Showing user profile of selected author: - Keith Ward
- AIM
- cyberax2195
- MSN
- archer@priorityonline.net
- Skype
- Keith83
Monday, November 7. 2011
Amongst the many things I’ve gotten done today I've managed to revamp the postfix configuration on my server.
After a conversation with a friend (Robert Hyer) a few months ago he suggested I take a look at policyd-weight,
I've managed to convert my system to that with the minimal of fuss, and it actually simplifies the RBL / SPF etc checking, basically the daemon applies a weight (which is customisable) to any incoming email (using RBL Checks, SPF, and HELO/EHLO checks e.t.c.), too high and the mail is dropped with an explanation, otherwise the mail is accepted and pushed onto the system spam checking daemon.
So far it seems to be working quite well, however it doesn't seem to have solved a strange problem I'm having with clamsmtpd/spampd. Some emails (most notably from one specific provider: @exhedra.com are generating queue file write errors - it seems to be a problem with spampd however it only occurs with this one source, its all very odd, I'll look further into it today at some point, but i might have to drop spampd in place of possibly using spamd we'll see.
Ah well, back to finishing some of my todo list!
Have Fun!.
Tuesday, June 28. 2011
I awoke this morning to a rather strange email from rkhunter, for anyone who doesn't know what rkhunter does, its basically a system tool that looks for common rootkit traits or signatures.
CODE: Warning: Checking running processes for suspicious files [ Warning ]
Warning: One or more of these files were found: backdoor, adore.o, mod_rootme.so, phide_mod.o, lbk.ko, vlogger.o, cleaner.o, cleaner, ava, tzava, mod_klgr.o, hydra,
hydra.restore, ras2xm, vobiscum, sshd3, system, t0rnsb, t0rns, t0rnp, rx4u, rx2me, crontab, sshdu, glotzer, holber, xhide, xh, emech, psybnc, mech, httpd.bin,
mh, xl, write, Phantasmagoria.o, lkt.o, nlkt.o
Check the output of the lsof command 'lsof -F n -w -n'
Upon reading this, I started running more checks, but having not found anything and satisfied there was nothing amiss I started to wonder what triggered the alert....
After a bit of further investigation it seems that this warning was triggered by a joomla install - more specifically a user currently viewing the directory contents of plugins/system.
It appears that when running the "running_procs" check, all rkhunter does is check for the existence of specific keywords in lsof, unfortunately it does not seem to distinguish between a directory or file. It also appears that rkhunter's logging for this test omits which item it actually found - the only way I was able to discover which one of the items it had discovered was to do it myself!
I'll probably report this upstream, but I'm leaving this here for future reference.
-Keith
Tuesday, July 6. 2010
Working on some servers recently has made me think about init.d and possibly creating a custom runlevel (e.g. 4), that shuts down everything, but SSH and networking (and its dependencies), and then disables login from anyone but a superuser or somone in a specified group - e.g. Staff,admin etc.
The default runlevel is 2/3 on most systems, with some systems using 5 for X11 and such, Level 1 is Single user, with Levels 0 and 6 being shutdown and reboot respectively.
The idea behind this would mean that maintanence could be conducted remotely on the server, without other daemons, or other users getting in the way - especially if you needed to conduct repairs to /home or /var say, which you can't do while it is in use.
Think of it as a remote users single user mode - but with minimal services like networking and ssh only, for use when you simply can't go to the datacenter and use init 1 (single user mode), and the task you need can be done remotely.
Not sure of the complete picture of how I would go about doing this yet, but it could prove useful for future use, possibly pushing this out via puppet to servers that are managed?
I'll probably look into this at some point, but for now it'll remain an idea.
Keith
Sunday, June 20. 2010
Aparently this has been about for a while, but sudo has the ability to insult you if you type the wrong password.
Its quite nice - works on most systems - all you need to do is edit your sudoers file with visudo, and add the following to the end of the defaults line: insults
(Note the line is comma delimited).
Save the file, and then next time u get your password wrong, you'll get something like:
CODE: [sudo] password for archer:
Have you considered trying to match wits with a rutabaga?
[sudo] password for archer:
My mind is going. I can feel it.
[sudo] password for archer:
I feel much better now.
I found these by accident, whilst searching for the origins of a message sudo was giving, imagine my surprise when I found out it was a feature!
Enjoy!
Keith
Thursday, June 17. 2010
OK, a fix has been released for this problem on OSX (Thunderbird showing double the number of unread mails in the Dock Icon).
If you wish you can view the technical information for this bug at: https://bugzilla.mozilla.org/show_bug.cgi?id=557960.
This bug is fixed in 3.0.5, according to my systems anyways.
-Keith
OK, as everybody who has downloaded something on Snow Leopard knows, for most files you download when you try to open it after downloading, it will pop up a nice little dialog box saying that the file was recently downloaded from the internet and are u sure u want to open it.
Unfortunately this is not strictly neccessary - and is rather annoying for some file types (Especially NZB's).
The fix for this, is to create a plist file inside ~/Library/Preferences called com.apple.DownloadAssessment.plist with either TextWrangler, or the Property list editor.
If you are not comfortable creating plist files by yourself, my DownloadAssessment.plist file can be located here: com.apple.DownloadAssessment.plist, and you can just drop it into Library/Preferences under your Home Directory. (If you wish you can open this with something like TextWrangler, and verify that it looks exactly the same as below.).
The file should contain something similar to the following contents.
CODE: <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>LSRiskCategorySafe</key>
<dict>
<key>LSRiskCategoryContentTypes</key>
<array>
<string>public.xml</string>
</array>
<key>LSRiskCategoryExtensions</key>
<array>
<string>amz</string>
<string>nzb</string>
</array>
</dict>
</dict>
</plist>
NOTE: The amz extension shown above was allready marked as safe - at least on my system (you can remove this however), nzb is the one i have added.
All you need to do is add any file extensions that you don't want to be flagged as at risk, to the LSRiskCategoryExtensions section, and then add the UTI (Uniform Type Identifier) for that file extension to the ContentTypes section (FYI .nzb files are basically XML files hence the public.xml string). Note that if you are using a version of OSX < 10.5, then you can avoid listing every UTI, by simply using public.item as a string - unfortunately in 10.6 at least they changed the way UTI's are handled.
A list of UTI's can be found here: http://developer.apple.com/mac/library/documentation/Miscellaneous/Reference/UTIRef/Articles/System-DeclaredUniformTypeIdentifiers.html
HTH,
Keith
Friday, May 28. 2010
Came across this today - its an interesting illusion, check it out, its actually one image repeated 3 times, but it looks as if its all one image.
http://cyriak.co.uk/blog/?p=102
Wednesday, May 26. 2010
OK,
For anyone who uses irssi and the lastfm.pl script, you may have noticed that the %player variable no longer works (its started returning an empty string) - at least in the current version - the maintainer of the script is aware, and should be pushing the change through as a new version shortly.
Until then you can follow the fix below.
The problem has arisen because last.fm has changed the layout of the page that the script uses to get the information. In order to fix this, edit lastfm.pl and navigate to line 283 it should look like this:
CODE: if ($content =~ m!<div class="scrobblesource">.*?Listening now using (.*?)</div>!) {
Change the line to the following:
CODE: if ($content =~ m!<span class="source">(.*?)</span>!) {
Save it, and then /script unload lastfm and /script load lastfm, and it should start working again.
Hope this helps.
Keith
Tuesday, May 18. 2010
Well, fuck me. RHEL has put its foot into the door and brought itself up to date with the 21st Century.
RHEL 6 I must admit, does look rather good! Don't get me wrong, I'm not a fan of RPM, I much prefer DPKG but the latest data on RHEL6 does peak my interest.
I'm just curious whats going to happen with the distributions forked from this Distribution, ala Centos etc, as theres no mention of a Centos 6 on there site for example.
Im just wondering how long it will be until they bring themselves up to date like allmost every other distribution has. I think that even Redhat has realised now, that theres only so far you can go with backporting stuff from newer kernels, before you have no choice but to upgrade the kernel itself.
Oh well, only time will tell.
Keith
Friday, May 14. 2010
OK guys and gals,
I'm looking for some suggestions on a lasagna dish, that does NOT use white sauce (I hate the stuff).
Found a few ideas, but if anyone has any suggestions feel free 
So far i'm looking at something similar to a cottage pie base (slightly larger hint of tomato tho), with lasagna sheets, herbs, and a couple of cheeses, possibly experimenting with a few other ingredients.
I know some of the people who read this are good cooks, so I'm sure between us we can think up something interesting for me to try
Keith
Saturday, April 10. 2010
OK, this has annoyed me long enough.
I'm in the market for a set of headphones, which don't drive me up the wall!
I used to have a set of something similar to these: Sony H/P MDREX300 but unfortunately they got lost  which is annoying as they were rather good!
The problem is, i have an issue with most in-ear headphones, unfortunately it seems my ear holes are a funny shape, so most in-ear headphones (don't ask about the default apple iphone headset!) fall out of my ears, whether i'm moving or not.
Also, i want to be able to use them with my iphone, so i can make phonecalls while on the move, without struggling to pull my phone out of my pocket every time somone dials my number!
After i lost my previous MDREX300 like headphones, i brought a set of these: Ultimate Ears Metro.fi 170vi Headset. Unfortunately allthough they work, they keep falling out of my damn ears, the sound isn't particularily brilliant either.
Ideally i'm after a new headset that works with the iphone and has okay sound quality, Bluetooth would be nice but is not essential, but atm i just need ones which dont drive me nuts!.
Oh and PS, they shouldn't look like i'm driving around with speakers attached to my head :P, i'm after ones which are discrete here, not ones which make me stand out like a crazyman!
If anyone has any ideas, let me know.
Keith
OK, guys and gals, i've been thinking about possible changing of my blog software away from Serendipity, its not that i dont like Serendipity, i do, but it has some annoyances, and i want something that will let me blog from my mac, or from FF directly, without having to navigate to the blog, login (again!), and then click through to New Entry - every time.
I really don't want to move away from Serendipity, mainly because i abuse quite heavily the Privileges option, and i don't know any other blog software, that lets you selectively hide posts/post categories from specific groups (i.e. unregged/non admin).
I mean i can fix the annoyances, but i'm not sure what solutions there are for #2.
If anyone has any suggestions, let me know.
Keith
Tuesday, March 30. 2010
Just came across this -> http://rt.com/panorama/shukhov-radio-tower-3th-level.html
All i can say is wow, what a view!.
Thursday, March 18. 2010
OK, it appears as though theres an annoying bug in Thunderbird 3.0.3 on OSX.
For some reason Thunderbird, on occasion mis-reports the ammount of unread emails in the badges (i.e. dock, etc). Leading to the badge displaying in some cases double the number of unread emails, as opposed to the correct ammount. (Screenshot: Thunderbird BUG (OSX)).
Browsing the interwebz, i've come accross a bug report for this, which says it has been fixed in git, for 3.0.4: Bug Report @ bugzilla.mozilla.org 551694.
So I guess we just have to wait for 3.0.4 and put up with it till then (even tho it is frustrating when you frequently get over 50 emails a day!), i believe 3.0.4 is targetted for the end of the month, but we shall see .
Keith
OK, so i've had some time today, to look into why eggdrop fails to detect TCL Threading in some cases (eggdrop1.6.19).
It would appear as though TCL have changed the symbols they export in version 8.5 and above, so that TclpFinalizeThreadData no longer exists, but Tcl_FinalizeThread does.
This means that if your using TCL 8.5+ with threading, eggdrop will fail to detect it because it looks for the wrong symbol.
If your using the latest CVS this is fixed, as of Tue Jan 26 03:12:15 2010 UTC according to cvsweb, so just type cvs update to grab the latest.
If your not comfortable running the latest CVS, you have a few options.
1) Continue to hack config.h after ./configure - replacing #undef HAVE_TCL_THREADS with #define TCL_HAVE_THREADS 1. When you have a threaded TCL.
2) Patch your eggdrop with the path from Solution 1 at: http://eggwiki.org/Threaded_Tcl
3) Download a fixed version of eggdrop that looks for the new symbol, this can be found here: Eggdrop 1.6.19 +ctcpfix +threadfix
UPDATE (20/03/2009): I've Removed my version of the threading patch, Solution 2 is better. NOTE: My version of the eggdrop source in #3 above, just changes the configure script, so that it looks for Tcl_FinalizeThread and if its not found, looks for TclpFinalizeThreadData, it appears as tho the fix preferred and used by the developers, is to change the symbol thats looked up, so it removes this problem.
HTH
Keith
|
