Thursday, September 5, 2013

FEDORA systemctl start rc-local

Auto running commands at boot

Create the rc.local file in the /etc/rc.d directory, 
and make sure the first line is #!/bin/sh

/etc/rc.d/rc.local file also can start at the top with:

#!/bin/bash

Then activate this service with something like:

# systemctl enable rc-local.service

Make the rc.local file executable
# chmod 700 /etc/rc.d/rc.local

If there's problems :
cat /var/log/messages | grep rc.local

/etc/rc.d/rc.local is the place for the commands but you have to ensure the
rc-local service is enabled and running.

[root@gate depit]#
[root@gate depit]# service rc-local status
Redirecting to /bin/systemctl status rc-local.service
rc-local.service - /etc/rc.d/rc.local Compatibility
Loaded: loaded (/usr/lib/systemd/system/rc-local.service; static)
Active: failed (Result: exit-code) since Wed 2013-11-27 23:22:57 EET; 42min ago
[root@gate depit]#

/etc/rc.local does not get executed on sytem bootup
https://bugzilla.redhat.com/show_bug.cgi?id=843735
fedora systemd service "rc-local" ExecStart "code=exited" "status=7"

Description of problem:
/etc/rc.local is the script within whihc if any commands are found should get executed on bootup, but is not happening on Fedora 19

I am using Network-Manager. network daemon is switched off & ethernet interfaces are managed by NM only.


I think this will work for you if you do 'systemctl enable NetworkManager-wait-online.service'.

Getting Fedora 18, 19 to start the service can be done as root:

# systemctl start rc-local
# systemctl status rc-local

How to disable screen blanking on text console :

if setterm command is put on rc.local , then it has no effect :

setterm -blank -0

instead , add setterm -blank X (X in minutes, 0 to disable) to a shell init file like .bashrc.

after login ,

cat /sys/module/kernel/parameters/consoleblank 
returns 0 
http://unix.stackexchange.com/questions/8056/disable-screen-blanking-on-text-console
http://superuser.com/questions/152347/change-linux-console-screen-blanking-behavior

named chroot on Fedora 18

systemctl stop named.service
systemctl disable named.service
systemctl enable named-chroot.service
systemctl start named-chroot.service

named and chroot troubleshooting on Fedora 18

vsftpd selinux fedora 18

getsebool -a | grep ftp
ftp_home_dir --> off
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> off
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
tftp_anon_write --> off
tftp_home_dir --> off

setsebool ftp_home_dir on

setsebool -P ftp_home_dir 1 
to make it permanent

getsebool -a | grep ftp

ftp_home_dir --> on

ftpd_anon_write --> off

ftpd_connect_all_unreserved --> off

ftpd_connect_db --> off

ftpd_full_access --> off

ftpd_use_cifs --> off

ftpd_use_fusefs --> off

ftpd_use_nfs --> off

ftpd_use_passive_mode --> off

httpd_can_connect_ftp --> off

httpd_enable_ftp_server --> off

sftpd_anon_write --> off

sftpd_enable_homedirs --> off

sftpd_full_access --> off

sftpd_write_ssh_home --> off

tftp_anon_write --> off

tftp_home_dir --> off

ERROR :
500 OOPS: vsftpd: refusing to run with writable root inside chroot ()

SOLUTION :
vi /etc/vsftpd.conf and add the following
allow_writeable_chroot=YES

Configuring vsftpd

File Transfer Protocol

Tuesday, July 16, 2013

MAIL EXPN VRFY ETRN

sendmail ERROR "did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA"

We had to investigate problems relaying mail from a certain IP. Looking through the MTA logs, we see:

Jul 16 15:40:29 gate sendmail[30309]: r6GCcjKJ030309: spamfilter2.starnet.md [178.168.2.134] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTAJul 16 15:57:11 gate sendmail[30913]: r6GCtSW0030913: spamfilter2.starnet.md [178.168.2.134] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTAJul 16 16:17:12 gate sendmail[31567]: r6GDFTme031567: spamfilter2.starnet.md [178.168.2.134] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTAJul 16 16:18:16 gate sendmail[31617]: r6GDGVie031617: smtpclu-6.eunet.rs [194.247.192.231] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTAJul 16 16:22:57 gate sendmail[31786]: r6GDLEbe031786: smtpclu-6.eunet.rs [194.247.192.231] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTAJul 16 16:50:59 gate sendmail[32740]: r6GDnIa1032740: smtpclu-6.eunet.rs [194.247.192.231] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTAJul 16 17:22:54 gate sendmail[1672] : r6GEL9oM001672: smtpclu-6.eunet.rs [194.247.192.231] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

On the other side , the error eMaiL was :

Reporting-MTA: dns; spamfilter.starnet.md
Arrival-Date: Tue,  9 Jul 2013 22:03:38 +0300 (EEST)

Final-Recipient: rfc822; dircom@mydomain.com
Action: failed
Status: 4.0.0
Diagnostic-Code: X-Spam-&-Virus-Firewall; connect to
    [27.10.97.70]: read timeout

A Cisco PIX between the host and our mail relay is performing SMTP inspection ("SMTP Fixup").

The sending MTA apparently does not know how to handle a "500 5.5.1" response from our MTA, and keeps the connection open for one hour (default Timeout.command in sendmail). After one hour, our MTA closes the connection.

As a workaround, enable ESMTP inspection, or disable SMTP inspection. ESMTP inspection allows commands described in RFC 2821. Note that ESMTP inspection and SMTP inspection are mutually exclusive.

http://brandonhutchinson.com/wiki/SMTP_Fixup_problems
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008064730a.shtml

http://frustratedtech.com/post/41281442135/sendmail-dropping-connections-from-monitoring-servers
http://www.sendmail.com/sm/open_source/docs/configuration_readme/

Sendmail Dropping Connections From Monitoring Servers?

I’ve been seeing this frequently.  We currently use IPMonitor at work. 
 I hate it.  But, it is what it is, gotta use what is provided.  So, 
this monitoring system uses snmp to check all services and then it also 
tries to connect to smtp.  However, one server is setup to require pop3 
login before smtp access can be acquired.  This was giving plenty of 
false positives for the monitoring system since we were seeing this 
message a lot.

# tail -f /var/log/maillog

Jan 23 04:02:02 LUX5 sendmail[8278]: r0N922sj008278: [123.456.789.10] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

To fix this I needed to add the monitoring server to the access file for sendmail to accept the connection.

# nano /etc/mail/access

# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
connect:localhost.localdomain           RELAY
connect:localhost                       RELAY
connect:127.0.0.1                       RELAY
######ADD YOUR IP BELOW#########
connect:123.456.789.10                  OK

Then
 just rebuild the database and restart sendmail. You will see see the 
error message, but at least you will no longer get the false positives.

# makemap hash /etc/mail/access < /etc/mail/access

# service sendmail restart

Monday, July 15, 2013

Switch Your Coding Life: Android - Check the database on DDMS

Switch Your Coding Life: Android - Check the database on DDMS: Android utilizes the SQlite database by default. However, for security reasons, the sqlite3 is not installed on many Android devices (At least on Android 2.3.3). To work with it, one could root the phone and install sqlite3 by hand. The another way to do it is working with the emulator.

Because the emulator is a completely open device, there is not restriction to access to the database or to the shared preferences. Once the emulator has been started, the DDMS of eclipse could be used to extract the database and check its structure and the contents.

To make the thing even easier, there is a plugin for the eclipse which allow the coders to access the data inside of DDMS

How to browse an Android SQLite Database from Eclipse Kepler

http://pantestmb.blogspot.ro/2012/04/sqlite-plugin-for-eclipse.html

Tuesday, July 2, 2013

AVD hardware settings - keyboard

After updating Eclipse ( Help Menu -> Check for Updates ) ,
running and debugging my application in the Android Virtual Device (AVD) was a nightmare :
I couldn't use the computer keyboard anymore to enter data in my Android app;
( AVD's keyboard wasn't QWERTY ) ; Entering one digit number took 4 or 5 mouse-clicks :-(

No QUERTY AVD :

http://developer.android.com/tools/devices/managing-avds.html

After adding hardware keyboard support , problem solved :
Hardware property = "Keyboard Support"
Value = "yes"

Hardware options

If you are creating a new AVD, you can specify the following hardware options for the AVD to emulate:

Characteristic	Description	Property
Device ram size	The amount of physical RAM on the device, in megabytes. Default value is "96".	hw.ramSize
Touch-screen support	Whether there is a touch screen or not on the device. Default value is "yes".	hw.touchScreen
Trackball support	Whether there is a trackball on the device. Default value is "yes".	hw.trackBall
Keyboard support	Whether the device has a QWERTY keyboard. Default value is "yes".	hw.keyboard
DPad support	Whether the device has DPad keys. Default value is "yes".	hw.dPad
GSM modem support	Whether there is a GSM modem in the device. Default value is "yes".	hw.gsmModem
Camera support	Whether the device has a camera. Default value is "no".	hw.camera
Maximum horizontal camera pixels	Default value is "640".	hw.camera.maxHorizontalPixels
Maximum vertical camera pixels	Default value is "480".	hw.camera.maxVerticalPixels
GPS support	Whether there is a GPS in the device. Default value is "yes".	hw.gps
Battery support	Whether the device can run on a battery. Default value is "yes".	hw.battery
Accelerometer	Whether there is an accelerometer in the device. Default value is "yes".	hw.accelerometer
Audio recording support	Whether the device can record audio. Default value is "yes".	hw.audioInput
Audio playback support	Whether the device can play audio. Default value is "yes".	hw.audioOutput
SD Card support	Whether the device supports insertion/removal of virtual SD Cards. Default value is "yes".	hw.sdCard
Cache partition support	Whether we use a /cache partition on the device. Default value is "yes".	disk.cachePartition
Cache partition size	Default value is "66MB".	disk.cachePartition.size
Abstracted LCD density	Sets the generalized density characteristic used by the AVD's screen. Default value is "160".

Monday, May 13, 2013

DD-WRT OpenVPN Daemon Settings

http://pantestmb.blogspot.ro/2013/04/dd-wrt-openvpn-router-to-router.html
http://pantestmb.blogspot.ro/2013/04/setup-openvpn-client-to-connect-to-dd.html

Services
VPN
OpenVPN Daemon
OpenVPN Config :

# Servers LAN route
## Push route to server subnet onto all clients
push "route 192.168.61.0 255.255.255.0"
#
## Clients LAN route
route 192.168.101.0 255.255.255.0 172.16.0.2
route 192.168.33.0 255.255.255.0 172.16.0.2
route 192.168.62.0 255.255.255.0 172.16.0.2
route 192.168.15.0 255.255.255.0 172.16.0.2
#
## Bug workaround, this is fixed in r17685
client-config-dir /tmp/openvpn/ccd
#
server 172.16.0.0 255.255.0.0
dev tun0
proto tcp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
management localhost 5001

Administration
Commands
Startup

mkdir -p /tmp/openvpn/ccd
echo "iroute 192.168.15.0 255.255.255.0" > /tmp/openvpn/ccd/bac15cli4res
echo "iroute 192.168.33.0 255.255.255.0" > /tmp/openvpn/ccd/dev03cli4res
echo "iroute 192.168.62.0 255.255.255.0" > /tmp/openvpn/ccd/buc06cli4res

Firewall

iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -I INPUT -p tcp --source 192.168.61.0/24 -j ACCEPT
iptables -I INPUT -p tcp --source 192.168.101.0/24 -j ACCEPT
iptables -I INPUT -p tcp --source 172.16.0.0/16 -j ACCEPT
iptables -I INPUT -i tun0 -p icmp -j ACCEPT
iptables -I FORWARD --source 172.16.0.0/16 -p icmp -j ACCEPT
iptables -I FORWARD --source 192.168.15.0/24 -p icmp -j ACCEPT
iptables -I FORWARD --source 192.168.61.0/24 -p icmp -j ACCEPT
iptables -I FORWARD --source 192.168.62.0/24 -p icmp -j ACCEPT
iptables -I FORWARD --source 192.168.101.0/24 -p icmp -j ACCEPT
iptables -I FORWARD -p tcp --source 172.16.0.0/16 -j ACCEPT
iptables -I FORWARD -p tcp --source 192.168.101.0/24 -j ACCEPT
iptables -I FORWARD -p tcp --source 192.168.61.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

If there is a gateway server - a routing command can be used :
route add -net 192.168.15.0 netmask 255.255.255.0 gw 192.168.16.49

Java & Linux : Fishing in the Desert