(   )
                          (    )
                           (    )
                          (    )
                            )  )
                           (  (                  /\
                            (_)                 /  \  /\
                    ________[_]________      /\/    \/  \
           /\      /\        ______    \    /   /\/\  /\/\
          /  \    //_\       \    /\    \  /\/\/    \/    \
   /\    / /\/\  //___\       \__/  \    \/
  /  \  /\/    \//_____\       \ |[]|     \
 /\/\/\/       //_______\       \|__|      \
/      \      /XXXXXXXXXX\                  \
        \    /_I_II  I__I_\__________________\
               I_I|  I__I_____[]_|_[]_____I
               I_II  I__I_____[]_|_[]_____I
               I II__I  I     XXXXXXX     I
            ~~~~~"   "~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 29 Dec 2009

Viewing the Top-Ten Worst SSH Attackers

If you must maintain an 'open' SSH server, this might come in handy. This is a quick way to view the top ten worst offending SSH attackers in your secure log. It works on Red Hat-based Linux boxen (e.g., CentOS, Fedora), but it can easily be modified for other OS's by just changing the pattern or logfile.

[root@mail ~]# grep 'Failed password for invalid user' /var/log/secure* \ | perl -nle 'print $1 if /from.+?(\d+\.\d+\.\d+\.\d+)/' \ | sort -n | uniq -c | sort -nr | head -n 10 1888 200.123.110.118 1058 187.17.82.179 1010 72.2.10.4 372 201.38.138.2 330 189.19.9.217 250 218.61.35.119 250 210.181.198.94 146 88.199.11.170 140 72.55.164.232 140 115.93.93.123 [root@mail ~]#

posted at: 16:44 | path: / | permalink | Linux, Logs, SSH, Security, Sysadmin, Tips

Sat, 03 Oct 2009

Squirrelmail Error

I came across an obscure error using Squirrelmail recently. The error was just the text "ERROR : Connection dropped by imap server" after attempting to login with a newly-created user - less than helpful, and the server logs were no help (I'm using the Dovecot IMAP server). I was thrown off by the fact that I had recently migrated this client's installation to a new server, and thought everything should have worked as it had before. The key turned out to be that this was a brand-new user account, and that user's Maildir folders were missing. The easy fix is to create the maildir folders:

su - newuser maildirmake $HOME/Maildir

One odd result of the failure to create the Maildir folders was that incoming mail was stuffed into an mbox-formatted mailbox named 'Maildir' in that user's home directory. I was able to convert this to maildir format using a nifty utility called mb2md. Here is the entire sequence of commands:

su - newuser mv Maildir mboxfile maildirmake $HOME/Maildir ./mb2md-3.20.pl -s mboxfile

I then copied an empty Maildir folder hierarchy to /etc/skel so it would be copied into new user accounts.

posted at: 20:59 | path: / | permalink | Squirrelmail, Sysadmin, Tips

Sun, 13 Sep 2009

Using Rlwrap to Keep Your Commandline Sanity

After many years of commandline use, I've gotten spoiled by the pervasiveness of GNU readline in shells and other shell-like apps, like the MySQL shell. When I do sit down and try to use an app without such support, the result is a fairly painful mix of cursing and visible control characters (Oracle's sqlplus interface is probably the poster child for miserable CLI experiences, with no convenience facilities whatsoever).

An easy way around this is to use rlwrap, a nifty little program that gives any badly-designed CLI interface full readline capabilities, including command history, searching and editing. Most Linux distros have packages for it, but if not, just download and install the source yourself. It's not very large, and can be installed in a local bin directory if needed. Then you do something like rlwrap sqlplus FOO/password@db1 @sql/settings.sql or rlwrap mailx. Enjoy!

posted at: 14:36 | path: / | permalink | Linux, Rlwrap, Sysadmin, Tips, Unix

Tue, 04 Aug 2009

When Mutt Thinks Mailboxes Always Have New Mail

On SDF the non-inbox user mail files are accessed via an NFS mount. Mutt [0]has a hard time figuring out when an NFS mbox file has been modified in some circumstances. So when you press 'c' in the index view, your mailboxes always appear to have new mail. Highly irritating. The fix is to add "set check_mbox_size=yes" to your .muttrc (apparently this works only in more recent versions of mutt, the one on SDF is 1.5.19. Older versions [pre 1.5.15] can use a compile-time option "+BUFFY_SIZE").

posted at: 12:15 | path: / | permalink | Email, Mutt, Tips