Recently, I made the script to patch your BASH environment available on this site, but that meant a need to copy and paste.
Using a user with the appropriate rights, you can now pipe directly using a quiet wget to make the full recompile to most recent BASH version possible.
All you need is this line: (more…)
Updated to latest kernel patch bash43-30
You’ve heard of ShellShock, and the bash-exploits that are currently doing the rounds, across platforms, that make use of these bugs (CVE-2014-6271 and the volumes of additional updates including CVE-2014-6277, CVE-2014-7186, CVE-2014-7187 and CVE-2014-7169, but to name a few). Proofs of Concept are being collected here… The below works as a vulnerability fix for older Ubuntu LTS and non-LTS versions, Debian (eg Squeeze) as well as Fedora and RedHat/CentOS, and applies all up-to-date patches to Bash.
bash – as a shell – is a tried and trusted component. Some legacy systems’ repositories – be they apt, yum or other – may no longer be kept up to date. Alternatively, they may not be being kept up-to-date enough for your liking. And you want to close the bash issue in the best way you know how.
Easy workaround is a recompile of the bash shell yourself:
Quick note to myself, as I keep forgetting the syntax, though it is so easy — to block an incoming connection by null routing or rejecting the connection is as simple as
route add -host IP reject
To apply this to a whole subnet range, use the -net as you would with the /24 mask (or the appropriate subnet, /29 or smaller should do), eg
route add -net IP/RANGE reject
To undo this,
route delete IP
So you have a snapshot of data on one drive, and the current state of data on the second drive. How do you copy the difference between the two drives into a third directory?
Rync comes to the rescue here. And it doesn’t take much:
So that it’s documented… I’m using port 8080 as the default port as the likelyhood of your upstream proxy being on 8080 is high – else, typical proxy ports are, of course, 80, 800 (transpartent), 8000, 3128 (squid)
To force your server to force web traffic via a proxy, just two quick things to set – in /etc/environment, export one (or two) variables: (more…)
You knew it already – but I keep forgetting – the power of zgrep and zcat both of which behave as their z-less counterparts.
So, to search a gzip’d file, you can simply zgrep <term> <filename.gz>, or to cat/view it, zcat <filename.gz>
Good to come back to in case of impending forgetfulness…
For self-reference, mainly:
For the Intel Corporation 82574L Gigabit Network Connection on an old kernel that doesn’t have the drivers compiled into it – get the driver and
make install
it on the platform you’re on, and to be sure (if it doesn’t get done for you) to copy to /lib/modules/2.4.36/kernel/drivers/net/ (your kernel may vary, this is an example only) (more…)
Just to jot it down lest I forget:
Tar’ing the local directory and streaming the tarball straight to gzip:
tar cvf - . | gzip > target.tar.gz
MySQLdump’ing directly to gzip: (more…)
It’s a simple one-liner that one tends to forget (that is, one that I forget as I untar more than I manually tar). So creating a tar file from directory and all subdirectories is as simple as
tar -cvf file.tar directory (more…)
Assuming you have a Windows machine and you interact with Linux boxen at any stage, chances are high that you have used and interacted with PuTTY at one stage or another. That beautiful, less than 2 sec, 444K download of a tool (currently at version 0.60 beta) allows you to SSH, COM-direct, RSH, Telnet etc from the desktop. Both examples below relate to MySQL port tunneling.
Running on a proper machine (or even a Windows with Cygwin or a Mac Terminal) allows you to quickly tunnel a session to a remote server: (more…)
There are a lot of words about the MySQL upgrade on Ubuntu 10.04 (64 bit specifically, perhaps the 32bit version too?) — it just hangs:
You get the hopeful message:
Preparing to replace mysql-server-5.1 5.1.41-3ubuntu12.1
but then nothing happens and everything just hangs. (more…)
To enable symlinks in Samba for filesharing across platforms inWindows, modify
/etc/smb/samba.conf
and add in the [global] section:
follow symlinks = yes
unix extensions = no
There has been some discussion about
wide symlinks = yes
However, due to the attack vector on Samba servers from Windows allowing file traversion, back in February 2010, you may want to force-set wide symlinks to no– it works without that declaration and is set to no by default.
Samba. Whopping goodness. Here are a few notes that help in the setup – from user creation, to directory settings etc
This blog post contains a few lessons learnt and thus by extension a migration plan from a Windows file server to a Samba-based one running on Ubuntu 10.04 LTS. I look at users, system vs smbpasswd user creation and linking (set that up in Webmin before you start, as well as for groups), share setups, general permissions and some very basic troubleshooting (as there weren’t many troubles, just headaches.) (more…)
Just a quick note (as I keep forgetting, and a cut-and-paste solution is a quicker time to market) – but you knew that already. Installing Webmin is quite simple (download directly, or from the mirrors). Currently, 1.510-2 is the latest version – check on www.webmin.com for further details. As an aside, the book Webmin Kompakt – by Holger Reibold – is available for download!
So here’s a simple step-by-step: (more…)
So the Security Summit 2010 has come to an end. Featuring speakers such as Moxie Marlinspike, Joe Grand and Jeremiah Grossman (again), it’s a pity to say that there wasn’t much new that was presented. With repeated concerns about input- and output-validation, as the OWASP Top 10 for 2010 highlight and were used as a repeated example, and a call for a holistic approach to a company’s security posture, the idea of making the thought (and practice) of security part of the organisation’s culture came through over and over again. (more…)
It’s quite simple, really: POP3 (Exchange, dovecot etc) you know, IMAP (Exchange, dovecot, courier etc) you know — so this is just a recap, right? You know how to telnet into the machine — in Vista or Windows 7, you may need to install it separately using “Add/Remove Programs”, or just use Putty in Telnet mode…Â otherwise, apt-get install telnet if it’s not on your machine (or yum install telnet)
POP3:
telnet SERVER 110 (more…)
You’re stuck on a Windows box. But you don’t want to install MinGW32? Can’t dual-boot to run Ubuntu or Debian on your Windows machine for some for that GNU happiness that sed, groff, wget, whois and all those happy apps bring with it? (more…)
The mdbtools package for Ubuntu Jaunty includes a command called mdb-export. This allows you to dump the contents of tblName from database.mdb to STDOUT in CSV format like this:
mdb-export database.mdb tblName
Output redirection to capture the output in a file is also supported (not that that’s a feature of the app, as you know):
mdb-export sample.mdb tblFoo > capture.txt