Sven Welzel — Der Blog

Category: sysadmin

  • Update on .co.za and whois.co.za outages

    There’s an update on www.coza.net.za on the system outages they’ve experienced:

    CO.ZA Service Outage Status
    07 Apr 2010
    Original announcement here

    Current Status of co.za services.

    Function Status Comments
    CAPTCHA whois Not affected http://captcha.coza.net.za
    Port 43 whois Not affected whois://whois.coza.net.za
    Primary Database Not affected
    Name Servers Not affected CO.ZA zone integrity unaffected
    Incoming and Outgoing email Not affected Applications queuing on incoming mail server
    RT Ticket system Not affected
    Network Partially affected – Fixed Redundant link restored
    Main web site Affected – Fixed http://www.coza.net.za
    Web whois Affected – Fixed http://www.coza.net.za/whois.shtml
    Registration Engine (Updates, New, Deletions) Proceeeding Normally Backlog processed

    Currently processing queued applications

    Final data sync, Final testing ETA afternoon of 8th

    New machine commissioned, OS Installed Restoring historic data
    Payment Processing In progress Commencing on the 9th – ETA of backlog completion 11th

    Processing of Suspension/Deletions suspended until complete
    Online VISA/Mastercard payments In progress ETA 9th

    Processing of Suspension/Deletions suspended until complete

  • synch.cc has just launched systemsaudit.co.za

    You deserve to take a break and let the synch.cc system audit service take care of things for you
    Now you get to kick back – a dog's life!

    It’s up – the full network and business system audit and asset tracking service by synch.cc, tracking hardware, software and assets using a background scheduler – more at systemsaudit.co.za!

    A systems auditing service with clean reporting and charts like this has never been easier!

    Had to just add a plug for it here, too 🙂

    And the picture of the puppy was just too cool to resist!

  • Clamav errors on upgrade to 0.96 clamd and clamav-milter

    Some updates to the yum-sent clamav-milter.conf and (to a lesser extent) clamd.conf may be necessary.

    After an automatic yum-update of the clamd family on RHEL, there’s a disparity in the way clamav-milter listens and clamd services the socket or port connection — clamav-milter doesn’t know what to go with (local socket on unix:/tmp/clamav.socket or tcp:127.0.0.1) – so you need to tell it. Otherwise, you get messages such as the below in you clamav-milter.log:

    clamav-milter[5149]: No clamd server appears to be available
    ERROR: Failed to initiate streaming/fdpassing

    So make sure the ClamdSocket in clamav-milter.conf points to the LocalSocket that clamd.conf says it’s broadcasting on. So if clamd.conf is

    LocalSocket /tmp/clamd.socket

    clamav-milter.conf should have

    ClamdSocket unix:/tmp/clamd.socket

    Else, if you’re on LocalSocket on 127.0.0.1 on the default port, just set ClamdSocket as below:

    ClamdSocket tcp:127.0.0.1

    Also, be sure to do an sa-update

    Simple, eh? But you knew that already! 🙂

  • Step-by-step virus disassembly

    Over at SkullSecurity they’ve done a great job of a step-by-step disassembly of the Energizer Trojan using IDA. Using a sterile/insight environment, they go through the code to give you an insight into the workings of “obfuscation” (or lack thereof), backdoor management (on port 7777) and more.

    Good beginner’s intro with pretty pictures 🙂

  • OpenSSL v1 released after 11 years of development

    After a long, hard struggle of 11 years, which started with these two entries:

    23-Dec-1998: Released OpenSSL 0.9.1c
    23-Dec-1998: Official start of the OpenSSL project

    we are now at the point of “a major release” with v1.0.0 being made available. Fighting tooth and nail not to be a 1.0.0, we’ve seen iterations such as 0.9.8d to 0.9.8n (taking a page out of Google’s book of running pre-release?), though, to be fair, they started at 0.9.1c.

    Go on, then — go and get it!

  • Afrigator.com down?

    No access to afrigator.com, afrigator.biz and blog.afrigator.com – whole system, it seems… and no news on their twitter feed…

    Just early for Earth Hour at 20.30pm today?

    It’s resolving, but not responding…

    PING afrigator.com (69.162.110.42) from coolserver : 56(84) bytes of data.
64 bytes from 42-110-162-69.static.reverse.lstn.net (69.162.110.42): icmp_seq=1 ttl=48 time=276 ms
64 bytes from 42-110-162-69.static.reverse.lstn.net (69.162.110.42): icmp_seq=2 ttl=47 time=264 ms

    On a different note, amazing images of Cape Town and surrounds by Andre van Rooyen at The Fairest Cape

  • Domain registrations in China – turning .cn to .can’t

    I’ve been through the domain name registrations in China, in addition to the full documentation to be submitted to the Chinese authorities in order to not have the .cn account suspended.

    However, now things have become interesting – registering domain names through non-Chinese registration authorities has been suspended since mid December:

    We've disabled the registration of new domains for the moment. CNNIC
changed their rules regarding registration of new domains. Now, they
allow registration just for Chinese companies. Until they clear up
their policies, we've disabled the new domains registration.

    That’s what most registrars are coming back with at the moment. However, GoDaddy has suddenly decided that now – 24 March 2010 – they won’t register domains for Civil rights reasons, amongst others. (more…)

  • MySQL Database optimization

    Just to have them all in one place, and for posterity’s sake, I’ve pulled together some points on how to optimise your MySQL programming.

    First off, the result of Session 1 of MySQL Camp 1:

    1. Use EXPLAIN to profile the query execution plan
    2. Use Slow Query Log (always have it on!)
    3. Don’t use DISTINCT when you have or could use GROUP BY
    4. Insert performance
      1. Batch INSERT and REPLACE
      2. Use LOAD DATA instead of INSERT
    5. LIMIT m,n may not be as fast as it sounds
    6. Don’t use ORDER BY RAND() if you have > ~2K records (more…)

  • KnowledgeTree 3.7.0.2 Document Indexing and Indexer issues (SOLVED)

    Argh. Well, it’s really not quite out of the box, at least on Ubutu Server 9.10 (after reinstallations required after initial failures…), so this is just a selection of the fixes that made the import and indexing of the 160 000 files at 102GB possible. So for KnowledgeTree 3.7.0.2 Commercial Edition (the same holds true for the Community Edition), the following should help:

    1. Use the best-practice advice when doing the local file system import – rather do 10 000 files at a time rather than 100 000 at once. Really. Trust me. It defeats the whole idea of just running a batch job. Completely. As you’d expect the option of saying – just transfer all data in directory X. But alas, that doesn’t work. So do it in batches. Manually.
    2. Tika Apache Indexer for Lucene – not so much on PDFs, Docs, XLS or PPT files. Install catdoc (which includes catppt and xls2csv) and pdftotext (which you’ll find in xpdf-utils).
      1. apt-get install catdoc pdftotext
      2. modify knowledgetree/search2/indexing/extractors/TikaApacheExtractor.inc.php and comment out the mime types that are affected above from the returned array in getSupportedMimeTypes() – PDF, XLS, DOC and PPT: (more…)

  • KnowledgeTree 3.7.0.2 reinstallation site startup failure (SOLVED)

    OpenOffice.org startup failures, indexing issues and other niggles forced me to re-install KnowledgeTree 3.7.0.2 Commercial Edition (the same holds true for the Community Edition) more than once during setup. I was met with this delicious error notification which killed all further activity on the site (and prevented the startup of /setup/wizard/, control.php, browse.php, login.php — well, everything, really):

    Warning: include_once(DB/.php) [function.include-once]: failed to open stream: No such file or directory in /usr/share/knowledgetree/thirdparty/pear/DB.php on line 371

    Warning: include_once() [function.include]: Failed opening ‘DB/.php’ for inclusion (include_path=’/usr/share/knowledgetree/search2:/usr/share/knowledgetree/ktapi:/usr/share/knowledgetree/thirdparty/xmlrpc-2.2/lib:/usr/share/knowledgetree/thirdparty/simpletest:/usr/share/knowledgetree/thirdparty/Smarty:/usr/share/knowledgetree/thirdparty/pear:/usr/share/knowledgetree/thirdparty/ZendFramework/library:.:/usr/local/zend/share/ZendFramework/library:/usr/local/zend/share/pear:/usr/share/knowledgetree/thirdparty/pear’) in /usr/share/knowledgetree/thirdparty/pear/DB.php on line 371

    Warning: Cannot modify header information – headers already sent by (output started at /usr/share/knowledgetree/thirdparty/pear/DB.php:371) in /usr/share/knowledgetree/config/dmsDefaults.php on line 299 (more…)

  • KnowledgeTree 3.7.0.2 – OpenOffice startup script (SOLVED)

    Having repeatedly received the error that OpenOffice.org is not running on the standard installation of KnowledgeTree 3.7.0.2 Commercial Edition (the same holds true for the Community Edition), further investigation was necessary. The key area of investigation must focus on the dmsctl.sh file, particularly from line 47 onwards, but more of that further down below. This is on Ubuntu (9.10 Server).

    First, do a few quick checks:

    1. Is the process running? Anywhere?
      Check whether OpenOffice.org is actually running, using a simple netstat -pant| grep 8100 — as the default installation is running with a headless OpenOffice.org on port 8100. You should see something like:

      tcp  0 0 127.0.0.1:8100 0.0.0.0:*  LISTEN  9655/soffice.bin

      For the fix in question, it wasn’t giving any results on this check (sudo the commands where required, but you knew that already), which means that it’s not running properly. Also,

      ps -aux | grep soffice

      gave no results, indicating non-functioning backend software.
       (more…)

  • Ubuntu 10.04 LTS now in beta

    Ubuntu 10.04 LTS (beta) now out…

    Ubuntu 10.04 went beta yesterday afternoon, with downloads at http://releases.ubuntu.com/10.04/, otherwise from the download mirrorsLucid Lynx, as it’s called, enjoys LTS support (ie 5 years out the box).

    This version promises as a better (and faster) boot experience, new themes, version 2.6.32 as the Linux kernel, Firefox as default browser — with default browser page changed to Yahoo! (that’s new!) nVidia hardware support using open source drivers has improved, and a whack of new features for the Ubuntu Enterprise Cloud have been included. (more…)

  • Windows 2008 RC1 Service Pack, Windows 7 SP comes early

    Microsoft today announced service packs for both Windows 7 and Windows Server 2008 R2, but declined to set a release date or a schedule for getting a beta in users’ hands.

    There’s no concrete roadmap (or tar one, for that matter) yet, but it’s good to see that, if Redmond sticks to it, the 22 month deployment cycle will be revised with a view toward tied-off user systems patched to baselevels. Microsoft suggests minor patches and hotfixes to be included in this roll-out.

    The reason for the overlap between the service packs is the code-base overlap between the two operating systems – remind me to blog about the beauty of Windows 2008, or “how I installed Windows 2008 Enterprise in 6 minutes”.

    We should be able to expect (unofficially) the roll-out from October 2010 onwards, with a focus on end November 2010.

    Based on registry entries found in the base Windows 7 deployment, there are eligibility registry keys that may prevent the service pack to install — but that shouldn’t be a problem as long as it’s only linked to registered and legal software…

  • Security Summit 2010

    Moxie Marlinspike will be at the Security Summit 2010 this year at the Sandton Convention Centre – well, at least he’s on the lineup – and should give some insights; Jeremiah Grosman is back (from White Hat Security) and Joe Grand (from l0pht Heavy Industries – remember l0phtCrack?) will also have some words to say.

    Lets hope that the vendor presentations will be kept a mimimum with a focus on content rather than “Oh, we are great”…

    Johannesburg, May 11-13, 2010

  • Internet Explorer 9 will not support XP

    Bigger, better – more compliant?

    While so many corporates are still locked into a Windows XP / IE6 platform, Internet Explorer 9 (IE9) looms on the  horizon, “now even more compliant” (don’t you just love that: “not quite, but getting there…”)

    In an effort to make Windows XP finally disappear from the landscape through a ‘force migration’ to Windows 7, Microsoft has released a statement relating to the interoperability between the legacy, no longer supported (but so-much-more-stable -than-Windows-98-and-Windows-ME (meh!)) Windows 98 and the next incarnation of their now choice-based Internet Explorer (remember – in Europe, free choice of web browser now required by the EU). (more…)

  • Cracking passwords fast with rainbow tables on SSD

    A Swiss firm, Objectif Sécurité, makers of Ophcrack_Office (for Word and Excel files) and Ophcrack Open Source (over at sourceforge.net), has tweaked their application to crack XP passwords with up to 14 characters on a Steady State Drive interface (think of large, light, laptop drive using Flashdrive technology) through rainbow tables (pre-calculated hashes) in an average of 5.3s.

    Seek times on the SSD seem to be the big tweak here:

    Oechslin has fitted an elderly Athlon 64 X2 4400+ with an SSD and the optimised tables. This system can, with only a 75% CPU utilisation, crack a 14 digit password with special characters, in an average of 5.3 seconds. Oechslin says that, worst case, it should be able to search arithmetically through 300 billion passwords per second, a speed that is a factor of 500 faster than an Elcomsoft cracker supported by a modern Tesla GPU from NVIDIA.

    (more…)

  • Excel 2007 password, cell and sheet protection removal – unprotect/remove password easily

    Elmcomsoft has a variety of really good brute-force and dictionary-based password attacks on the full Office suite, including a distributed version to run in the cloud (which I wrote about some time ago). As cool as the software is, it doesn’t allow the removal of cell-based or sheet-based passwords (which kinda sucks), and the password.xla file which seems to be the big thing from staxx.com requires a whole whack of goodies to run on Office 2007 natively.

    Enter the same macro that McGimpsey & Associates published in 2004 (reproduced here as per their GPL licence) that removes all internal Excel Passwords: (more…)

  • And it’s 2.9.2 time

    WordPress has upgraded to 2.9.2, which fixes the issue that “logged in users can peek at trashed posts belonging to other authors”.

    So upgrade already! 🙂

  • jQuery 1.4 improvements

    Over at jQuery14 the full list of progress, changes and improvements, notably (amongst other things) in the .css and .attr methods, as well as new AJAXian improvements. Also, event multi-binding is now (finally) available! (more…)

  • How a Web Design goes straight to hell…

    Many, many, many can attest to the tail of trauma, pain and suffering, as well as deep, well-meant user input created by an environment which is free-flowing, without pre-set specifications, requirements and design parameters. Pain. Argh.

    Well done, TheOatMeal! He also does a really good piece on What not to Tweet about on Twitter

    Oh — and in case you were wondering — here are 10 signs to check to see whether your cat is plotting to kill you. 🙂