"What the fuck is this world", sings Eddie Vedder. Indeed, WTF? Having read this blog post about a political dynasty wreaking havoc among the people who they're to supposed to serve just gives you enough heat to boil not just an egg, but basket fulls.
You're a public official, elected by the people and yet you rule like you're god and that the people should fear you. FUCK YOU.
What's worse is that the management of the prestigious (NOT!) Valley Gold and Country Club is not cooperating with authorities. WTF?
We should all visit: http://www.valleygolf.com.ph/temp/feedback.asp and give them a piece of our minds.
20080810
20080715
Bypassing portaudit
If you're stuck building a port even if you're already upgraded using portmanager, set the environment variable DISABLE_VULNERABILITIES:
setenv DISABLE_VULNERABILITIES 1
and start make install clean again. Reference here.
setenv DISABLE_VULNERABILITIES 1
and start make install clean again. Reference here.
20080714
FreeBSD Package management
To search for packages in ports:
make search name="blahblah"
To search packages related to something:
make search key=id
To search for installed packages
pkg_info -ac
To search for a particular package
pkg_info -xc packagename
To list files installed by a package
pkg_info -xL packagename
To check dependencies of a package
pkg_info -R packagename
make search name="blahblah"
To search packages related to something:
make search key=id
To search for installed packages
pkg_info -ac
To search for a particular package
pkg_info -xc packagename
To list files installed by a package
pkg_info -xL packagename
To check dependencies of a package
pkg_info -R packagename
20080712
4-Step FreeBSD essentials for new installs
1. Update the ports tree
pkg_add -r portsnap
portsnap fetch
portsnap extract
portsnap update
2. Install portaudit & portmanager
pkg_add -r portaudit portmanager
3. Run portaudit to check for vulnerabilities:
portaudit -Fda
4. Upgrade the installed packages
portmanager -u
Notes: to use a proxy & save bandwidth:
setenv FTP_PROXY xxx.xxx.xxx.xxx:yyyy
To check for outdated packages:
pkg_version -vIL=
or
pkg_version -vIL'<'
pkg_add -r portsnap
portsnap fetch
portsnap extract
portsnap update
2. Install portaudit & portmanager
pkg_add -r portaudit portmanager
3. Run portaudit to check for vulnerabilities:
portaudit -Fda
4. Upgrade the installed packages
portmanager -u
Notes: to use a proxy & save bandwidth:
setenv FTP_PROXY xxx.xxx.xxx.xxx:yyyy
To check for outdated packages:
pkg_version -vIL=
or
pkg_version -vIL'<'
20080708
20080707
Tools of the trade dept: Network Monitoring
http://www.zabbix.com/ (++)
http://www.jffnms.org/
http://www.zenoss.com/
http://www.hyperic.com/
http://www.cacti.net/
http://www.jffnms.org/
http://www.zenoss.com/
http://www.hyperic.com/
http://www.cacti.net/
20080706
Tools of the trade dept: wireshark and ratproxy
http://www.wireshark.org/ - network protocol analyzer
http://code.google.com/p/ratproxy/ - semi automated passive security audit tool (that's a mouthful)
http://code.google.com/p/ratproxy/ - semi automated passive security audit tool (that's a mouthful)
20080623
Disable some PHP functions
Disable some uneeded functions. Add these to your php.ini
disable_functions: escapeshellarg, escapeshellcmd, exec, passthru, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, system, pcntl_exec, pcntl_fork, popen, phpinfo
Edit: Those who managed to gain access to a web server will look for these process when you have PHP installed. If you won't use it, disable it.
disable_functions: escapeshellarg, escapeshellcmd, exec, passthru, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, system, pcntl_exec, pcntl_fork, popen, phpinfo
Edit: Those who managed to gain access to a web server will look for these process when you have PHP installed. If you won't use it, disable it.
20080620
Sendmail premature EOM: unexpected close
Been geeting some errors on our sendmail server with:
premature EOM: unexpected close
at the sending server, the error was:
Deferred: Operation timed out with
and mails can't get in even if their really small. It turns out one of the RBLs I've configured is not responding anymore. I've commented out till I find out which one.
Look for:
FEATURE(`dnsbl',blah blah...
and comment them out:
dnl FEATURE(`dnsbl',blah blah...
run make or rebuild sendmail.mc then restart/reload sendmail.
premature EOM: unexpected close
at the sending server, the error was:
Deferred: Operation timed out with
and mails can't get in even if their really small. It turns out one of the RBLs I've configured is not responding anymore. I've commented out till I find out which one.
Look for:
FEATURE(`dnsbl',blah blah...
and comment them out:
dnl FEATURE(`dnsbl',blah blah...
run make or rebuild sendmail.mc then restart/reload sendmail.
20080528
20080516
20080422
Recursive tasks unix style
I had to update a php file and each php file is under a different folder. A folder represents a site I'm updating:
site1.com
site2.net
site3.com.tw
so, I had to:
for j in *; do echo $j; cd $j/html && (for i in `find . -name "configuration.php"` ; do chflags noschg $i; perl -pi.bak -e 's/apache/apache2/g' $i; chflags schg $i; done; ) && cd ../.. ; done
I needed two loops as find would crap out because of the extra deep directory structure. Or maybe there's a flag to tell find not to go eny deeper than 1?
You might be wondering what's the chflags is for. It's an extra measure it won't get overwritten by Apache even if the the owner is root:wheel.
20080403
Securing RedHat Linux
From the "it-might-be-useful" department:
http://www.puschitz.com/SecuringLinux.shtml
20080312
Remove ^M in files
After transfering files from the Windows/DOS world, you somtimes get ^M at the end of each line. To remove:
tr -d \\r < dosfile > newfile
Subscribe to:
Posts (Atom)