Arithmology - The next significant epoch

While searching for the next cool epoch with the little epoch explorer, I found some "significant" epochs in my expected lifetime.


Both epochs "prove"* that 2012 will be just yet another year


* Using methods as scientific ( maybe more ) as the ones who are convinced and try to convince that the end of the world is coming sometime in 2012.

Arithmology - The Next Significant Epoch

SSH keys

First, an example of SSH keys where the private key is kept on the host ares and the public key is kept on the host bob. The user account g0 exists on both hosts.

Create the SSH DSA key pair on ares and copy the public key on bob.
g0@ares:~$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/g0/.ssh/id_dsa): 
Created directory '/home/g0/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/g0/.ssh/id_dsa.
Your public key has been saved in /home/g0/.ssh/id_dsa.pub.
The key fingerprint is:
88:5a:f3:75:ed:c3:92:ed:04:a0:bf:bc:d7:e9:7c:68 g0@ares
The key's randomart image is:
+--[ DSA 1024]----+
|                 |
|                 |
|        .        |
|     . o . .     |
|    + o S o .    |
|   o + o . =     |
|  .   . . oo*.   |
|       . +E*+.   |
|        ++ o+    |
+-----------------+

g0@ares:~$ ls -a .ssh
.  ..  id_dsa  id_dsa.pub
g0@ares:~$ scp ~/.ssh/id_dsa.pub bob:~/.ssh/authorized_keys2 
g0@bob 's password:  
id_dsa.pub                               


Since g0 is sharing this box with the rest of the noc he needs to make sure that the rest of the simple users cannot read his private key.
g0@ares:~$ ls -l .ssh/id_dsa
-rw------- 1 g0 g0 736 2011-11-06 11:12 .ssh/id_dsa
OK, cool. For similar reasons g0 's .ssh directory on bob does not need to be writable by anyone else.

Now we can start the ssh-agent.
The ssh-agent will use g0's private key to authenticate as g0@bob for the rest of this login session.
g0@ares:~$ ssh-agent sh -c 'ssh-add /home/g0/.ssh/id_dsa && bash'
Enter passphrase for /home/g0/.ssh/id_dsa:
Identity added: /home/g0/.ssh/id_dsa (/home/g0/.ssh/id_dsa)
g0@ares:~$ssh bob
Welcome to Bob

g0@bob:~$exit
Connection to bob closed.

g0@ares:~$ssh bob
Welcome to Bob

g0@bob:~$
exit
Connection to bob closed.
g0@ares:~$


Aften entering the passphrase for the private key g0 can ssh to bob with no password for the rest of this login session or until he kills the ssh-agent.
The ssh-agent runs on the background managing the private key(s) (identities) of g0 and its Process ID is accessible through an environment variable.
g0@ares:~$ ps fuax |grep ssh-agent|grep -v grep
g0 23903  0.0  0.0  11936   612 ?        Ss   12:44   0:00                  \_ ssh-agent sh -c ssh-add /home/g0/.ssh/id_dsa && bash
g@ares:~$ echo $SSH_AGENT_PID
23903


ssh-add can be used to list the identities currently held by ssh-agent.
g0@ares:~$ ssh-add -ls
1024 88:5a:f3:75:ed:c3:32:ed:04:a0:bf:bc:d7:e9:7c:68 /home/g0/.ssh/id_dsa (DSA)


To kill the ssh-agent --disable passwordless ssh and scp to bob on this login session.
g0@ares:~$ ssh-agent -k 
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 23903 killed;
g0@ares:~$


If we need to automate some ssh or scp task we could use Expect, or Expect.pm with Perl, or not enter a passphrase when we generate the key pair, or generate a single purpose key pair with no passphrase.

To create a single purpose key we generate a rsa key pair without entering a passphrase.
g0@ares:~$ ssh-keygen -t rsa -b 4098 -f .ssh/jw
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in .ssh/jw.
Your public key has been saved in .ssh/jw.pub.
The key fingerprint is:
f2:2c:6a:b2:9a:14:f6:f9:95:b8:7f:02:ee:80:6a:dc g0@ares
The key's randomart image is:
+--[ RSA 4098]----+
|                 |
|                 |
|                 |
|                 |
| o    . S        |
|. + ...+.        |
|.o.+..ooo        |
|o+.E+ooo .       |
|=..+o+..o        |
+-----------------+


Then we prepend the purpose (command) and some ssh options on a the public key .
In order to create a custom key that enables him to run just w on bob g0 will do the following.
g0@ares:~$ echo -n "command=\"/usr/bin/w\",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc " > tmp
g0@ares:~$ cat .ssh/jw.pub >> tmp
Cool now g0 has on tmp the command w,some ssh options,and a public key.

Since, this is an RSA key he will need append it to the .ssh/authorized_keys on bob.
g0@ares:~$ cat tmp|ssh -p 9999 ipduh.com 'sh -c "cat - >>~/.ssh/authorized_keys"'
Enter passphrase for key '/home/g0/.ssh/id_dsa': 


g0 had to use the id_dsa passphrase since he did not have ssh-agent running.

Now, let's look w on bob from ares.
g0@ares:~$ ssh -i .ssh/jw bob
 19:18:17 up 194 days,  6:21,  1 user,  load average: 1.15, 1.05, 1.01
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
g0       pts/0     ares            19:18    0.00s  0.01s  0.01s /usr/bin/w
Connection to bob closed.

g0 just had to set the identity --key he is going to use.



SSH keys

mod_evasive on apache2 setup notes ubuntu debian

MOD_EVASIVE provides evasive maneuvers to apache in case of a DoS attack ... tara tara ... read the README if you are looking for this kind of read.

I think that it is a great piece of software for poor webmasters.

Install mod_evasive
$sudo -s
#apt-get install libapache2-mod-evasive


The mailer program is set to /bin/mail in source. This has not changed in the ubuntu sources. You can change the MAILER definition in the source and reinstall.
#grep MAILER mod_evasive20.c |grep define
#define MAILER "/bin/mail %s"

or just make /bin/mail a symbolic link to sendmail.
#ln -s `which sendmail` /bin/mail


Create the tmp locking directory
#mkdir /var/lock/mod_evasive
#chown www-data:www-data /var/lock/mod_evasive


Create my bad ip list directory
#mkdir /var/log/mod_evasive
#chown www-data:www-data /var/log/mod_evasive


Now, let's change the default mod_evasive settings by adding the following at httpd.conf.
#cat /etc/apache2/httpd.conf 
<IfModule mod_evasive20.c>
#g0#
    DOSHashTableSize    3097
#nodes/child --prime and can be only prime (values are tiered to the next prime), next 6151

    DOSPageCount        2
#requests --threshold of requests for the same URI / DOSpageInterval

    DOSSiteCount        50
#requests --threshold of requests for any object by the same client on the same listener / DOSSiteInterval

    DOSPageInterval     1
#second

    DOSSiteInterval     1
#second

    DOSBlockingPeriod   60
#seconds --default is 10, it does not need to be large since in case of DoS is getting reset on every subsequent request.

    DOSEmailNotify      root@localhost
    
    DOSSystemCommand    "echo  '%s' >> /var/log/mod_evasive/ip;"

    DOSLogDir           "/var/lock/mod_evasive"
#lock dir


</IfModule>


restart apache
#/etc/init.d/apache2 restart


Cool, now each villain IP address gets 403s while is DoSing and it is logged once in /var/log/mod_evasive/ip and root gets one email from apache with the title "HTTP BLACKLIST 192.0.2.123"



mod evasive setup on debian or ubuntu

Software Packet Management Tools Debian Ubuntu

The tools

apt-get --The Debian Advanced software Packet handling Tool

dpkg --The Debian Package Manager

apt-cache --The APT cache manipulator

aptitude --A high-level interface to the package manager. It has both an ncurses (2D) and a command line interface.

We 'll use apt-get, dpkg, and apt-cache.

First, let's get a root shell
$sudo -s
#


apt-get basics

apt-get stores the list of software repositories in /etc/apt/sources.list
There you can uncomment to add, and comment to remove repositories.

The following syntax is used to add repositories to /etc/apt/sources.list
$  head -3 /etc/apt/sources.list
#deb     URL DISTRIBUTION main
deb http://de.archive.ubuntu.com/ubuntu/ lucid main restricted
deb http://deb.torproject.org/torproject.org lucid main
$
# are used to comment out lines and the URLs are using HTTP.
To figure out the DISTRIBUTION codename use one of the following commands
n3 ~ # cat /etc/debian_version 
squeeze/sid
n3 ~ #
or
n ~ # lsb_release -c
Codename: lucid
n ~ # 
In Ubuntu you may want to add a repository from the Archive Mirrors.

To resynchronize the package index files.
#apt-get update


To add a new package (let's say ninvaders) using apt-get
#apt-get install ninvaders
OK, done playing. Got a 20150, beat that!

To remove a package but not its configuration file(s).
#apt-get remove ninvaders


To remove a package and its configuration file(s) if any.
#apt-get purge ninvaders


To see a list of what updates are available we could do
#apt-get -s -o Debug::NoLocking=true upgrade | grep ^Inst  


apt-get also has a nice wrapper-extender that can give us a nice summary of what updates are available
#/usr/lib/update-notifier/apt_check.py --human-readable
10 packages can be updated.
10 updates are security updates.


To upgrade an individual packet (let's say bind) and it's dependencies.
#apt-get install bind9
Reading package lists... Done
Building dependency tree       
Reading state information... Done

...

The following packages will be upgraded:
  bind9 bind9-host bind9utils dnsutils libbind9-60 libdns64 libisc60 libisccc60 libisccfg60 liblwres60
10 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.


OK, let's see the summary of what updates are available again.
#/usr/lib/update-notifier/apt_check.py --human-readable
0 packages can be updated.
0 updates are security updates.


To upgrade everything.
#apt-get upgrade


or upgrade everything and "intelligently handle changing dependencies with new versions of packages."
#apt-get dist-upgrade


To get the sources of a software packet we can use apt-get with the source option. We need to have the appropriate deb-src repository in /etc/apt/sources.list. Let's look at the ninvaders sources.
ares:~#mkdir ninvaders;cd ninvaders
ares:~/ninvaders#apt-get source ninvaders
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Need to get 44.0kB of source archives.
Get:1 http://us.archive.ubuntu.com/ubuntu/ lucid/universe ninvaders 0.1.1-2 (dsc) [584B]
Get:2 http://us.archive.ubuntu.com/ubuntu/ lucid/universe ninvaders 0.1.1-2 (tar) [31.3kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ lucid/universe ninvaders 0.1.1-2 (diff) [12.1kB]
Fetched 44.0kB in 0s (114kB/s)    
gpgv: Signature made Thu 29 Sep 2005 10:39:03 AM UTC using DSA key ID 69351387
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./ninvaders_0.1.1-2.dsc
dpkg-source: info: extracting ninvaders in ninvaders-0.1.1
dpkg-source: info: unpacking ninvaders_0.1.1.orig.tar.gz
dpkg-source: info: applying ninvaders_0.1.1-2.diff.gz
dpkg-source: info: upstream files that have been modified: 
 ninvaders-0.1.1/globals.c
 ninvaders-0.1.1/ind.html
ares:~/ninvaders#ls
ninvaders-0.1.1  ninvaders_0.1.1-2.diff.gz  ninvaders_0.1.1-2.dsc  ninvaders_0.1.1.orig.tar.gz


When it comes to updates on production boxes I do not care much about no security updates and I like to test first the list of the security patches one by one in dev boxes before applying them to the production boxes.

We can list all available updates using at least three easy ways.
#apt-get -s -o Debug::NoLocking=true upgrade | grep ^Inst

or
# /usr/lib/update-notifier/apt_check.py --p

or we can tweak the apt_chek.py script ( add two print statements ) to print only the security updates and the cute summary and run it like
ubudevrat#/usr/lib/update-notifier/apt_check.1.py --human-readable
<apt_pkg.Version object: Pkg:'libpam-modules' Ver:'1.1.1-2ubuntu5.4' Section:'admin'  Arch:'amd64' Size:385900 ISize:1236992 Hash:17691 ID:30444 Priority:2>
<apt_pkg.Version object: Pkg:'libplasma3' Ver:'4:4.4.5-0ubuntu1.2' Section:'libs'  Arch:'amd64' Size:818294 ISize:3108864 Hash:53711 ID:30462 Priority:4>
<apt_pkg.Version object: Pkg:'libpam-runtime' Ver:'1.1.1-2ubuntu5.4' Section:'admin'  Arch:'all' Size:115696 ISize:1277952 Hash:49884 ID:30446 Priority:2>
3 packages can be updated.
3 updates are security updates.


The changes of apt_check.py
# diff apt_check.py apt_check.1.py 
134a135
>      print cand_ver #g0#
144a146
>   print ver #g0#



dpkg basics

To list the name, the version, and a description for all the software packages installed on a system
#dpkg -l


To list files installed by package-name (let 's say apache2)
 # dpkg -L apache2


To find which package(s) own(s) a file (let 's say /usr/share/bug)
# dpkg -S /usr/share/bug/


To see the status of a specified package and an extended description (let 's say apache2)
# dpkg -s apache2


To install the foo package
#dpkg -i foo.deb


To list all files in foo.deb
#dpkg -c foo.deb


apt-cache

Let' s search for a regex in the names and descriptions of all available package lists. For example to list all the software packets containing in their names or their descriptions the words security or intrusion or firewall
# apt-cache search "security|intrusion|firewall"


Or if we want to get a longer description for all available "intrusion detection" matches. This will also show version number, size, dependencies, conflicts, priority, and other usual information.
# apt-cache search "intrusion detection" --full


If we know the name of the software packet we can use the show option.
#apt-cache show snort


I think that the above cover the basics.


Further

#man apt-get
#man dpkg
#man apt-cache
http://www.debian.org/doc/manuals/apt-howto/
http://wiki.debian.org/SecureApt
https://help.ubuntu.com/community/Repositories/CommandLine
https://help.ubuntu.com/community/AptGet/Howto






Software Management Tools Debian

Backup & Restore PostgreSQL databases

pg_dump is used to backup a PostgreSQL database ( data + schema )

The following command will backup the database pgdb0 that belongs to the local PostgreSQL server user pguser0 to a compressed file pgdb0.dump.gz


g0:~$pg_dump -o -U pguser0 -h localhost pgdb0 |gzip > pgdb0.dump.gz
Password: 
g0:~$

If you are not using foreign keys you can ommit the -o flag
ref:PostgreSQL 8.4.9 Documentation Dump

And to restore pgdb0
n:~$gunzip pgdb0.dump.gz
n:~$psql -U pguser0 -h localhost < pgdb0.dump




Backup and Restore PostgreSQL DBs

explore the neighborhood by looking at the PTR for the whole /24

Looking up the PTR resource records / reverses of the /24 neighbourhood of an IP address reveals lots of connections.
To do so I use two bash functions. One function for printing all the reverses and one for creating an html file with pointers to more information.

I named the first function ptr24 and it looks like.
g0:~$cat .bashrc | head -14
function ptr24 {
CNET=`echo $1|awk -F"." '{print $1"."$2"."$3}'`
echo "PTR lookup for $CNET.0/24"
for i in `seq 0 255`;do
	
	CUR=`dig +short -x $CNET.$i`;
	if [ -n "$CUR" ]; then
		echo -n "$CNET.$i -> ";
        	echo $CUR;
	fi
	
done
}


So, if for example we want to explore the neighbourhood of the gnu.org web server we could that.
g0:~$dig +short gnu.org
140.186.70.148
g0:~$ptr24 140.186.70.148
PTR lookup for 140.186.70.0/24
140.186.70.1 -> ge-core1.qcy.gnu.org.
140.186.70.10 -> fencepost.gnu.org.
140.186.70.11 -> leviathan.gnu.org.
140.186.70.13 -> mail.fsf.org.
140.186.70.14 -> gnusenet.gnu.org.
140.186.70.15 -> fencepost-ssh.gnu.org.
140.186.70.17 -> lists.gnu.org.
140.186.70.20 -> ftp.gnu.org.
140.186.70.21 -> alpha.gnu.org.
140.186.70.22 -> ftp-upload.gnu.org.
140.186.70.23 -> webmail.fsf.org.
140.186.70.25 -> livestream.fsf.org.
140.186.70.26 -> sandbox.gnewsense.org.
...
140.186.70.154 -> shop-dev.fsf.org.
140.186.70.155 -> testtaranis.gnu.org.
140.186.70.156 -> gplv3.fsf.org.
140.186.70.157 -> audio-video-dev.gnu.org.
140.186.70.253 -> ge-sw1.qcy.gnu.org.
g0:~$

I named the second function ptr24htm and looks like this.
g0:~$cat .bashrc |head -28|tail -15

function ptr24htm {
CNET=`echo $1|awk -F"." '{print $1"."$2"."$3}'`
echo "PTR lookup for $CNET.0/24<br />"
for i in `seq 0 255`;do

CUR=`dig +short -x $CNET.$i`;
if [ -n "$CUR" ]; then
    echo -n "$CNET.$i -> ";
    echo "<a href=http://ipduh.com/dns/?$CUR>$CUR</a><br />";
fi

done
}


To produce a ptr.html with the information related to gnu.org we can do the following.
g0:~$ptr24htm `dig +short gnu.org` > ptr.html
g0:~$

The ptr.html looks like
PTR lookup for 140.186.70.0/24
140.186.70.1 -> ge-core1.qcy.gnu.org.
140.186.70.10 -> fencepost.gnu.org.
140.186.70.11 -> leviathan.gnu.org.
140.186.70.13 -> mail.fsf.org.
140.186.70.14 -> gnusenet.gnu.org.
140.186.70.15 -> fencepost-ssh.gnu.org.
140.186.70.17 -> lists.gnu.org.
140.186.70.20 -> ftp.gnu.org.
140.186.70.21 -> alpha.gnu.org.
140.186.70.22 -> ftp-upload.gnu.org.
140.186.70.23 -> webmail.fsf.org.
140.186.70.25 -> livestream.fsf.org.
140.186.70.26 -> sandbox.gnewsense.org.
140.186.70.30 -> svnweb.fsf.org.
140.186.70.31 -> spamhaus-rsync.fsf.org.
140.186.70.32 -> defectivebydesign.org.
140.186.70.33 -> galactica.fsf.org.
140.186.70.34 -> catalyst.fsf.org.
140.186.70.35 -> archive.gnewsense.org.
140.186.70.36 -> littlenemo.fsf.org.
140.186.70.37 -> labyrinth.fsf.org.
140.186.70.38 -> sycophant.fsf.org.
140.186.70.39 -> zaphod.gnu.org.
140.186.70.40 -> agilus.fsf.org.
140.186.70.41 -> bluemchen.kde.org.
140.186.70.42 -> agia.fsf.org.
140.186.70.43 -> debbugs.gnu.org.
140.186.70.44 -> config.fsf.org.
140.186.70.45 -> jamsession.fsf.org.
140.186.70.46 -> groups.fsf.org.
140.186.70.47 -> UNUSED-47.gnu.org.
140.186.70.48 -> tor.fsf.org.
140.186.70.49 -> archive.fsf.org.
140.186.70.50 -> smtp.member.fsf.org.
140.186.70.51 -> colonialone.fsf.org.
140.186.70.52 -> mirror.fsf.org.
140.186.70.53 -> sunjammer.sugarlabs.org.
140.186.70.54 -> linux-libre.fsfla.org.
140.186.70.56 -> news.swpat.org.
140.186.70.58 -> zope.fsf.org.
140.186.70.59 -> www-old.fsf.org.
140.186.70.60 -> my.fsf.org.
140.186.70.61 -> ldap.fsf.org.
140.186.70.62 -> code.autonomo.us.
140.186.70.63 -> www-dev.fsf.org.
140.186.70.64 -> my-dev.fsf.org.
140.186.70.65 -> cloud9.fsf.org.
140.186.70.66 -> blag.fsf.org.
140.186.70.67 -> windows7sins.org.
140.186.70.69 -> ftp-dev.gnu.org.
140.186.70.70 -> savannah.gnu.org.
140.186.70.71 -> savannah.nongnu.org.
140.186.70.72 -> vcs.savannah.gnu.org.
140.186.70.73 -> download.savannah.gnu.org.
140.186.70.74 -> mgt.savannah.gnu.org.
140.186.70.75 -> internal.savannah.gnu.org.
140.186.70.76 -> vpn.savannah.gnu.org.
140.186.70.80 -> groups-dev.fsf.org.
140.186.70.81 -> cas.fsf.org.
140.186.70.82 -> jabber.fsf.org.
140.186.70.83 -> brains.fsf.org.
140.186.70.84 -> balance.fsf.org.
140.186.70.85 -> eccles.gnewsense.org.
140.186.70.86 -> bloodnok.gnewsense.org.
140.186.70.87 -> seagoon.gnewsense.org.
140.186.70.88 -> config.gnewsense.org.
140.186.70.89 -> elpa.gnu.org.
140.186.70.90 -> heinlein.fsf.org.
140.186.70.91 -> mycroft.fsf.org.
140.186.70.92 -> eggs.gnu.org.
140.186.70.93 -> columbia.fsf.org.
140.186.70.94 -> directoryng-dev.fsf.org.
140.186.70.95 -> resolver1.fsf.org.
140.186.70.96 -> crm.fsf.org.
140.186.70.97 -> vinge.fsf.org.
140.186.70.98 -> nonce.fsf.org.
140.186.70.99 -> id-dev.fsf.org.
140.186.70.100 -> treehouse.sugarlabs.org.
140.186.70.101 -> UNUSED101.sugarlabs.org.
140.186.70.102 -> lightwave.sugarlabs.org.
140.186.70.103 -> UNUSED103.sugarlabs.org.
140.186.70.104 -> dextrose.sugarlabs.org.
140.186.70.105 -> UNUSED105.sugarlabs.org.
140.186.70.106 -> pootle.sugarlabs.org.
140.186.70.107 -> usr.sugarlabs.org.
140.186.70.108 -> UNUSED108.sugarlabs.org.
140.186.70.109 -> template-lucid.sugarlabs.org.
140.186.70.110 -> identity.sugarlabs.org.
140.186.70.111 -> UNUSED111.sugarlabs.org.
140.186.70.112 -> zatoichi.sugarlabs.org.
140.186.70.113 -> openlesson.sugarlabs.org.
140.186.70.114 -> UNUSED114.sugarlabs.org.
140.186.70.115 -> buildslave-ubuntu-lucid-64bit.sugarlabs.org.
140.186.70.116 -> UNUSED116.sugarlabs.org.
140.186.70.117 -> UNUSED117.sugarlabs.org.
140.186.70.118 -> UNUSED118.sugarlabs.org.
140.186.70.119 -> UNUSED119.sugarlabs.org.
140.186.70.120 -> UNUSED120.sugarlabs.org.
140.186.70.121 -> booki.treehouse.su.
140.186.70.122 -> anno.treehouse.su.
140.186.70.123 -> aslo-web.sugarlabs.org.
140.186.70.124 -> status.treehouse.su.
140.186.70.125 -> rt.sugarlabs.org.
140.186.70.126 -> schooltool.sugarlabs.org.
140.186.70.127 -> mapspress.sugarlabs.org.
140.186.70.128 -> monitoring.treehouse.su.
140.186.70.129 -> idea.sugarlabs.org.
140.186.70.130 -> dirac.fsf.org.
140.186.70.131 -> www.fsf.org.
140.186.70.132 -> lists.fsf.org.
140.186.70.133 -> testlucid.gnu.org.
140.186.70.134 -> resolver2.fsf.org.
140.186.70.135 -> seeder.gnu.org.
140.186.70.136 -> edit.fsf.org.
140.186.70.137 -> crm-dev.fsf.org.
140.186.70.138 -> logger.fsf.org.
140.186.70.139 -> dbd-dev.fsf.org.
140.186.70.140 -> social.gnu.org.
140.186.70.141 -> wiki-dev.swpat.org.
140.186.70.142 -> news-dev.swpat.org.
140.186.70.143 -> wiki.swpat.org.
140.186.70.144 -> bluemchen2.kde.org.
140.186.70.145 -> termite.fsf.org.
140.186.70.146 -> airhorn.fsf.org.
140.186.70.147 -> directory-dev.fsf.org.
140.186.70.148 -> wildebeest.gnu.org.
140.186.70.149 -> goodbye.gnu.org.
140.186.70.150 -> directory-p.fsf.org.
140.186.70.151 -> www.nongnu.org.
140.186.70.153 -> bitcoin.fsf.org.
140.186.70.154 -> shop-dev.fsf.org.
140.186.70.155 -> testtaranis.gnu.org.
140.186.70.156 -> gplv3.fsf.org.
140.186.70.157 -> audio-video-dev.gnu.org.
140.186.70.253 -> ge-sw1.qcy.gnu.org.

Install and configure PostgreSQL in Ubuntu 10.04.* LTS

The following process works for Ubuntu 10.04. It should work or at least help a lot for most debian-based systems.

We start by firing up a root shell and installing the PostgresSQL server.

ares:~$sudo bash
[sudo] password for f: 
ares:~#whoami
root
ares:~#apt-get install postgresql


It needs a y to install and start the PostgreSQL server and bind it on port 5432 on localhost

Let 's make sure that it started
ares:~#netstat -putan|grep postgres
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      22705/postgres  
tcp6       0      0 ::1:5432                :::*                    LISTEN      22705/postgres  
udp6       0      0 ::1:48884               ::1:48884               ESTABLISHED 22705/postgres


Cool, now we need to login to our PostgreSQL server to reset the postgres user password using the psql --the PostgreSQL interactive terminal.
ares:~#sudo -u postgres psql postgres
could not change directory to "/root"
psql (8.4.8)
Type "help" for help.

postgres=#


To set the password for the user postgres we use the following command
postgres=# \password postgres
Enter new password: 
Enter it again: 
postgres=#


We can list the databases in our PostgreSQL server using the command \l
postgres=# \l
                                    List of databases
   Name    |  Owner   | Encoding |  Collation  |    Ctype    |   Access privileges   
-----------+----------+----------+-------------+-------------+-----------------------
 postgres  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
 template0 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres
                                                             : postgres=CTc/postgres
 template1 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres
                                                             : postgres=CTc/postgres
(3 rows)




We can list the users using the command \du
postgres=# \du
            List of roles
 Role name | Attributes  | Member of 
-----------+-------------+-----------
 postgres  | Superuser   | {}
           : Create role   
           : Create DB   




The key sequence Ctrl,d or the command \q exits psql
postgres=# \q
ares:~#


OK, let's add a user and a database to our freshly installed PostgreSQL server.

Let's add a user named pguser0.
ares:~#sudo -u postgres createuser -P pguser0
could not change directory to "/root"
Enter password for new role: 
Enter it again: 
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n
ares:~#


Let's add a database named pgdb0 that belongs to the user pguser0.
ares:~#sudo -u postgres createdb -O pguser0 pgdb0


Let's list all the users and all the databases in our PostgreSQL server.
ares:~#sudo -u postgres psql postgres
could not change directory to "/root"
psql (8.4.8)
Type "help" for help.

postgres=# \du
            List of roles
 Role name | Attributes  | Member of 
-----------+-------------+-----------
 pguser0   |             | {}
 postgres  | Superuser   | {}
           : Create role   
           : Create DB     

postgres=# \l
                                  List of databases
   Name    |  Owner   | Encoding |  Collation  |    Ctype    |   Access privileges   
-----------+----------+----------+-------------+-------------+-----------------------
 pgdb0     | pguser0  | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
 postgres  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
 template0 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres
                                                             : postgres=CTc/postgres
 template1 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres
                                                             : postgres=CTc/postgres
(4 rows)

postgres=# \q
ares:~#


looks good, now lets try to connect to pgdb0 as pguser0.
ares:~#psql pgdb0 -U pguser0 -h localhost
Password for user pguser0: 
psql (8.4.8)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.

pgdb0=>
pgdb0=> \q
ares:~#


it works! , let's configure our PostgreSQL server to listen in 192.168.2.250 by adding it to listen_addresses in
/etc/postgresql/8.4/main/postgresql.conf like
ares:~#grep listen_addresses /etc/postgresql/8.4/main/postgresql.conf
listen_addresses = '192.168.2.250,localhost'            # what IP address(es) to listen on;


Now, we need to restart PostgreSQL
ares:~#/etc/init.d/postgresql-8.4 restart
 * Restarting PostgreSQL 8.4 database server
   ...done.


and make sure it listens where we told him to listen
ares:~#netstat -punta|grep postgre
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      23271/postgres  
tcp        0      0 192.168.2.250:5432      0.0.0.0:*               LISTEN      23271/postgres  
tcp6       0      0 ::1:5432                :::*                    LISTEN      23271/postgres  
udp6       0      0 ::1:50521               ::1:50521               ESTABLISHED 23271/postgres  


OK, the PostgreSQL server listens on 192.168.2.250.

Now, let's allow access to our PostgreSQL server from the network 192.168.2.0/24.

For that, we will have to edit /etc/postgresql/8.4/main/pg_hba.conf
We add the line "host all all 192.168.2.0/24 md5" in the
"# TYPE DATABASE USER CIDR-ADDRESS METHOD" section.


The last 11 lines of /etc/postgresql/8.4/main/pg_hba.conf look like
ares:~#tail -11 /etc/postgresql/8.4/main/pg_hba.conf

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD

# "local" is for Unix domain socket connections only
local   all         all                               ident
# IPv4 local connections:
host    all         all         127.0.0.1/32          md5
#allow access from 192.168.2.0/24 
host    all         all         192.168.2.0/24        md5
# IPv6 local connections:
host    all         all         ::1/128               md5



OK, let's restart the PostgreSQL server.
ares:~#/etc/init.d/postgresql-8.4 restart
 * Restarting PostgreSQL 8.4 database server
   ...done.


And, attempt to connect to the pgdb0 database from another host in 192.168.2.0/24.
g0:~$psql pgdb0 -U pguser0 -h 192.168.2.250
Password for user pguser0: 
psql (8.4.8)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.

pgdb0=>


It works!

Alternate # and $ in between root and user shell prompts

A tiny bit of bash in the .bashrc does it.

This is a simple version with no colors, showing hostname and working directory before the $ or # symbol.

Let's put the bash bit at the end of our .bashrc
The bash bit
g0:~$cat .bashrc | tail -7

if [ $(whoami) = "root" ];then
        PS1="$(hostname):\\w#"
    else
        PS1="$(hostname):\\w$"
fi


let's put it in root's .bashrc as well
g0:~$sudo bash
g0:~#cat /root/.bashrc |tail -7

if [ $(whoami) = "root" ];then
        PS1="$(hostname):\\w#"
    else
        PS1="$(hostname):\\w$"
fi


cool, now $ denotes a user and # denotes the root user
g0:~#whoami
root
g0:~#exit
exit
g0:~$whoami
g
g0:~$


We can also put it in /etc/skel/.bashrc so every new user from now has it in his .bashrc.

List Perl Modules - Where is Foo.pm?

To list all perl modules in @INC you can use this one liner
n:~$perl -MFile::Find=find -le 'find { wanted => sub {  print $_ if /\.pm\z/ }, no_chdir => 1 }, @INC'

To find out where Foo.pm is located you could use
n:~$perl -MFile::Find=find -le 'find { wanted => sub {  print $_ if /\.pm\z/ }, no_chdir => 1 }, @INC' |grep -i foo

But, I know that you like putting your best modules along with your homebrewed modules in that non standard directory --/usr/scripts/lib/
Then you could do the following to list all your perl modules
n:~$perl -MFile::Find=find -le 'push "/usr/scripts/lib/",@INC; find { wanted => sub {  if($_ =~ /\.pm\z/) { print "$_"; } }, no_chdir => 1 }, @INC' 

And, because I know that you are not going to type all this every time you want to list your modules or find where Foo.pm is let's make the above one liner a bash function or an alias and put it in .bashrc
n:~$head -3 .bashrc
function lspm {
perl -MFile::Find=find -le 'push(@INC,"/usr/scripts/lib/"); find { wanted => sub {  if($_ =~ /\.pm\z/) { print "$_"; } }, no_chdir => 1 }, @INC'
}
n:~$source .bashrc

So, where is Foo.pm?
n:~$lspm | grep -i foo
/usr/share/perl5/Foomatic/Defaults.pm
/usr/share/perl5/Foomatic/UIElem.pm
/usr/share/perl5/Foomatic/PPD.pm
/usr/share/perl5/Foomatic/DB.pm
/usr/scripts/lib/Foo.pm
duh!
And how many modules do I have?
n:~$lspm |wc -l
1503
;)

screen basics

To create a screen named s0 and attach to it use
n:~$screen -S s0

To list all screens use
n:~$screen -ls
There is a screen on:
        2713.s0 (09/14/2011 03:22:05 PM)        (Attached)
1 Socket in /var/run/screen/S-g.

To detach from a screen use the three key sequence Ctrl,a,d
[detached from 2713.s0]
n:~$screen -ls
There is a screen on:
 2713.s0 (09/14/2011 03:22:14 PM) (Detached)
1 Socket in /var/run/screen/S-g.


To reattach to the detached screen s0 use
n:~$screen -r s0

To kill the screen s0 use
n:~$screen -S s0 -X kill
n:~$screen -ls
No Sockets found in /var/run/screen/S-g.

Unrar rar archives in Debian Like Linux Systems



To install unrar

n:~#apt-get install unrar

or

n:~$sudo apt-get install unrar

to unrar

n:~$unrar x archive.rar




The debian debian default is unrar-free. Unfortuanately unrar-free fails often to extract files from archives. You may want to install unrar-nonfree







Install the Net::Telnet module on Ubuntu

Install the Net::Telnet module on Ubuntu and other Debian-based systems.

n:~#sudo apt-get install libnet-telnet-perl

Install the Params::Validate module in Ubuntu 10.04 LTS

Install the Params::Validate module in Ubuntu 10.04 LTS and other Debian-based systems

n:~#sudo apt-get install libparams-validate-perl

Ubuntu - root shell

This is in response to ak who does not like Ubuntu because he does not like to sudo all the time.

ak you will have to find at least a couple of reasons more, because this is so easy to solve.

n:~$sudo bash
[sudo] password for g0: 
n:~#id
uid=0(root) gid=0(root) groups=0(root)
n:~#

or

n:~$sudo -s
[sudo] password for g0: 
n:~#id
uid=0(root) gid=0(root) groups=0(root)
n:~#

Google suscribed links will be taken down in 15 days

Great, I just finished creating mine, well it took me 2 days to do and it was done a week ago but I could not set up the description page. I had big plans for my suscribed link. Good, I did not invest more time on it. Oh well here is my button. Enjoy for 15 days.



1327681194
But ... it works on IPduh Search

get those web-scanning / script kiddies

WTF, it seems that some web-scanning kiddies forgot the IP address, the domain name, and all passwords of their grandma's recipes' hosting site. They just remember that they did a really bad job setting it up.

I find it amusing looking at what web-scanning kiddies are looking for in my logs but I just figured that a 3% of the total hits on a relatively busy site I "legally" own was due to their scans. Their scans were run from the same IP addresses doing the same thing over and over again. Bad configured scanners run by clueless morons -not interesting.

That 3% does a huge difference on the size of my logs. Hmm, I will block them. I would not, if they were providing me with versatile scan traces but these guys are boring. Actually I am going to take a better look at who they are and then just block them in all my servers.

The get-web-scanners script
n:~#cat get-webscanners.sh
#!/bin/bash
#find web-scanning kiddies, g0 2011

#good chance to practice my Spanish counting skills
CERO='phpMyAdmin-2.2.6'
UNO='phpMyAdmin-2.2.3'
DOS='webadmin'
TRES='sqlmanager'
CUATRO='phpMyAdmin-2.8.1-rc1'
CINCO='databaseadmin'
SEIS='scripts/setup.php'
SIETE='/phpmyadmin/scripts/setup.php'
OCHO='/php-my-admin/scripts/setup.php'
NUEVE='/p/m/a/scripts/setup.php'

LOG="./apache.log"

#hits,IP address list
DUMMIES="./dummies.ip"

#hits,url to more info about the IP address
DIPHTM="./dummies.htm"

cat $LOG | egrep "$CERO|$UNO|$DOS|$TRES|$CUATRO|$CINCO|$SEIS|$SIETE|$OCHO|$NUEVE" | awk '{print $1}' | sort | uniq -c | sort -nr | awk '{print $1","$2}' > $DUMMIES
cat $DUMMIES | awk -F"," '{print $1",<a href=http://ipduh.com/ip/?"$2">"$2"</a>
"}' > $DIPHTM

it seems good, let's run it
n:~$./get-webscanners.sh
n:~$cat dummies.ip |wc -l
59
n:~$cat dummies.ip
210,69.90.135.132
152,81.91.214.93
107,212.116.138.195
103,72.167.39.179
...
1, 


Looking, through my logs I figured that 10 positives mean at least a few hundred hits coming from this scanner. I will block whatever has 10 or more positives. The dudes using the IPs with less than 10 positives tried to be stealthy. Let them play. IPs with 1 or 2 positives may be false positives.

Let 's take a better look at who had more than 10 positives

dummies.htm
210,69.90.135.132
152,81.91.214.93
107,212.116.138.195
103,72.167.39.179
103,216.13.56.89
101,188.165.248.104
100,91.121.159.201
100,82.145.32.50
100,178.63.70.145
99,211.20.239.143
96,208.75.212.234
93,203.170.248.54
91,72.34.233.19
82,94.23.228.116
81,94.102.156.222
60,222.122.140.80
55,91.121.81.16
48,80.66.162.92
43,82.145.32.40
40,148.235.132.22
27,85.25.142.53
20,85.132.162.10
20,83.170.110.241
20,74.220.23.203
20,208.109.108.50
20,203.150.230.195
20,184.73.64.52
19,219.94.197.114
15,91.121.243.113
10,94.23.69.61
10,88.191.72.5
10,188.138.92.62

Cool, let's block them
n:~$cat -n dummies.ip 
1 210,69.90.135.132
2 152,81.91.214.93
3 107,212.116.138.195
4 103,72.167.39.179
5 103,216.13.56.89
...
32 10,188.138.92.62
...
59 1,

n:~$for i in `cat dummies.ip |head -32|awk -F"," '{print $2}'`;do iptables -A INPUT -s $i -j DROP;iptables -A OUTPUT -d $i -j DROP;done

done

arin IPv6 address whois lookup

So, it's an Arin IPv6 address, and your whois client kind of broke.

To get basic whois information like the owner organization and the network try
n:~#whois -h whois.arin.net "n 2001:500:1::dead:beef"

To see a detailed whois report try
n:~#whois -h whois.arin.net "n + 2001:500:1::dead:beef"



1327681276

Or use the IPduh IPv6 whois client who knows what to do.

Cute one liner IP intel and hit stats

We need IP intel from huge logs and we need it fast

The logs look like
n:~#cat ./apache.log |head -1
192.0.2.4 - - [27/Apr/2011:17:51:21 +0200] "GET / HTTP/1.1" 200 2150 "-" "funky browser"

The one-liner is
n:~#cat ./apache.log | awk '{print $1}' | sort | uniq -c | sort -nr | awk '{print $1",<a href="http://ipduh.com/ip/?$2">"$2"</a>
"}' > ip.htm

ip.htm looks like
23228,66.249.66.181
9358,77.88.25.28
...
hits,IP address

Check the syntax of a BIND zone file

root@n:~# named-checkzone -d zone.example.com /PATH/db.zone.example.com

hello world

testing my redundant easy-blogging setup.