in8snotes

Log a user out remotely

Over an ssh connection, you can use the following shell command to list the processes of a user in order so that the lowest number is at the bottom (so you see it when the script finishes). This is probably the x-session manager or initial bash login. Kill that process to kill the user session.

ps aux | grep username | awk '{print $2 " " $11}' | sort -gr

Last saved: 02/23/2008
Links: /computers/unix / killusersession.txt

Getting OSX to connect up to a samba share on Ubuntu

this was just what I needed to get it to work.

1. Examination of the sample /etc/smb.conf file reveals that Samba/Ubuntu-Feisty wants to use smbpasswd, so you have to run this one time to create the smbpasswd file. As root:

mksmbpasswd /bin/cat /etc/passwd | /usr/sbin/mksmbpasswd > /etc/samba/smbpasswd

1. This disables all the users in the target file, so enable the user(s) you want to be able to access shares. As root, run:

smbpasswd -e username

Users can run smbpasswd themselves to update their passwords from here on.

Last saved: 01/25/2008
Links: /computers/unix / samba-passwords.txt

Killing all vncserver sessions

Watch the placing of the colon after kill. It should be vncserver -kill :1

The :1 is togethor. There is a space between kill and :1 so it
is -kill:1

Hope this helps.

Last saved: 12/18/2007
Links: /computers/unix / vncserver.txt

Redirect with a query string

I originally had a post in Geeklog which was indexed in search engines here and there and linked off friend's sites. Instead of getting them to change the link, I used a Redirect rule in my .htaccess file to point to the right place.

The original Geeklog url had a query string (the question mark and equals sign part)
http://in8sworld.net/article.php?story=20040426185512453

When I moved the site to Wordpress, the same page now lives here:
http://www.in8sworld.net/blog/index.php/archive/trespassengers-debut/

I added these two lines to my .htaccess (on Dreamhost this has to reside in the 'domain directory'): The first line says to look for a condition where
story=20040426185512453
(ie: when somebody clicks a link that has that portion as a query string). The second line tells apache to replace
article.php (plus the query string) ?story=20040426185512453
with what follows.

rewriteCond %{query_string} story=20040426185512453
rewriteRule ^article\.php$ http://www.in8sworld.net/blog/index.php/archive/trespassengers-debut? [R,L]

Last saved: 06/09/2007
Links: /computers/unix / redirectquerystring.txt

jdMorgan

#:1497621 6:14 pm on May 12, 2005 (utc 0)

This stuff is rather complex. It involves converting the octets (the groups of numbers delimited by the periods) of the address or address range to binary, and then generating a "mask" that is used during comparison of the incoming address and the specified allow/deny directives.

A basic example would be that you want to deny 192.168.192.0 through 192.168.255.255

In binary (use the Windows calculator or equivalent) that is 11000000.10101000.11000000.00000000 through 11000000.10101000.11111111.11111111

Having derived that, you now need to generate either a netmask or a CIDR. The easiest way to do it is to line up the start/end addresses vertically, and then examine them to see which bits change between the first and last address of the range. Then mark those that don't change with ones and those that do with zeroes:

11000000.10101000.11000000.00000000
11000000.10101000.11111111.11111111
-----------
11111111.11111111.11000000.00000000

This yields the netmask, which when converted back to decimal octets is 255.255.192.0

To get a CIDR, you count the number of ones from the left, in this case 18.

So, you would use

Deny from 192.168.192.0/255.255.192.0 (Network/netmask pair -or-
Deny from 192.168.192.0/18 (Network/nnn CIDR specification

Note that when the netmask contains trailing octets containing all zeroes, you can simply leave them off and use a simple partial IP address.

An example would be 172.0.0.0 through 172.0.0.255, which could be specified as a partial IP address as:

Deny from 172.0.0.

For more information, do a search for "netmask" and "CIDR." There are also several online netmask and CIDR generators avaialble. In addition, if you look up your problem IP addresses in ARIN, the CIDR value is often given in the data record containing that IP address.

Unfortunately, this is as simple as it gets.

Jim

Last saved: 05/20/2007
Links: /computers/unix / netmask.txt

htaccess file for in8sworld to screw spammers

RewriteEngine on
RewriteRule ^notes/?(.*)$ cgi-bin/journal.cgi$1

SetEnvIfNoCase Referer 209.8.22.250 spammer=yes
Order allow,deny
allow from all
deny from env=spammer

deny from 64.71.131.110
deny from 64.127.124.
deny from 205.178.145.65
deny from 209.8.22.250

ErrorDocument 404 /blog/index.php?error=404

RedirectMatch temp ^/$ http://www.in8sworld.net/blog
RedirectMatch temp ^backend/in8sworld.rss$ http://www.in8sworld.net/blog/index.php/feed
RedirectMatch temp ^/blog/cgi-bin/lyrics.cgiindex.html$ http://http:in8sworld.net/cgi-bin/lyrics.cgi~

Last saved: 01/07/2007
Links: /computers/unix / htaccess-070107.txt

htaccess file for in8sworld

RewriteEngine on
RewriteRule ^notes/?(.*)$ cgi-bin/journal.cgi$1
RewriteRule ^backend/in8sworld.rss(.*)? blog?feed=rss2

ErrorDocument 404 /blog/index.php?error=404

deny from 64.71.131.110
deny from 64.127.124.
deny from 205.178.145.65

RedirectMatch temp ^/$ http://www.in8sworld.net/blog

Last saved: 12/31/2006
Links: /computers/unix / htaccess-061231.txt

VIM replace all extraneous ^M:

:%s/^M$//g

BE SURE YOU MAKE the ^M USING "CTRL-V CTRL-M" NOT BY TYPING "CARROT M"! This expression will replace all the ^M's that have carriage returns after them with nothing. (The dollar ties the search to the end of a line)

Last saved: 12/21/2006
Links: /computers/unix / vim-hatM.txt

Command line mysql backup and restore

# make a backup (http://dev.mysql.com/doc/mysql/en/mysqldump.html)
# capitalizations represent your database information

shell> mysqldump -h HOST -u USER -p --opt DATABASE TABLE > search.sql

# import a backup (http://dev.mysql.com/doc/mysql/en/mysql.html)
# capitalizations represent your database information

shell> mysql -h HOST -u USER -p DATABASE < search.sql

Last saved: 12/19/2006
Links: /computers/unix / mysql-backup.txt

Windows on 2nd partition

I was always told that if you had a dual boot system, Windows had to be on the first partition, but I wanted the first partition to be linux, and you can do it by using a fake-out line in the boot loader. This is an example using lilo from 1999, I would figure out how to do it using grub if I did it these days. It's the 'map-drive' lines that does the work of faking out the drive so windows doesn't realize it's not on the first partition.

The new lilo.conf file reads:

boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
default=linux

image=/boot/vmlinuz-2.2.12-20
label=linux
initrd=/boot/initrd-2.2.12-20.img
read-only
root=/dev/hda1

other=/dev/hdc1
label=win
table=/dev/hdc
map-drive = 0x80
to = 0x81
map-drive = 0x81
to = 0x80

Last saved: 12/27/2005
Links: /computers/unix / win-2nd-part.txt

Capture a streaming Real Audio to a wav file

mplayer -playlist file.ram -ao pcm -aofile file.wav -vc dummy -vo null

Last saved: 11/05/2005
Links: /computers/unix / capture-ra.txt

php configure on OZ (before messing with it)

Trying to upgrade php and include the Oracle -oci8 (Oracle interface) module using Oracle's 'instant client' libraries (previously installed). LD_LIBRARY_PATH already set.

'./configure' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/lib' '--localstatedir=/var/lib' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-discard-path' '--disable-force-cgi-redirect' '--enable-shared' '--disable-static' '--disable-debug' '--disable-rpath' '--enable-pic' '--enable-inline-optimization' '--enable-memory-limit' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php' '--with-pear=/usr/share/pear' '--enable-magic-quotes' '--enable-debugger' '--enable-track-vars' '--with-exec-dir=/usr/bin' '--with-versioning' '--with-mod_charset' '--with-regex=php' '--enable-track-vars' '--enable-trans-sid' '--enable-safe-mode' '--enable-ctype' '--enable-ftp' '--with-gettext=/usr' '--enable-posix' '--enable-session' '--enable-sysvsem' '--enable-sysvshm' '--enable-yp' '--with-openssl=/usr' '--without-kerberos' '--with-ttf' '--with-freetype-dir=/usr' '--with-zlib=/usr' '--with-zlib=/usr' '--with-zlib-dir=/usr' '--with-oci8-instant-client'

Unfortunately, that built a CGI executable alright, but it didn't build a module since I was missing the --with-apxs2=/usr/local/apache/bin/apxs line.

(The configure line I used on the pbook 'just worked'):

'./configure' '--with-zlib-dir=/usr/local' '--with-libjpeg=/sw' '--with-libtiff=/sw' '--with-gd' '--with-mysql=/usr/local/mysql' '--with-apxs'

Oops. apxs comes in the apache2-devel package (not installed). However, after grabbing and installing that, and making a symlink over to apxs2 (from apxs), I still had no joy. The configure fails, I'm giving up for now.

Last saved: 10/10/2005
Links: /computers/unix / php-configure.txt

What I'll need to upgrade to get php 4.3.11 on OZ

apache2-mod_perl-2.0.47_1.99_09-3mdk.i586 (due to unsatisfied apache2 == 2.0.47)
apache2-mod_php-2.0.47_4.3.2-2mdk.i586 (due to unsatisfied apache2 == 2.0.47)
apache2-mod_suexec-2.0.47-2mdk.i586 (due to unsatisfied apache2 == 2.0.47)
php-mysql-4.3.2-3mdk.i586 (due to missing php432)
php-oci8-4.3.9-2.2.el4.i386 (due to unsatisfied php == 4.3.9)
php-odbc-4.2.2-17.i386 (due to unsatisfied php == 4.2.2-17)
php-xml-4.3.6-2mdk.i586 (due to missing php432)
phpMyAdmin-2.5.4-1mdk.noarch (due to missing mod_php, due to missing php-mysql) (y/N) y
To satisfy dependencies, the following packages are going to be installed (2 MB):
apache2-2.0.48-6.8.100mdk.i586
apache2-common-2.0.48-6.8.100mdk.i586
apache2-mod_cache-2.0.48-6.8.100mdk.i586
apache2-mod_disk_cache-2.0.48-6.8.100mdk.i586
apache2-mod_proxy-2.0.48-6.8.100mdk.i586
apache2-mod_ssl-2.0.48-6.8.100mdk.i586
apache2-modules-2.0.48-6.8.100mdk.i586
libapr0-2.0.48-6.8.100mdk.i586

Last saved: 10/08/2005
Links: /computers/unix / php-upgrade-dependancies.txt

How to compile php for Oracle

Posted by jmdault on Monday, March 24 2003 @ 06:46
A lot of people asked me how to compile php for Oracle.

Good news is you don't have to recompile the whole PHP just to add oracle support. You just need php-devel and the Oracle Client Interface.

Click the Full Story link for a preliminary HOWTO.
First, reate a user "oracle", with the home in /home/oracle, then do a "su oracle", and "cd ~".

Second, you must download and install Oracle, by following
this link. You will need to be a member of the Oracle Technology Network, but you can get an account for free.

You need to download the 1st and second files. They are compressed cpio archives, and you need to unpack them.

• 1. Run "gunzip " on all the files. Eg. lnx_920_disk1.cpio.gz
• 2. Extract the cpio archives with the command "cpio -idmv < filename"
  Eg. cpio -idmv < lnx_920_disk1.cpio

Important Note: Some browsers will uncompress the files but
leave the extension the same (gz) when downloading. If the above steps do
not work for you, try skipping step 1 and go directly to step 2 without
changing the filename. Eg. "cpio -idmv < Linux9i_Disk1.cpio.gz"

Then, you can install Oracle.

cd /home/oracle/Disk1/install/linux
./runInstaller

Please note you'll need at least 512 megs of RAM, and the same amount in swap. Oracle is a beast ;-)

Install Oracle in /usr/oracle/9.2, and make sure you select Oracle Client Interface, this package contains the header files you will need to compile php-oracle.

When install is done, make sure you have a suitable development environment (autoconf, automake, gcc, php-devel, rpm-build), and cd to /usr/src/RPM/SPECS

Download the php-oracle spec file into this directory.

Before compiling, you will need to define some environment variables. The minimum required is:

export ORACLE_HOME=/usr/oracle/9.2

Then, compile the module by doing:

rpm -ba php-oracle.spec

If everything went right, you can install the php extension:

cd /usr/src/RPM/RPMS/i586
rpm -ivh --nodeps php-oracle

(you need --nodeps because some oracle libs are not in the rpm database).

You can now try "php -m" to see if the module is installed, or use a script with phpinfo().

To complete your setup, you need the environment variable to be loaded at boot:

cd /etc/profile.d
cat < oracle.sh
#/bin/sh
export ORACLE_HOME=/usr/oracle/9.2
EOF
chmod 755 oracle.sh

Then, restart your web server:

service httpd stop
service httpd start

You should be all set!

If not, I'm available for consulting to help you setup everything. I charge very reasonable rates.

Also, if this howto was useful to you, or you would like to see more Oracle support, please consider contributing to the Mandrake Corporate club (contact me on this). My goal is to certify Mandrake with Oracle, but this is very expensive, and my employers try to keep costs down. But if enough people are willing to contribute money, we can easily raise enough to afford the certification tests.

Jean-Michel

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. (C) 2003 by Mandrakesoft B
Questions? Contact the webmaster at ADVX.org.

Last saved: 10/08/2005
Links: /computers/unix / php-config-oracle.txt

An .htaccess file rule

(requires mod_rewrite enabled in httpd.conf)

which points requests for my in8sworld.net/notes to the cgi script that runs the site. This removes the cgi path from the visible URL, which is cleaner than my http refresh I was using. I do have to fix all my URLs now to point to the new place.

RewriteEngine on
RewriteRule ^notes/?(.*)$ cgi-bin/journal.cgi$1

Last saved: 08/13/2005
Links: /computers/unix / htaccess-rewrite-rule.txt

OpenSkills: GPG User ID maintenance

This info is taken from here
http://wiki.openskills.org/OpenSkills/GPG+User+ID+maintenance

The information on this page is intended to help if you want to add a new email address to your key, or remove an old email address.

Note: this is now a very easy thing to do if you are using one of the GUI based OpenPGP tools.

GPG keys may have a number of user identity (uid) records bound to them. Here we discuss the creation and management of uids.

Introduction + The First UID

There are two kinds of uids. Text uids and photographic uids. Here we will only consider the regular text uids.

As part of the process of making a key (using gpg --gen-key), a uid is created and bound to the new key. There are three pieces of information that make up a uid: a real name, an email address and a comment. You will be prompted for these whenever a uid is being created, and indeed this is what we see during the --gen-key process.

A uid is bound to a key by a "self-signature". The very key the uid is to be bound to is used to make a signature for the uid. This signature is held against the uid, and indicates (for example to key management software) that the uid is bound to the key.

At the completion of the --gen-key process we have a new key and a single uid bound to the key by a signature. You can see get a view of this using gpg --check-sigs. For example ...

gpg01@wally:~$ gpg --check-sigs gpg01
pub  1024D/66712F41 2003-08-17 GPG User 01 (OpenSkills developer) <gpg01@openskills.org>
sig!3       66712F41 2003-08-17   GPG User 01 (OpenSkills developer) <gpg01@openskills.org>
...

In this partial output we see the key (on the line starting with "pub") and the uid (on the line starting with "sig"). "pub" is short for public key. "sig" is short for signature.

Looking at the sig line in detail: The number 3 following "sig" indicates that this key was signed with a confidence level of 3, the highest level (See Signing OpenPGP Keys). Following the 3 is the key id of the key which produced the signature, and as this is a self-signature, the key id is that of the current key (on the pub line). Next we have the date the signature was made. Finally, we have the real name / comment / email address information.

Note that the information for our single uid appears twice. Once associated with the key (the "pub" line), and once associated with the uid (the "sig" line). The "primary uid" is always listed with the key. In this case, the one and only uid is the primary uid. There must always be one and only one primary uid bound to a key.

Adding a new uid

A new uid is added to a key using the adduid within a gpg --edit-key session. For example:

gpg01@wally:~$ gpg --edit-key gpg01
gpg (GnuPG) 1.2.1; Copyright (C) 2002 Free Software Foundation, Inc.
...
pub  1024D/66712F41  created: 2003-08-17 expires: never      trust: u/u
sub  1024g/B1545A3E  created: 2003-08-17 expires: never     
(1). GPG User 01 (OpenSkills developer) <gpg01@openskills.org>

Command> adduid
Real name: GPG User 01x
Email address: gpg01@openskills.net
Comment: Tech Support              
You selected this USER-ID:
    "GPG User 01x (Tech Support) <gpg01@openskills.net>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
                                                     
You need a passphrase to unlock the secret key for
user: "GPG User 01 (OpenSkills developer) <gpg01@openskills.org>
1024-bit DSA key, ID 66712F41, created 2003-08-17

passphrase: ********
                  
pub  1024D/66712F41  created: 2003-08-17 expires: never      trust: u/u
sub  1024g/B1545A3E  created: 2003-08-17 expires: never     
(1)  GPG User 01 (OpenSkills developer) <gpg01@openskills.org>
(2). GPG User 01x (Tech Support) <gpg01@openskills.net>

Command> save

Note that the commands entered by the user are in red.

Last saved: 07/08/2005
Links: /computers/unix / gpg.txt

Find and Replace

with Perl
perl -pi -e 's/find/replace/g' *.txt

Last saved: 05/07/2005
Links: /computers/unix / findreplace.txt

Port fowarding with ssh

from http://blog.subverted.net/index.php?p=344

Picture this.. You are at a trendy starschmucks coffee house and your server SMS’s you.. “Attempted Breach of security on server1.example.com". Grudgingly you bring your Dell laptop out of hibernation, embarrased to use it infront of the ibook wielding trendies to use the free wifi. Unfortunately they seemed to have blocked access to your companys IDS report viewer on port 443 (https). Those bastards.

SSH secretly pwns you.

One of ssh’s many tricks is secure port forwarding. OpenSSH can forward TCP ports from one end of a connection to the other “end” of the tunnel. Starschmucks coffee house has conviently left port 22 (ssh) completely unrestricted.

Your puny human mind ticks over, ssh tunneling can get you out of this fix ! We just dont want any of those trendies sniffing the traffic, but you have forgotten how to setup a secure tunnel. You swifly load up google and find a website and it brings you…. here. Fortunately I’m going to tell you how this story ends.

The webserver itself does not accept ssh connections but you do have access to the host shellserver.example.com. You can use the command

ssh -f -N -L8000:IDSserver.example.com:443 username@shellserver.example.com

This command is pretty tricky so here is my best attempt at trying to explain it. It does a few things.

Creates a secure connection between you and shellserver.example.com
Opens port 8000 on your local machine.
Any connection to the local machine on port 8000 will be transmitted security to shellserver.example.com
Shellserver.example.com will then connect to IDSserver.example.com on port 443
So, now when you open your browser, you point it to https://localhost:8000 , and up comes your company IDS. Take that you ibook weenies ! You can get around the pesky firewall AND deal a swift hand of pain to the wannabe hackers.

Last saved: 05/07/2005
Links: /computers/unix / ssh-tunnels.txt

Figuring Out What's Using a Port

Great article!
from http://www.losurs.org/docs/tips/general/port-usage

Here's a quick and easy (to use) way to figure out what process is using a particular TCP port. This can be rather handy when you're trying to start a new daemon or service, and it complains that it can't bind to the port.

fuser 143/tcp | awk '{print $2}' | xargs ps ho cmd

In this case, it'll tell you what process is using port 143, the IMAP port. Substitute whatever port you're interested in for 143 (and replace tcp with udp for UDP ports, of course). You should generally run this as root, or else it'll only be able to tell you about ports belonging to your own processes.

Member Lonny Selinger wrote a handy little Perl script that accomplishes the same thing. It's available from the FTP site.

Note that the syntax used here is somewhat specific to Linux. If you want to do this on non-Linux systems, read the manpages for fuser(1) and ps(1) for the exact syntax used by your system.

Another way to do the same thing is to use a program called lsof which lists open files and compiles on a slew of unices. You can use -i to specify which protocol and port to examine, it will then return a list of the processes using said port.

Examples: lsof -i :ssh will list all processes using whichever port /etc/services associates with the service named ssh. lsof -i UDP:53 lists those processes that fancy UDP port 53 (tends to be named).

Last saved: 04/14/2005
Links: /computers/unix / bash-open-ports.txt

Bash most recent files

found some of this at

ls usr/local/directory -lRt | grep jpg | head -1

gives the last single jpg file in a directory tree.
Plans to further prune the output to return the full
path to this file for display on an intranet page.

I might be able to use awk
(found on the internet)
"the columns of 'ls -l' are not always the same on all platforms, so a
better solution might be:

ls -l | awk '^d {print $NF}'

I had success with this. It didn't seem to understand the NF thing.

[nberry@oz seti]$ ls usr/local/directory -lRt|grep jpg|head -3|awk '{print $9}'
49-01.jpg
48-00.jpg
48-01.jpg

This did not return the full filename for my mp3s where the file names have spaces in them!
ls /mp3/mp3 -lRt|grep mp3|head -3|awk '{print $NF}'
However, it did return the last bit of the most recent filename.

I ended up with this, which partially works the way I wanted:
#/bin/bash
path='/usr/local/directory'
file=`ls -lRt $path |grep jpg|head -1|awk '{print $9}'`
path=`ls -lRt /usr/local/directory |grep -B 2 jpg|head -1|awk '{print $1}'`
pathfixed=${path%:}
final=$pathfixed/$file
cp -u $final /home/xxx/public_html/lastcam.jpg
echo $pathfixed/$file > /tmp/lastcamimage

Last saved: 03/29/2005
Links: /computers/unix / bash-ls-head.txt