UNS by H2O Group

HP DV7 Series BIOS and PCID

If you come across a corrupted BIOS or a bad flash of an HP DV4/5/6/7, you may see the error System Board (00A)

Usually you can fix it with the HP DMI Tools from HP (HPBQ138.exe) , but in some cases the PCID is not 25 chars but 17. This come with the error below…

The input PCID is invalid

The tools here are the old versions which allows to edit the DMI to 17 chars

HP DMI Tools

P.S. You will need a MS/Free/Mini-DOS bootable USB disk, and then copy the files

to the flash drive.

HP reference documentation

HP Consumer Notebook EEPROM utility

Category: Small How To | LEAVE A COMMENT

May 21

Open-WRT and TP-Link Wi-Fi issues

It appears that many TP-Link models have an issue with Ambient Noise Immunity (ANI)

Solution
Add to /etc/rc.local the following line

echo 0 > /sys/kernel/debug/ieee80211/phy0/ath9k/ani

There is a lot of discussion on the matter
https://dev.openwrt.org/ticket/12372

Category: /etc/config | LEAVE A COMMENT

April 11

How to patch CVE-2014-0160 on Open-WRT (12.09)

Download http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/packages/libopenssl_1.0.1g-1_ar71xx.ipk in /tmp

Install by running: opkg install /tmp/http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/packages/libopenssl_1.0.1g-1_ar71xx.ipk

Thats it!

Category: Small How To | 1 Comment

February 22

Grep a log file and send output to mail

This is a small script that looks for a string in a log file and then the string is found, sents by mail the output

-This example is for Smoothwall, in which i run Guardian Active response and i wanted to know who is blocked

-Place it in your rc.local, reboot and check your mailbox


#!/bin/bash
EMAILADDRESS="root@localhost"
EMAILSUBJECT="Guardian On Firewall "
MESSAGEBODY="/tmp/alert.txt"

##Select you log file
#tail -f /var/log/messages | while read LINE
tail -f /var/log/guardian/guardian.log | while read LINE
do
#Select the string
if [ `echo $LINE | grep -c "blocked"` -gt 0 ]
# if [ `echo $LINE | grep -c "eth"` -gt 0 ]

then
echo "Guardian actions:" > $MESSAGEBODY
#Insert some text before the output
echo $LINE >> $MESSAGEBODY
# echo "Guardian done it again !" >> $MESSAGEBODY
#Here i use sendEmail from Smoothwall, you can use you own sendmail/mail commands
sendEmail -f -u "$EMAILSUBJECT" -t -s smtp.gmail.com:587 -xu [email protected] -xp password < $MESSAGEBODY
# fi
done

Category: /etc/config | LEAVE A COMMENT

February 20

Fail2Ban and Zimbra

After following several guides i faced an issue with the mail reporting.

Since sendmail provided by zimbra doesn’t work with the same parameters like the default sendmail i modified the mail function of Fail2Ban.

– I have enabled only notifications for Webmail/Webadmin login attemps

For Red Hat /CentOS you will need EPEL Repo

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Category: /etc/config | LEAVE A COMMENT

February 18

OpenVPN Site-to-Site

This is a small how-to for OpenWRTs running OpenVPN and connecting them by creating a site-to-site VPN tunnel.

-We assign 2 IPs, one for each tun0 interface on each router

-This guide assumes that you have already install openvpn packages on both devices

-In this guide A router has 192.168.10.x network and 192.168.251.1 IP in tun0 interface, and router B has 192.168.22.x network with 192.168.251.2 IP in tun0 interface.

-You will need the file /etc/openvpn/static.key or generate a new one in one router and copy it to the other.

-Port 1195-1194 can be changed

-You can have multiple blocks of configuration in OpenVPN, one for Road Warriors (see here) and the one documented here.

-Follow the guide here for installing Open VPN and configuring the interfaces tun0/tun1 etc

Router A


config 'openvpn' 'site-to-site'
        option 'enable' '1'
        option 'port' '1195'
        option 'proto' 'udp'
        option 'dev' 'tun'
        option 'secret' '/etc/openvpn/static.key'
        option 'ifconfig' '192.168.251.1 192.168.251.2' #this device tun0 / remote device tun0
        option 'keepalive' '10 120'
        option 'comp_lzo' '1'
        option 'verb' '10'
        option 'float' '1'
        option 'local' '192.168.10.1 1195'
        option 'remote' 'remote.host.name 1194'

Add to /etc/firewall.user


iptables -t nat -A prerouting_wan -p udp --dport 1195 -j ACCEPT
iptables -A input_wan -p udp --dport 1195 -j ACCEPT

iptables -I INPUT -i tun+ -j ACCEPT 
iptables -I FORWARD -i tun+ -j ACCEPT 
iptables -I OUTPUT -o tun+ -j ACCEPT 
iptables -I FORWARD -o tun+ -j ACCEPT

Add a static route between the 2 LANs


route add -net  netmask 255.255.255.0 gw 192.168.251.2

Router B


config 'openvpn' 'Site-to-site2'
	option 'enabled' '1'
	option 'dev' 'tun'
	option 'ifconfig' '192.168.251.2 192.168.251.1'#this device tun0 / remote device tun0
	option 'secret' '/etc/openvpn/remote.key'
	option 'keepalive' '10 120'
        option 'comp_lzo' '1'
        option 'persist_key' '1'
        option 'persist_tun' '1'
        option 'verb' '3'

Add to /etc/firewall.user


iptables -t nat -A prerouting_wan -p udp --dport 1194 -j ACCEPT
iptables -A input_wan -p udp --dport 1194 -j ACCEPT

iptables -I INPUT -i tun+ -j ACCEPT 
iptables -I FORWARD -i tun+ -j ACCEPT 
iptables -I OUTPUT -o tun+ -j ACCEPT 
iptables -I FORWARD -o tun+ -j ACCEPT

Add a static route between the 2 LANs


route add -net   netmask 255.255.255.0 gw 192.168.251.1

Category: Small How To | LEAVE A COMMENT

January 31

Zero config VPN setup for OpenWRT

The steps below work for 10.03 up to Barrier Breaker (trunk r39404 )

Download the right version for you ( Client or Server)

 http://www.neorouter.com/downloads_nrfree.html#inabox

Category: Small How To | LEAVE A COMMENT

January 27

Solaris LDOMs

This is a small how-to i created to create ldoms on Solaris

Create/add HD space (local/fiber etc

Rescan fibre

cfgadm -al

Category: /etc/config | LEAVE A COMMENT

January 27

How to replace boot disk on Solaris T2000

On OK prompt:

<ok> 0 activate-volume
(activates the selected volume)
<ok> boot

Category: Small How To | LEAVE A COMMENT

January 27

OpenVPN Road Warriors on OpenWRT (12.09 – 18.06.1)

Update and install OpenVPN and EasyRSA

opkg update
opkg install openvpn openvpn-easy-rsa

Edit /etc/easy-rsa/vars and at the end of the file fill the variables

Generate the keys/certificates for OpenVPN

build-ca
build-dh
build-key-server server

Generate the keys/certificates for OpenVPN (18.06.1)


cd /etc/easy-rsa/
easy-rsa init.pki
easy-rsa build-ca
easy-rsa build-dh

Category: Uncategorized | LEAVE A COMMENT