07, 2007

dm-crypt filesystem encryption

Dependencies needed:
Kernel Setup:
Device Drivers > Multi-device support (RAID and LVM) > Device Mapper Support (dm-mod)
Device Drivers > Multi-device support (RAID and LVM) > Crypt Target Support (dm-crypt)
Cryptographic Options > (Select cyphers .. ex. aes, twofish)

Userspace tools needed:
libdevmapper Syntax:
Syntax: cryptsetup [<OPTIONS>] <action> <name> [<device>]
-c <cipher> (see /proc/crypto)
-h {plain/<hash>} (see hashalot)
-y (verifies the passphrase by asking for it twice)
-d <file> (read key from file
e.g. /dev/urandom; useful for swap devices.
If set, the parameters -h and -y will be ignored)
-s <keysize> (in bits) (WARNING: in bytes for
-b <size> (in sectors)
-o <offset> (in sectors)
-p <skipped> (in sectors)
<action> is one of:
create - create device
remove - remove device
reload - modify active device
resize - resize active device
status - show device status
<name> is the device to create under /dev/mapper/
<device> is the encrypted device

Create crypto physical device (sized by existing partition): -c aes -h plain -y -b `blockdev --getsize \
/dev/hdb2` create cryptvol1 /dev/hdb2

Copy over data:
dd if=/dev/hdb2 of=/dev/mapper/cryptvol1 bs=4k

Saturday, January 06, 2007


rsync -vaHx --progress --numeric-ids --delete \
--exclude-from=asylum_backup.excludes --delete-excluded \
username@host:/home/userdir/ /backupdir/
Common options:
-v: verbose
-r: recursive
-a: archive - maintain perms, ownership
-H: Maintain hard links
-x: no recursion into other filesystems
--progress: shows progress info
--numeric-ids: don't translate UID/GIDs; important for backups.
--delete: delete from backup files that no longer exist on server
--exclude-from=file.txt: specifies a file to exclude paths. One path per line.
--delete-excluded: delete files previous backup which are now within exclude list
username@: username on remote host
host:: name of host
/home/userdir: path to backup
    trailing slash: backup contents of dir
no trailing slash: backup dir
/backupdir: location to backup files

Example of simple copy:
rsync -r -e ssh --delete /home/user/ user@host:/backups/