https://www.hrbac.cz/posts/ Recent content in Posts on David Hrbáč Hugo -- gohugo.io en-us Thu, 01 Jun 2017 07:02:03 +0000 https://www.hrbac.cz/2017/06/proper-way-to-delete-channel-repository-packages-in-spacewalk/ Thu, 01 Jun 2017 07:02:03 +0000 https://www.hrbac.cz/2017/06/proper-way-to-delete-channel-repository-packages-in-spacewalk/ This is the way to remove the channel together with repository. It will also remove the packages from the file system. The workflow is as follows: remove subchannels and master channel remove repos remove orphan packages sync/clean up file system with Spacewalk DB records remove broken links to RPM packages (optional) You can remove channels and repos within GUI. You can also perform it all on command line: spacecmd softwarechannel\delete \channel\name\ spacecmd repo\delete \reponame\name\ spacecmd package\removeorphans spacewalk-data-fsck -r -S -C -O find /srv/satellite/rpms/ -xtype l -delete Comments: Managing Spacewalk Repos – A Place To Put Stuff - Jan 3, 2018 https://www.hrbac.cz/2016/10/docker-error-running-devicecreate-createsnapdevice-dm_task_run-failed/ Mon, 17 Oct 2016 12:00:45 +0000 https://www.hrbac.cz/2016/10/docker-error-running-devicecreate-createsnapdevice-dm_task_run-failed/ Reconfigure Docker instance running out of the space. Recreate data file up to 20GB. service docker stop rm -rf /var/lib/docker /etc/init.d/docker restart dd if=/dev/zero of=/var/lib/docker/devicemapper/devicemapper/data bs=1G count=0 seek=20 https://www.hrbac.cz/2015/04/gitlab-changing-ldap-dn/ Mon, 27 Apr 2015 07:21:37 +0000 https://www.hrbac.cz/2015/04/gitlab-changing-ldap-dn/ We have upgraded our LDAP infra and introduced a new LDAP server. The LDAP has different LDAP tree. That’s why we had to modify Gitlab LDAP setting. This is quite easy, since it’s just modification of /etc/gitlab/gitlab.rb. The tricky part is uid search of current users. Gitlab stores the whole uid with the context inside the DB. So, we have to modify the records within the DB. su - gitlab-psql /opt/gitlab/embedded/bin/psql gitlabhq_production UPDATE identities SET extern_uid = 'NEW LDAP UID' WHERE id = x; I have created a dump of the table and modified all the records with: https://www.hrbac.cz/2015/03/format-json-in-vim/ Fri, 20 Mar 2015 20:45:15 +0000 https://www.hrbac.cz/2015/03/format-json-in-vim/ Very quick and easy solution to format API JSON response within the Vim. :%!python -m json.tool https://www.hrbac.cz/2014/05/augeas-to-add-apache-directive-traceenable/ Wed, 14 May 2014 12:23:47 +0000 https://www.hrbac.cz/2014/05/augeas-to-add-apache-directive-traceenable/ This is a small exercise on Augeas just to add a new directive. I’d like to add TraceEnable On to the configuration. rm /files/etc/httpd/conf/httpd.conf/*[self::directive='TraceEnable'] ins directive before /files/etc/httpd/conf/httpd.conf/*[self::directive='KeepAlive'] set /files/etc/httpd/conf/httpd.conf/directive[.=""] "TraceEnable" set /files/etc/httpd/conf/httpd.conf/directive[.="TraceEnable"]/arg "On" save quit Comments: Filip Valder - Aug 0, 2014 Hi. As an example, it’s OK. But for security reasons having “TraceEnable off” is better, isn’t it? Filip #### [Risma](https://telkomuniversity.ac.id/ "ritajengnugraheni@student.telkomuniversity.ac.id") - Apr 0, 2019 thank you for sharing https://www.hrbac.cz/2013/12/spacewalk-not-responding-starting-tomcat6-error-code-4/ Tue, 10 Dec 2013 14:25:46 +0000 https://www.hrbac.cz/2013/12/spacewalk-not-responding-starting-tomcat6-error-code-4/ In case you see “Starting tomcat6: Error code 4”, make sure you have some free space on the file system… Comments: Tomáš Kašpárek - Mar 2, 2014 You can actually get this error any time even you have plenty of free space, following helps all the time rm /var/lock/subsys/tomcat6 rm /var/run/tomcat6.pid service tomcat6 start https://www.hrbac.cz/2013/12/nagios-time-in-far-future/ Tue, 10 Dec 2013 14:10:38 +0000 https://www.hrbac.cz/2013/12/nagios-time-in-far-future/ In case of the time being too far in the future you can go to: /etc/init.d/nagios stop mv /var/nagios/retention.dat{,.old} /etc/init.d/nagios start https://www.hrbac.cz/2013/07/openwrt-on-tp-link-tl-wr904n/ Mon, 01 Jul 2013 13:40:58 +0000 https://www.hrbac.cz/2013/07/openwrt-on-tp-link-tl-wr904n/ I have successfully installed OpenWrt Attitude Adjustment 12.09 on TP-LINK TL-WR904N Rev. 1.0 Ver 1.3. This HW is not described on OpenWrt HW list, but I have flashed it successfully with openwrt-ar71xx-generic-tl-wr941nd-v4-squashfs-factory.bin. BusyBox v1.19.4 (2013-03-14 11:28:31 UTC) built-in shell (ash) Enter 'help' for a list of built-in commands. _______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- ATTITUDE ADJUSTMENT (12. https://www.hrbac.cz/2013/07/openwrt-on-tenda-w307r/ Mon, 01 Jul 2013 13:37:36 +0000 https://www.hrbac.cz/2013/07/openwrt-on-tenda-w307r/ I have successfully installed OpenWrt Attitude Adjustment 12.09 on Tenda W307R Rev. V2.0. This HW is not described on OpenWrt HW list, but I have flashed it successfully with openwrt-ramips-rt305x-w306r-v20-squashfs-factory.bin. BusyBox v1.19.4 (2013-03-15 02:26:13 UTC) built-in shell (ash) Enter 'help' for a list of built-in commands. _______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- ATTITUDE ADJUSTMENT (12. https://www.hrbac.cz/2013/03/set-window-name-in-tmux-to-hostname/ Sat, 09 Mar 2013 19:08:04 +0000 https://www.hrbac.cz/2013/03/set-window-name-in-tmux-to-hostname/ This is the quick way to set window name to hostname connected to. printf "\033k`hostname -s`\033\\" See superuser.com https://www.hrbac.cz/2013/02/moving-the-repositories/ Fri, 01 Feb 2013 22:01:34 +0000 https://www.hrbac.cz/2013/02/moving-the-repositories/ As a few of you might know, I’m going to leave the Centre for Information Technology at Technical University of Ostrava within a few weeks. It’s been great fun to work here all the time but the last year. There’s no call for me to stay, almost everybody I have admired had left. The fun has gone away too. Well, this means I have to move my repositories which I have brought to University. https://www.hrbac.cz/2013/01/powercli-to-list-delete-snapshots/ Mon, 07 Jan 2013 13:43:14 +0000 https://www.hrbac.cz/2013/01/powercli-to-list-delete-snapshots/ We have realized we are having broken NetApp VMs backup. The process left a lot of VM snapshots. To start off let’s find out those snaps with: get-vm | get-snapshot | where {$\_.Description -match "SMVI Snapshot generated for backup"} | Format-Table -Property VM,Name,Created,Description, SizeMB This command prints the flowing table: VM Name Created Description SizeMB -- ---- ------- ----------- ------ vyuka.fs smvi\_a3d... 23.11.2012 17:56:25 SMVI Snapshot... 6768,13 ojs smvi\_a3d... 23.11.2012 18:01:25 SMVI Snapshot. https://www.hrbac.cz/2012/12/git-to-list-changed-files/ Sat, 08 Dec 2012 16:06:27 +0000 https://www.hrbac.cz/2012/12/git-to-list-changed-files/ Today I want to make a brief summary of git log possibilities. There’s a huge range of git log commands to choose from. I have chosen only a few. Let’s limit git response to the latest commit with HEAD^! target. So here we go: git log HEAD^! commit 68d0e02d20bdbdbaf3bce24ea5cfd51a854157a8 Author: David Hrbáč Date: Sat Dec 8 16:10:44 2012 +0100 dnsmasq-2.64-1: new upstream release git log --name-only HEAD^! commit 68d0e02d20bdbdbaf3bce24ea5cfd51a854157a8 Author: David Hrbáč Date: Sat Dec 8 16:10:44 2012 +0100 dnsmasq-2. https://www.hrbac.cz/2012/11/disable-fc-adapter-qla2xxx-in-systemrescuecd/ Fri, 09 Nov 2012 14:54:37 +0000 https://www.hrbac.cz/2012/11/disable-fc-adapter-qla2xxx-in-systemrescuecd/ During the boot of SystemRescueCD hit TAB and append: noload=qla2xxx,scsi_transport_fc,scsi_tgt https://www.hrbac.cz/2012/08/powercli-to-start-and-stop-remote-tech-support-ssh/ Mon, 06 Aug 2012 12:02:56 +0000 https://www.hrbac.cz/2012/08/powercli-to-start-and-stop-remote-tech-support-ssh/ Another PowerCLI one-liner to start Remote Tech Support (SSH) on ESX/ESXi: Get-Cluster -Name "CIT2 CLuster" | Get-VMHost | Get-VMHostService | ? {$\_.Key -eq "TSM-ssh"} | Start-VMHostService One-liner to stop: Get-Cluster -Name "CIT2 CLuster" | Get-VMHost | Get-VMHostService | ? {$\_.Key -eq "TSM-ssh"} | Stop-VMHostService -Confirm:$false https://www.hrbac.cz/2012/06/sed-to-extract-email-addresses-from-file/ Mon, 04 Jun 2012 11:45:42 +0000 https://www.hrbac.cz/2012/06/sed-to-extract-email-addresses-from-file/ sed -e "s/^.\*<\(.*\)>.*$/\1/" /file_with_emails | sort | \\ uniq | tr "[:upper:]" "[:lower:]" PS: Filip, he’s terribly smart, I guess the only one to read my blog, pointed out the following one-liner: sed -nr "s/.*<([A-Z0-9._%-+]+@[A-Z0-9.-]+\.[A-Z]{2,4})>.*/\L\1/pi" \\ file_with_emails | sort -u Comments: Filip - Jun 4, 2012 Hi. This one does the lowercase conversion immediately and lists only e-mails in a valid format. sed -nr "s/.*.*/\L\1/pi" file_with_emails | sort -u Filip - Jun 4, 2012 https://www.hrbac.cz/2012/05/get-vm-ethernet-info-and-state/ Tue, 22 May 2012 08:57:29 +0000 https://www.hrbac.cz/2012/05/get-vm-ethernet-info-and-state/ PowerCLI > Get-VM -Name builder2 | Get-NetworkAdapter| Format-List -Property \* MacAddress : 00:50:56:90:34:9d WakeOnLanEnabled : True NetworkName : Network 158.196.149.0 Type : e1000 ParentId : VirtualMachine-vm-4650 Parent : builder2 Uid : /VIServer=administrator@vcs1.vsb.cz:443/VirtualMachine=Virtu alMachine-vm-4650/NetworkAdapter=4000/ ConnectionState : Connected, GuestControl, StartConnected ExtensionData : VMware.Vim.VirtualE1000 Id : VirtualMachine-vm-4650/4000 Name : Network adapter 1 https://www.hrbac.cz/2012/05/disconnect-all-mounted-cd-roms-in-vmware-cluster/ Tue, 22 May 2012 08:55:44 +0000 https://www.hrbac.cz/2012/05/disconnect-all-mounted-cd-roms-in-vmware-cluster/ PowerCLI > Get-VM | Get-CDDrive | Set-CDDrive -NoMedia -Confirm:$false https://www.hrbac.cz/2012/05/get-vms-with-disconnected-virtual-ethernet/ Tue, 22 May 2012 08:52:34 +0000 https://www.hrbac.cz/2012/05/get-vms-with-disconnected-virtual-ethernet/ PowerCLI > Get-NetworkAdapter (get-vm | where {$\_.powerstate -eq “poweredon”}) | Where { $\_.connectionstate.connected -eq “$null” } | select parent, connectionstate Parent ConnectionState ------ --------------- licenser NotConnected, GuestControl, NoStartC... https://www.hrbac.cz/2012/05/centos-6-public-key-authentication-fix/ Sat, 12 May 2012 21:18:05 +0000 https://www.hrbac.cz/2012/05/centos-6-public-key-authentication-fix/ Due to SELinux enabled we are not able to use public key authentication on Centos 6. Here is the quick fix: test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized\_keys https://www.hrbac.cz/2012/04/generating-passwords-with-/dev/random/ Tue, 24 Apr 2012 18:28:20 +0000 https://www.hrbac.cz/2012/04/generating-passwords-with-/dev/random/ One-liner to generate passwords, lock files, etc. watch -n5 'cat /dev/urandom | tr -dc \[:alnum:\] | head -c12; echo' https://www.hrbac.cz/2012/04/powercli-to-add-vlan-to-vmware-cluster/ Thu, 19 Apr 2012 11:12:29 +0000 https://www.hrbac.cz/2012/04/powercli-to-add-vlan-to-vmware-cluster/ One-liner to add VLANs to the all hosts within vSphere cluster: Get-Cluster "CIT Cluster" | Get-VMHost | Get-VirtualSwitch -name vSwitch0 | New-VirtualPortGroup -name "Networking - Vlan80" -VLanId 80 https://www.hrbac.cz/2012/04/create-esxi-4.0-usb-stick-with-dd-on-linux/ Sun, 15 Apr 2012 12:20:43 +0000 https://www.hrbac.cz/2012/04/create-esxi-4.0-usb-stick-with-dd-on-linux/ These are the steps to create ESX 4.0 USB stick: mount -o loop VMware-VMvisor-Installer-4.0.0.update04-504850.x86\64.iso /mnt/ cp /mnt/image.tgz . tar xvzf image.tgz bunzip2 usr/lib/vmware/installer/VMware-VMvisor-big-4.0.0-504850-x86_64.dd.bz2 dd if=usr/lib/vmware/installer/VMware-VMvisor-big-4.0.0-504850-x86_64.dd of=/dev/sdb rm -r usr umount /mnt https://www.hrbac.cz/2012/04/create-esxi-4.1-usb-stick-with-dd-on-linux/ Sun, 15 Apr 2012 10:18:26 +0000 https://www.hrbac.cz/2012/04/create-esxi-4.1-usb-stick-with-dd-on-linux/ These are the steps to create ESX 4.1 USB stick: mount -o loop VMware-VMvisor-Installer-4.1.0.update02-502767.x86\_64.iso /mnt/ cp /mnt/imagedd.bz2 . bunzip2 imagedd.bz2 dd if=imagedd of=/dev/sdb rm imagedd umount /mnt Comments: saurin - Sep 3, 2012 Is this procedure creates the ESXi 4.1 installation USB? David Hrbáč - Dec 6, 2012 Not sure. As to 5.0, there’s no need to create boot-able USB stick this way. Vmware installer works smoothly… https://www.hrbac.cz/2012/04/sed-oneliner-to-change-centos-4-repos-to-vault.centos.org/ Thu, 05 Apr 2012 15:13:07 +0000 https://www.hrbac.cz/2012/04/sed-oneliner-to-change-centos-4-repos-to-vault.centos.org/ Centos 4 is now EOLed. You should upgrade or remove your 4.x server from production. Since EOL all repositories have been moved to vault.centos.org. Yum is not working any more because of that. Here is my quick and dirty solution. sed "s/\/mirror\.centos\.org\/centos/\/vault\.centos\.org/g;\ s/^#baseurl/baseurl/g;\ s/^mirrorlist/#mirrorlist/g;\ s/\$releasever/4\.9/g" /etc/yum.repos.d/CentOS-Base.repo -i.bak sed "s/\/mirror\.centos\.org\/centos/\/vault\.centos\.org/g;\ s/^#baseurl/baseurl/g;\ s/^mirrorlist/#mirrorlist/g;\ s/\$releasever/4\.9/g" /etc/yum.repos.d/CentOS-fasttrack.repo -i.bak https://www.hrbac.cz/2012/03/fdupes-to-remove-duplicate-files-on-linux/ Thu, 29 Mar 2012 14:12:45 +0000 https://www.hrbac.cz/2012/03/fdupes-to-remove-duplicate-files-on-linux/ Quick and dirty solution to remove all duplicate files but one: yes 1 | fdupes -rd /path/to/folder Comments: David Hrbáč - Apr 4, 2012 Filip, Thanks, going to push a new spec file to RepoForge. DH Filip - Mar 5, 2012 Hi Dave. Thanks for this tip on a useful sysutil. The following cmdline options were good to me but it may depend on your fdupes version. See below. root@ulicnik.ulice:/# fdupes -rndN /mnt/ root@ulicnik. https://www.hrbac.cz/2012/02/dovecot-0.99.11-9.el4-assertion-failed/ Wed, 15 Feb 2012 11:20:03 +0000 https://www.hrbac.cz/2012/02/dovecot-0.99.11-9.el4-assertion-failed/ A few days back I’m getting this error within /var/log/maillog: file lib.c: line 37 (nearest_power): assertion failed: (num <= ((size_t)1 << (BITS_IN_SIZE_T-1))) We are using the latest dovecot package for EL4: [root@hruska tmp]# rpm -q dovecot dovecot-0.99.11-10.EL4 Package changelog has interesting entry: [root@hruska ~]# rpm -q --changelog dovecot| head * Tue Aug 09 2011 Michal Hlavinka - 0.99.11-10 - fix potential crash when parsing header names that contain NUL characters (#728674) So, let’s go fetch the #728674 entry on https://bugzilla. https://www.hrbac.cz/2012/01/firefox-and-thunderbird-repositories-for-ubuntu-10.10/ Tue, 17 Jan 2012 21:43:41 +0000 https://www.hrbac.cz/2012/01/firefox-and-thunderbird-repositories-for-ubuntu-10.10/ sudo add-apt-repository ppa:mozillateam/firefox-stable sudo add-apt-repository ppa:mozillateam/thunderbird-stable https://www.hrbac.cz/2011/10/add-line-to-the-top-of-files-with-sed/ Tue, 25 Oct 2011 15:20:21 +0000 https://www.hrbac.cz/2011/10/add-line-to-the-top-of-files-with-sed/ One-liner to add line at the beginning of the file(s). find mirrors-* -exec sed -i 1i'http://webmel53.vsb.cz/hrb33/el$releasever/hrb/stable/$basearch/' {} \\; https://www.hrbac.cz/2011/10/ssh-complains-host-id-has-been-changed/ Mon, 24 Oct 2011 10:30:04 +0000 https://www.hrbac.cz/2011/10/ssh-complains-host-id-has-been-changed/ There are situations when host id might be changed a few times during fast, automatic, and massive host deployment. Ssh client begins to complain on changed host id. [root@builder2 ~]# ssh webmel53 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. https://www.hrbac.cz/2011/09/how-to-remove-sw-raid-for-vmware-converter-to-work/ Tue, 20 Sep 2011 06:53:53 +0000 https://www.hrbac.cz/2011/09/how-to-remove-sw-raid-for-vmware-converter-to-work/ VMWare converter is very powerful tool to provide physical to virtual conversion. It’s quite easy to make P2V of Windows base servers. The last versions of VMware Converter claim to support P2V of Linux based servers. This is true, but there are limits. Linux server running sw raid (mdadm) is one of them. Here is breif HOWTO: stop all important services disable these services break the mirror strip mdadm info from the disk change the partition type from fd (Linux raid auto) to 83 (Linux) chroot into single disk instance rename mdadm. https://www.hrbac.cz/2011/04/esx-error-15/ Mon, 18 Apr 2011 09:10:13 +0000 https://www.hrbac.cz/2011/04/esx-error-15/ Esx 4.0/4.1 might be not able to boot after reboot. It happens after update installation. Esx console says: Filesystem type is ext2fs, partition type 0x83 uppermem 819200 kernel /vmlinuz ro root=UUID=ceadc074-b397-adcb-7b7604a8ab4a mem=800M quiet [Linux-bzImage, setup-0x1e00, size=0x179cdc] initrd /initrd.img Error 15: File not found Press any key to continue... Console snapshot: Quick look at usage space: [root@esx8 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda5 4.9G 1.8G 2.9G 38% / /dev/sda2 2. https://www.hrbac.cz/2011/01/text_captcha_numeral-bugs/ Thu, 06 Jan 2011 13:38:59 +0000 https://www.hrbac.cz/2011/01/text_captcha_numeral-bugs/ There are two bugs in Text_CAPTCHA_Numeral Pear Module. Here is the patch. diff -Nuar Text\_CAPTCHA\_Numeral-1.3.0.ok/php-pear-Text-CAPTCHA-Numeral.xml Text\_CAPTCHA\_Numeral-1.3.0/php-pear-Text-CAPTCHA-Numeral.xml --- Text\_CAPTCHA\_Numeral-1.3.0.ok/php-pear-Text-CAPTCHA-Numeral.xml 2010-10-24 04:16:40.000000000 +0200 +++ Text\_CAPTCHA\_Numeral-1.3.0/php-pear-Text-CAPTCHA-Numeral.xml 2010-11-18 23:15:05.000000000 +0100 @@ -43,7 +43,7 @@ - + diff -Nuar Text\_CAPTCHA\_Numeral-1.3.0.ok/Text/CAPTCHA/Numeral.php Text\_CAPTCHA\_Numeral-1.3.0/Text/CAPTCHA/Numeral.php --- Text\_CAPTCHA\_Numeral-1.3.0.ok/Text/CAPTCHA/Numeral.php 2010-10-24 04:16:39.000000000 +0200 +++ Text\_CAPTCHA\_Numeral-1.3.0/Text/CAPTCHA/Numeral.php 2010-11-18 23:13:58.000000000 +0100 @@ -355,7 +355,7 @@ \*/ private function setOperation($type = null) { - if (!stristr($type, 'F')) { + if (stristr($type, 'F')) { $this->operation = $this->getFirstNumber() . https://www.hrbac.cz/2011/01/dnsbl-for-horde/ Wed, 05 Jan 2011 09:57:46 +0000 https://www.hrbac.cz/2011/01/dnsbl-for-horde/ Here we go with a small patch to implement DNSBL for Horde. I have again used PEAR package, this time it is the Net_DNSBL, and as usually CentOS package is in my repos - http://fs12.vsb.cz/hrb33/el5/hrb/stable/i386/repoview/php-pear-Net-DNSBL.html. The first patch is the important one. We let the attacker to log in, just to make sure he/she owns valid stolen credentials. \--- imp/lib/Auth/imp.php.orig 2011-01-05 10:21:05.224155622 +0100 +++ imp/lib/Auth/imp.php 2011-01-05 10:39:24.699438519 +0100 @@ -146,6 +146,36 @@ return false; } + # DNSBL START + ini\_set('include\_path', ini\_get('include\_path'). https://www.hrbac.cz/2010/12/captcha-for-horde/ Wed, 15 Dec 2010 12:22:54 +0000 https://www.hrbac.cz/2010/12/captcha-for-horde/ Here is small patch to implement captcha on Horde login page. We have implemeteded Text_CAPTCHA_Numeral. Package for Centos is here: http://fs12.vsb.cz/hrb33/el5/hrb/stable/i386/repoview/php-pear-Text-CAPTCHA-Numeral.html. Here is the patch. \--- horde-webmail-1.2.8.orig/imp/login.php 2010-10-25 17:10:05.000000000 +0200 +++ horde-webmail-1.2.8/imp/login.php 2010-11-30 17:36:27.571023703 +0100 @@ -398,6 +398,7 @@ $t->set('user\_vinfo', Horde::callHook('\_imp\_hook\_vinfo', array('vdomain'), 'imp')); } $t->set('password\_tabindex', ++$tabindex); +$t->set('captch\_tabindex', ++$tabindex); $t->set('change\_smtphost', (!empty($conf\['server'\]\['change\_smtphost'\]))); if ($t->get('change\_smtphost')) { @@ -446,7 +447,16 @@ 'var imp\_auth = ' . intval($imp\_auth), 'var nomenu = ' . intval(empty($conf\['menu'\]\['always'\])), )); -echo $t->fetch(IMP\_TEMPLATES . https://www.hrbac.cz/2010/10/hunting-the-root-kits/ Thu, 14 Oct 2010 08:06:05 +0000 https://www.hrbac.cz/2010/10/hunting-the-root-kits/ Within Linux mailing list there has been post on hacked Linux box. We have recommended root kit scan. There are two important tools on Linux now, rkhunter and chkrootkit. [root@box ~]# chkrootkit ROOTDIR is '/' Checking 'amd'... not found Checking 'basename'... not infected Checking 'biff'... not found Checking 'chfn'... not infected Checking 'chsh'... not infected Checking 'cron'... not infected Checking 'crontab'... not infected Checking 'date'... not infected Checking 'du'... not infected Checking 'dirname'. https://www.hrbac.cz/2010/08/avgd-stops-listening-on-port-54322/ Mon, 30 Aug 2010 08:08:44 +0000 https://www.hrbac.cz/2010/08/avgd-stops-listening-on-port-54322/ Last days I’m experiencing avgd not responding. Avgd stops to listen on port 54322, amavisd-new timeouts on talking to AV. Mails are being held and queue is slowly increasing its number. It’s strange, that I’m experiencing it not only on one production system… Aug 29 04:59:46 rakosnicek amavis\[25940\]: (25940-01-5) (!)AVG Anti-Virus av-scanner FAILED: run\_av error: Too many retries to talk to 127.0.0.1:54322 (timed out) at (eval 111) line 373.\\n It seems working after changing a little bit AVG configuration with following values: https://www.hrbac.cz/2010/03/firefox-3.6.2-and-thunderbird-3.0.3-for-centos-5.4/ Wed, 24 Mar 2010 09:08:58 +0000 https://www.hrbac.cz/2010/03/firefox-3.6.2-and-thunderbird-3.0.3-for-centos-5.4/ It’s a quite long time I have announced Firefox 3.6 and Thunderbird 3.0 packages for CentOS 5. Announcement has been submitted via CentOS mail-list. See http://lists.centos.org/pipermail/centos-devel/2010-February/005416.html and http://lists.centos.org/pipermail/centos/2010-February/090418.html. Packages have been tested by users and have been always within the testing repository only. Today I’m pushing new firefox 3.6.2 into the stable repository together with xulrunner, mozilla-filesystem, and thunderbird. Packages are to be found here: http://fs12.vsb.cz/hrb33/el5/hrb/stable/i386/repoview/ http://fs12.vsb.cz/hrb33/el5/hrb/stable/x86_64/repoview/ https://www.hrbac.cz/2010/02/nagios-and-dpt-i2o-raidutils-raidutil-check/ Fri, 05 Feb 2010 08:24:49 +0000 https://www.hrbac.cz/2010/02/nagios-and-dpt-i2o-raidutils-raidutil-check/ We do check our production boxes with hardware raid cards on raid status. We are using our script to call raidutil, which is running fine, but not under nagios user. Permissions for the files are as follows: -rwxr-xr-x 1 root root 254708 Aug 20 2008 raideng -rwxr-xr-x 1 root root 255880 Aug 20 2008 raidutil Solution is to add proper rights to utils with: chmod u+s raid* It should look like this: https://www.hrbac.cz/2010/02/sed-to-correct-path-lines/ Thu, 04 Feb 2010 12:22:56 +0000 https://www.hrbac.cz/2010/02/sed-to-correct-path-lines/ Sed one-liner to change correct paths. Before: php_admin_value open_basedir /srv/www/www.domena.tld/www After: php_admin_value open_basedir /srv/www/www.domena.tld Sed script: sed -i "s/\(.*\)php_admin_value open_basedir \(.*\)\/www$/\1php_admin_value open_basedir \2/g" /etc/httpd/conf/httpd.conf https://www.hrbac.cz/2010/02/upgrade-davical-0.9.7.2-to-0.9.8/ Wed, 03 Feb 2010 09:54:31 +0000 https://www.hrbac.cz/2010/02/upgrade-davical-0.9.7.2-to-0.9.8/ DAViCal upgrade is quite easy: [root@fs12 html] wget http://debian.mcmillan.net.nz/packages/davical/davical_0.9.8.orig.tar.gz [root@fs12 html] tar xvzf davical_0.9.8.orig.tar.gz [root@fs12 html] cd davical-0.9.8.orig/dba [root@fs12 dba] su postgres bash-3.00$ ./update-davical-database The database is version 8.1 currently at revision 1.2.5. Applying patch 1.2.6.sql ... succeeded. Applying patch 1.2.7.sql ... succeeded. Successfully applied 2 patches. Supported locales updated. Updated view: dav_principal.sql applied. CalDAV functions updated. RRULE functions updated. Database permissions updated. bash-3.00$ exit [root@fs12 html] ln -s davical-0.9.8.orig davical That’s all. https://www.hrbac.cz/2010/02/squirrelmail-and-safe-mode/ Mon, 01 Feb 2010 21:18:41 +0000 https://www.hrbac.cz/2010/02/squirrelmail-and-safe-mode/ chown apache: /etc/squirrelmail/* chown apache: -R /var/lib/squirrelmail/ chown apache: -R /usr/share/squirrelmail chown apache: -R /var/spool/squirrelmail/attach/ cd /usr/share/squirrelmail/plugins/ wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fcompatibility-2.0.15-1.0.tar.gz tar xvzf compatibility-2.0.15-1.0.tar.gz cd /usr/share/squirrelmail/plugins/compatibility patch -p0 < patches/compatibility_patch-1.4.8.diff chown apache: -R /usr/share/squirrelmail cd /usr/share/squirrelmail/plugins/ wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fmsg_flags-1.4.20-1.4.3.tar.gz tar xvzf msg_flags-1.4.20-1.4.3.tar.gz cd /usr/share/squirrelmail/plugins/msg_flags patch -p0 < patches/msg_flags-squirrelmail-1.4.3a.diff chown apache: -R /usr/share/squirrelmail #safemode php_admin_value safe_mode_include_dir /usr/share/pear/ php_admin_value safe_mode_exec_dir /usr/share/squirrelmail php_admin_value open_basedir "/usr/share/pear/:/usr/share/squirrelmail/:/var/lib/squirrelmail/prefs/:/etc/squirrelmail/:/var/spool/squirrelmail/attach/" --- class/deliver/Deliver.class.php.orig 2010-01-30 23:22:20.000000000 +0100 +++ class/deliver/Deliver.class.php 2010-01-30 23:22:39.000000000 +0100 @@ -430,7 +430,7 @@ if (isset($encode_header_key) && trim($encode_header_key)! https://www.hrbac.cz/2010/02/zoner-antivirus-with-amavisd-new/ Mon, 01 Feb 2010 21:05:04 +0000 https://www.hrbac.cz/2010/02/zoner-antivirus-with-amavisd-new/ Today I have decided to test Amavisd-new with free Zoner Antivirus for Linux. First of all you have to download the package, (test it), install, and change the ownership. Then edit the configuration. wget http://update.zonerantivirus.com/download/zav-1.2.2-redhat-i586.rpm --nodeps rpm -Uhv zav-1.2.2-redhat-i586.rpm --test rpm -Uhv zav-1.2.2-redhat-i586.rpm chown amavis: /opt/zav -R chown amavis: /var/run/zav -R vi /etc/zav/zavd.conf So, we have changed the ownership. Now we have to change the daemon user to amavis too. https://www.hrbac.cz/2010/01/send-file-as-attachment-from-commnad-line/ Mon, 18 Jan 2010 13:04:28 +0000 https://www.hrbac.cz/2010/01/send-file-as-attachment-from-commnad-line/ There’s an easy way of sending files as attachment from command line: uuencode file name | mail -s "Subject" "to@tld.cz" -- -ffrom@tld.cz Yes, there is double hyphen and -f before the from email address. https://www.hrbac.cz/2009/10/pure-ftpd-with-geoip/ Fri, 16 Oct 2009 15:31:48 +0000 https://www.hrbac.cz/2009/10/pure-ftpd-with-geoip/ During the last few weeks we are experiencing compromised FTP accounts within our production. These accounts seem to be stolen from infected Windows client machines, infected by malware or trojans. As far as I know the issues, everyone of them is using Total Commander… TC seems to save the credentials in plain text form, unencrypted. Fine. I have been going through pure-ftpd log to gather ips that had been used to upload files. https://www.hrbac.cz/2009/10/avg-8.5-with-amavisd-new/ Tue, 13 Oct 2009 13:35:31 +0000 https://www.hrbac.cz/2009/10/avg-8.5-with-amavisd-new/ Amavisd-new is a quite powerful tool capable to co-operate with a large amount of AV scanners. Today I have decided to test it with free AVG Antivirus for Linux. First of all you have to download the package, (test it), install, and change the ownership. Then edit the configuration. wget http://download.avgfree.com/filedir/inst/avg85flx-r287-a2632.i386.rpm rpm -Uhv avg85flx-r287-a2632.i386.rpm --test rpm -Uhv avg85flx-r287-a2632.i386.rpm chown amavis: /opt/avg -R vi /opt/avg/avg8/etc/init.d/avgdinit.conf So, we have changed the ownership. Now we have to change the daemon user to amavis too. https://www.hrbac.cz/2009/09/benchmarking-php-with-apc-memcached/ Wed, 23 Sep 2009 07:56:43 +0000 https://www.hrbac.cz/2009/09/benchmarking-php-with-apc-memcached/ As we are very extensively using techniques to speed up web applications we build or host, I’d like to share some benchmarks. One of our clients is running site on our machines which is using SOAP/WSDL to get data. The application is extremely slow, result are very poor. Apache is able to server this webapp within cca 23 pages per second, which is bad. Here are the ab results: [root@webmel4 ~]# ab -n 400 -c 5 http://beta. https://www.hrbac.cz/2009/09/vim-macro-to-add-changelog-entry-within-spec-file/ Tue, 22 Sep 2009 14:21:03 +0000 https://www.hrbac.cz/2009/09/vim-macro-to-add-changelog-entry-within-spec-file/ Editing spec files is somewhat time-consuming repetitive task. It’s good to add a change log entry every time you rebuild srpm package. One can do it typing it all over the times. Someone can use the maco. I do use this one: nmap ,cl /%changelog<CR>:r!date +'\%a \%b \%d \%Y'<CR>0i* <ESC>$a David Hrbáč <my@email.tld> - Simply add this line to you .vimrc file. Comments: Yury V. Zaytsev - Oct 4, 2011 https://www.hrbac.cz/2009/07/running-yum-3.2.8-on-centos-4.7-part-ii./ Thu, 09 Jul 2009 13:30:39 +0000 https://www.hrbac.cz/2009/07/running-yum-3.2.8-on-centos-4.7-part-ii./ Today I have looked again at yum 3.2.8 on Centos 4. I wanted everything to clean up, go back to unittests again. I have backported python-nose and started to clean up the source. Finally I had to make all yum tests python 2.3 compatible. Here is the result: [root@build-c4-i386 yum-3.2.8\]# make test .............................................................................................................................................................. ---------------------------------------------------------------------- Ran 158 tests in 0.889s OK As you can see, all tests have passed. And as usual packages are available within my testing repo. https://www.hrbac.cz/2009/03/running-yum-3.2.8-on-centos-4.7/ Tue, 03 Mar 2009 22:20:15 +0000 https://www.hrbac.cz/2009/03/running-yum-3.2.8-on-centos-4.7/ Today I spent a few hours testing and backporting yum-3.2.8 from CentOS 5.2 to CentOS 4.7. It wasn’t so hard to backport. Most of the time I have spent on testing and searching. Code is patched to allow sets, which are supported in python 2.3 :o) and that’s almost all. Final rpms are available for testing here: http://fs12.vsb.cz/hrb33/el4/hrb/testing/i386/repoview/ http://fs12.vsb.cz/hrb33/el4/hrb/testing/x86_64/repoview/ [root@webmel4 ~]# yum update yum Loading "fastestmirror" plugin Loading "installonlyn" plugin Setting up Update Process Setting up repositories Loading mirror speeds from cached hostfile Reading repository metadata in from local files Reducing CentOS. https://www.hrbac.cz/2009/02/nmap-to-get-web-server-info/ Thu, 12 Feb 2009 20:10:41 +0000 https://www.hrbac.cz/2009/02/nmap-to-get-web-server-info/ I realized that nmap can be used to get info about web server. Informations about servers are easy to read via header. Admins tend to mask actual product or version the web is running on. So, then nmap comes to play with. [root@kremilek ~]# nmap -sV -P0 -p80 www.idnes.cz Starting Nmap 4.20 ( http://insecure.org ) at 2009-02-12 21:03 CET Interesting ports on c1.idnes.cz (194.79.52.192): PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS webserver 6. https://www.hrbac.cz/2009/02/call-to-undefined-function-load_config-squirrelmail-1.4.8-5.el4.centos.3/ Mon, 09 Feb 2009 17:54:39 +0000 https://www.hrbac.cz/2009/02/call-to-undefined-function-load_config-squirrelmail-1.4.8-5.el4.centos.3/ During one of my squirrelmail upgrades I have discovered strange behavior. Users were able to login, but only blank page had appeared. I have found this in log: [Mon Feb 09 18:29:10 2009] [error] [client 89.103.46.115] PHP Fatal error: Call to undefined function load_config() in /usr/share/squirrelmail/plugins/change_sqlpass/functions.php on line 326, referer: http://blabla.blabla.tld/src/login.php change_sqlpass pluging needs compatibility plugin to run. So here is the patch: --- ../../functions/strings.php.orig 2006-08-11 04:15:43.000000000 -0700 +++ ../../functions/strings.php 2006-09-01 06:11:03. https://www.hrbac.cz/2008/09/virtual-disk-provisioning/ Mon, 08 Sep 2008 08:36:17 +0000 https://www.hrbac.cz/2008/09/virtual-disk-provisioning/ /usr/sbin/vmkfstools -i testfed.vmdk -d thin tmp.vmdk /usr/sbin/vmkfstools -E tmp.vmdk testfed.vmdk https://www.hrbac.cz/2008/05/remove-old-kernels/ Thu, 22 May 2008 13:49:30 +0000 https://www.hrbac.cz/2008/05/remove-old-kernels/ Simple way to remove all but one kernel: if [ $(rpm -q kernel | wc -l) -gt 1 ]; then rpm -e $(rpm -q kernel | sed '$d'); fi if [ $(rpm -q kernel-smp | wc -l) -gt 1 ]; then rpm -e $(rpm -q kernel-smp | sed '$d'); fi https://www.hrbac.cz/2008/04/openssh5-on-centos-5/ Mon, 14 Apr 2008 15:14:12 +0000 https://www.hrbac.cz/2008/04/openssh5-on-centos-5/ I have rebuilt OpenSSH RPMs for CentOS 5. They seem :o) to work pretty well. Files are located here: http://fs12.vsb.cz/hrb33/el5/hrb-ssh/stable/i386/ http://fs12.vsb.cz/hrb33/el5/hrb-ssh/stable/x86_64/ https://www.hrbac.cz/2008/03/kickstart-encrypted-password/ Thu, 06 Mar 2008 17:02:38 +0000 https://www.hrbac.cz/2008/03/kickstart-encrypted-password/ Easy way to create encrypted password for kickstart: perl -e 'print crypt("password", "Xa") . "\\n";'p https://www.hrbac.cz/2008/02/enable-installonlyn-on-centos-4.x/ Tue, 12 Feb 2008 20:10:52 +0000 https://www.hrbac.cz/2008/02/enable-installonlyn-on-centos-4.x/ Easy way to enable: yum -y install yum-utils; cp -p /usr/share/doc/yum-utils-0.5/plugins/installonlyn/installonlyn.conf /etc/yum/pluginconf.d/; cp -p /usr/share/doc/yum-utils-0.5/plugins/installonlyn/installonlyn.py /usr/lib/yum-plugins/