I’ve just gotten around to solving this little niggle; having google search google.com by default instead of google.co.uk was one of those little annoyances that I was just living with.

Today I found a solution on Chrome Bug 1521 on Comment 39

- Quit Chrome
- Open ~/Library/Application Support/Google/Chrome/Local State in your favorite text editor.
- Search for the strings ‘last_known_google_url’ and ‘last_prompted_google_url’ adn replace their values to your preferred Google base URL (e.g. www.google.com)
- Save and start chrome back up.

Yep, that works!

Cisco: Uninstalling the CSD ActiveX Control

I’m installing Cisco Secure Desktop (CSD) for a customer and needed to re-test the installation process. Within internet explorer’s (IE Version 7 & 8 ) managed add-on feature, I noticed that the CSD ActiveX Control doesn’t have an uninstall feature.

To remove the control I had to close IE, browse to…

C:\Windows\Downloaded Program Files

..and remove the following files..

CSDWebInstaller.inf
CSDWebInstaller.ocx

When re-starting IE the control was gone and I could test the re-install, I hope this helps some other googler!

SELINUX and OSSEC IPTables error

OSSEC is my favourite linux HIDS however now that I’m running a SELINUX secured web server I noticed that my active responses were not working after a reboot.

After enabling SELINUX, I started getting alerts about the following problem in my messages file….

Nov 11 12:16:22 amy kernel: type=1400 audit(1289477782.569:8): avc:  denied  { read write } for  pid=2551 comm="iptables" path="socket:[5261]" dev=sockfs ino=5261 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_dgram_socket

This appears to be ossec trying to update iptables, but failing as they’re in different contexts… now I’m no selinx expert but this CentOS Wiki Page helped… run the following command which will create osseciptables.pp in the current directtory…

root@amy# grep iptable /var/log/messages | audit2allow -M osseciptables

This creates a new binary module that can be installed with….

/usr/sbin/semodule -i osseciptables.pp

You can view current selinux modules with …

/usr/sbin/semodule -l

If you want to see what is being created by audit to allow, try the following…

root@amy# grep iptable /var/log/messages | audit2allow -m osseciptables

module osseciptables 1.0;

require {
        type iptables_t;
        type initrc_t;
        class unix_dgram_socket { read write };
}

#============= iptables_t ==============
allow iptables_t initrc_t:unix_dgram_socket { read write };
root@amy#

I hope this helps some future googler!

Cisco ASA – First steps to a Check Point Style Policy

I’ve just spotted this in the Cisco ASA 8.3 release notes…

You can now configure access rules that are applied globally, as well as access rules that are applied to an interface. If the configuration specifies both a global access policy and interface-specific access policies, the interface-specific policies are evaluated before the global policy.

The following command was modified: access-group global

For users/companies which have migrated from Check Point to Cisco (usually to save on licensing fees), getting their head around a new interface level policy rather than a system (global) level is usually a bit of a challenge.

I’m looking forward to seeing if this really helps with policy migrations!

Fedora 14 Images on EC2

Browsing the Fedora 14 release notes and I notice that the project will be creating amazon machine images (AMI’s) going forward… now that’s tempting!

See: Fedora 14 Currently Supported EC2 Images

The only issue currently stopping me is that Fedora boxes need updates all the time, perhaps it wouldn’t be so bad with a minimal image!

Blue Coat Certifications (BCCPA, BCCPP)

Image

Random Pic from my BB

This post is nothing more than a test from my blackberry.

The photo attached the view of a rollercoaster I was stood under at the weekend… I hope you enjoy the scenery

BlackBerry Apps

Work have replaced my tried old Nokia E70 with a BlackBerry, here a list of app’s I’ve been playing with for all those I work with who’ve been upgraded!

Google Mail – www.google.com/mobile/mail (or m.google.com/mail from your phone) – good for all that personal mail goodness when you’re out an about. Much much faster than the symbian version I used to run!
Google Maps – www.google.com/mobile/maps (or m.google.com/maps from your phone) – I’m always getting lost!
Dropbox – www.dropbox.com/blackberry – Access your files without powering on your laptop! … not that it takes long with a MacBook
WordPress – blackberry.wordpress.org/ – I’ve not needed to blog from this app yet, but the mobile comment moderation is genius
Engaget – www.engadget.com/downloads/blackberry – A bit of mobile techy news.
BBSSH – bbssh.org/wiki/en/Home – for that emergency SSH Access!!!
Facebook – appworld.blackberry.com/webstore/content/680 – Mobile social network goodness
Twitter – appworld.blackberry.com/webstore/content/8160 – When you’re bored!
Trapster – trapster.com/blackberry.php – So that the rozzers don’t get ya! (I need to use my external GPS to make this work)
BeeTagg – www.beetagg.com – aaah so that’s what this funny black n white squares mean!

By the way, linickx.com plays nice with mobile phones

CentOS 5.5 EC2 AMI … for sale.

Whilst learning about Amazon Web Services I noticed that there wasn’t a clean bare-bones version of my favourite server linux – CentOS – to use.

There are various public images available but they all have stuff in there I don’t want!

I have built a 1Gb image of CentOS with the minimum base feature-set… i.e. only the packages you get from typing…

yum groupinstall base

Since I’m not American I can’t sell this using Amazons DevPay program so I’m offering it here… since no-one replied to this post I figure I’m allowed!

I have a CentOS filesystem file (which you can mount via the loopback filesystem) which can be booted within EC2.

To use the file as a private AMI three further steps are required…

Each of these are commands from the AWS tools; all of which I’m happy to do for someone but they would need to handover some secret AWS credentials (it’s your whether you’re comfortable with that or not!).

If you’re interested contact me, I was thinking about £10 ($10->$15USD depending on the exchange rate) was a fair price… obviously you’d paying me for the my time, not the linux or CentOS distribution as they’re free and opensource

EC2 Lessons of a root file system

I can’t remember if I’ve mentioned it here, but my weekend project at the moment is playing with Amazon Web Services, what I’m currently trying to do is supplement the very-very low (and cheap) computing resource of the linickx.com server with an EC2 instance.

When you use and EC2 instance you have some data storage options; the instance comes with some on box disposable store, what I mean here is that the storage isn’t persistent, when you power off the server any changes are lost. For persistent storage you can either purchase some block storage (EBS) or use the simple storage product (S3).

I’m using a centos instance that I built using this centos ami guide as such the on box storeage comes in two parts…

/dev/sda1 / ext3 defaults 1 1
/dev/sda2 /mnt ext3 defaults 1 2

The root partition is the size of the filesystem created during the AMI build and the /mnt partition is 150Gb. The root partition can be anything up-to 10Gb however you have to store your AMI on the S3 storage so the bigger you make root the more you pay, as such I’ve made mine as small as CentOS will allow (about 1Gb) knowing that I can use the /mnt parition once the machine is booted.

This approach comes with a headache, any application needs to be moved to /mnt to be useable… for example after installing mysql, I have to move /var/lib/mysql to /mnt/mysql else the DB fills root and everything crashes. One might say then use EBS for your root filesystem, the issue here is twofold, one with EBS you pay for what you reserve not use, you have to reserve at least 1gb and currently my DB is only 100Mb; the second is that everything else in the image is not important to me I don’t care about /etc/sysconfig so why pay to store it on EBS especially since I can script any changes after boot time?

So what I’m getting at here is that EBS will make you life simpler, but you will pay for it. If most of your data is disposable then use S3, the size of root is determined by your AMI filesystem and if you fill it up stuff stops working, move everything that needs space to /mnt straight after boot (before services start) and when you’re done export your work to S3.

Even though these are small numbers; if I was using EBS my project would cost 10cents to store plus costs for in/out transfers, using the disposable store and S3… even though S3 is more expense per GB to store… my current costs for store AND in out transfers is 6cents per month…. this includes storing both my AMI and my database… over time as the project grows these numbers will start to ramp up!

I’ll try and post some of what I’ve done, it’s all quite cool!

Testing the New Digg

To auto-submit my blog posts to the new digg I need to publish this key : a80eb0b39ad7421e8f52c699ec4a68b6

…so.. nothing to see here, move along please…

WordPress Custom Query for Custom Post Types and Taxonomy

I wanted to run a custom query against WP3.0 custom post types but all the documentation and google I found all pointed to posts in categories which doesn’t work if your post type isn’t post, this was my solution….

$my_query = $wp_query-&gt;query; // Copy the existing query into a new one
$my_query['posts_per_page'] = "30"; // change the number we want displayed.
$my_query['orderby'] = "title"; // Sort by title.
$my_query['order'] = "ASC"; // 'A' first!
query_posts($my_query);  // Run our query.... normal service resumes.

Hopefully this post will give someone the light bulb moment they’re after.

3rd Generation iPod Shuffle Skipping

My daughters new iPod Shuffle was skipping tracks after only playing the first 5 to 20 seconds. After a load of googling and trial and error I worked out that my being cleaver approach of lowing the track bit rate to squeeze more tracks in was the mistake… you need to ensure that all files are at least 128k.

Fortinet FCNSP

Image

Fortinet FCNSP

QR Code – linickx.com

QR Code to Linickx.com

Yep, that QR code should point you back to linickx.com… that’s my first play with the google charts API… humm, what next??

Nick is on Google+

Yearly Archives: 2010

OS X: Change google Chrome to Search .co.uk instead of .com

Cisco: Uninstalling the CSD ActiveX Control

SELINUX and OSSEC IPTables error

Cisco ASA – First steps to a Check Point Style Policy

Fedora 14 Images on EC2

Blue Coat Certifications (BCCPA, BCCPP)

Image

Random Pic from my BB

BlackBerry Apps

CentOS 5.5 EC2 AMI … for sale.

EC2 Lessons of a root file system

Testing the New Digg

WordPress Custom Query for Custom Post Types and Taxonomy

3rd Generation iPod Shuffle Skipping

Fortinet FCNSP

Image

QR Code – linickx.com