Oct 02 2009
OpenSSL deserves a lot of credit. It is an extremely useful, valuable Open Source project. When
people talk about how successful Apache is, rock-solid crypto toolkits like OpenSSL and OpenSSH should
also be mentioned. Here are a few (of the many) functions that I have found useful, along with examples of
how to use them:
Jun 18 2007
If you find that someone has done a recursive chmod or chown on a server, don’t fret. You can set almost everything back to its original permissions and ownership by doing the following:
rpm -qa | xargs rpm –setperms –setugids
Depending on how many packages are installed as well as the speed of your disk I/O, this may take a while to complete.
No Comments »
Comments Off
Jun 05 2007
So, I was checking some message boards and I noticed that I was running an old version of webmin. I noticed that the version i was running was also flagged as a version that could be exploited.
So I downloaded the new RPM from source forge and tried to install it with
rpm -Uvh webmin.version.rpm
to upgrade and got this error message.
Why does this happen?
When rpm accesses the Berkeley database files, it makes temporary locker entries within the tables while it searches for data. If you control-c your rpm processes often, this issue will occur much sooner because the locks are never cleared.
rpmdb: Lock table is out of available locker entries
error: db4 error(22) from db->close: Invalid argument
error: cannot open Packages index using db3 - Cannot allocate memory (12)
error: cannot open Packages database in /var/lib/rpm
I tried to rebuild the db using rpm –rebuilddb and I basically got the same errors. This kind of sucked but I found the solutions.
Make a backup of /var/lib/rpm in case you break something:
tar cvzf rpmdb-backup.tar.gz /var/lib/rpm
Remove the Berkeley databases that rpm uses:
rm /var/lib/rpm/__db.00*
Make rpm rebuild the databases from scratch (may take a short while):
rpm –rebuilddb
Now, check rpm to make sure everything is okay:
rpm -qa | sort
After I did the above my rpm database was fine and I was able to install my webmin . :)
Comments Off
Apr 25 2007
Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn’t have a “ps -ef” loop running in an attempt to capture that sensitive info (though some applications mask passwords in “ps” output). There is a program called “shc” that can be used to add an extra layer of security to those shell scripts. SHC will encrypt shell scripts using RC4 and make an executable binary out of the shell script and run it as a normal shell script. This utility is great for programs that require a password to either encrypt, decrypt, or require a password that can be passed to a command line argument.
Download shc (http://www.datsi.fi.upm.es/~frosal/) and untar it:
tar -xzvf shc-X.X.tgz
cd shc-X.X/
make
make install
A binary named “shc” will be created along with some test programs. Let’s give it a try.
Create a file called: “script.sh” and add the following contents:
############################### script.sh ##############################
#!/bin/sh
echo “I love Duane’s articles and will send him a donation via PayPal.”
############################### script.sh ##############################
Now run the command:
shc -f script.sh
The switch “-f” specifies the source script to encrypt. The above command will create two files: script.sh.x.c and script.sh.x.
The program “shc” creates C source code out of your shell script then encrypts it (script.sh.x.c). The encrypted shell script is: script.sh.x. Run that binary and see the output:
./script.sh.x
I love Duane’s articles and will send him a donation via PayPal.
Now copy the original “script.sh” file to a floppy disk or some other system for backup or in case you need to edit it in the future. Then, delete it from the server and delete the “script.sh.x.c” file it creates.
Neat feature
You can also specify a time limit on the shell script so that it will no longer execute after a certain date and you can specify a custom message to echo back to the user. Run this command on the “script.sh” file we created earlier in this tut:
shc -e 09/10/2004 -m “Dude it is too late to run this script.” -f script.sh
./script.sh.x
./script.sh.x has expired!
Dude it is too late to run this script.
In the above command the date October 9, 2004 is set as the expiration date (-e 09/10/2004) and the custom message was set to display to the user (-m “Dude it is too late to run this script.”) when the binary is executed. Note the date format is dd/mm/yyyy.
Check out the man pages for more info on “shc”. Remember that the binary is only encrypted on the local system. If you encrypt a script that transmits sensitive information in clear text across a network, you will need some other encrypted communication channel to transmit that information.
Comments Off
Apr 25 2007
Today I was writing some scripts, and in every script I wanted something to handle all input arguments, in a good way, so I could pass my arguments in any order and my program would know about it.
I used ‘getopts’ before, but this time I decided to write some stuff here about it.
Let me show you how useful it can be:
Let’s suppose that I’m writing a test script, that needs, as argument, the type of the test, the server, the server root password and for debugging purpose we’re going to have a verbose flag too. So, putting it down:
Ok, now how we’re going to write this script and parse these arguments? We can use the harder way, fixing an order and parsing it by hand at the script, something like this:
salveti@evalap /tmp/scripts $ cat test_script.sh
#!/bin/bash
# Argument order = -t test -r server -p password -v
TEST=$2
SERVER=$4
PASSWD=$6
if [[ $# -gt 6 ]]
then
VERBOSE=1
else
VERBOSE=2
fi
Alright, this works, but if you want to run the script with the arguments in a different way? Or if you forget and put it in the right order? It’ll not work, so, this is an ugly solution.
Ok, but how can you deal with arguments not worrying about the order and if needs an argument or not? Getopts is the answer 
Let’s see how we can write the script using getopts and them we explain how it works.
The new script (it’s bigger, I’ll explain why):
#!/bin/bash
# Argument = -t test -r server -p password -v
usage()
{
cat << EOF
usage: $0 options
This script run the test1 or test2 over a machine.
OPTIONS:
-h Show this message
-t Test type, can be ‘test1′ or ‘test2′
-r Server address
-p Server root password
-v Verbose
EOF
}
TEST=
SERVER=
PASSWD=
VERBOSE=
while getopts “ht:r:p:v” OPTION
do
case $OPTION in
h)
usage
exit 1
;;
t)
TEST=$OPTARG
;;
r)
SERVER=$OPTARG
;;
p)
PASSWD=$OPTARG
;;
v)
VERBOSE=1
;;
?)
usage
exit
;;
esac
done
if [[ -z $TEST ]] || [[ -z $SERVER ]] || [[ -z $PASSWD ]]
then
usage
exit 1
fi
In this script I created a usage function, just to help you explaining all arguments.
Then, we can see the getopts’ call while getopts "ht:r:p:v" OPTION, this is the main point of the script, it’s how we deal with arguments using getopts. Getopts require an optstring and a var name, just to help you checking the arguments.
When you call getopts, it will walk in your optstring argument, identifying which argument needs a value and which don’t. After getting an argument, getopts set the OPTION var, so you can check it using a case code block, or something like that. If your argument needs a value, getopts will set the var $OPTARG with the value, so you can check and see if it’s what you were expecting (in this example, check if the test argument is passed with “test1″ or “test2″). Easy hã?
Ok, but what is this “:” doing in the arguments? And why the arguments “h” and “t” are together?
This is an import point of getopts. You can use “:” in two cases, one when you want getopts to deal with argument’s errors, and another to tell getopts which argument needs a value.
First, the error checking. When you pass the arguments to getopts in the optstring, getopts will only check what’s there, so if you pass an argument that’s not listed at optstring getopts will give an error (because it’s not a valid argument). When you put “:” at the beginning of the optstring, “:ht:r:p:v” for example, getopts sets the OPTION var with “?” and the $OPTARG with the wrong character, but no output will be written to standard error; otherwise, the shell variable $OPTARG will be unset and a diagnostic message will be written to standard error (./test_script.sh: illegal option — l, if you pass the argument -l, for example).
Second, how to tell getopts which argument needs a value. When you need an argument that needs a value, “-t test1″ for example, you put the “:” right after the argument in the optstring. If your var is just a flag, withou any additional argument, just leave the var, without the “:” following it.
So, in the example, you can see that I’m leaving the error checking to getopts, the vars “t”, “r”, “p” needs a value and “v” is just a flag.
To finish the script, we have a var checking, just to see if all vars that needs a value are not empty.
And, that’s it. For now, you can try making a new script and playing with it a little, it’s not so hard and can help you very much when writing new scripts 
Comments Off
Feb 13 2007
This is step-by-step how-to install and setup your OpenLDAP server on FC4. This howto also covers managing the LDAP users and GUI/Web tools for managing LDAP users. And for the bonus, I’ll show you how to automatically mount users home folders (with NFS), so they can access theyr home folders from any machine on the network that they logon to.
LDAP is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. LDAP is a “lightweight” (smaller amount of code) version of Directory Access Protocol (DAP), which is part of X.500, a standard for directory services in a network.
Continua”Installing and maintaining an OpenLDAP server for you network”
Comments Off
Jan 10 2007
We all know that ssh is great to allow you to
login to your server using an ssh client.
You also know that you can use ssh to copy
files to your server using scp. for example
scp marquito.tgz marquito@myserver.com:/home/marquito/backups
will copy the file marquito.tgz to myserver.com and put it
under /home/marquito/backups
Continua”Password-less logins with ssh yet another tutorial”
Comments Off
Nov 17 2006
How to increase swap space with a swap file
All of your devices function, and everything is configured just the way you like it. At least you think so, until you start running out of memory when you have OpenOffice.org and lots of browser tabs open simultaneously. You realize you should have specified a larger swap partition during your install. this smiple method of installing gain .swap partition.
Comments Off
Oct 10 2006
Have you ever had the need to use your computer at work while you are at home ?
If you have an SSH server at work and you have a Windows XP machine you can run remote desktop over an SSH tunnel.
You can tunnel all traffic of your Remote Desktop client over an SSH Tunnel to your work computer.
It is not that complicated to setup, for instructions on how this works you can check this link
I had a user at work that needed to use the computer at work to access Excel files on her computer at work, with the above setup I was able to set that person with access to her remote computer at work so she could modify her files as if she was sitting infront of her computer at work.
The only problem I encountered is that Remote Desktop did not provide a way for her to print to her printer at home. Basically she wanted to print some information but the printer was setup on the remote computer. The user had a networked printer at home and wanted to print to that printer.
Remote Desktop allows you to use local printers so when you print something on the remote computer you can printer to your local printer attached to the computer. This user instead had a networked printer which made things a little more difficult.
Until I came across this tip.
You can map serial ports to network printers with this command.
NET USE LPT2 \\server\mfp /PERSISTENT:YES
her printer was on \\192.168.0.99\HP
With that information, I opened a command prompt window and typed
net use lpt2 \\192.168.0.99\HP /persistent:yes
on her local computer and then I logged to the remote computer using Remote Desktop. I was connected and then tried to print
a webpage on the remote computer and when the printer selection window came up, I was able to see the HP printer on the list
of available printers.
This solved the issue of printing locally and also being able to remotely connect to the other computer.
Hope this solution might work for you all.
To disconnect the printer use
NET USE LPT2 /DELETE
Comments Off
Aug 24 2006
Mike Chirico (mchirico@users.sourceforge.net) or (mchirico@comcast.net)
Copyright (C) 2004 (GNU Free Documentation License)
Last Updated: Mon Aug 21 08:53:58 EDT 2006
The latest version of this document can be found at:
http://souptonuts.sourceforge.net/how_to_linux_and_open_source.htm
or text version ( if you have trouble downloading the full document: over 140 pages )
http://prdownloads.sourceforge.net/souptonuts/How_to_Linux_and_Open_Source.txt?download
Comments Off
