Ben's Blog

Category: unix / linux

29 Articles
I.T., unix / linux ben September 03, 2009

ssh tunnel to circumvent a firewall

My work place like many others has a pretty restrictive firewall that doesn’t let me ssh into my own machine. To get in the network, one has to use VPN which means that a furious battle will rage getting this to work in linux; but above all you won’t get to ssh from your phone.

So if you have a home server, run the following command on your work machine and it will create a tunnel from your work machine to your home server:

[bash]ssh -f -N -R 1337:localhost:22 root@home_server[/bash]

Now login to your home server and when you

[bash]ssh localhost -p 1337[/bash]

You will in fact be sshing to your work machine via magic fairies & such.

It adds a level of indirection which sucks major balls, so you can copy some keys and get all that automated but I don’t want to go into these details. Figure it out.

You can go away now.

I.T., unix / linux ben September 02, 2009

Count how many file descriptors are being used by every process of a certain name

here’s a neat little command:

ps -ae | grep <process_name> | perl -lane ‘print $F[0]’ | while read filename; do ls /proc/$filename/fd; done | wc -w

just replace process_name by httpd for example and it’ll tell you how many file descriptions are in use by all the processes with http in them.

I.T., unix / linux ben June 06, 2009

Postfix & Spamassassin integration allowing for custom processing

This assumes that you have postfix installed and running as your SMTP server

First, make sure that you’re root

[bash]whoami[/bash]

I probably shouldn’t have to explain that if you’re reading this but just in case; if that last command returned something else than ‘root’ issue the following command

[bash]sudo su[/bash]

and enter your password

step 1: Let’s install the packages we’re gonna need

[bash]apt-get update
apt-get install spamassassin spamc[/bash]

step 2: Now we configure spamassasin

[bash]cat /etc/default/spamassassin | sed -e ‘s#ENABLED=0#ENABLED=1#g’ > /etc/default/spamassassin
cat /etc/default/spamassassin | sed -e ‘s#CRON=0#CRON=1#g’ > /etc/default/spamassassin
cat /etc/spamassassin/local.cf | set -e ‘s## rewrite_header Subject *****SPAM*****#rewrite_header Subject [*****SPAM*****] > /etc/spamassassin/local.cf[/bash]

and we start/restart it

[bash]/etc/init.d/spamassassin restart[/bash]

step 3: We create a little script that will take desired action upon spamassassin flagging

create a user called spamassassin (or whatever you want as long as you keep it consistent)

[bash]useradd -m spamassassin[/bash]

then edit the script file /home/spamassassin/spamcheck and throw the following in it

[bash] # variables
 
SENDMAIL="/usr/sbin/sendmail -i"
 
EGREP=/bin/egrep
 
SPAMLIMIT=10
 
# exit codes from <sysexits.h>
 
EX_UNAVAILABLE=69
 
# clean up when done or when aborting.
 
trap "rm -f /tmp/out.$$" 0 1 2 3 15
 
# pipe message to spamc
 
cat | /usr/bin/spamc -u spamd > /tmp/out.$$
 
# are there more than $SPAMLIMIT stars in X-Spam-Level header? :
 
if $EGREP -q "^X-Spam-Level: *{$SPAMLIMIT,}" < /tmp/out.$$
 
then
 
# option 1: move spam messages to sideline dir so a human can look at them later:
 
mv /tmp/out.$$ /home/spamassassin/`date +%Y-%m-%d_%R`-$$
 
# option 2: divert spam message to an alternate e-mail address:
 
#$SENDMAIL xyz@xxxx.xx < /tmp/out.$$
 
# option 3: just delete the spam message
 
# rm -f /tmp/out.$$
 
# option 4: still relay the email to the recipient with the subject of the email now containing [*****SPAM*****]
 
# $SENDMAIL "$@" < /tmp/out.$$
 
else
 
$SENDMAIL "$@" < /tmp/out.$$
 
fi
 
# Postfix returns the exit status of the Postfix sendmail command.
 
exit $?[/bash]

make sure that you

[bash]chown spamassassin:spamassassin /home/spamassassin/spamcheck
chmod 750 /home/spamassassin/spamcheck[/bash]

step 4: Ok, so we got spamassassin going and a little script that will take an email and throw it in /home/spamassassin if it’s spam (if you chose option1) now we just need to tell postfix to pass all messages to that script

edit /etc/postfix/master.cf and replace

[code]smtp inet n – – – – smtpd[/code]

with

[code]smtp inet n – n – – smtpd -o content_filter=spamcheck:dummy[/code]

also add the following 2 lines at the bottom of the file (the indentation is important)

[code]spamcheck unix – n n – 10 pipe

flags=Rq user=spamassassin argv=/bin/spamcheck -f ${sender} — ${recipient}[/code]

We’re almost there, just restart postfix and you’re good to go!

[bash]/etc/init.d/postfix restart[/bash]

If you wanna test that out, watch the log while you send emails to your servers

[bash]tail -f /var/log/syslog[/bash]

send a clean mail, make sure that it reaches destination, then send something you know will get flagged as spam and make sure it ends up in /home/spamassasin instead of the intended recipient.

The reason we choose option 1 here is because there’s no point in still relaying a flagged email as it will still clog the recipient’s mailbox. On the other hand we don’t want to just delete it if spamassassin makes a mistake we want to play it safe and keep every emails should something arise, we quarantine the bad ones in /home/spamassassin

Lastly, as long as you have postfix just feeding the emails to a script like we just did, it’s easy to become fancier and do all kinds of processing to the email, on my server I actually call a php script that throws emails in a DB.

I.T., unix / linux ben June 04, 2009

Silly Apache warning

If the following happens to you:

[code]apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName[/code]

just issue a:

[bash]echo Servername `cat /etc/hostname` >> /etc/apache2/apache2.conf[/bash]

Tested on: Ubuntu server 9.04 32b / Ubuntu 12.04 64b

I.T., unix / linux ben May 27, 2009

recursive name based delete

Here’s a neat little command that will let you delete specified files/directories recursively and based on their names.

Let’s do a dry run first to make sure that the command will go through the right files. Run:

[bash]<code class="plain plain">find <directory_to_start_the_recursion_in> -name <file_name</code>>[/bash]

Keep in mind that if you’re gonna have asterisks (*) in the <file_name> you need to escape them like so:

[bash]find /var/www -name *.jpg[/bash]

make sure that the result only lists the files/directories that you indeed want to obliterate. Then improve that last command by adding:

[bash]find <directory_to_start_the_recursion_in> -name <file_name> -exec rm -rf {} ;[/bash]

Since this is a pretty dangerous command even after a dry run, you can use -ok instead of -exec which will prompt you for approval everytime the command it executed.

[bash]find <directory_to_start_the_recursion_in> -name <file_name> -ok rm -rf {} ;[/bash]

This is of course not limited to rm 🙂

I.T., unix / linux ben May 21, 2009

recursive type based chmod

Here’s a cool little script that will recursively chmod, giving a permission based on whether it’s dealing with a file or a directory. This is very convenient when you want to add that +x to directories but not files.

[bash]find $1 -type f -exec chmod $2 {} ;
find $1 -type d -exec chmod $3 {} ;[/bash]

Go ahead and edit /usr/bin/chmod_script, copy paste these 2 lines in there, then issue a chmod 755 /usr/bin/chmod_script as root, that’s it!

Usage syntax is as follows:

[bash]chmod_script <directory_to_start_the_recursion_in> <permissions_for_files> <permissions_for+directories>[/bash]

so if I want to use it on /var/www do:

[code]chmod_script /var/www 644 755[/code]

Enjoy!

Posts pagination

← Previous 1 2

This blog is solar powered

Interactive

Handwriting Capture
Mandalagaba
IPv6 link-local to MAC converter
IPv6 MAC to link-local converter
Markov Text Generation
Markov Word Generation
Markov Music Generation
Duplogrifier
Flood Fill Algorithms
Homestead Metrics
RGB Playground
Web Games

Categories

  • aesthetics111
    • plots54
    • specular holography6
  • Books3
  • I.T.202
    • 3D modeling / printing21
    • AI6
    • all out geekery36
    • electronics27
    • homestead automation6
    • maniacal paranoia25
    • plotters49
    • unix / linux29
    • video games4
    • web development29
    • web games3
  • Lego / Duplo67
  • life in the U.S.42
  • miscellaneous202
  • nature encounters114
  • old vinyls3
  • organs2
  • self sustainability560
    • agriculture105
    • apiculture38
    • apple20
    • building131
    • canning3
    • crochet6
    • foraging6
    • hunting10
    • maple syrup47
    • poultry39
    • preserving2
    • solar power28
    • water23
    • wood84
  • trip to a new life6
Theme by Bloompixel. Proudly Powered by WordPress