Monday, May 04, 2009

useful commands for linux RAID

mdadm --create /dev/md0 --level=5 --spare-devices=0 --raid-devices=3
/dev/sda1 /dev/sdb1 /dev/sdc1
( /dev/md0 raid device name, level=5 raid5, raid-devices=3 three hdd,
/dev/sda1… the hdd)

Then mke2fs it

mke2fs -b 4096 -R stride=8 /dev/md0
Mount it

how to break raid
Fail all the devices, then remove them, then stop the raid. eg
mdadm --stop /dev/md1
mdadm --manage /dev/mdfoo --fail /dev/sdfoo
mdadm --manage /dev/mdfoo --remove /dev/sdfoo
mdadm --manage --stop /dev/mdfoo
mdadm --query --detail /dev/md0 //query detail
mdadm --manage --set-faulty /dev/md1 /dev/sdc2 // force fail to test
mdadm /dev/md1 -r /dev/sdc2 // remove the failed disk
mdadm /dev/md1 -a /dev/sdc2 // set back when recoverred

mdadm --add /dev/md1 /dev/sdb3 // add a partition
mdadm --grow --raid-devices=4 /dev/md1

here is the setting made to NAS
root@data df -h
Filesystem Size Used Available Use% Mounted on
rootfs 125.0M 65.3M 59.7M 52% /
/dev/root 125.0M 65.3M 59.7M 52% /
/dev/root 125.0M 65.3M 59.7M 52% /dev/.static/dev
udev 2.0M 76.0k 1.9M 4% /dev
/dev/md0 458.5G 1001.0M 434.2G 0% /home/public
/dev/sde2 229.2G 128.2M 217.4G 0% /media/sde2
tmpfs 251.8M 452.0k 251.3M 0% /var/volatile
tmpfs 251.8M 0 251.8M 0% /dev/shm
tmpfs 251.8M 0 251.8M 0% /media/ram

partition information:
root@data:/# fdisk -l

Disk /dev/sda: 250.0 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sda1 1 30401 244196001 fd Linux raid autodetect

Disk /dev/sdb: 250.0 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sdb1 1 30401 244196001 fd Linux raid autodetect

Disk /dev/sdc: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sdc1 1 30401 244196001 fd Linux raid autodetect
/dev/sdc2 30402 60801 244188000 83 Linux

Disk /dev/sdd: 250.0 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sdd1 1 30401 244196001 fd Linux raid autodetect

Disk /dev/sde: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sde1 1 30401 244196001 fd Linux raid autodetect
/dev/sde2 30402 60801 244188000 83 Linux

RAID detail:
root@data:/# mdadm --query --detail /dev/md0
Version : 00.91.03
Creation Time : Tue Jan 24 09:15:56 2034
Raid Level : raid5
Array Size : 488391808 (465.77 GiB 500.11 GB)
Device Size : 244195904 (232.88 GiB 250.06 GB)
Raid Devices : 5
Total Devices : 5
Preferred Minor : 0
Persistence : Superblock is persistent

Update Time : Tue Jan 24 13:31:34 2034
State : clean, recovering
Active Devices : 5
Working Devices : 5
Failed Devices : 0
Spare Devices : 0

Layout : left-symmetric
Chunk Size : 64K

Reshape Status : 2% complete
Delta Devices : 2, (3->5)

UUID : bcf1613f:5de00cfa:8880d4eb:30bb47b4
Events : 0.4058

Number Major Minor RaidDevice State
0 8 1 0 active sync /dev/sda1
1 8 17 1 active sync /dev/sdb1
2 8 65 2 active sync /dev/sde1
3 8 33 3 active sync /dev/sdc1
4 8 49 4 active sync /dev/sdd1

RAID status:
root@data:/#cat /proc/mdstat
Personalities : [linear] [raid0] [raid1] [raid10] [raid6] [raid5] [raid4]
md0 : active raid5 sdc1[3] sde1[2] sdd1[4] sdb1[1] sda1[0]
488391808 blocks super 0.91 level 5, 64k chunk, algorithm 2 [5/5] [UUUUU]
[>....................] reshape = 2.8% (6997760/244195904)
finish=428.4min speed=9224K/sec

unused devices: <none>

Create linux based wireless AP

Wi-Fi Protected Access version 2 (WPA2) is becoming the de facto standard for securing wireless networks, and a mandatory feature for all new Wi-Fi products certified by the Wi-Fi Alliance. We all know the security weaknesses of its predecessor, WEP; this time they got it right. Here's how to implement the WPA2 protocol on a Linux host and create a secure wireless access point (WAP) for your network.

Most consumer-grade commercial WAPs operate in the same simple manner: they create a bridge between a wired (Ethernet) network interface and a wireless one. That's exactly what we'll do too. The WAP part will be handled by the hostapd daemon, so you must pick a wireless interface it supports. Among the supported NICs are those with Prism 2/2.5/3, Atheros ar521x, and Prism GT/Duette/Indigo chipsets; a list is available on the hostapd homepage, along with links for Linux drivers for each chipset. I have an Atheros AR5212-based PCI card installed on my WAP, which works great with the latest stable version of MADWifi drivers and is supported by hostapd. Although any Pentium (or newer) system will work, some PCI wireless cards require PCI 2.2 to operate, so make sure to check your system's motherboard specifications before buying. You will also need an Ethernet interface that's supported by Linux for connecting your WAP to the LAN; most on-board interfaces will work just fine.

My setup is based on Debian Testing (Etch), but any GNU/Linux distribution with a recent 2.6 kernel will work. The kernel must support 802.1d Ethernet Bridging (CONFIG_BRIDGE) and Wireless LAN (CONFIG_NET_RADIO). Most default stock kernels have these features enabled, but if you prefer to build your own kernel, make sure to include these options. The only other packages you need to install, besides hostapd, are bridge-utils and wireless-tools. Major GNU/Linux distributions offer binary packages for all these programs, but if you prefer to build them from source, you can find more information on their homepages.

Before bridging together the two interfaces we must put the wireless interface (in my case ath0; adjust it to match your setup) in hostap or Master mode. Usually this is as simple as running iwconfig ath0 mode Master, but since wlan support in Linux is not yet standardized, some drivers may need additional configuration. If you have an Atheros-based interface you also need to run the following: wlanconfig ath0 destroy; wlanconfig ath0 create wlandev wifi0 wlanmode ap before the iwconfig command. After that, running iwconfig ath0 will return mode:Master, among others.

Now let's create the bridge. We'll assume that the Ethernet interface is eth0:

 ifconfig eth0 up ifconfig ath0 up brctl addbr br0 brctl addif br0 eth0 brctl addif br0 ath0  

And for stopping the bridge, you should run:

 ifconfig br0 down ifconfig eth0 down ifconfig ath0 down brctl delif br0 eth0 brctl delif br0 ath0 brctl delbr br0  

You can optionally give an IP address to the br0 interface if you want to access the WAP host from the network, using for instance SSH. Each distribution offers its own way to configure the network; if you use Debian (or any Debian-based distribution, such as Ubuntu) you can wrap up all the previous commands by simply adding the following to your /etc/network/interfaces file:

 auto ath0 br0  iface ath0 inet manual         pre-up wlanconfig ath0 destroy         pre-up wlanconfig ath0 create wlandev wifi0 wlanmode ap         post-down wlanconfig ath0 destroy         wireless-mode master  iface br0 inet manual         bridge_ports eth0 ath0  

Note that ifupdown handles eth0 automatically, so you don't need a separate stanza for it in /etc/network/interfaces. To verify that the bridge is configured correctly, run brctl show. You should get something like this in return:

 bridge name     bridge id               STP enabled     interfaces br0             8000.00032f2481f0       no              ath0                                                         eth0  

Before starting to mess with hostapd we need a pass phrase for WPA2. As with all passwords, it should be random and thus hard to guess. A nice way to get a random pass phrase is to visit Gibson Research Corp.'s Ultra High Security Password Generator and use the third password it creates -- the one titled 63 random alpha-numeric characters (a-z, A-Z, 0-9). Having a passphrase that includes non-alpha-numeric ASCII characters (e.g. !, @, etc.) might be tempting, but some clients -- namely Windows XP -- don't seem to like them.

Now create a new text file named /etc/hostapd/wpa_psk and paste your pass phrase as:

 00:00:00:00:00:00 PASSPHRASE  

The first part with the zeros means 'match all MAC addresses,' and does exactly that. You can also use different passphrases for each client by appending a new line to the file with each client's MAC address and its passphrase. Make sure that only root has access to that file by running chmod 600 /etc/hostapd/wpa_psk.

Now create a backup of hostapd's main configuration file, /etc/hostapd/hostapd.conf, and keep it as a reference by running mv /etc/hostapd/hostapd.conf /etc/hostapd/hostapd.conf.orig. Create a new hostapd.conf file and paste the following lines into it:

 interface=ath0 bridge=br0 driver=madwifi logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 debug=0 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=0 ssid=My_Secure_WLAN #macaddr_acl=1 #accept_mac_file=/etc/hostapd/accept auth_algs=3 eapol_key_index_workaround=0 eap_server=0 wpa=3 wpa_psk_file=/etc/hostapd/wpa_psk wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP stakey=0  

Replace the parts in italics with information that matches your setup. If you want to allow only specific clients to connect, remove the # character from the two lines above and copy the MAC addresses of those clients to /etc/hostapd/accept, and make this file accessible only by root (chmod 600). For more information about the options used, read the comments in the backup file you created previously (hostapd.conf.orig).

Start the hostapd daemon (/etc/init.d/hostapd start) and check /var/log/daemon.log to verify that it works. If the daemon does not come up, increase the debug level (option debug= in hostapd.conf) to 4 and try again.

Now if you scan for available wireless networks from a client, you should see your ESSID. To connect to the WAP from a Windows XP SP2 client, you need to install Microsoft's KB893357 patch first, which adds WPA2 support. On a Linux client, install wpa_supplicant and create a configuration file, wpa_supplicant.conf (in Debian, installed in /etc/wpa_supplicant/) like the following:

update_config=1 ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 eapol_version=1 ap_scan=1 fast_reauth=1  network={         ssid="My_Secure_WLAN"         proto=RSN         key_mgmt=WPA-PSK         pairwise=CCMP         group=CCMP         psk="PASSPHRASE"         priority=5 } 

Again replace the parts in italics to match your setup and run wpa_supplicant -i eth1 -D wext -c /etc/wpa_supplicant/wpa_supplicant.conf (replacing eth1 with your wlan interface name and wext with the appropriate driver for your card; run wpa_supplicant without any options for more information). This command starts wpa_supplicant in the foreground and tries to connect to the WAP. If the output looks like the following, you're all set:

 Trying to associate with 00:11:22:33:44:55 (SSID='My_Secure_WLAN' freq=0 MHz) Associated with 00:11:22:33:44:55 WPA: Key negotiation completed with 00:11:22:33:44:55 [PTK=CCMP GTK=CCMP] CTRL-EVENT-CONNECTED - Connection to 00:11:22:33:44:55 completed (auth) [id=0 id_str=]  

Give a static IP address to your wireless interface (or run a DHCP client) and try to ping a host inside your LAN to verify that the connection works.

Congratulations, you've just built yourself a highly customizable wireless access point. Although this setup is ideal for home or small office usage, you need something more robust in the enterprise, with authentication with a RADIUS server, or even better, a VPN. Check out my previous article on how to create such a setup with OpenBSD and OpenVPN.

Saturday, May 02, 2009

Comparison of Cooperate Bank Account for SMEs in Singapore

Corporate Bank Account Guide

OCBC entreprenuer corporate account has the lowest initial deposit of S$500 but you need to sign up with them within 6 months of business registration. If you have been incorporate for more than 6 months, then UOB has the lowest initial deposit of S$1,000.

Generally, banks will charge a service fee of S$15 per month if your average monthly balance falls below S$10,000.

1) UOB Bank (UOB Website)

a) UOB Corporate Current Account


  • A monthly statement of account for easy reference.
  • A free Corporate UniCard (UOB Corporate ATM card) with NETS facility.
  • Free cheque books that are automatically replenished.
  • Easy access to your Current Account through UOB Group's PhoneBanking service.
  • You'll also have the option of enjoying the benefits of Business Internet Bankingรข€" UOB Group's premier web-based banking solution for businesses.



  • Initial Deposit of S$1000
  • Minimum fee of S$15 if average daily balance fall below S$10,000 during the month

2) DBS Bank (DBS Website)

a) DBS Corporate Current Account

  • 1st 30 cheques per month free. Subsequent cheque at $0.40.
  • Earn daily interest on your balances at competitive rates.Interest is paid only on qualifying tiered balances.
  • Receive a monthly statement with transaction details of your Current Account.
  • Receive new cheque book automatically when you are down to your last few cheques. No reminders, requests or trips to the bank are needed.
  • Apply for overdraft facilities at competitive rates.

Initial Deposit of S$3000
Minimum fee of S$15 if average daily balance fall below S$10,000 during the month


3) OCBC Bank (OCBC Website)

a) Entrepreneur Corporate Account (Automatically converted to SGD chequing account after 6 months)


  • Unlimited free cheques
  • 50% off Giro transaction at Vivocity OCBC
  • 6 months waiver of minimum balance fee (subsequently S$15 per month if average monthly balance is below S$10,000)
  • 1 free Digipass for Velocity@ocbc

  • Initial Deposit of S$500
  • All new businesses within 6 months of date of incorporation

b) Business Privilege Account
  • Unlimited free cheques
  • GIRO transaction fees at S$0.10 via Velocity@ocbc
  • Up to 3 free Digipasses for Velocity@ocbc
  • eAlerts@ocbc an alert notification service at S$15 per month. First three months free.

  • Minimum deposit of S$5,000
  • S$20 per month of monthly average balance falls below S$10,000
  • If eAlerts@ocbc service be terminated, the Business Privilege Account will be automatically converted to an ordinary current account.

c)  Singapore Dollar Chequing Account
  • S$ 0.50 per cheque from the 31st cheque onwards per month

  • Minimum initial deposit of S$ 5,000
  • Minimum credit balance of S$ 10,000
  • S$15 per month if monthly average balance falls below S$ 10,000