Category Archives: software

use lfd to scan logfiles for custom auth failures

linux, regex, tools, ubuntu

2 examples:

/var/log/mail.log
scan for smtp auth failures like

Jul 14 08:34:54 ns1 postfix/smtpd[20888]: warning: unknown[xx.xx.xx.xx]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

/var/log/auth.log
scan for dovecot imap login failures like

Jul 14 08:34:05 ns1 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=contact rhost=xx.xx.xx.xx

in /etc/csf/csf.conf define

CUSTOM1_LOG = "/var/log/mail.log"
CUSTOM2_LOG = "/var/log/auth.log"

in /etc/csf/regex.custom.pm
add

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\[\d+\]: warning:.*\[(\d+\.\d+\.\d+\.\d+)\]: SASL [A-Z]*? authentication failed/)) {
return ("Failed SASL login from",$1,"mysaslmatch","5","list of ports to block this IP","14400");
}

if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ auth:\ pam_unix\(dovecot:auth\): authentication failure; .* rhost\=(\d+\.\d+\.\d+\.\d+)/)) {
return ("Failed dovecot auth login from",$1,"dovecot_auth_match","5","list of ports to block this IP","14400");
}

migrating old typo3 instances from (mysql 5.1 / php 5.3) => (mysql 5.5 / php 5.4)

apache, mysql, typo3

in typo3conf/localconf.php append

$TYPO3_CONF_VARS['SYS']['exceptionalErrors'] = E_ALL ^ E_NOTICE ^ E_DEPRECATED ^ E_WARNING ^ E_USER_ERROR ^ E_USER_NOTICE ^ E_USER_WARNING ^ E_STRICT;
$TYPO3_CONF_VARS['BE']['forceCharset'] = 'utf-8';
$TYPO3_CONF_VARS['SYS']['setDBinit'] = 'SET NAMES utf8';

convert tables containing content to utf-8


ALTER TABLE pages CONVERT TO CHARACTER SET utf8;
ALTER TABLE tt_content CONVERT TO CHARACTER SET utf8;
ALTER TABLE pages_language_overlay CONVERT TO CHARACTER SET utf8;

you might need to convert others too like tt_news, tt_products, etc…


ALTER TABLE tt_news CONVERT TO CHARACTER SET utf8;
ALTER TABLE tt_products CONVERT TO CHARACTER SET utf8;

do not forget to clear cache …

Do you encounter the follosing strange behavious after: page looks ok if loaded after cache clear but special chars are displayed wrong when loaded from the cache? This can help:


ALTER TABLE cache_pages CONVERT TO CHARACTER SET utf8;

Rails: seed data from fixtures

rails

Suppose you want to collect your seed data from your fixtures…

past the following in you db/seeds.rb – file:
Dir.glob('test/fixtures/*.yml').each do |file|
ActiveRecord::Fixtures.create_fixtures("#{Rails.root}/test/fixtures", File.basename(file).split(".").first)
end

Works in my new Rails 3.2.10 environment using ruby 1.9.3

automated patching against SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)

FreeBSD, linux, rails, ruby

Suppose you have a server with multiple rubies, rvms, gemsets, etc…

Manually finding and patching all affected activerecord-gems would be pretty cumbersome.

The following script does the job for you:


#!/usr/bin/env ruby

SEARCH_DIR = "/" # by default search the entire filesystem
ACTIVERECORD_GEM_VERSIONS = ['2.3','3.0','3.1','3.2']
PATCHES = {
'2.3' => 'https://bugzilla.redhat.com/attachment.cgi?id=672189',
'3.0' => 'https://bugzilla.redhat.com/attachment.cgi?id=672190',
'3.1' => 'https://bugzilla.redhat.com/attachment.cgi?id=672191',
'3.2' => 'https://bugzilla.redhat.com/attachment.cgi?id=672192',
}

#1. Find all activerecord 2.3.x, 3.0.x, 3.1.x, 3.2.x gems on this machine
gem_paths = {}
puts "Searching for activerecord gems inside #{SEARCH_DIR} ... "
ACTIVERECORD_GEM_VERSIONS.each do |version|
gem_paths[version] = `find #{SEARCH_DIR} -path '*/gems/activerecord*' -name 'activerecord-#{version}.*' -type d`.split("\n")
puts "Found the following activerecord gems for version #{version}:"
puts gem_paths[version]
end

#2. Download the 4 patches here
puts "Downloading the patches ... "
ACTIVERECORD_GEM_VERSIONS.each do |version|
`wget -O patch-#{version}.patch --no-check-certificate #{PATCHES[version]}`
end
puts " ... done"

#3. Apply the patches
ACTIVERECORD_GEM_VERSIONS.each do |version|
gem_paths[version].each do |gem|
puts "--------------------------\nApplying patch for gem #{gem}"
puts `cd '#{gem}'; patch -tN -p2 < '#{File.expand_path(File.dirname(__FILE__))+"/patch-"+version+".patch"}'` end end

This script searches for affected activerecord gems, downloads the required patches and applies them individually.

You might need to run it as root, and it could take a while searching your entire filesystem...
If you know where all your gems are located change the
SEARCH_DIR = "/yougemrepository"

Tested on linux, freebsd

romanian translation for spree_i18n

rails, ruby, tools

Are you using spreecommerce?

We too 🙂

We just completed a romanian translation for spree, it’s available in the “official” spree_i18n-gem.
Take a look at our translation we just commited:
https://github.com/spree/spree_i18n/commit/9467f8fb00454bd56b7941ded443e937583689fa

To use it in your rails app, simply:
1. Add the following to your Gemfile
gem 'spree_i18n', :git => 'git://github.com/spree/spree_i18n.git'

2. Insert the following line in you config/application.rb

module Spreee
class Application < Rails::Application ... config.i18n.default_locale = :ro end end

3. bundle install - și gata 🙂

SSL certs from STARTSSL – for nginx

FreeBSD, linux, nginx

Follow all necessary stept until Startssl gives you the ssl.key

openssl rsa -in ssl.key -out ssl.key

Follow further stepts until Startssl gives you the ssl.crt
Download StartSSL’s root CA and class 1 intermediate server CA certificates:
http://www.startssl.com/certs/ca.pem
http://www.startssl.com/certs/sub.class1.server.ca.pem

Now create a unified certificate:

cat ssl.crt sub.class1.server.ca.pem ca.pem > ssl-unified.crt

Upload the files ssl.key and ssl-unified.crt to the server
Do not forget to chmod 600 ssl.key
In your nginx ssl vhost include:

ssl on;
ssl_certificate /path/to/ssl-unified.crt;
ssl_certificate_key /path/to/ssl.key;

download from a stubborn ftp using wget

software 
We had the following issue:
Status:	Resolving address of ftp.example.com
Status:	Connecting to 192.0.43.10:21...
Status:	Connection established, waiting for welcome message...
Response:	220 Welcome to this FTP Server
Command:	USER our-username
Response:	331 Please specify the password.
Command:	PASS *******
Response:	230 Login successful.
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/"
Command:	TYPE I
Response:	200 Switching to Binary mode.
Command:	PASV
Response:	227 Entering Passive Mode 
Command:	LIST
Error:	Connection timed out
Error:	Failed to retrieve directory listing
the FTP server just would work in passive mode, and about every FTP-Client
we had was defaulting to Passive mode because we are behind a rooter and
obviously most ports aren't forwarded for security reasons.
What worked in the end was WGET
wget -m ftp://username:password@ftp.servername.com/foldername --no-passive-ftp
the -m option for wget means "mirror", so it mirror the folder structure on the server
(this is similar to -r but you don't have to specify which files using *
--no-passive-ftp sets wget to use only active connection