(   )
                          (    )
                           (    )
                          (    )
                            )  )
                           (  (                  /\
                            (_)                 /  \  /\
                    ________[_]________      /\/    \/  \
           /\      /\        ______    \    /   /\/\  /\/\
          /  \    //_\       \    /\    \  /\/\/    \/    \
   /\    / /\/\  //___\       \__/  \    \/
  /  \  /\/    \//_____\       \ |[]|     \
 /\/\/\/       //_______\       \|__|      \
/      \      /XXXXXXXXXX\                  \
        \    /_I_II  I__I_\__________________\
               I_I|  I__I_____[]_|_[]_____I
               I_II  I__I_____[]_|_[]_____I
               I II__I  I     XXXXXXX     I
            ~~~~~"   "~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 29 Dec 2009

Viewing the Top-Ten Worst SSH Attackers

If you must maintain an 'open' SSH server, this might come in handy. This is a quick way to view the top ten worst offending SSH attackers in your secure log. It works on Red Hat-based Linux boxen (e.g., CentOS, Fedora), but it can easily be modified for other OS's by just changing the pattern or logfile.

[root@mail ~]# grep 'Failed password for invalid user' /var/log/secure* \ | perl -nle 'print $1 if /from.+?(\d+\.\d+\.\d+\.\d+)/' \ | sort -n | uniq -c | sort -nr | head -n 10 1888 200.123.110.118 1058 187.17.82.179 1010 72.2.10.4 372 201.38.138.2 330 189.19.9.217 250 218.61.35.119 250 210.181.198.94 146 88.199.11.170 140 72.55.164.232 140 115.93.93.123 [root@mail ~]#

posted at: 16:44 | path: / | permalink | Linux, Logs, SSH, Security, Sysadmin, Tips

Sat, 03 Oct 2009

Squirrelmail Error

I came across an obscure error using Squirrelmail recently. The error was just the text "ERROR : Connection dropped by imap server" after attempting to login with a newly-created user - less than helpful, and the server logs were no help (I'm using the Dovecot IMAP server). I was thrown off by the fact that I had recently migrated this client's installation to a new server, and thought everything should have worked as it had before. The key turned out to be that this was a brand-new user account, and that user's Maildir folders were missing. The easy fix is to create the maildir folders:

su - newuser maildirmake $HOME/Maildir

One odd result of the failure to create the Maildir folders was that incoming mail was stuffed into an mbox-formatted mailbox named 'Maildir' in that user's home directory. I was able to convert this to maildir format using a nifty utility called mb2md. Here is the entire sequence of commands:

su - newuser mv Maildir mboxfile maildirmake $HOME/Maildir ./mb2md-3.20.pl -s mboxfile

I then copied an empty Maildir folder hierarchy to /etc/skel so it would be copied into new user accounts.

posted at: 20:59 | path: / | permalink | Squirrelmail, Sysadmin, Tips

Sun, 13 Sep 2009

Using Rlwrap to Keep Your Commandline Sanity

After many years of commandline use, I've gotten spoiled by the pervasiveness of GNU readline in shells and other shell-like apps, like the MySQL shell. When I do sit down and try to use an app without such support, the result is a fairly painful mix of cursing and visible control characters (Oracle's sqlplus interface is probably the poster child for miserable CLI experiences, with no convenience facilities whatsoever).

An easy way around this is to use rlwrap, a nifty little program that gives any badly-designed CLI interface full readline capabilities, including command history, searching and editing. Most Linux distros have packages for it, but if not, just download and install the source yourself. It's not very large, and can be installed in a local bin directory if needed. Then you do something like rlwrap sqlplus FOO/password@db1 @sql/settings.sql or rlwrap mailx. Enjoy!

posted at: 14:36 | path: / | permalink | Linux, Rlwrap, Sysadmin, Tips, Unix

Sat, 23 May 2009

A Sysadmin's Lament, or why cPanel Sucks

I've been wrestling with cPanel [0] on and off for years - more lately, and it always reminds me just how much it sucks. It can be convenient if you don't know how to maintain Linux servers and the various associated Internet services (Apache, BIND, etc.), but there really is no playing nicely with it from a command line sense. Once installed, it takes over your system, rendering it impervious to standard sysadmin tricks. What's more, its convenience is really it's downfall, because when something goes wrong with it, two things are true:

  1. The person using it has no idea what is wrong, OR
  2. The person using it knows what is wrong and how to fix it, just not from within cPanel

The end result of this is when cPanel fails, and it will fail at some point, fixing it is near impossible without calling on cPanel for support (I suppose they like it that way).

It's also one example of a software system that if it were open source, it wouldn't change this situation at all. It's basically a giant mass of Perl code that somehow manages to work (mostly), while aggravating the experienced sysadmin. Its automated upgrades are one example of an epic fail waiting to happen. On several occasions I've had clients call me to fix broken email, only to find a cPanel upgrade has b0rked some key part of the Exim config file. Umm...first, upgrading key system software is not to be taken lightly, and let's not even discuss why the fuck Exim is being upgraded automatically. Second, upgrades should never, and I mean never touch config files without asking. Debian has it right on this one [1]. Do yourself a favor - turn off cPanel upgrades immediately after installation (or better yet, don't install it).

Finally, I can't possibly let this post go without whining about how cPanel and all the other web-based hosting/sysadmin control panels have created an entire generation of so-called 'system administrators' in need of a giant clue bat.

There, I feel better now.

posted at: 09:09 | path: / | permalink | Linux, Sucks, Sysadmin, cPanel

Tue, 12 May 2009

Clueless Admins

Some people have no business maintaining Linux servers. I recently had someone ask me to fix his non-working LAMP web app. He gave me the contact details of the web host admin. So you can be spared the pain I went through, here are six warning signs you might be dealing with a novice Linux admin:

  1. You notice the "X-Mailer: Microsoft Windows Mail..." in your email correspondence with said admin.
  2. You ask for SSH shell access and are told to use puddy [sic].
  3. You ask again for SSH access details and are told to "just select the host from the dropdown menu".
  4. You are finally able to log in to the hosted account. Of course most everything under the web root has permissions 666 and 777, because "nothing worked unless we did that".
  5. There are a multitude or random iframe and pr0n infestations [see the previous item].
  6. When you ask for root access to fix the egregious permissions issues, are told no, because that would change permissions "system-wide". And besides, he adds for good measure, "You could really screw things up".

posted at: 11:45 | path: / | permalink | Linux, Sysadmin, WTF