Datacenter Capacity Planning

A lot needs to be considered when planning for a datacenter. Power, cooling, UPS, generators, rack space, cost. All these come into play.

Here are a few links to some vendor calculators I came across that has helped me.

DELL

HP

Displaying 32/64 rpms installed on a Redhat system

It's been a while since I've prepared an Oracle Linux server. Today I got handed a hot potato - "An Oracle Linux server with missing Libraries". This is often the case with oracles installer - It won't install without the proper libraries. What had happened was the previous sysadmin installed the 32bit versions of the libraries and Oracle was looking for the 64bit version. However, with Redhat's default rpm -qa command it often displays only the package but doesn't tell you the architecture of the package. Here's a neat command that would display the architecture of the installed package.

rpm -qa --queryformat "%{NAME}-%{VERSION}.%{RELEASE} (%{ARCH})\n"

Give this a try the next time you install a 64bit Redhat system.

iSCSI @ Home

iSCSI or internet SCSI is a standard for running SCSI over an ip based network. For people familiar with this technology it basically enables you to mount remote disks over your existing IP infrastructure.

Today I setup a simple iSCSI mount on Linux for my local windows desktop at home over my home network. Lets start with the basic terminology and requirements.

You need a Linux box with plenty of storage space, preferably with RAID and a decent network connection - 1G acting as your SAN. This will be your iSCSI target.

Then you need a Linux or Windows desktop to act as your mount point - The iSCSI initiator.

Here are some links on the web which explains this more in detail
Setting up iSCSI in 5 mins
Enterprise iSCSI for Linux
Microsoft iSCSI iniator

Building a simple iSCSI was as simple as following those links and instructions and downloading the appropriate files.

In my quick and dirty implementation I didn't have a high performance disk setup nor a proper LVM setup to export my devices. However, the Linux Enterprise iSCSI target supports exporting files as a virtual file/block device. So I simply created an empty 10G file as my iscsi mount by using dd.

dd if=/dev/zero of=/tmp/iscsi-file bs=1M count=10240

I then exported the /tmp/iscsi-file as LUN0 in the ietd.conf file. It's as simple as that!

Setting up the Windows iSCSI initiator was as simple as eating lettuce.

Next, I'll be posting about setting up the Linux iSCSI initiator as that is a bit more complicated and may require more troubleshooting steps.

##Update
Someone recommended me to a more powerful open source tool for SAN,NAS,iSCSI.
It's called openfiler. Seems like an awesome tool!

Vsftp chroot - Unable to follow symlinks!!

Today I setup vsftp for local user ftp access. I turned on 'chroot_local_user=YES' which essentially puts the ftp user into a chroot jail. But what happens when you want to access something outside of user's home directory?

What? Symlinks don't work?!

Here's the solution I found on the net: Link

Basically you have to mount the external directory into your current directory using the --bind option. That nice link in the article tells you how to do it and how to put it in your fstab file to make it permanent after a reboot!

Happy reading!

Upgrading an Entrepreneur ASP infrastructure - PART III

VMware - The leading industry Virtualization Provider. It comes in two flavors VMWare ESX and VMWare Server (formerly GSX). The former comes at a cost and the latter FREE!

In a low cost setup Vmware server (Free version) is the best recommended solution. Although I must mention that the ESX server provides additional much wanted enterprise features such as support for Network attached SAN, iscsi, clustering and resource pooling.

VMWare is supported on many OSes, Windows, Redhat, CentOS, Ubuntu and more.

In this setup I recommend using CentOS as the base operating system as it is built from the stable Redhat Enterprise Linux source and is free!

Below are steps that should be followed to prepare for VMWare installation.

1. Prepare mirrored hardware RAID if available.
2. Partition the system as follows during OS installation:

- Boot (ext3,primary) = 100 mb
- LVM (LVM,primary) = All remaining space
- LVM name = RAID1
- SWAP = 2G (or 2 x RAM)
- TMP (/TMP) ext3 = 1G
- VAR_LOG (/var/log) ext3 = 2G
- ROOT (/) ext3 = 5G
- VAR_LIB_VMWARE (/var/lib/vmware) ext3 = 100G+
- Leave Free space or allocate all to VAR_LIB_VMWARE

In this setup there are two logical partitions Boot and LVM. Inside LVM contains additional logical partitions with the key note that VAR_LIB_VMWARE is where all the guest OS images reside. This mount point should be in it's own partition in order to prevent allocating too much space affecting the host OS.

A LVM is a Logical Volume Manager. In current releases of Linux, LVM is installed by default for partitioning. LVM allows an administrator to dynamically resize partitions much like partition magic for windows. Conventional Linux partitions suffer from the inability to resize easily. Using Fdisk often requires the system to be booted in rescue mode and risk loss of data. By using LVM, logical volumes are now grouped into a single resource pool. In this pool is a collection of logical extents, these extents are fixed in size and are usually several megabytes. This pool of extents are then allocated to each logical volume to form a partition. When more space is needed, additional free logical extents can be added to those volumes live.

Upgrading an Entrepreneur ASP infrastructure - PART II

After analyzing the situation I have identified several key problems.

1. System Availability - Systems fail frequently due to hardware failures, DoS, and application failures.
2. Collocation is far and administration requires frequent visits
3. Mini tower servers consume space and the 1/2 rack space maybe reaching capacity limits.
4. Network lacks sufficient protection against malicious attacks.
5. Subnet is small and may reach IP assignment limits.

A) The culprit to system availability is the use of low cost hardware. Low cost motherboards and network cards can often fail as well as that different systems built during different time periods usually leads to a mix of components that may not be supported by Enterprise Linux.

RAM, CPU, Motherboard, power supply and Hard disk failures fail at different intervals with Hard disks failure being the most frequent. Most of this is attributable to combination of poor cooling and poor quality parts. As well as this, the power supply is a key component in a system that cannot be neglected as a low quality power supply can lead to more frequent component failures.

Recommendation 1 - Use enterprise grade servers such as Dell and HP rack mountable servers. Such systems are built of much high quality components and provide N+1 redundancy for components that fail often. Dual power supplies and Mirror Raid Hard drives are a necessity. It is important to use Hardware raid for added performance and to ease administration during a failure. Commercial servers provide enterprise grade device driver support. Search and recompiling drivers are a past. Furthermore, Dell's DRAC and HP's iLO are remote access tools that allows a user to remotely administer the system at a BIOS level. Using enterprise grade servers provide increase efficiency, speed and scalability for additional RAM slots and division of CPU cores.

Recommendation 2 - Embrace Virtualization. Virtualization allows multiple OS to run from a single system taking advantage from the systems unused resources such as CPU, HD and RAM by sharing them accross multiple Virtual instances (VM Guests). By combining VMWare with an enterprise server, system stability can be leveraged therefore increasing availability.

B) VMware addresses the need for on-site administration. It allows an administrator to remotely connect to VMWare server to control the guests, performing remote operations such as reboot, allocate additional Network interfaces, RAM, and Hard disk space. All of this is shared from a resource pool belonging to the underlying server. Other neat features include remote mounting external devices and creating a template VM instance allowing the administrator to stamp out pre-configured OS installations with minimal time. Another great advantage of VMware is it allows multiple different OSes such as windows and Linux to coexist in a single host. However, there is one disadvantage which due to the fact that all the eggs are in one basket. An entire system failure could cause all virtual instances to fail. To ensure this risk is minimized 2 or more hosts should be in place in case of failure.

C) By employing VMWare and DELL/HP rack mountable servers, rack space should be reduced significantly leading for more room for expansion.

D) As a secondary phase of the project a robust Firewall needs to be in place to protect against outside DoS and hack attempts. This is a vital piece of equipment which cannot be neglected as it will reduce or remove malicious attacks completely. It also helps hide the underlying network and can help map external IPs to internal IPs and allow only the ports necessary for access. By using a hardware firewall, the OS firewall can be switched off. As well as this, such appliances offer VPN capabilities for protected administrative access to the systems. Such a device is highly sophisticated and it is recommended to use no other brand than CISCO for it's reliability and feature set. The Cisco ASA 5505 unlimited user license is a low cost entry point for such a scale of setup. Due to the price of even the lowest model, the second hand market may need to be considered.

E) By employing a firewall, NAT overloading and static natting can be performed to allow more than one system to use a single WAN IP therefore reducing the need for a large address space.

Note: Noting that the current administrator may not have sufficient knowledge to administer the device, my recommendation is to hold off on the purchase until the systems have reached a certain stability and scale. An experienced administrator needs to be hired to help configure and maintain the device.

Upgrading an Entrepreneur ASP infrastructure - PART I

Any startup entrepreneurial hosting business usually run into many technical challenges. They face difficult business decisions and often have to trade off between stability, scalability and underlying profit.

There is no win/win situation, however I do know one thing - time is money. In a setup where systems experience frequent downtime, hardware failures or even just frequent visits to the data center for administration can be costly in time to the business.

Here's a case study of a hosting business. Netdreamland is a service provider, providing hosting services for various clients from simple web hosting to sophisticated application services requiring administrative access to the systems. Currently Netdreamland rents half a rack from a remote collocation facility with seven low budget mini tower servers. The systems are assigned individual public IPs as they are fed off of a 3com unmanaged switch directly connected to the ISP. The business owner currently faces a dilemma; he is a one man team who manages the business side and the administration side of the business, He has no time to attend to the systems. Moreover, Netdreamlands systems often fail due to hardware failures, application failures and Denial of Service attacks which renders the system unreachable. This is consuming a lot of his time and energy as he often finds himself driving to the data center for simple reboots to hardware replacements, often in the middle of the night. The collocation is quite a drive away from the office and his last visit to the site was to install a new system for a new customer. He is now afraid to expand his customer base too aggressively as it will increase his visits to the point where he cannot tend other business matters. Netdreamland is profitable but is at a point where further expansion will jeopardize service availability.

Cisco SPAN, SNMP and Wireshark

Today I was assigned a task to find out and explain a certain network anomaly we are experiencing in our network. The mission started out to be a bandwidth monitoring task against a specific router. This router however was owned by a third party so we didn't have access to it. Simple enough, I started looking at the next hop from that router - the switch port it was connected which belonged to the company I was working for. Using a combination of SNMP and a nice graphing/monitoring tool called "intermapper" I was able to obtain a pretty graph with traffic going in and out of the interface.

Eventually, looking at the graph we pin pointed the time of the day which we saturated the pipe going out the router which was only a fractional T1 at 64K. However, on the graph we spotted some unexplainable traffic spikes occurring every 5 mins. We couldn't explain why such traffic would occur going out the interface to this router. This warranted for some deeper packet inspection.

Here we used something called the SPAN feature on a Cisco switch. SPAN is just another fancy name for port mirroring. Since we didn't want to impact the production network, we simply mirrored the port on the Cisco switch. The command was easy on our IOS C2960G:

In configuration terminal mode:
monitor session 1 source gi /24
monitor session 1 destination gi 0/1

The setting was straight forward, specify the source port to monitor and the destination port to dump the packets onto.

After that, plug the destination port to a workstation with wireshark aka ethereal and capture the packets! With Wireshark we can sniff whatever traffic that is traversing the interface with some useful statistics and summary reporting.

It turned out to be a strange broadcast to that vlan, resulting from a faulty application.

Layer 2 Best Practices

I think I should be stepping up my security practices. Here's an article that I came across summarized all the things one should know about Layer 2 security practices on Cisco switches.

http://www.networkworld.com/community/node/30682

Configuring VLAN in Linux

This link from the Redhat knowledge base talks all about it.

Here's the list of steps and pointers I had to go through.

1. Make sure that the 8021q module is loaded
modprobe 8021q

2. This step is important as it defines the vlan that it listens on
Make a new interface file named "ifcfg-ethX.Y" where
X - the interface it will listen on.
Y - is the VLAN ID.

Add this to the config file
VLAN=yes

3. Create the neccessary IP configurations on the new interface file

4. Make sure that physical interface file looks like this. In my case it's eth0
DEVICE=eth0
ONBOOT=yes

5. service network restart

6. Done!

How to do a HTTP POST with Curl

This page proves there are people out there who forget about the same things I forget.

Here's the POST I wanted to run today.

curl -d "platform=CHANNEL&processor_target=CERT&charge_type=PING" http://app01.qa.paygateway.com:31080/Quicksilver/

Cisco ASA/PIX Bandwidth limiting

Today, I got a chance to setup some bandwidth limit on our Firewall. The goal was to choke the speed of traffic going to our backup server to 250Mb/s. As our backup traffic goes through a firewall here's how I did it on the my ASA5520s

First Define the traffic I want to choke using an access-list:

access-list backup_traffic extended permit ip any host BACKUP01

Then create a policy map to and set the speed

policy-map backup_traffic
class backup_traffic
police input 250000000

Then apply the policy map on the interface

service-policy backup_traffic interface outside

All done! That was easy. There's a lot more you can do in terms of QoS on the PIX/ASA. All this information can be found on the cisco site.

Linux Search and Replace multiple files

I don't know how many times I've forgotten how to do this but here's the summary.

Objective: I have some text I want to modify in many files.

Solution: Using SED in a bash FOR loop

for a in `find . -name '*filename*'`; do sed 's/text1/textx2/g' $a > $a.bk; mv -f $a.bk $a; done;
.
In your FOR loop
Step 1: Find the files you want to modify
Step 2: Use sed to search and replace the contents and redirect it into a new file
Step 3: move the new file back to the old file
Step 4: close your loop with done

The trick I forgot here is I can put as many commands as I want in a FOR loop by using the ';' delimiter.

Also, as the '>' - redirect cannot be used to overwrite the current open file the trick is to split the operation into two; write to new file and then move back to old file.

Cisco ASA/PIX icmp handling

Just a quick note:

Internet Control Message Protocol (ICMP) pings and traceroute on the PIX Firewall are handled differently based on the version of PIX and ASA code.

Inbound ICMP through the PIX/ASA is denied by default. Outbound ICMP is permitted, but the incoming reply is denied by default.

Pings Inbound
Pings initiated from the outside, or another low security interface of the PIX, are denied be default. The pings can be allowed by the use of static and access lists or access lists alone

Pings Outbound
There are two options in PIX 7.x that allow inside users to ping hosts on the outside. The first option is to setup a specific rule for each type of echo message.

For example:

access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any time-exceeded
access-group 101 in interface outside

This allows only these return messages through the firewall when an inside user pings to an outside host. The other types of ICMP status messages might be hostile and the firewall blocks all other ICMP messages.

Another option is to configure ICMP inspection. This allows a trusted IP address to traverse the firewall and allows replies back to the trusted address only. This way, hosts on all inside interfaces can ping hosts on the outside and the firewall allows the replies to return. This also gives you the advantage of monitoring the ICMP traffic that traverses the firewall. In this example, icmp inspection is added to the default global inspection policy.

policy-map global_policy
class inspection_default
inspect icmp

For more detailed info visit: here

Linux 101 - TOP command

Top is amongst the most comprehensive and informative process display command in Linux. There's no reason for a seasoned Linux sysadmin like myself not to know it! Top can display all the information you need to know about processes and systems information in a sorted manner.

In this post I want myself to be reminded of only the MOST USEFUL commands used in TOP and the rest I'm going to forget them!

h - Help - Yes, use it if you're as forgetful as me.
M - Sort by memory usage
P - Sort by CPU usage
c - Display path and exact command
z - Change colours - I hate Black & White
u - Display only processes owned by a specific user, enter nothing for All
q - Quit or you can crtl-c to kill it.

I think that's really the minimum options a sysadmin should know. I would refer to the MAN page if I was ever stressed to find out more.

Watch the latest videos on YouTube.com

Cisco Spanning Tree protection mechanisms

Today, I wanted to remind myself of all the funky little Cisco spanning protection features. I found this neat picture that summarizes it all:

Troubleshooting PIX/ASA site to site IPsec VPN

I'm a person, who constantly makes typos, so troubleshooting has become a very part of me. Especially with such complex VPN configurations, there's bound to be some mistakes somewhere.

Like any other technical problem, the first thing is to understand the underlying technology. A site to site IPsec VPN consists of two phases; Phase 1 - IKE exchange and Phase2 - Establishing the ipsec tunnels. It is important to figure out which part of the negotiation the VPN is failing at.

However, before all that, we should check if the traffic is getting to the firewall in the first place. To do this we should turn on icmp debug on the firewall.

debug icmp trace

If you are logged in to the firewall via ssh or telnet, unlike the console you may find that you want to redirect the output of the debug to the screen. To do this enter:

terminal monitor

Once that is done, you can now start pinging the system you want to reach at the other end. Observe the icmp packets as it reaches the firewall, it should first reach the firewall and then natted to the global IP that was assigned in the VPN. If this is not true, check your nat and global acls and statements. You may want to use these statements to investigate your config

sh run nat
sh run global
sh run access-list acl-name

If the traffic is being properly natted you are safe to turn off icmp tracing as you know the traffic is reaching the firewall and being translated properly.

The next step is to verify that PHASE 1 negotiation is complete. Make sure to keep pinging the target host as it would ensure that the VPN tunnel is staying active.

sh crypto isakmp sa detail.

This will display if the sa - security association has been established. From the output you will see the status of the negotiation, if it succeeds will you see that status has become active and your sa time to live should start to decrement.

If not, turn on debugging for the phase 1:

debug crypto isakmp

Verify that there are no mismatches in the configuration as usually that should be the problem. Do a:

sh run crypto

Verify that the config does match the configuration provided to you on the other end. You may also find that the admin on the other end may have their configuration misconfigured. Try to ensure that your configuration is correct before blaming others as you don't want to to look stupid.

If the phase 1 configuration is complete, then you can move on to troubleshooting phase 2. Much like phase 1 you want to sh the crypto status.

sh crypto ipsec sa detail id-number

The id number here is the crypto-map sequence id number entered for the specific tunnel. Verify that something is displayed. If nothing is displayed then there is likely a problem with the configuration of the phase 2. Check that the ipsec transforms sets are matching as this was the problem that I ran into.

Once that is all done and both phase 1 & 2 are complete then the tunnel should be up. Now, if you have read carefully, all this requires that you ensure that the tunnel is up by launching a consistent ping against a target host at the other end. However, if you realize that both phase 1 & 2 have been established but you do not see any icmp replies, this may be to do with the natted address that was provided to the other side. What usually happens is that the other end would have an access-list that would only allow traffic from one specific natted ip. If this is wrong, you will not get any response even if the tunnel is up. Also, make sure that the outgoing acls on the firewall is to allow icmp going out. Depending on the corporate policy one may have defined only specific IP going out.

One last tool to troubleshoot, use the ASDM! This neat GUI will tell you all the information at a glance. It is a useful too for viewing your configuration. Also, try using the packet tracer on the ASDM. It will display in detail how the packet traverses each component in the firewall and show you the likely place to look at in your settings.

That's it for troubleshooting VPNs. These are the problems that I ran into when I set it up. I hope when I look back at this post I can remember what pains I have gone through and ensure that I follow these steps to avoid them!

Cisco PIX/ASA site to site IPsec Tunnel

I've created less than a hand full of VPN tunnels so far in my career. How often do you get a chance to create new VPN tunnels? Well today, I got a chance to create 3 customer site to site VPNs at once!

Speaking of VPN tunnels, how many know the commands for creating an IPSEC site to site VPN without referring to documents? In my job, everything has to go through a documented procedure in creating change requests, so CLI has become the only method we use in making Firewall or Router changes as it is the most straight forward to document. However, I must say using the ASDM in creating VPNs is much easier and much less error prone.

Today, I'm going to write down what my brain went through creating these VPNs and what sort of things I want to remember when I come to read this again.

First of all, we need a bunch of info and prerequisites when creating a VPN. It is critical that we communicate clearly so both ends have the correct information especially when working with a network admin on the other end of the pipe.

So what do we need to decide first?

- We should NAT to a public IP that we own for them to filter our traffic. There are two advantages:
1) We are not tying up our Outside interface IP incase we move it.
2) We are more flexible in movin that natted IP onto another FW if we want to in the future!

- Obtain the Outside IPs on both ends to establish the tunnel. This would be the outside interface IPs on the connecting devices.

- The Source and destination domains for the VPN. This would be the source IP we are encrypting our traffic to (As explained we should NAT this to a range or one IP depending on customers, unless we are making an internal site to site VPN in which case we may not want to NAT) and destination IPs - the hosts we want to connect to on the other end

- Phase 1 IKE exchange information
authentication method (usually pre-share)
encryption algorithm (des,3des,aes, etc)
hashing algorithm (md5,sha)
DF group (2,5...)
SA lifetime (86400)

- Phase 2 IPsec tunnel information
Peer IP
encryption algorithm
hashing algorthm
DH group

Watch the latest videos on YouTube.com

Once we have all this information we can start creating our VPNs.

There are two types of Cisco devices we can terminate our VPNs to; Router or Firewall. Both have advantages and disadvantages. I prefer creating site to site VPNs on routers because on routers VPN tunnels are created as VTI - Virtual Tunnel interfaces. These interfaces are just like router interfaces and are much flexible in nature. ASA/PIX are good with creating Remote Access VPNs as you can slap on and define the access policies much better. However in my scenario, I only had an ASA and creating a VPN tunnel on that is what I want to record down today.

Step by Step approach:
1) Backup your config!
2) Define and configure your PHASE 1 ISAKMP policy

crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

*note: the policy number can be any number, it's just a priority number . The IKE exchange will go through all the policies you have and hit on the first one it matches on the other end.

3) Define the PHASE 1 ISAKMP attributes by creating a tunnel group


tunnel-group x.x.x.x ipsec-attributes
pre-shared-key *

Note: The x.x.x.x here MUST be the peer IP address.

4) Define the PHASE 2 transform set

crypto ipsec transform-set TUNNEL_ESP_3DES_MD5 esp-3des esp-md5-hmac

In this case, I gave the tunnel name: TUNNEL_ESP_3DES_MD5 which closely describes what it uses: ESP + 3DES + MD5 + HMAC

5) Create the policy NAT statement and create the NAT

access-list acl permit ip source mask destination mask
global (outside) 3 ip
nat (inside) 3 access-list acl-name

Here we defined the traffic we want to be NAT using a combination of access-list for and the IP to nat to. Note that the 3 here is the 'id' I'm using to match the corresponding NAT statement. FYI, you can't assign more than one acl to a nat statement (I tried it)

6) Define the Encrypted traffic using an access-list

access-list acl extended permit ip host natted dest mask

Note: We are encrypting the traffic AFTER it's been natted so the access-list would fail if it is refering the the source internal IPs.

7) Lastly Define the crypto map

crypto isakmp enable Outside
crypto map map-name id match address
crypto map map-name id set pfs group2 <---if DH G is required
crypto map map-name id set peer 206.253.178.46
crypto map map-name id set transform-set TUNNEL_ESP_3DES_MD5

Make sure that you enable the isakmp for the interface used for establishing the connection. There can only be one crypto map per interface and hence the 'id' comes into place. When you create more than one vpn on an interface you will need to specify a different 'id' for each tunnel.

I guess that's all there is to configuring the tunnel. I will be posting some ways to test and debug the connection in my next post.

The Linux "find" command

In my Linux life, I find myself trying to search for files quite frequently. All distributions comes with a very handy command called 'locate' which helps you search for the file. What it does is Linux keeps an index and database of all the files and locations and this command would search inside that database to try to look for the file you want.

However, what you might find out is you will need to keep that database up to date before you can search anything new. In order to keep that database updated you have to run a command called 'updatedb' and it will churn away indexing your files. The down side with this is that it often takes a long time for it to come back (depending on how big your file system is). This is when the good old 'find' command comes to use.

The find command is pretty simple to use. Here's the syntax:

find path -name 'filename' path arguments

Here are some examples

find . -name 'foo'

What this command does is it searches your current directory for the filename that contains the word foo.

Other varations include

find / -maxdepth 2 -name 'foo'

This command searchs for foo from / directly with a maximum of 2 directories deep.

After all that what I wanted to remind myself was this command

find . -maxdepth 1 | sed 's/\.\///' | xargs -i chown -R {}.{} {}/

AHA! mumbo jumbo. What this command does is it searches the local directory, prints out the filenames and then strips out the ./ and then changes the ownership of the files(directories I should say) in question to the name itself?

So you might think, why would I do that? Well today I came across a system that had some screwed up home directories where ownership of directories did not belong to who they are suppose to. This command fixes all that, find find the directory name and changing the ownership back to it's real owner (which happens to be the name of the directory)

This command combines a series of linux command parsing, but what I want to make note is the 'xargs' command. This neat little command feeds from stdin and allows you to form a command which takes that input as an argument. In this very special case, it's especially useful in combo with the find command as it can feed input from the results of the search into a powerful chain command. One thing to make note is that the find command itself comes with '-exec' option which does the same thing, however in my case I had piped it once so I couldn't use the -exec command to do it.

Well to sum up, I've used this command many times and I think it deserves to stay in my memory for future use!

First Post

I find I frequently learn something, somethings that I've done once or twice or a dozen times, I eventually forget about it.

This is why I'm starting this blog. I want to record down to excruciating detail what I've done so that I can review it in the future!

If you've landed on my blog for some reason, feel free to leave some comments! There might be something here that might interest you.