All posts by bsdman

Currently working as an IT Manager. Worked for an OIT company as a Network Engineer in 2011. Worked for a Medical IT company as the Network Administrator 2009-2011. Worked as the Senior Systems Administrator at a computer reseller from 2005-2009. Worked as a Computer Consultant for several small companies from 2007-2009. Worked as a Computer Technician at a computer reseller from 2002-2004.
Linux

Secure PHP Upload Directory

Leave a comment

I was given the task to setup, configure, and manage an external facing apache web server.

So I turned to my trusty Ubuntu Server 9.10 x86 CD, installed it and then ran the updates. Yes, I put LAMP on there.

After all was said and done, I grabbed my trusty internal-only php uploader script. Unfortunately it’s not fully secure – I actually had someone attack my “honeypot” site successfully by exploiting this script and a lax apache install. What makes this script so bad for use on the outside is it’s need for chmod 777 privileges. Yuck.

A good way to stop people from finding bad things to run is to hide indexing from the site (directory listing). Another is to stop executables from running in that directory.

Open up the sites-enabled configuration of apache
nano /etc/apache2/sites-enabled/000-default

Under the first virtualhost area, edit for your directory:

<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory “/usr/lib/cgi-bin”>
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

<Directory /var/www/upload_files/>
AllowOverride None
Options IncludesNOEXEC
Options -Indexes
Options -ExecCGI
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi .gif .pdf .jpg .png .tif .tiff .wmv .mpg .mp3 .mp4 .avi .txt .html .exe .xml .*
</Directory>


Then restart apache
apache2ctl restart

Linux

Split Giant ISO Into Smaller Files

1 Comment

OK, so I uploaded a 3GB ISO file to my site for future downloads. Unfortunately for me, whenever I attempted to download the file I was met by:

Forbidden

You don’t have permission to access /path/to/file/nameoffile.iso on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Dumb. Good thing I have access to the log files. The error from apache stated:

value too large for defined data type

More dumb. As this is from my hosting company I can’t just go ahead and update the kernel or replace any config files I need. So I just needed to be able to compress the file and make multiple archives. Thanks to some command line tar I can do just that:

tar cvzf - nameofyourfile.iso | split -d -b 700m - nameyouwantyourfiletobe.iso.tar.gz.
Notice the trailing ‘.’ – this is used to create filename.iso.tar.gz.01, filename.iso.tar.gz.02 etc.

Now I just have to play the waiting game for it to finish.

AND if you want to restore it later to ISO format:
cat filename.iso.tar.gz.* | tar xvzf -

Linux

VMWare Server Ubuntu 9.10

Leave a comment

OK, I had to install VMWare Server 2.0.2-203138 onto a 9.10 fully-up-to-date 32bit server. 9.04 and before it was easy, but there’s something added onto 9.10 to make it a little more difficult to install.

What we’ll be doing:
Update your server
I first downloaded the vmware-server from vmware.com.
Create a script called vmware-server-2.0.x-kernel-2.6.31-14-install.sh
Run the script

Really? 4 steps? Yes.

Download VMWare Server from Vmware.com

apt-get update
apt-get upgrade
apt-get dist-upgrade

nano vmware-server-2.0.x-kernel-2.6.31-14-install.sh
The file you should copy is quoted at the bottom of this post. It’s large. I didn’t write it, but it works quite well.
Save this file

chmod +x vmware-server-2.0.x-kernel-2.6.31-14-install.sh
./vmware-server-2.0.x-kernel-2.6.31-14-install.sh

#!/bin/bash

###############################################################################
# @author Radu Cotescu #
# @version 1.1 Mon Jan 18 15:24:39 EET 2010 #
# #
# For further details visit: #
# http://radu.cotescu.com/?p=1095 #
# #
# This script will help you install VMWare Server 2.0.x on Ubuntu 9.10. #
# Based on a script from http://communities.vmware.com/thread/215985 #
# #
# This script must be run with super-user privileges. #
# Usage: #
# ./vmware-server-2.0.x-kernel-2.6.31-14-install.sh [PATH TO VMWARE ARCHIVE] #
# If you do not specify the PATH the script will scan the current folder for #
# VMware server archive and if doesn’t find anything it will exit. #
###############################################################################

VMWARE_HOME=$1
PATCH=”vmware-server-2.0.2-203138-update.patch”

display_usage() {
echo “This script must be run with super-user privileges.”
echo -e “\nUsage:\n./vmware-server-2.0.x-kernel-2.6.31-14-install.sh [PATH TO VMWARE ARCHIVE]\n”
echo “If you do not specify the PATH the script will scan the current folder”
echo “for VMware server archive and if doesn’t find anything it will exit.”
exit 1
}

check_usage() {
if [ ! $params -le 1 ]
then
display_usage
fi
if [[ ($param == “–help”) || $param == “-h” ]]
then
display_usage
fi
}

check_user() {
if [[ $USER != “root” ]]; then
echo “This script must be run as root!”
exit 1
fi
}

set_workspace() {
if [[ -z $VMWARE_HOME ]]; then
VMWARE_HOME=”`pwd`”
fi
VMWARE_ARCHIVE=`ls “$VMWARE_HOME” 2> /dev/null | egrep “^(VMware-server-2.0.[0-9]-)[0-9]*.[A-Za-z0-9_]*.tar.gz”`
MODULES_DIR=”$VMWARE_HOME/vmware-server-distrib/lib/modules”
MODULES_SOURCE=”$MODULES_DIR/source”
}

check_archive() {
if [[ -z $VMWARE_ARCHIVE ]]; then
echo -e “There is no archive containing VMware Server in the path you indicated!\n”
exit 1
else
echo -e “You have VMware Server archive: \n\t$VMWARE_ARCHIVE”
fi
}

check_distro() {
ubuntu=`cat /etc/*-release | grep Ubuntu`
fedora=`cat /etc/*-release | grep Fedora`
suse=`cat /etc/*-release | grep SUSE`
if [[ ! -z $ubuntu ]] ; then
distro=”ubuntu”
elif [[ ! -z $fedora ]] ; then
distro=”fedora”
elif [[ ! -z $suse ]] ; then
distro=”suse”
fi
}

packageError() {
if [[ $1 -ne 0 ]]; then
echo “I am unable to install the before mentioned package…”
echo “Please install the required package and rerun the script…”
exit 1
fi
}

resolveDepsUbuntu() {
echo “Checking for needed packages on Ubuntu”
check_wget=`dpkg-query -W -f=’${Status} ${Version}\n’ wget 2> /dev/null | egrep “^install”`
if [[ -z $check_wget ]]; then
echo “Installing wget package…”
apt-get -y install wget
packageError $?
else echo “You do have the wget package…”
fi
LINUX_HEADERS=”linux-headers-`uname -r`”
check_headers=`dpkg-query -W -f=’${Status} ${Version}\n’ $LINUX_HEADERS 2> /dev/null | egrep “^install”`
if [[ -z $check_headers ]]; then
echo “Installing linux-headers-`uname -r` package…”
apt-get -y install linux-headers-`uname -r`
packageError $?
else echo “You do have the $LINUX_HEADERS package…”
fi
check_build=`dpkg-query -W -f=’${Status} ${Version}\n’ build-essential 2> /dev/null | egrep “^install”`
if [[ -z $check_build ]]; then
echo “Installing build-essential package…”
apt-get -y install build-essential
packageError $?
else echo “You do have the build-essential package…”
fi
check_patch=`dpkg-query -W -f=’${Status} ${Version}\n’ “patch” 2> /dev/null | egrep “^install”`
if [[ -z $check_patch ]]; then
echo “Installing patch package…”
apt-get -y install patch
packageError $?
else echo “You do have the patch package…”
fi
}

resolveDepsFedora() {
echo “Checking for needed packages on Fedora”
if [[ -z `rpm -qa wget` ]]; then
echo “Installing wget…”
yum -y install wget
packageError $?
else echo “You do have the wget package…”
fi
if [[ -z `rpm -qa xinetd` ]]; then
echo “Installing xinetd…”
yum -y install xinetd
packageError $?
else echo “You do have the xinetd package…”
fi
if [[ -z `rpm -qa kernel-headers` ]]; then
echo “Installing kernel-headers…”
yum -y install kernel-headers
packageError $?
else echo “You do have the kernel-headers package…”
fi
if [[ -z `rpm -qa kernel-devel` ]]; then
echo “Installing kernel-devel…”
yum -y install kernel-devel
packageError $?
else echo “You do have the kernel-devel package…”
fi
if [[ -z `rpm -qa gcc` ]]; then
echo “Installing gcc…”
yum -y install gcc
packageError $?
else echo “You do have the gcc package…”
fi
if [[ -z `rpm -qa patch` ]]; then
echo “Installing patch…”
yum -y install patch
packageError $?
else echo “You do have the patch package…”
fi
if [[ -z `rpm -qa make` ]]; then
echo “Installing make…”
yum -y install make
packageError $?
else echo “You do have the make package…”
fi
}

resolveDepsSuse() {
echo “Checking for needed packages on SUSE”
if [[ -z `rpm -qa wget` ]]; then
echo “Installing wget…”
zypper –non-interactive install wget
packageError $?
else echo “You do have the wget package…”
fi
if [[ -z `rpm -qa linux-kernel-headers` ]]; then
echo “Installing linux-kernel-headers…”
zypper –non-interactive install linux-kernel-headers
packageError $?
else echo “You do have the linux-kernel-headers package…”
fi
if [[ -z `rpm -qa kernel-source` ]]; then
echo “Installing kernel-source…”
zypper –non-interactive install kernel-source
packageError $?
else echo “You do have the kernel-source package…”
fi
kernel_type=`uname -r | awk ‘BEGIN { FS = “-” } ; { print $3 }’`
if [[ -z `rpm -qa kernel-$kernel_type-devel` ]]; then
echo “Installing kernel-$kernel_type-devel…”
zypper –non-interactive install kernel-$kernel_type-devel
packageError $?
else echo “You do have the kernel-$kernel_type-devel package…”
fi
if [[ -z `rpm -qa gcc` ]]; then
echo “Installing gcc…”
zypper –non-interactive install gcc
packageError $?
else echo “You do have the gcc package…”
fi
if [[ -z `rpm -qa patch` ]]; then
echo “Installing patch…”
zypper –non-interactive install patch
packageError $?
else echo “You do have the patch package…”
fi
if [[ -z `rpm -qa make` ]]; then
echo “Installing make…”
zypper –non-interactive install make
packageError $?
else echo “You do have the make package…”
fi
}

install() {
case $distro in
“ubuntu”)
resolveDepsUbuntu
;;

“fedora”)
resolveDepsFedora
;;

“suse”)
resolveDepsSuse
esac
echo “Downloading patch file…”
wget http://codebin.cotescu.com/vmware/$PATCH -O “$VMWARE_HOME/$PATCH”
if [[ ! -e “$VMWARE_HOME/vmware-server-distrib” ]]; then
echo Extracting the contents of $VMWARE_ARCHIVE
tar zxf “$VMWARE_HOME/$VMWARE_ARCHIVE” -C “$VMWARE_HOME”
fi
echo “Checking patch download and archives from the extracted folders…”
if [ ! -r “$VMWARE_HOME/$PATCH” ]; then
echo “The download of $PATCH from http://codebin.cotescu.com/vmware/ failed!”
echo “Check your internet connection. :(”
exit 1
fi
TARS=`find “$MODULES_SOURCE” -maxdepth 1 -name ‘*.tar’`
if [ ! “$TARS” ]; then
echo “.tar files from $MODULES_SOURCE appear to be missing!”
echo “Cannot continue process. :(”
exit 1
fi
BASES=””
for TARFILE in $TARS
do
BASE=`basename “$TARFILE” | rev | cut -c5- | rev`
BASES=”$BASES $BASE”
echo “Found .tar file for $BASE module”
done
echo “Extracting .tar files in order to apply the patch…”
for BASE in $BASES
do
TARFILE=”${BASE}.tar”
MODDIR=”${BASE}-only”
echo “Untarring $MODULES_SOURCE/$TARFILE”
tar -xf “$MODULES_SOURCE/$TARFILE” -C “$MODULES_SOURCE”
if [ ! -d “$MODULES_SOURCE/$MODDIR” ]; then
echo “$TARFILE tarball failed to extract in the directory $MODDIR. :(”
exit 1
fi
done
echo “Testing patch…”
patch –dry-run -N -p1 –directory=”$VMWARE_HOME/vmware-server-distrib” -s < "$VMWARE_HOME/$PATCH" RESULT=$? if [ "0" != "$RESULT" ]; then echo "The patch cannot be applied. :(" exit 1 fi echo "Applying patch..." patch -N -p1 --directory="$VMWARE_HOME/vmware-server-distrib" -s < "$VMWARE_HOME/$PATCH" RESULT=$? if [ "0" != "$RESULT" ]; then echo "A problem occured with the patch while it was being applied. :(" exit 1 fi for BASE in $BASES do TEMPFILE="${BASE}-temp.tar" MODDIR="${BASE}-only" echo "Preparing new tar file for $BASE module" rm -f "$MODULES_SOURCE/$TEMPFILE" tar -cf "$MODULES_SOURCE/$TEMPFILE" -C "$MODULES_SOURCE" "$MODDIR" done echo "Checking that the compiling will succeed..." for BASE in $BASES do # Skip checking vmppuser module because it's badly broken dead code if [ "vmppuser" != "$BASE" ]; then MODDIR="${BASE}-only" echo "Trying to compile $BASE module to see if it works" echo "Performing make in $MODULES_SOURCE/$MODDIR" make -s -C "$MODULES_SOURCE/$MODDIR" RESULT=$? if [ "0" != "$RESULT" ]; then echo "There is a problem compiling the $BASE module after it was patched. :(" exit 1 fi fi done echo "Rebuilding tar files..." for BASE in $BASES do TEMPFILE="${BASE}-temp.tar" TARFILE="${BASE}.tar" OFILE="${BASE}.o" MODDIR="${BASE}-only" echo "Replacing original file $TARFILE with patched file..." rm -rf "$MODULES_SOURCE/$TARFILE" "$MODULES_SOURCE/$OFILE" "$MODULES_SOURCE/$MODDIR" mv -f "$MODULES_SOURCE/$TEMPFILE" "$MODULES_SOURCE/$TARFILE" done echo "Removing binaries directory..." rm -rf "$MODULES_DIR/binary" echo "Starting VMware Server original install script..." $VMWARE_HOME/vmware-server-distrib/vmware-install.pl } clean() { echo "Housekeeping..." rm -rf $VMWARE_HOME/vmware-server-distrib "$VMWARE_HOME/$PATCH" echo "Thank you for using the script!" echo -e "Patch provided by: \n\tRamon de Carvalho Valle" echo -e "\thttp://risesecurity.org" echo -e "Script author: \n\tRadu Cotescu" echo -e "\thttp://radu.cotescu.com" } params=$# param=$1 check_usage params param check_user set_workspace check_archive check_distro install if [[ $distro == "fedora" ]]; then echo "On Fedora you must follow these steps in order to make VMware Server to work properly:" echo -e "\t1. edit /etc/services and replace the entry located on TCP/902 port with vmware-authd" echo -e "\t2. set SELinux to permissive or even disable it by editing the /etc/selinux/config file" echo -e "\t3. reboot your system" fi clean exit 0

Linux

Purple Pidgin Plugin Pack

Leave a comment

That’s a lot of P’s!

After months of using (and really liking) the purple plugin pack for pidgin on my Windows machine, I wanted to get it working on my Linux machine as well.

HP Laptop running Ubuntu 9.10 x64 fully up-to-date (2.6.31-17-generic)
Pidgin version 2.6.2

All I did was:
sudo apt-get install pidgin-plugin-pack

Then all of the plugins were installed – I just had to activate them.

Linux

FreeNAS Slow File Copy

4 Comments

I recently built a fairly nice NAS system for a customer:
0.7 Khasadar (revision 4919)
2.5GHz Dual Core Pentium
4GB DDR2 PC1066
5x hot swap 2TB SATA
10/100/1000 Intel Pro NIC
10/100/1000 Full duplex switch connection

After formatting the drives in SoftRAID 5 (1.8TB x 4 = 7.2TB – 5% for defragmentation = 6.84TB available), I started to backup many of their ISOs and daily computer backups and other logs. Everything was going smoothly using Windows File Sharing (Samba) until I got to the larger files.

Initially the files would copy at 80+MB/sec, but then they’d slow down to 50… 30… 20… even down to 8 or so MB/sec. Ouchies when you’re talking about a 40+GB file to transfer. FTP yielded the same results. I noticed that sometimes the drives on the NAS wouldn’t even be blinking, so it had to be another issue.

If you login on the web panel of the FreeNAS, under Services you will find CIFS/SMB.
Check under Advanced Settings
You’ll see Send and Receive buffer sizes – by default they are 16MB (16*1024 = 16384)
I changed the buffer size to 128MB (128*1024 = 131072) and checked the results

120MB/sec, slow down to 80… 70… 60… So 60MB/sec. That’s over 6 times faster at a cost of 8 times the RAM. I can live with that.

So just for jollies I increased it to 512MB and then to 1024MB. Both stopped around 70MB/sec. Then, as a final test, I dropped it down to 256MB (256*1024 = 262144), which seemed to be OK.

Microsoft

Outlook Auto Complete NK2

Leave a comment

Have you ever noticed how great the auto complete function is for Outlook? Just start typing a name and all the contacts that you’ve ever emailed in the past will auto show up. That allows you to select from the list – which is especially helpful when you’ve forgotten part of someone’s name but know you’ve emailed them before.

The file that allows for this to happen is called the NK2 file. To see this file you may want to make sure you can see hidden files (In any Windows window, click Tools then Folder Options. Then under the view tab, click Show hidden files, folders, and drives. If you can’t find the Tools menu, hit the Alt key)

Windows 2000/XP
C:\Documents and Settings\USER_NAME\Application Data\Microsoft\Outlook\Outlook.NK2

Windows Vista/7
C:\Users\USER_NAME\AppData\Roaming\Microsoft\Outlook\Outlook.NK2

Problem 1:
I have a new computer and want to move this over.
This is the easiest to accomplish. Just make sure that Outlook is closed (fully closed, check the task manager if you have any doubts), and copy the NK2 file from the old system and paste it into the new system.

Problem 2:
My auto completes stopped working.
This has a fairly high success rate, but no guarantees. Basically this happens when your NK2 file becomes corrupt. Now, I think there are some utilities out there that are “supposed” to fix this, but the best bet I found was to just:
Close Outlook fully
Copy Outlook.NK2 to OutlookCopy.NK2
Delete Outlook.NK2
Open Outlook, send an email, close Outlook fully
Delete Outlook.NK2 again (it should have made another because you sent an email)
Rename the OutlookCopy.NK2 file to Outlook.NK2
Open Outlook

Your auto completes should now work!

I honestly haven’t come across any other problems regarding NK2 files. And I’ve only tried them from the same versions (2007 to 2007, and 2003 to 2003), so if you’re trying to move from 2003 to 2010 Outlook and this doesn’t work… sorry?

Tested OK on Windows XP, Vista, 7. Using Office 2003, 2007.

Microsoft

Your message did not reach some or all of the intended recipients

1 Comment

Undeliverable NDR:

Several users were complaining that whenever they’d send a calendar invite to a specific person that they would get an NDR back saying that a user was not found in the organization. Unfortunately the user that does not exist was not in the original calendar invite.

Server is 2003 Enterprise running Exchange 2003 Standard. Clients are using Office 2007 (outlook) SP2 fully updated.

Actual message is as follows:

Your message did not reach some or all of the intended recipients.

Subject: Rehearsal: School Play @ 4:30pm – 6pm
Sent: 1/7/2010 11:19 AM

The following recipient(s) cannot be reached:

Robert LastName on 1/7/2010 11:19 AM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.

It’s obviously been edited as to not show the real names of people and servers. But you get the general idea.
The problem was with a delegate assigned by a current user pointing to the non-existent user. When a user is deleted in AD they do not automatically get removed from delegation on Outlook. So here’s the fix with a few screen shots:

In Outlook on the offending system (the person who you are sending invites TO when receiving the NDR), go to Tools > Options.
Click on the Delegates Tab
Remove the offending user