Free web based Solaris 10 course from SUN

In the BOSUG mailing list, Venky has mentioned about this free web-based Solaris 10 course from Sun Microsystems themselves:
http://www.sun.com/training/catalog/courses/WS-245.xml

You may need to register for free in the Sun Website for this. But it is more than worth it. Don't miss this golden chance to get an overview of Solaris 10 (and hence OpenSolaris). I didn't yet finish listening it (yeah it is voice enabled presentation made in Macromedia Breeze) but couldn't wait to post about the links. Below are the contents of the course.

Module 1: DTrace
Module 2: Extreme Network Performance
Module 3: Solaris Containers
Module 4: Solaris Containers for Linux Applications
Module 5: Solaris ZFS
Module 6: Solaris 10 Predictive Self Healing
Module 7: Unparalleled Security

Don't miss it guys and spread the news. I am already late, but better late than never :) Enjoy

Creating PostgreSQL datase with custom encoding

To create a database with custom encoding, su as postgres user su - postgres and login into PostgreSQL terminal.

psql template1 postgres

and execute the following SQL command to create the db:

create database username_dbname with owner=username encoding='ENCODING_NAME';

If you get the "CREATE DATABASE" message and no errors, all is ok and you can logout from the terminal by inputing '\q'.

Google enters into Domain Business!!!

Google is into acquisition spree. Where are they heading to ? No more research driver projects eh ? They are trying to make money now by all means possible, by their revolutionary search alogrithm , GFS and many other hot technologies and yes many pet projects of their team. Enough of technology, we are gonna buy Bill Gates soon. Way to go Google. Here is the hot news!!!

Google said it has signed an agreement to resell Web site addresses held by domain name registrar services GoDaddy.com and eNom beginning Friday. Registration has been integrated in Google Apps for Your Domain.

Registration fees are $10 annually. The service will support .com, .org, .net, .biz, and .info domains. The Mountain View, Calif., company said the service also includes the ability to create an administrative account to manage the site and a configuration tool to ensure the Google Apps is available on the new site.

Google Apps for Your Domain includes Gmail, calendar, shared calendaring, Google Talk instant messaging, Google Page Creator, and the Start Page for creating a home page.

The Web site of Bellevue, Wash.-based eNom says domain names to resellers sell for between $6.95 and $8.95 each annually. Mobile domain names, .Mobi, also are available from the site. Scottsdale, Ariz., GoDaddy, sells domains to resellers between $7 and $9 per name, plus an annual fee and additional charges for hosting and security certificates, according to its site.

If it seems a little odd that Google would offer to resell domain names, that’s likely because its engineers are afforded the luxury to explore other types of applications.

Similar to other innovative companies, Google allows intellectual freedom to its engineers of up to 20 percent of their working hours, estimates Guzman & Co. senior equity analyst Philip Remek. “Google probably has about 100 pet projects that will never generate revenue,” he said. “Then you have applications like Google Earth that on first glance looks like a toy, but when linked to local and mobile based search could become a powerful tool.”

As the Internet evolves, some of Google’s pet projects could turn into revenue-generating applications, Mr. Remek said.

Shares of Google rose $1.11 to $483.23 in mid-morning trading. (Not much as it raised when they took over GooTube :-))

Original Article link here

I hate MicroSoft

Nothing new..But I hate MicroSoft. Normally I don't like writing flames, but I am not in a good mood now, after the day turned out to be worst after fighting with my ISP. So have to express my anger here to get my head cool. So here it goes,

I knew that RTR Ready to Run Software, withdrew the support for MS FrontPage extensions. I never used FrontPage, but customers does and I must admit that it is hard to solve their issues without access to FP program. A customer was asking to install FP on his bare server. He was specific about the FP5 version. Ended up at RTR site to read the faq,

#Where can I get the latest Unix/Linux FrontPage Server Extensions?
The FPSE kits are no longer available for download.
 
#I really need the Unix/Linux FPSE kit, can you please send me a copy?
No, unfortunately, end-of-life really means end-of-life.

#May I distribute the FPSE kit(s) that I have previously downloaded?
No.

Searched for a few more, but all I could find is rpm based fp pack inside the plesk's rpm packages. They had everyone removed the file from every google cache.

Though I admit that FP extensions was one of the packages with only security holes, I don't understand why Microsoft has to withdraw the support from Unix completely instead of announcing a EOL ? Looks like MicroSoft was frustrated with the popularity of Unix boxes over Windows. Or did they buy RTR ? I know lots of customers uses FP extensions on Linux, for it's ease of use and support for FP components. Plesk already withdraw the FP support in fresh installation of the panel on Linux. When is cPanel going to ?

I always have a feeling that Anti Piracy cell of Microsoft is doing a great job in spreading Linux and other FOSS. Microsoft, please do more piracy raids, especially at small and medium business. Let me get more clients wanting to convert Windows boxes to Linux and convert their MS Office and Excel docs to sxw and sxi formats.

Ask the IT Managers to pay you per computer connected to the Windows server, and they will consult with us and replace windows server to be replaced with Samba, released under GPL (v2 or v3 ?:-P). Praise the Anti Piracy department of M$ for spreading Linux and other FOSS.

Inside the Linux boot process

Wow..Why did I miss this article :-( No one can explain the linux boot process better. Tim Jones did an excellent job with his article published at ibm.com developerworks, in explaining the linux boot processes. If you are a linux learner at a novice level, this is a must to read. Quoting some linux jokes here, before I give you the link to that article,

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Macs are for those who don't want to know why their computer works.
Linux is for those who want to know why their computer works.
DOS is for those who want to know why their computer doesn't work.
Windows is for those who don't want to know why their computer doesn't work.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


The process of booting a Linux® system consists of a number of stages. But whether you're booting a standard x86 desktop or a deeply embedded PowerPC® target, much of the flow is surprisingly similar. This article explores the Linux boot process from the initial bootstrap to the start of the first user-space application. Along the way, you'll learn about various other boot-related topics such as the boot loaders, kernel decompression, the initial RAM disk, and other elements of Linux boot.

Read more here

Dada Mail Mailing lists v 2.9.2 - Restoring lists and fixing DBM errors

I always recommend Dada Mail lists for any customers having issues with mailman, Most serious hosting companies, limit the emails send out by the customers per hour. In that cases, if your mailing list has more than 1000 customers, and the limit per hour is set to 300 mails per hour, the extra 700 mails will be bounced.

This is where DaDa Mails comes into picture. Off all the other excellent features, what I like is it's flexibility to configure number of emails to be sent at a certain interval (which can be in secs, mins and hours). Now a days, many other one way mailing list application have such feature, like phplist and so on. Does Mailman have that feature I may have missed ?

Okay anyways the issue arised when a DaDa Mail installation suddenly started showing internal server errors. Checked the log file /usr/local/apache/logs/error_log to see the errors displayed as below,

No DBM package was successfully found or installed at /usr/lib/perl5/5.8.0/AnyDBM_File.pm line 15.
Compilation failed in require at admin.cgi line 21.
BEGIN failed--compilation aborted at admin.cgi line 21. 

How did that happen ? A working installation suddenly reports that there is no DBM package. Only reason which I could not confirm though was that perl version was 5.8.0, which was not a desired version on a relatively new cPanel server. Now I had to install the DBM packages. AnyDBM_File.pm was reading @ISA = qw(NDBM_File DB_File GDBM_File SDBM_File ODBM_File), and none of the DBM packages was existing on the server.

CPAN didn't had a version in it's tree for perl version 5.8.0, so download and executed the versions for V 5.8.0

wget -rnp http://search.cpan.org/src/JHI/perl-5.8.0/ext/GDBM_File/
wget -rnp http://search.cpan.org/src/JHI/perl-5.8.0/ext/NDBM_File/
wget -rnp http://search.cpan.org/src/JHI/perl-5.8.0/ext/SDBM_File/
wget -rnp http://search.cpan.org/src/JHI/perl-5.8.0/ext/ODBM_File/

Did a make and make install on all of them and internal server error is now gone to be replaced with another error, while trying to login in administration panel of DaDa Mail using the pass which is present in plain text in DADA/Config.pm. Error was as below

[Wed Dec 13 06:09:57 2006] mail.cgi: Dada Mail 2.9.2 warning! List settings db empty!  List setting DB Possibly corrupted! at /DADA/MailingList/Settings/Db.pm line 115.
[Wed Dec 13 06:09:57 2006] mail.cgi: Dada Mail 2.9.2 warning! no listshortname saved in list settings db! List settings DB Possibly corrupted! at /DADA/MailingList/Settings/Db.pm line 118.
[Wed Dec 13 06:09:57 2006] mail.cgi: listshortname in db, 'announcements' does not match saved list shortname: '' at /DADA/MailingList/Settings/Db.pm line 121.
BAD List name "" No such file or directory at /DADA/Template/HTML.pm line 145
[Wed Dec 13 06:09:57 2006] [error] [client 192.168.1.1] Premature end of script headers: /home/example/public_html/cgi-bin/dada/mail.cgi

Only option left to me was to restore the list. Accessed the restoring list URL for the DaDa mail at http://example.com/cgi-bin/dada/mail.cgi?f=restore_lists (Replace example.com with your_domain.com). Asked for the admin password and on correct entry , welcomed by Restore screen.. Restore done and all is well :-)

Limiting apache connections per IP

There are many cases, where on a shared hosting environment, one of the sites may be getting slashdotted or dugg for various reasons. That is where mod_limitipconn comes to help. There are many such modules available. This situation arised on apache 1.3 server for me, and so the patch is meant for 1.3 server only.

Installation
~~~~~~~~~~~~~~~~~

wget http://dominia.org/djao/limit/mod_limitipconn-0.04.tar.gz
wget ftp://ftp.opennet.ru/pub/web/modules/limits/mod_limitipconn-0.04-vhost.patch
tar xvzf mod_limitipconn-0.04.tar.gz
cd mod_limitipconn-0.04/
patch -p1 < ../mod_limitipconn-0.04-vhost.patch

This was a cPanel server and apache root was at /usr/local/apache. So used the following commands

/usr/local/apache/bin/apxs -c mod_limitipconn.c
/usr/local/apache/bin/apxs -i -a -n limitipconn mod_limitipconn.so

The above two commands, should have made a backup copy of your existing httpd.conf and added two new lines,

LoadModule limitipconn_module libexec/mod_limitipconn.so
AddModule mod_limitipconn.c

The apxs command need not be issued, you can simple edit the Makefile and change the first line which says,

APXS = apxs
to
APXS = /usr/local/apache/bin/apxs

and then run the normal make and make install thing.

Configuration
~~~~~~~~~~~~~

For the Vhost you have to limit, say, you want to limit access to http://www.example.com/gallery/ (which may be having lots of controversial pics) use this inside it's virtual host section, like

<Location /gallery>
        MaxConnPerUid 25
        MaxConnPerIP 2
</Location>

What it essentially means 25 connections to gallery and each can access or view two images at a time. There are more directives for limitconnip module which you can find from the code. After the addition the Vhost section may look like below,

<Virtualhost 192.168.1.102>
ServerAlias example.com
ServerAdmin webmaster@example.com
DocumentRoot /home/example/public_html
BytesLog domlogs/example.com-bytes_log
ServerName www.example.com

<IfModule mod_limitipconn.c>
        <Location /gallery>
        MaxConnPerUid 25
        MaxConnPerIP 2
        </Location>
</IfModule>

User example
Group example
CustomLog /usr/local/apache/domlogs/example.com combined
ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
</VirtualHost>

Other options to check are mod_vhost_limit , mod_throttle , mod_bandwidth, mod_curb and mod_cband. There may be few more such bandwidth throttling modules available. If you find better ones, do suggest. I will be interested in learning them.

Sorting IPs in bash scripting

Oh yeah..This is something I had my head banging for a few minutes, till I figured out the -t option of sort. Okay..I had a list of IPs around 20000 today, for which I had to sort to find any patterns so that I can block the subnet in the firewall itself. I ended up with

sort -u -n -t. -k 1,1 -k 2,2 -k 3,3 -k 4,4 /etc/eximblacks

-k and -t were the key options you need to look in the menu. There are more than one way to do it :-).

That helped me. Hope it may help you at some point of time.

Few RPM Management Hacks

I always have to look at the man page or search for the cpio options (I usually dont use cpio formats) whenever I wanted the files of a rpm to be extracted without installing it. I thought of putting together a few commands which may help some of you,

Extracting files from an RPM archive

rpm2cpio RPM_file | cpio -idmv

The above command will create the rpm directory structure inside the present working directory (pwd) and the entire rpm will be extracted inside the subdirectory.

If you just want to extract the binaries in the folder which rpm may install in /bin/ , /sbin/ , /usr/local/bin/ , /usr/local/sbin then append a few more options / words to the command like below,

rpm2cpio RPM_file | cpio -idmv '*/bin/*' '*/sbin/*'

Rebuilding RPM database

Often I have experienced situations where a yum upgrade on RPM based OSes, break the rpm database. Sometimes a reboot usually fixes it, but in case if you want to fix it rightaway without rebooting it, try rebuilding the RPM db by following the below steps,


cd /var/lib
tar cvzf rpmdb.tar.gz ./rpm
rm -f /var/lib/rpm/__db.00?
rpm --rebuilddb

There are many complex situations where rpm --rebuilddb can't help, where you have to use other tools to rebuild DB, the harder way involving, /usr/lib/rpm/rpmdb_dump and /usr/lib/rpm/rpmdb_verify.

Verifying the RPM integrity

If you suspect your machine is hacked and your sshd or netstat or ps or fuser is been replaced by the hacker by their own versions, you can use rpm -V RPM_name to check the integrity of the files installed by the RPM.

rpm -Vf /bin/netstat

The above command will verify the integrity of all the files installed by the RPM package which installed the netstat also. If all are fine, you wont get any output, otherwise similar to below can appear.


#rpm -Vf /usr/sbin/sshd
S.5....T c /etc/ssh/sshd_config
S.5....T /usr/sbin/sshd


Notations are below (if 5 is there in the flag, it means md5 differs. More details, man rpm)

5 — MD5 checksum
S — file size
L — symbolic link
T — file modification time
D — device
U — user
G — group
M — mode (includes permissions and file type)
? — unreadable file

Remember this is a very basic test and can help you get the kiddies who is on the learning track, but not the professional hackers, who know their job.

Restoring original attributes of an rpm

Often users messes up the permissions of important files and folders, here for a test I messed up the ownership and permissions of files. Go through it for the steps on restoring the file attributes.


[root@hackcity ~]# rpm -qf /etc/ssh/sshd_config
openssh-server-3.9p1-8.RHEL4.12
[root@hackcity ~]# ls -l /etc/ssh/sshd_config
-rw------- 1 root root 3027 Aug 14 05:07 /etc/ssh/sshd_config
[root@hackcity ~]# chmod 777 /etc/ssh/sshd_config
[root@hackcity ~]# chown hacktech.hacktech /etc/ssh/sshd_config
[root@hackcity ~]# ls -l /etc/ssh/sshd_config
-rwxrwxrwx 1 hacktech hacktech 3027 Aug 14 05:07 /etc/ssh/sshd_config
[root@hackcity ~]# rpm --setperms openssh-server-3.9p1-8.RHEL4.12
[root@hackcity ~]# ls -l /etc/ssh/sshd_config
-rw------- 1 hacktech hacktech 3027 Aug 14 05:07 /etc/ssh/sshd_config
[root@hackcity ~]# rpm --setugids openssh-server-3.9p1-8.RHEL4.12
[root@hackcity ~]# ls -l /etc/ssh/sshd_config
-rw------- 1 root root 3027 Aug 14 05:07 /etc/ssh/sshd_config


Pretty useful RPM options

I will use sshd packages for listing those options,

#rpm -q --whatrequires openssh
openssh-clients-3.9p1-8.RHEL4.12
openssh-askpass-gnome-3.9p1-8.RHEL4.12
openssh-askpass-3.9p1-8.RHEL4.12
openssh-server-3.9p1-8.RHEL4.12

rpm -qf --stats /etc/ssh/sshd_config
openssh-server-3.9p1-8.RHEL4.12

   total:             1      0.000000 MB      0.135489 secs
   digest:            2      0.029817 MB      0.006168 secs
   signature:         1      0.000000 MB      0.092698 secs
   dbget:             6      0.094604 MB      0.005985 secs

Well that's it. If you like RPM read more at http://www.rpm.org/max-rpm/ . BTW Alien is a good program to convert between the rpm, dpkg, stampede slp, and slackware tgz file formats

Booting from your USB/Pen/Thumb Drive

I just read a post from Joe (I guess he is a manager at SUN - if so, a good one to support the developers :-)) mentioning about the visual media coverage of Anil Gulecha's and Moinak Ghosh's achievement of booting live Solaris from USB. Watch the video below

In this light, I thought of mentioning a few USB bootable live CDs in linux and mention a few links also, mainly for my own future reference. Linux is the only OS, I know atleast a bit of, even I am playing with OpenSolaris, not yet as an admin. Is there a hosting based GUI control panel available for OpenSolaris ? I could find only Zomos (though the site says only v9 is supported, but both arch SPARC and x86). If there is a good and "non-technical user" friendly one, I bet OpenSolaris is gonna compete with Linux in hosting industry in next few years.

PenDriveLinux This is one good discussion site and the Live Linux I would recommend is Slax So here goes a few URLs,

Boot Knoppix from USB
Knoppix Remastering toolkit FAQ can be read here
BootUSB from debian Wiki
Googling for a HOWTO boot from USB can fetch you this link

cPanel mail quota mismatch

cPanel decided that they want to use maildir format for it's mailboxes and started converting all mboxes to maildir. There are 100's of issues (I love these issues and work arounds :)) involved with the conversion, like failing to convert some large mboxes of more than 1GB+, quotas mismatch and so on and on.. But I must agree, that they did a pretty good job with the /scripts/convert2maildir script which uses /usr/local/cpanel/3rdparty/mb2md/mb2md . Actual project page is at http://batleth.sapienti-sat.org/projects/mb2md/.

When customers use the Show Disk Space used cPanel actually reads the quota from a filename inside the mail directory usually located at /home/username/mail/domainname.com/emailaccount/maildirsize and prints out in a -h format (human readable format). After the conversion, around 50% of the accounts will show the wrong quota usage. The following command fixes the issue for you and let cPanel recalculate the disk usage.

find /home -name "maildirsize" -exec rm -f {} \;

For those of who like xargs use,

find /home -name "maildirsize" | xargs rm -f

or even

find /home -name "maildirsize" -delete

Replace /home with /home/username/mail for dealing with one particular cPanel account.