sudo add-apt-repository ppa:mozillateam/firefox-stable
sudo add-apt-repository ppa:mozillateam/thunderbird-stable
Pages
Categories
Archives
Firefox and Thunderbird repositories for Ubuntu 10.10
Posted in Uncategorized Leave a comment
Add line to the top of files with sed
One-liner to add line at the beginning of the file(s).
find mirrors-* -exec sed -i 1i'http://webmel53.vsb.cz/hrb33/el$releasever/hrb/stable/$basearch/' {} \;
Posted in sed Leave a comment
Ssh complains host id has been changed
There are situations when host id might be changed a few times during fast, automatic, and massive host deployment. Ssh client begins to complain on changed host id.
[root@builder2 ~]# ssh webmel53 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 7f:14:74:68:ca:9e:e2:ec:1c:44:8c:ea:29:a9:84:60. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:80 RSA host key for webmel53 has changed and you have requested strict checking. Host key verification failed.
Quick and easy step follows:
[root@builder2 ~]# ssh-keygen -R !$ ssh-keygen -R webmel53 /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old
Posted in bash Leave a comment
How to remove sw raid for VMware Converter to work
VMWare converter is very powerful tool to provide physical to virtual conversion. It’s quite easy to make P2V of Windows base servers. The last versions of VMware Converter claim to support P2V of Linux based servers. This is true, but there are limits. Linux server running sw raid (mdadm) is one of them.
Here is breif HOWTO:
- stop all important services
- disable these services
- break the mirror
- strip mdadm info from the disk
- change the partition type from fd (Linux raid auto) to 83 (Linux)
- chroot into single disk instance
- rename mdadm.conf
- edit fstab to replace root mountpoint to /dev/sdX
- config the grub to point to /dev/sdX
- build new initrd
- poweroff source server
- remove the proper disk
- boot up with one disk only
These are the steps we performed on SUSE 10 server:
sles10:~ # service oracle-xe stop ... sles10:~ # chkconfig oracle-xe off ... sles10:~ # mdadm --fail /dev/md0 /dev/sdb1 sles10:~ # mdadm --remove /dev/md0 /dev/sdb1 sles10:~ # mdadm --zero-superblock /dev/sdb1 sles10:~ # fdisk /dev/sdb sles10:~ # mount /dev/sdb1 /mnt/ sles10:~ # mv /etc/mdadm.conf{,.old} sles10:~ # chroot /mnt/ sles10:/# vim /etc/fstab sles10:/# vim boot/grub/menu.lst sles10:/# mkinitrd sles10:~ # poweroff
Posted in vmware 2 Comments
ESX Error 15
Esx 4.0/4.1 might be not able to boot after reboot. It happens after update installation. Esx console says:
Filesystem type is ext2fs, partition type 0x83 uppermem 819200 kernel /vmlinuz ro root=UUID=ceadc074-b397-adcb-7b7604a8ab4a mem=800M quiet [Linux-bzImage, setup-0x1e00, size=0x179cdc] initrd /initrd.img Error 15: File not found Press any key to continue...
Console snapshot:
Quick look at usage space:
[root@esx8 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda5 4.9G 1.8G 2.9G 38% / /dev/sda2 2.0G 97M 1.8G 6% /var/log /dev/cciss/c0d0p1 99M 91M 2.9M 97% /boot /dev/cciss/c0d0p2 4.9G 1.6G 3.1G 34% /esx3-installation /dev/cciss/c0d0p1 99M 91M 2.9M 97% /esx3-installation/boot /dev/cciss/c0d0p6 2.0G 114M 1.8G 7% /esx3-installation/var/log
There are still esx3 files remaining. This box has been upgraded from esx 3.x to esx 4.0. We can easily remove the old stuff with cleanup-esx3.
[root@esx8 ~]# cleanup-esx3 Are you sure you want to remove ESX v3 references and files? (y/N) y Cleanup of ESX v3 successful. Please reboot your system. [root@esx8 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda5 4.9G 1.8G 2.9G 38% / /dev/sda2 2.0G 97M 1.8G 6% /var/log /dev/cciss/c0d0p1 99M 64M 30M 69% /boot /dev/cciss/c0d0p2 4.9G 1.6G 3.1G 34% /esx3-installation /dev/cciss/c0d0p1 99M 64M 30M 69% /esx3-installation/boot /dev/cciss/c0d0p6 2.0G 114M 1.8G 7% /esx3-installation/var/log [root@esx8 ~]#
Patrition table looks like that after the reboot.
[root@esx8 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sds5 4.9G 1.8G 2.9G 38% / /dev/sds2 2.0G 89M 1.8G 5% /var/log /dev/cciss/c0d0p1 99M 83M 12M 89% /boot
Posted in vmware 2 Comments
Text_CAPTCHA_Numeral bugs
There are two bugs in Text_CAPTCHA_Numeral Pear Module. Here is the patch.
diff -Nuar Text_CAPTCHA_Numeral-1.3.0.ok/php-pear-Text-CAPTCHA-Numeral.xml Text_CAPTCHA_Numeral-1.3.0/php-pear-Text-CAPTCHA-Numeral.xml --- Text_CAPTCHA_Numeral-1.3.0.ok/php-pear-Text-CAPTCHA-Numeral.xml 2010-10-24 04:16:40.000000000 +0200 +++ Text_CAPTCHA_Numeral-1.3.0/php-pear-Text-CAPTCHA-Numeral.xml 2010-11-18 23:15:05.000000000 +0100 @@ -43,7 +43,7 @@ <file baseinstalldir="Text" md5sum="1b16ce634831d571c8ba2e5819aaf6f9" name="tests/captchanumeral.answerisok.phpt" role="test" /> <file baseinstalldir="Text" md5sum="33de4b4f24e52c2e2ff35645cf1b4e51" name="tests/captchanumeral.firstandsecond.phpt" role="test" /> <file baseinstalldir="Text" md5sum="2f4a58be0ef33a4a112b265c0eb0b5dd" name="tests/captchanumeral.operator.phpt" role="test" /> - <file baseinstalldir="/" md5sum="554c5a360fb6efe189bdb8e73b2e2e70" name="Text/CAPTCHA/Numeral.php" role="php" /> + <file baseinstalldir="/" md5sum="e12804274c4e51bed45b706a49f0efa4" name="Text/CAPTCHA/Numeral.php" role="php" /> <file baseinstalldir="/" md5sum="72851c7bf12ba07412098a83592aee0b" name="Text/CAPTCHA/Numeral/NumeralInterface.php" role="php" /> </dir> </contents> diff -Nuar Text_CAPTCHA_Numeral-1.3.0.ok/Text/CAPTCHA/Numeral.php Text_CAPTCHA_Numeral-1.3.0/Text/CAPTCHA/Numeral.php --- Text_CAPTCHA_Numeral-1.3.0.ok/Text/CAPTCHA/Numeral.php 2010-10-24 04:16:39.000000000 +0200 +++ Text_CAPTCHA_Numeral-1.3.0/Text/CAPTCHA/Numeral.php 2010-11-18 23:13:58.000000000 +0100 @@ -355,7 +355,7 @@ */ private function setOperation($type = null) { - if (!stristr($type, 'F')) { + if (stristr($type, 'F')) { $this->operation = $this->getFirstNumber() . ' ' . $this->operator; } else { $this->operation = $this->getFirstNumber() . ' ' . @@ -514,6 +514,15 @@ ->setSecondNumber($first) ->setOperation(); } + /** + * Get rid of problematic zero result + */ + elseif ($first == $second) { + $this->setFirstNumber($first) + ->setSecondNumber($second-1) + ->setOperation(); + } + $answer = $this->getFirstNumber() - $this->getSecondNumber(); $this->setAnswer($answer);
Posted in Uncategorized Leave a comment
DNSBL for Horde
Here we go with a small patch to implement DNSBL for Horde. I have again used PEAR package, this time it is the Net_DNSBL, and as usually CentOS package is in my repos – http://fs12.vsb.cz/hrb33/el5/hrb/stable/i386/repoview/php-pear-Net-DNSBL.html.
The first patch is the important one. We let the attacker to log in, just to make sure he/she owns valid stolen credentials.
--- imp/lib/Auth/imp.php.orig 2011-01-05 10:21:05.224155622 +0100 +++ imp/lib/Auth/imp.php 2011-01-05 10:39:24.699438519 +0100 @@ -146,6 +146,36 @@ return false; } + # DNSBL START + ini_set('include_path', ini_get('include_path').':/usr/share/php'); + require_once 'Net/DNSBL.php'; + $dnsbl = new Net_DNSBL(); + #$remoteIP = '41.206.12.1'; + $remoteIP = $_SERVER['REMOTE_ADDR']; + $dnsbl->setBlacklists(array( + 'sbl-xbl.spamhaus.org', + 'bl.spamcop.net', + 'b.barracudacentral.org', + 'spam.spamrats.com', + 'dyna.spamrats.com', + 'noptr.spamrats.com', + 'bl.tiopan.com' + )); + if ($dnsbl->isListed($remoteIP, true)) { + $data=$dnsbl->getListingBls($remoteIP); + sort($data); + $entry = "LOGIN SUCCESS FROM BLACKLISTED IP [$remoteIP] FOR $userID: " . implode(", ", $data); + Horde::logMessage($entry, __FILE__, __LINE__, PEAR_LOG_ERR); + + unset($_SESSION['imp']); + if (isset($prefs)) { + $prefs->cleanup(true); + } + $this->_setAuthError(AUTH_REASON_BADLOGIN); + return false; + } + # DNSBL END + return true; }
The second one is just to log only access from blocked IPs.
--- imp/login.php.orig 2011-01-05 09:08:44.510891298 +0100 +++ imp/login.php 2011-01-05 10:34:26.763968526 +0100 @@ -449,6 +449,33 @@ 'var nomenu = ' . intval(empty($conf['menu']['always'])), )); +# DNSBL START +ini_set('include_path', ini_get('include_path').':/usr/share/php'); +require_once 'Net/DNSBL.php'; +$dnsbl = new Net_DNSBL(); +#$remoteIP = '41.206.12.1'; +$remoteIP = $_SERVER['REMOTE_ADDR']; +$dnsbl->setBlacklists(array( + 'sbl-xbl.spamhaus.org', + 'bl.spamcop.net', + 'b.barracudacentral.org', + 'spam.spamrats.com', + 'dyna.spamrats.com', + 'noptr.spamrats.com', + 'bl.tiopan.com' + )); +if ($dnsbl->isListed($remoteIP, true)) { + $data=$dnsbl->getListingBls($remoteIP); + sort($data); + $entry = "BLACKLISTED IP $remoteIP: " . implode(", ", $data); + Horde::logMessage($entry, __FILE__, __LINE__, PEAR_LOG_ERR); +} else { + $entry = "Not blacklisted ip $remoteIP" . implode(", ", $data); + Horde::logMessage($entry, __FILE__, __LINE__, PEAR_LOG_INFO); +} + +# DNSBL END + // ZMENA ini_set('include_path', ini_get('include_path').':/usr/share/php');
Posted in CentOS, horde, mailing, php Leave a comment
Captcha for Horde
Here is small patch to implement captcha on Horde login page. We have implemeteded Text_CAPTCHA_Numeral. Package for Centos is here: http://fs12.vsb.cz/hrb33/el5/hrb/stable/i386/repoview/php-pear-Text-CAPTCHA-Numeral.html. Here is the patch.
--- horde-webmail-1.2.8.orig/imp/login.php 2010-10-25 17:10:05.000000000 +0200 +++ horde-webmail-1.2.8/imp/login.php 2010-11-30 17:36:27.571023703 +0100 @@ -398,6 +398,7 @@ $t->set('user_vinfo', Horde::callHook('_imp_hook_vinfo', array('vdomain'), 'imp')); } $t->set('password_tabindex', ++$tabindex); +$t->set('captch_tabindex', ++$tabindex); $t->set('change_smtphost', (!empty($conf['server']['change_smtphost']))); if ($t->get('change_smtphost')) { @@ -446,7 +447,16 @@ 'var imp_auth = ' . intval($imp_auth), 'var nomenu = ' . intval(empty($conf['menu']['always'])), )); -echo $t->fetch(IMP_TEMPLATES . '/login/login.html'); + +// ZMENA +ini_set('include_path', ini_get('include_path').':/usr/share/php'); + +require_once 'Text/CAPTCHA/Numeral.php'; +$numcap = new Text_CAPTCHA_Numeral; + +echo str_replace('Vysledek', $numcap->getOperation().' =', $t->fetch(IMP_TEMPLATES . '/login/login.html')); +$_SESSION['answer'] = $numcap->getAnswer(); +//KONEC ZMENY if (!empty($recompose_data)) { /* Prepare recompose template. */ --- horde-webmail-1.2.8.orig/imp/redirect.php 2010-10-25 17:10:05.000000000 +0200 +++ horde-webmail-1.2.8/imp/redirect.php 2010-11-30 17:36:27.555023948 +0100 @@ -91,6 +91,14 @@ require_once 'Horde/Maintenance.php'; $actionID = (Util::getFormData('action') == 'compose') ? 'login_compose' : Util::getFormData('actionID'); + +$captch = Util::getFormData('captch'); +if (isset($captch) && isset($_SESSION['answer'])) { + if ($captch != $_SESSION['answer']) { + _redirect(Auth::addLogoutParameters(IMP::logoutUrl(), AUTH_REASON_FAILED)); + } +} + $autologin = Util::getFormData('autologin'); $imapuser = Util::getPost('imapuser'); $pass = Util::getPost('pass'); --- horde-webmail-1.2.8.orig/imp/templates/login/login.html 2010-10-25 17:10:05.000000000 +0200 +++ horde-webmail-1.2.8/imp/templates/login/login.html 2010-11-30 17:36:27.215029139 +0100 @@ -94,6 +94,12 @@ <input type="password" tabindex="<tag:password_tabindex />" id="pass" name="pass" style="direction:ltr" /> </td> </tr> + <tr> + <td class="light rightAlign"><label for="captch"><strong><gettext>Vysledek</gettext></strong></label></td> + <td class="leftAlign"> + <input type="text" tabindex="<tag:captch_tabindex />" id="captch" name="captch" style="direction:ltr" /> + </td> + </tr> <if:change_smtphost> <tr style="height: 1em;">
Posted in CentOS 4.x, CentOS 5.x, horde, php Leave a comment
Hunting the root kits
Within Linux mailing list there has been post on hacked Linux box. We have recommended root kit scan. There are two important tools on Linux now, rkhunter and chkrootkit.
[root@box ~]# chkrootkit ROOTDIR is `/' Checking `amd'... not found Checking `basename'... not infected Checking `biff'... not found Checking `chfn'... not infected Checking `chsh'... not infected Checking `cron'... not infected Checking `crontab'... not infected Checking `date'... not infected Checking `du'... not infected Checking `dirname'... not infected Checking `echo'... not infected Checking `egrep'... not infected Checking `env'... not infected Checking `find'... not infected Checking `fingerd'... not found Checking `gpm'... not infected Checking `grep'... not infected Checking `hdparm'... not infected Checking `su'... not infected Checking `ifconfig'... not infected Checking `inetd'... not found Checking `inetdconf'... not found Checking `identd'... not found Checking `init'... not infected Checking `killall'... not infected Checking `ldsopreload'... not infected Checking `login'... not infected Checking `ls'... not infected Checking `lsof'... not infected Checking `mail'... not infected Checking `mingetty'... not infected Checking `netstat'... not infected Checking `named'... not found Checking `passwd'... not infected Checking `pidof'... not infected Checking `pop2'... not found Checking `pop3'... not found Checking `ps'... not infected Checking `pstree'... not infected Checking `rpcinfo'... not infected Checking `rlogind'... not found Checking `rshd'... not found Checking `slogin'... not infected Checking `sendmail'... not infected Checking `sshd'... not infected Checking `syslogd'... not infected Checking `tar'... not infected Checking `tcpd'... not infected Checking `tcpdump'... not infected Checking `top'... not infected Checking `telnetd'... not found Checking `timed'... not found Checking `traceroute'... not infected Checking `vdir'... not infected Checking `w'... not infected Checking `write'... not infected Checking `aliens'... no suspect files Searching for sniffer's logs, it may take a while... nothing found Searching for HiDrootkit's default dir... nothing found Searching for t0rn's default files and dirs... nothing found Searching for t0rn's v8 defaults... nothing found Searching for Lion Worm default files and dirs... nothing found Searching for RSHA's default files and dir... nothing found Searching for RH-Sharpe's default files... nothing found Searching for Ambient's rootkit (ark) default files and dirs... nothing found Searching for suspicious files and dirs, it may take a while... /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/Razor2/Preproc/deHTMLxs/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/mod_perl/.packlist /usr/lib/perl5/5.8.5/i386-linux-thread-multi/.packlist Searching for LPD Worm files and dirs... nothing found Searching for Ramen Worm files and dirs... nothing found Searching for Maniac files and dirs... nothing found Searching for RK17 files and dirs... nothing found Searching for Ducoci rootkit... nothing found Searching for Adore Worm... nothing found Searching for ShitC Worm... nothing found Searching for Omega Worm... nothing found Searching for Sadmind/IIS Worm... nothing found Searching for MonKit... nothing found Searching for Showtee... nothing found Searching for OpticKit... nothing found Searching for T.R.K... nothing found Searching for Mithra... nothing found Searching for LOC rootkit... nothing found Searching for Romanian rootkit... nothing found Searching for HKRK rootkit... nothing found Searching for Suckit rootkit... nothing found Searching for Volc rootkit... nothing found Searching for Gold2 rootkit... nothing found Searching for TC2 Worm default files and dirs... nothing found Searching for Anonoying rootkit default files and dirs... nothing found Searching for ZK rootkit default files and dirs... nothing found Searching for ShKit rootkit default files and dirs... nothing found Searching for AjaKit rootkit default files and dirs... nothing found Searching for zaRwT rootkit default files and dirs... nothing found Searching for Madalin rootkit default files... nothing found Searching for Fu rootkit default files... nothing found Searching for ESRK rootkit default files... nothing found Searching for rootedoor... nothing found Searching for ENYELKM rootkit default files... nothing found Searching for common ssh-scanners default files... nothing found Searching for suspect PHP files... nothing found Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... INFECTED (PORTS: 465) Checking `lkm'... chkproc: nothing detected chkdirs: nothing detected Checking `rexedcs'... not found Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets eth0:0: not promisc and no PF_PACKET sockets Checking `w55808'... not infected Checking `wted'... chkwtmp: nothing deleted Checking `scalper'... not infected Checking `slapper'... not infected Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root 19564 pts/0 -bash ! root 20746 pts/0 screen -DRU chkutmp: nothing deleted Checking `OSX_RSPLUG'... not infected
Wow! It seems we have box chrooted.
Checking `bindshell'... INFECTED (PORTS: 465)
Something is listening on 465 port, we have to find out more.
[root@box ~]# netstat -lnp | grep 465
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 7624/master
[root@box ~]# fuser -vn tcp 465
here: 465
USER PID ACCESS COMMAND
465/tcp root 7624 f.... masterSo, this is postfix running on port 465, providing SMTPS access. 
Posted in CentOS Leave a comment
avgd stops listening on port 54322
Last days I’m experiencing avgd not responding. Avgd stops to listen on port 54322, amavisd-new timeouts on talking to AV. Mails are being held and queue is slowly increasing its number. It’s strange, that I’m experiencing it not only on one production system…
Aug 29 04:59:46 rakosnicek amavis[25940]: (25940-01-5) (!)AVG Anti-Virus av-scanner FAILED: run_av error: Too many retries to talk to 127.0.0.1:54322 (timed out) at (eval 111) line 373.\n
It seems working after changing a little bit AVG configuration with following values:
avgcfgctl -w Default.setup.features.antispam=false avgcfgctl -w Default.tcpd.avg.limiter_start=150 avgcfgctl -w Default.tcpd.avg.limiter_stop=200 avgcfgctl -w Default.tcpd.avg.timeout=5000 avgcfgctl -w Default.tcpd.smtp.enabled=false avgctl --restart=tcpd