Add default Gateway on different subnet FreeBSD / Linux


two days a go i got new VPS (FreeBSD 11) , the IP was  “213.202.XxX.XX.x/32” subnet and my GW i was given was in a different subnet “89.16X.XxX.1”.

So here is how to add 213.202.XxX.XX.x/32 and a different GW on your Linux / BSD host:

##first add your gateway with subnet , then add the default

## on FreeBSD :

#route add 89.16X.XxX.1/32 -iface em0 

#route add default 89.16X.XxX.1

## on Linux :

#route add 89.16X.XxX.1/32 dev eth0
#route add default gw 89.16X.XxX.1

How to check if your VPS SSD is Real- (IOPS benchmark)


I always wanted to check whether the VPS  i rent and mentioned Storage (SSD) spec is real ?

so I use a package “FIP (Flexible I/O) ” on my  CentOS VPS. so install FIO first :

rpm -iv fio-2.1.10-1.el7.rf.x86_64.rpm

Now I run Random Read/Write Test , This will create a 4 GB file, and perform 4KB reads and writes using a 75%/25% (ie 3 reads are performed for every 1 write) split within the file, with 64 operations running at a time. The 3:1 ratio is a rough approximation of your typical database:

./fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=test --bs=4k --iodepth=64 --size=4G --readwrite=randrw --rwmixread=75

here is result:

Jobs: 1 (f=1): [m] [6.5% done] [39613K/13099K /s] [9903 /3274  iops] [eta 01m:12s]

this shows that so called SSD is performing 9873 read operations per second and 3291 write operations per second.

local SSD for a VPS might reach 40,000 and 10,000 respectively if the system is lightly loaded.

hope you enjoy and use it to make sure your VPS is real !!

Hossein Mehrara


Leap Second 2016 may cause Linux to freeze

Leap Second 2016 may cause Linux to freeze :

A leap second will again be inserted at the end of June 30, 2016 at 23:59:60 UTC. Previously, on 30 June, 2012 a leap second was added.

what is it ?

Leap seconds are a periodic one-second adjustment of Coordinated Universal Time(UTC) in order to keep a system’s time of day close to the mean solar time. However, the Earth’s rotation speed varies in response to climatic and geological events, and due to this, UTC leap seconds are irregularly spaced and unpredictable.

So this leap second can  cause your linux kernel deadlock or make database crash .

Just for your information , FreeBSD and Unix are safe as 23:59:60 does not exist in Unix’s implementation of UTC then the linux kernel inserts the leap second by stepping the system clock back by one second on the first clock update after 0:00 UTC

How to fix it :

This problem is solved by either applying Operating System (Linux) patches, resetting the date or rebooting the system. The resolution is dependent on your level of Linux and your environment. Please consult your Linux provider for details of the solution appropriate for your system.

who can i resolve it ?:

  1. Check the Linux kernel version. In theory only 2.6.22 and newer levels should be affected:
    All: uname -r
  2. Switch to root or log in as root at the console
  3. Check to see if NTP is running:
    RHEL: service ntpd status
    SLES: /etc/init.d/ntp status
  4. If NTP is running, disable it:
    RHEL: service ntpd stop
    SLES: /etc/init.d/ntp stop
  5. Set the system clock to the current time:
    All sntp -P no -r
    Or: ntpdate
  6. If NTP was running, reenable it:
    RHEL: service ntpd start
    SLES: /etc/init.d/ntp start

By Hossein Mehrara

مشکل امنیتی کرنل لینوکس Copy-on-Write (COW) و نحوه رفع اشکال CVE-2016-5195

مشکل امنیتی کرنل لینوکس   Copy-on-Write (COW) و نحوه رفع اشکال


مشکل به اینصورت هست که کاربر عادی میتونه با این اکسپلوید و با استفاده از مپینگ سیستم  دسترسی مدیر ارشد پیداکنه :


A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

آیا سیستم من مشکل دارد؟

کافیه این اسکریپت رئ اجرا کنید :


now insert :

# Version: 1.1



MITIGATION_ON=’CVE-2016-5195 mitigation loaded’
MITIGATION_OFF=’CVE-2016-5195 mitigation unloaded’








running_kernel=$( uname -r )

# Check supported platform
if [[ “$running_kernel” != *”.el”[5-7]* ]]; then
echo -e “${RED}This script is only meant to detect vulnerable kernels on Red Hat Enterprise Linux 5, 6 and 7.${RESET}”
exit 4

# Check kernel if it is vulnerable
for tested_kernel in “${VULNERABLE_VERSIONS[@]}”; do
if [[ “$running_kernel” == *”$tested_kernel”* ]]; then

# Check if kpatch is installed
modules=$( lsmod )
for tested_kpatch in “${KPATCH_MODULE_NAMES[@]}”; do
if [[ “$modules” == *”$tested_kpatch”* ]]; then

# Check mitigation
while read -r line; do
if [[ “$line” == *”$MITIGATION_ON”* ]]; then
elif [[ “$line” == *”$MITIGATION_OFF”* ]]; then
done < <( dmesg )

# Result interpretation
if (( mitigated )); then
if [[ ! “$vulnerable_kernel” ]]; then
elif [[ “$applied_kpatch” ]]; then

# Print result
if [[ ${result} == “$SAFE_KERNEL” ]]; then
echo -e “${GREEN}Your kernel is ${RESET}$running_kernel${GREEN} which is NOT vulnerable.${RESET}”
exit 0
elif [[ ${result} == “$SAFE_KPATCH” ]]; then
echo -e “Your kernel is $running_kernel which is normally vulnerable.”
echo -e “${GREEN}However, you have kpatch ${RESET}$applied_kpatch${GREEN} applied, which fixes the vulnerability.${RESET}”
exit 1
elif [[ ${result} == “$MITIGATED” ]]; then
echo -e “${YELLOW}Your kernel is ${RESET}$running_kernel${YELLOW} which IS vulnerable.${RESET}”
echo -e “${YELLOW}You have a partial mitigation applied.${RESET}”
echo -e “This mitigation protects against most common attack vectors which are already exploited in the wild,”
echo -e “but does not protect against all possible attack vectors.”
echo -e “Red Hat recommends that you update your kernel as soon as possible.”
exit 2
echo -e “${RED}Your kernel is ${RESET}$running_kernel${RED} which IS vulnerable.${RESET}”
echo -e “Red Hat recommends that you update your kernel. Alternatively, you can apply partial”
echo -e “mitigation described at .”
exit 3


[hossein@me ~]$ bash
Your kernel is 2.6.32-642.6.1.el6.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at .




نمایش کارت شبکه و لینک ها (اتصال و عدم اتصال) در سولاریس Solaris


نمایش کارت شبکه و لینک ها (اتصال و عدم اتصال) در سولاریس   Solaris

برای اینکار از دستور dladm استفاده میکنیم


برای دیدن وصل بودن لینک و آپ و دان بودن کارت شبکه از :

# dladm show-dev

nxge0 link: down speed: 0 Mbps duplex: unknown

nxge1 link: down speed: 0 Mbps duplex: unknown

nxge2 link: up speed: 1000 Mbps duplex: full

nxge3 link: up speed: 1000 Mbps duplex: full


و برای نمایش حالتشون:



# dladm show-link

nxge0 type: non-vlan mtu: 1500 device: nxge0

nxge1 type: non-vlan mtu: 1500 device: nxge1

nxge2 type: non-vlan mtu: 1500 device: nxge2

nxge3 type: non-vlan mtu: 1500 device: nxge




Fix Network Card Naming issue “__tmpxxxx” in Linux (Redhat)

  • Fix Network Card Naming issue “__tmpxxxx” in Linux (Redhat)

After inserting some of the network interface cards (NIC) in HP servers (DL 380 G8 in my case) hosting Linux, they are shown and named as  ‘__tmpxxxx’ instead of “ ethX” .

Ethernet interface keeps changing into c even after two more reboot of the server.



First we need to get their MAC:

  • ifconfig –a |grep HW


__tmp1428126851 Link encap:Ethernet  HWaddr 1C:C1:DE:72:4D:53
__tmp1516900339 Link encap:Ethernet  HWaddr 1C:C1:DE:72:4D:52
__tmp1854964292 Link encap:Ethernet  HWaddr 78:E7:D1:FB:B1:2F
__tmp1950613216 Link encap:Ethernet  HWaddr 78:E7:D1:FB:B1:2E
bond0     Link encap:Ethernet  HWaddr 1C:C1:DE:72:4D:50
eth0      Link encap:Ethernet  HWaddr 1C:C1:DE:72:4D:50
eth1      Link encap:Ethernet  HWaddr 68:B5:99:B4:9F:E8

  • (to find driver type) ethtool -i eth2

driver: bnx2

version: 2.0.23b

firmware-version: bc 1.9.6

bus-info: 0000:09:00.0

  • add alias “eth2” and driver type “bnx2” in conf

cat /etc/modprobe.conf

alias eth2 bnx2


  • (add HWADDR = xxxxxx  to config files)

vi /etc/sysconfig/network-scripts/ifcfg-eth2



HWADDR= 1C:C1:DE:72:4D:53





  • (reboot the server) init 6

Please note to check bond config file


  • ifconfig | grep “eth”






Solution by : Hossein Mehrara

IP Forwarding in Solaris 10 without reboot

برای فعال / غیرفعال کردن آی پی فوراردینگ :

# routeadm -e ipv4-forwarding
-e = enable

# routeadm -d ipv4-forwarding
-d = disable

حالا واسه اینکه کامندمون اوکی شه باید یه کامند دیگه هم بزنیم

# routeadm –u

خوب حله . اوه راستی اگه بخواییدرو یه کارت شبکه خاص اینکار رو بکنید:

#ifconfig ce0 router

اگه بخواهید غیر فعال شه یه “- ” بزارید :

# ifconfig ce0 –router

حسین مهرآرا