The Life of a Sysadmin

The Internet Storm Center writes about a new variant on malware that messes with your DNS: it installs a rogue DHCP server.

While not too sophisticated, the whole attack is very
interesting. First, it's about a race between the rogue DHCP server
and the legitimate one. Second, once a machine has been poisoned it is
impossible to detect how it actually got poisoned in the first place -
you will have to analyze network traffic to see the MAC address of
thoese DHCP Offer packets to find out where the infected machine
actually is.

In other news...all $job_2's new machines are set up and running. Kickstart is very nice…I really wish Debian had something similar; FAI is lovely, but Kickstart has the lovely feature of taking a hand-done installation you've just finished and turning that into a config file for a hands-off version. That saves a huge amount of time.

Next up: turn nscd back on (forgot I'd left it off for debugging LDAP 'til a simple find -exec chown was taking 10 minutes to finish); relabel the machines with their new names; commit the documentation I've been piecing together on my laptop; open up to others in the group; look at either moving the LDAP server over to the server room, or setting up a slave over there.

Tuesday: youngest son (8 months old) up at 5:30am teething.

Wednesday: youngest son up at 5:15am teething.

Thursday: youngest son up at 5:30am teething. I'm so tired I go to bed at 8:30pm and fall asleep immediately.

Friday: youngest son up at 4:45am teething. At 5:45am he goes back to sleep. At 6am my phone tells me the DNS server at work is down; I can't raise it. I restore backed up zone files to a spare Xen instance (hurrah!), give it the DNS server's IP address and head into work. I restart the machine and shut down the Xen instance; can't figure out why the machine shut down in the first place. Then I discover a replication problem between two of our LDAP servers which is resulting in random bounced email for a newly created account.

I want to go home now. But there's a Very Important Meeting(tm) at 1pm, and I can't leave before then.

<headdesk>

A few quick notes about building Fedora Directory Server RPMs for CentOS:

• You need to download and install fedora-ds-dsgw, as it's required by fedora-ds; this has been omitted from the list o' SRPMs to install.
• You need to patch the spec file for fedora-ds itself. It requires fedora-ds-admin-console. That package was renamed in 1.1.2 from fedora-admin-console, but updated SRPMs for the renamed package were not provided (at least, they're not there as of today) for Fedora 6 (which is what's used to build for CentOS 5.2). Given the age of F6, it seems unlikely that updated SRPMs will be provided, so the simplest thing is to edit the spec file.
• Also, the mmr.pl script mentioned here needs to be modified so that $instance_dir points to /etc/dirsrv, not /etc/fedora-ds.

(Partly a memo to myself, and partly to help anyone in the same boat; edits have been disabled in the FDS wiki, so I can't add this right now.)