A Full system save on the AS / 400 is a system backup that captures the whole “hard drive” to tape so that a full restore can be performed if needed. To perform this backup the system must be put into a restricted state, which means that while it is running, there will be no connectivity to the system.

There are two steps involved in running the backup, 1: initialize the tape, and 2: schedule the backup. The process is described below.

	First, log in and initalize (clear) the tape Log On to the 400 as QSECOFR
	Insert your backup tape into the AS/400 tape drive.
	Enter Go Tape Press enter
	Select option 2 to Initalize a tape Press enter
	Fill out the INZTAP form:  Device……………………….TAP01 New Volume Identifier……..BACKUP New owner identifier……….*BLANK Volume identifier…………..*MOUNTED Check for active files………*NO Tape Density……………….*CTGTYPE CODE……………………….*EBCDIC End of tape operation……..*REWIND CLEAR………………………*NO Press enter
	After a minute or two the status line at teh bottom of the screen will appear.
	Now, schedule the full system backup Note, this full system backup can ONLY be scheduled from the terminal that is physically attached to the AS/400. You must be sitting in front of the AS/400 to schedule this backup. (This is also the reason that my screen shots are actual photographs… because I could not screen capture the session.) Enter the command go backup Press enter
	Select option 1 to Run Backup Press enter
	Select option 11 to Back up the entire system Press enter
	This warning screen is displayed to advise you that this operation will take the system into a restricted and unreachable state for its duration.Press enter
	Fill out the Backup job form:  Device:……………………………TAP01 Prompt for commands:………….N Check for Active files:…………..N Message queue delivery…………*BREAK Start time:……………………….0200 (Pick your start time in military format with 4 digits and no punctuation) Vary off network servers:………*NONE Unmount file systems:………….N Hold shift and press the up arrow to scroll to the next page.
	On the 2nd screen select:  Print system information:….N Use system reply list:………N When you press enter the job will be submitted and will run when the time you specified is reached. Congrats, your full system backup is now scheduled. It should take around 2 hours to run.

My M0n0wall

My M0n0wall is running on a Dell Optiplex GX100. the PC is a medium-small form factor. It is only running one small fan on the powersupply. The P III processor is passively cooled.

One fun thing I did was wire the LAN NIC LED to make the hard drive indicator light flicker on the front of the box. I am using a CF card and no hard drive so now when there is traffic on the M0n0wall, the “HD led” blinks to indicate that there is traffic.

Specs

• Dell GX100
• 500MHz Celeron (passively cooled)
• 32MB Compact Flash Card
• 196 MB ram
• 135 watt PowerSupply
• 1 onboard NIC
• 1 Netgear FA311 (?)

Live Network Usage Graph from MRTG:

To see more stats, see my MRTG output page

I have SSH enabled on one of my OS X servers and have always been mindful of the logs. Monitoring attempts to brute force crack way into my machine. I have been careful and hopefuly have a fairly strong setup that should not be trivial to crack.

To help me watch the logs I created this very simple script that I run to notify me of any break-in attempts:

I call the script “Snitch”

#!/bin/bash
cat /private/var/log/system.log | grep 'Illegal' | awk '{print $12}' | sort | uniq -c
cat /private/var/log/system.log | grep 'Failed password' | awk '{print $13}' | sort | uniq -c | sort -nr

The script looks through the system log and finds and illegal or failed login attempts and counts the number of times that IP have attempted to gain enrty (since the log last rolled over). The output of the above script looks like this:

10 202.104.xxx.xxx
12 200.129.xxx.xxx
6  200.124.xxx.xxx

*note: I have not displayed the last two octets of the IP for privacy reasons.

Anywhoo, this page is more for me in case I ever need to refrence back to the code. However, if you stumbled onto it and found it helpful, great.

This is a quick script I stuck together to help me quickly ban IP addresses using my M0n0wall. I run this script from my Mac, however I needed to install wget in order to get it to work. I used info and code from this page to put this together: http://wiki.m0n0.ch/wikka.php?wakka=PoorMansTimeBasedRules

To run the script: /usr/bin/m0n0ban.command 200.xxx.xxx.xxx

#!/bin/bash#/usr/bin/m0n0ban.command
badIP=$1
echo "~*~*~*~*~*"
echo " Are you sure you want to ban "$badIP"?";
echo " Press enter to continue os CTRL+C to quit";
echo "~*~*~*~*~*"
read
Echo "Banning "$badIP
wget -qO /dev/null http://10.0.0.1/exec_raw.php?cmd="ipfw add 5 deny all from $badIP to any"
echo "Complete..."
echo "Current ruleset:"
wget -nv -O ~/banned.txt http://10.0.0.1/exec_raw.php?cmd="ipfw show 5" -q
cat ~/banned.txt

The command line interaction looks like this:

pine$ ./m0n0ban.command 201.216.x.205
~*~*~*~*~*
 Are you sure you want to ban 201.216.xx.205?
 Press enter to continue os CTRL+C to quit
~*~*~*~*~*

Banning 201.216.xx.205
Complete...

Current ruleset:
00005       0         0 deny ip from 200.129.xx.107 to any
00005       0         0 deny ip from 218.108.xx.121 to any
00005       0         0 deny ip from 201.216.xx.205 to any