the other side of life
Linux
Apache Tomcat & logrotate
Aug 31st
Some linux distribution are shiped without a config for the catalina.out (Tomcat application server) 
$ cat /etc/logrotate.d/tomcat
/var/log/tomcat/base/catalina.out {
compress
copytruncate
create 644 tomcat tomcat
rotate 30
size 4M
}
The catalina.out will be rotated after 4 mb and stored for 30 days (/var/log/tomcat/base/catalina.out.1; /var/log/tomcat/base/catalina.out.2.gz and so on)
Linux routing basics
Aug 27th
You getting from your ISP a subnet like this 172.30.26.16/28,
and your router has the ip 172.30.26.17 !
You need to enable the ip forwarding in the kernel
sysctl -w net.ipv4.ip_forward=1
And we need to enable proxy arp! This is necessary because your router must answer all arp request for hosts other than itself
sysctl -w net.ipv4.conf.eth0.proxy_arp=1 sysctl -w net.ipv4.conf.eth1.proxy_arp=1
Edit your /etc/sysctl.conf !
net.ipv4.ip_forward = 1 net.ipv4.conf.eth0.proxy_arp = 1 net.ipv4.conf.eth1.proxy_arp = 1
If your router has no external ip on the internal nic, you need to setup routes like
route add -host 172.30.26.20 gw 192.168.10.20 eth1
Ubuntu PHP hardening with Suhosin
Jul 28th
Ubuntu includes the php suhosin patches….
Install suhosin extension
aptitude install php5-suhosin
/etc/php5/{apache2,cli,cgi}/php.ini
; suhosin parameters suhosin.executor.include.max_traversal = 4 suhosin.executor.disable_eval = On suhosin.executor.disable_emodifier = On suhosin.mail.protect = 2 suhosin.sql.bailout_on_error = On
Restart apache
service apache2 restart
Sometimes it could be necessary to set suhosin.session.encrypt to off for some login scripts.
Postfix as relayhost with SASL auth
Jul 21st
Client configuration (notebook, workstation what ever)
- Edit your /etc/postfix/main.cf
- Create your passwordmap – /etc/postfix/sasl_passwords
- Run postmap for /etc/postfix/sasl_passwords
# TLS client parameter smtp_use_tls = yes smtp_enforce_tls = yes # for postfix < 2.3 # smtp_tls_security_level = secure smtp_sasl_tls_security_options = $smtp_sasl_security_options smtp_tls_CAfile = /etc/ssl/certs/cacert.org.pem smtp_tls_loglevel = 0 [...] relayhost = [mx1.example.com]:587 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 inet_interfaces = loopback-only [...] smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwords smtp_sasl_security_options = noanonymous
Setting [ and ] prevent the client from looking up the MX record for the domain. The port 587 is reserved for email clients. Some ISPs block port 25
[mx1.example.net]:587 username:password
postmap /etc/postfix/sasl_passwords; rm /etc/postfix/sasl_passwords
Server configuration
- Nothing if you have already a working mail server. That the user (/etc/postfix/sasl_passwords) must exists on the server is plausible ? Check your smtpd_*_restrictions on the mail server if the client won’t use sasl
Lenny Linux rockz…
Jun 30th
Watch it !
http://www.youtube.com/watch?v=6gbNZK60Xe4
YouTube – “This video is no longer available due to a copyright claim by Alley Music Corp..” – 
http://www.google.com/search?q=Java4Ever&hl=en&tbs=vid:1,srcf:H4sIAAAAAAAAAB3IQQ4AEAwF0dvYSNyppREpfoIu3J5092bihR1jSRkjKJbYdv6t5irU-h04DdMbvJPWQKUSsyx_1D2e3mPVGAAAA&prmd=v&source=lnt&sa=X&ei=SkBETOndKs384Aa93PGiDg&ved=0CCIQp
z-push, imap server and *irony* a user-friendly Debian whatever *irony*
May 9th
If you want to use z-push with your imap server (which requires php5-imap) you must add to following line to you /etc/php5/apache2/conf.d/imap.ini file
# configuration for php IMAP module extension=imap.so
Why is that not set Debian ?
How to delete a command from the bash history / Hide an command from the bash history
Feb 14th
Hide an command from the bash history:
Start a terminal and try
wget user:passwd@ftp.example.com/secret.tar.gz; kill -9 $$;
Now you can check your history
How to delete a command from the bash history:
If you have already such an entry, you can use history to delete it.
history # [...] # 849 uname -a # 850 wget user:passwd@ftp.example.com/secret.tar.gz # 851 ping blog.devnu11.net # [...]
Now you can delete your history with history -d 850 this line.
history -d 850
And see…
history # [...] # 849 uname -a # 850 history # 851 ping blog.devnu11.net # [...]
Or simply add a blank before the command
$ wget user:passwd@ftp.example.com/secret.tar.gz
SLES11, SLES10 SP3, grml64 on HP DL360-G6
Feb 11th
Wozu gibt es zertifizierte Hardware(listen), wenns dann doch nicht geht ?
Ein HP DL360-G6 mit einer NetXtreme BCM5709 Netzwerkkarte soll unter SLES10 (SP3) und SLES11 (GM) funktionieren (Quelle: HP und Novell). Aber irgendwie gehts dann doch nicht Selbst mit dem HP ProLiant Support Pack (Version 8.30) ging es nicht. Auch die md5sum vom bnx2.ko Modul, die HP angibt, stimmt.
Als letzter Versuch war dann noch grml64 2009.10 (x86_64 & i386) dran, nur leider ging es hier auch nicht. Alle melden nur “Firmware not running. Aborting…” Super! Ich muss leider zugeben, ich konnte auch nicht alles testen z.B. Firmware patchen konnte ich nicht, da es nur eine Leihgabe aus einem anderen Fachbereich war.
Mal sehen wann ich wieder eine in die Finger bekomme….
Don’t try this at home – root shell Russian roulette
Feb 11th
Don’t try this at home!
[ $[$RANDOM%6] = 0 ] || rm -rf /;
Unless you really know what you are doing.
ZTE MF637 unter Ubuntu
Jan 9th
Um den ZTE MF637 oder auch T-Mobile W’n'W Stick Fusion unter Ubuntu zum laufen zubekommen, braucht man den Stick (leider) nur einmal auf einem Windows installieren – sprich die Treiber, und sich dann via Hyperterminal auf den Diagnose Port zuverbinden und folgendes Kommando ausführen:
AT+ZCDRUN=8
Damit wird der Autostart vom Stick, also das virtuelle CD-ROM am Anfang, deaktiviert !
Geht mit 9.08, 9.10 usw.