Setting up a BizHub420 in UNIX

I had to setup a Minolta BizHub 420 multifunction device on SUN Solaris 9 (UNIX), this is how I did it (of course, from the command line):

Download the Linux driver for the printer from here.

Install the driver (PPD file) by copying the file (KO500UX.ppd) to /usr/share/cups/model/, then restart CUPS:

cp KO500UX.ppd /usr/share/cups/model/
/etc/init.d/cups restart

You can now verify that the printer is available for use inside of cups:

lpinfo -m

(You should see the printer model in the list now, in this case “KO500UX.ppd KONICA MINOLTA 500/420/360PS(P)”)

Install the printer using lpadmin:

lpadmin -p bizhub420 -E -v socket://10.10.10.5:9100 -m KO500UX.ppd

You can then tweak the options, like PageSize (Paper) and other options with the lpoptions command. First show the current options with a -l (the * denotes the default):

lpoptions -p bizhub420 -l

Then change the option with a -o:

lpoptions -p bizhub420 -o PageSize=Letter

Make sure it works:

echo “this is a test” | lp -d bizhub420

You’re set!

Side note: If you are having problems, you can change the LogLevel for cups in this file: /etc/cups/cupsd.conf and then restart cups to see more verbose logging. In my instance the log file was in /var/log/cups/error_log.

Create a self-signed SSL cert for 20 years!

I was thinking, if you are making your own cert for internal use or testing, why make it for only a year?

Here’s how to make one that won’t expire for twenty years…

Generate a key:

openssl genrsa -des3 -out test.key 1024

Remove the passphrase:

cp test.key test.key.orig
openssl rsa -in test.key.orig -out test.key

Create the CSR:

openssl req -new -key test.key -out test.csr

Create the 20 year cert:

openssl x509 -req -days 7305 -in test.csr -signkey test.key -out test.crt

Reduce ability of a DOS on Linux

To change the settings quickly run the following from the command line and the restart networking:

echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack

Or change them in /etc/sysctl.conf for permanence after a reboot:

net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_window_scaling = 0
net.ipv4.tcp_sack = 0

Netstat Connection Status

* CLOSED: The socket is not in use.
* LISTEN: The socket is listening for incoming connections.
* SYN_SENT: The socket is actively trying to establish a connection to a remote peer.
* SYN_RCVD: The socket has passively received a connection request from a remote peer.
* ESTABLISHED: The socket has an established connection between a local application and a remote peer.
* CLOSE_WAIT: The socket connection has been closed by the remote peer and the system is waiting for the local application to close its half of the connection.
* LAST_ACK: The socket connection has been closed by the remote peer, the local application has closed its half of the connection, and the system is waiting for the remote peer to acknowledge the close.
* FIN_WAIT_1: The socket connection has been closed by the local application, the remote peer has not yet acknowledged the close, and the system is waiting for it to close its half of the connection.
* FIN_WAIT_2: The socket connection has been closed by the local application, the remote peer has acknowledged the close, and the system is waiting for it to close its half of the connection.
* CLOSING: The socket connection has been closed by the local application and the remote peer simultaneously and the remote peer has not yet acknowledged the close attempt of the local application.
* TIME_WAIT: The socket connection has been closed by the local application, the remote peer has closed its half of the connection, and the system is waiting to be sure that the remote peer received the last acknowledgment.