Centos 6 public key authentication fix

Due to SELinux enabled we are not able to use public key authentication on Centos 6. Here is the quick fix:

test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized\_keys

Sed oneliner to change Centos 4 repos to vault.centos.org

Centos 4 is now EOLed. You should upgrade or remove your 4.x server from production. Since EOL all repositories have been moved to vault.centos.org. Yum is not working any more because of that. Here is my quick and dirty solution.

sed "s/\/mirror\.centos\.org\/centos/\/vault\.centos\.org/g;\
s/\$releasever/4\.9/g" /etc/yum.repos.d/CentOS-Base.repo -i.bak

sed "s/\/mirror\.centos\.org\/centos/\/vault\.centos\.org/g;\
s/\$releasever/4\.9/g" /etc/yum.repos.d/CentOS-fasttrack.repo -i.bak
centos  sed 

dovecot-0.99.11-9.EL4 - assertion failed

A few days back I’m getting this error within /var/log/maillog: file lib.c: line 37 (nearest_power): assertion failed: (num <= ((size_t)1 << (BITS_IN_SIZE_T-1))) We are using the latest dovecot package for EL4: [root@hruska tmp]# rpm -q dovecot dovecot-0.99.11-10.EL4 Package changelog has interesting entry: [root@hruska ~]# rpm -q --changelog dovecot| head * Tue Aug 09 2011 Michal Hlavinka - 0.99.11-10 - fix potential crash when parsing header names that contain NUL characters (#728674) So, let’s go fetch the #728674 entry on https://bugzilla. [Read More]

DNSBL for Horde

Here we go with a small patch to implement DNSBL for Horde. I have again used PEAR package, this time it is the Net_DNSBL, and as usually CentOS package is in my repos - http://fs12.vsb.cz/hrb33/el5/hrb/stable/i386/repoview/php-pear-Net-DNSBL.html. The first patch is the important one. We let the attacker to log in, just to make sure he/she owns valid stolen credentials. \--- imp/lib/Auth/imp.php.orig 2011-01-05 10:21:05.224155622 +0100 +++ imp/lib/Auth/imp.php 2011-01-05 10:39:24.699438519 +0100 @@ -146,6 +146,36 @@ return false; } + # DNSBL START + ini\_set('include\_path', ini\_get('include\_path'). [Read More]
centos  horde  mail  php 

Captcha for Horde

Here is small patch to implement captcha on Horde login page. We have implemeteded Text_CAPTCHA_Numeral. Package for Centos is here: http://fs12.vsb.cz/hrb33/el5/hrb/stable/i386/repoview/php-pear-Text-CAPTCHA-Numeral.html. Here is the patch. \--- horde-webmail-1.2.8.orig/imp/login.php 2010-10-25 17:10:05.000000000 +0200 +++ horde-webmail-1.2.8/imp/login.php 2010-11-30 17:36:27.571023703 +0100 @@ -398,6 +398,7 @@ $t->set('user\_vinfo', Horde::callHook('\_imp\_hook\_vinfo', array('vdomain'), 'imp')); } $t->set('password\_tabindex', ++$tabindex); +$t->set('captch\_tabindex', ++$tabindex); $t->set('change\_smtphost', (!empty($conf\['server'\]\['change\_smtphost'\]))); if ($t->get('change\_smtphost')) { @@ -446,7 +447,16 @@ 'var imp\_auth = ' . intval($imp\_auth), 'var nomenu = ' . intval(empty($conf\['menu'\]\['always'\])), )); -echo $t->fetch(IMP\_TEMPLATES . [Read More]
centos  horde  php 

Hunting the root kits

Within Linux mailing list there has been post on hacked Linux box. We have recommended root kit scan. There are two important tools on Linux now, rkhunter and chkrootkit. [root@box ~]# chkrootkit ROOTDIR is '/' Checking 'amd'... not found Checking 'basename'... not infected Checking 'biff'... not found Checking 'chfn'... not infected Checking 'chsh'... not infected Checking 'cron'... not infected Checking 'crontab'... not infected Checking 'date'... not infected Checking 'du'... not infected Checking 'dirname'. [Read More]

Firefox 3.6.2 and Thunderbird 3.0.3 for CentOS 5.4

It’s a quite long time I have announced Firefox 3.6 and Thunderbird 3.0 packages for CentOS 5.

Announcement has been submitted via CentOS mail-list. See http://lists.centos.org/pipermail/centos-devel/2010-February/005416.html and http://lists.centos.org/pipermail/centos/2010-February/090418.html. Packages have been tested by users and have been always within the testing repository only.

Today I’m pushing new firefox 3.6.2 into the stable repository together with xulrunner, mozilla-filesystem, and thunderbird. Packages are to be found here: http://fs12.vsb.cz/hrb33/el5/hrb/stable/i386/repoview/ http://fs12.vsb.cz/hrb33/el5/hrb/stable/x86_64/repoview/

Upgrade DAViCal to 0.9.8

DAViCal upgrade is quite easy: [root@fs12 html] wget http://debian.mcmillan.net.nz/packages/davical/davical_0.9.8.orig.tar.gz [root@fs12 html] tar xvzf davical_0.9.8.orig.tar.gz [root@fs12 html] cd davical-0.9.8.orig/dba [root@fs12 dba] su postgres bash-3.00$ ./update-davical-database The database is version 8.1 currently at revision 1.2.5. Applying patch 1.2.6.sql ... succeeded. Applying patch 1.2.7.sql ... succeeded. Successfully applied 2 patches. Supported locales updated. Updated view: dav_principal.sql applied. CalDAV functions updated. RRULE functions updated. Database permissions updated. bash-3.00$ exit [root@fs12 html] ln -s davical-0.9.8.orig davical That’s all. [Read More]