For a CentOS 5.1 email server, I wanted to check email passing
through the server with
. I had previously
installed support for the
to download and install clamav and clamav-milter on
the system. Since clamav, clamav-db, and clamd were dependencies for
clamav-milter, they were installed as well when I ran
# sendmail -d0 < /dev/null | grep MILTER
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
According to
Clam AntiVirus Milter Setup and Debugging, the
libmilter* library must be installed on the system to use
clamav-milter, so I checked for the presence of libmilter files with
locate libmilter, but none were listed. The instructions suggested
that if the library is not installed, one should "go to the Sendmail source
directory, change into the libmilter subdirectory and run the install script."
But there was no sendmail source directory on the system, since sendmail had
been installed through a package when I initially set up the system.
Since the instructions also stated "Some operating systems provide MILTER
support via a port or package", I thought I would just proceed to see
what happened.
The next step listed was to configure clamav with --enable-milter
. I presumed that was already taken care of when I installed the
clamav-milter package, so I proceeded to the "configure clamd.conf" step.
I checked /etc/clamd.conf, but didn't make any changes.
The installation of the clamav-milter package placed two files in
/etc/init.d.
# ls -l /etc/init.d/clam*
-rwxr-xr-x 1 root root 1258 Mar 7 2007 /etc/init.d/clamav-milter
-rwxr-xr-x 1 root root 1130 Nov 1 2006 /etc/init.d/clamd
It also installed and turned on two system services.
# chkconfig --list clamd
clamd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# chkconfig --list clamav-milter
clamav-milter 0:off 1:off 2:on 3:on 4:on 5:on 6:off
I started the Clam AntiVirus daemon with /etc/init.d/clamd
# vi /etc/init.d/clamd
# /etc/init.d/clamd start
Starting Clam AntiVirus Daemon: [ OK ]
You then need to configure sendmail for clamav-milter support. If you try
launching clamav-milter first, you will get the error shown below:
# /etc/init.d/clamav-milter start
Starting Clamav Milter Daemon: clamav-milter: socket-addr (local:/var/clamav/clm
ilter.socket) doesn't agree with sendmail.cf
[FAILED]
So I put the following line as the last line in /etc/mail/sendmail.mc
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter.sock, F=T, T=S:4m;R:4m')
I then rebuilt the sendmail.cf file from sendmail.mc
with the following command:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
When I tried restarting sendmail, though, I received a warning message:
# /etc/init.d/sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: WARNING: Xclmilter: local socket name /var/run/clamav/clmilte
r.sock missing
[ OK ]
Starting sm-client: [ OK ]
I then looked in /etc/sysconfig/clamav-milter and saw the
following:
### Simple config file for clamav-milter, you should
### read the documentation and tweak it as you wish.
CLAMAV_FLAGS="
--config-file=/etc/clamd.conf
--force-scan
--local
--max-children=10
--noreject
--outgoing
--quiet
"
SOCKET_ADDRESS="local:/var/clamav/clmilter.socket"
Since according to the SOCKET_ADDRESS in that file,
clmilter.socket was expected in /var/clamav,
I modified the line I added to the end of /etc/mail/sendmail.mc
to be as shown below:
INPUT_MAIL_FILTER(`clmilter', `S=local:/var/clamav/clmilter.socket, F=T, T=S:4m;R:4m')
I then rebuilt the sendmail.cf file from sendmail.mc,
restarted clamav-milter, and restarted sendmail.
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# /etc/init.d/clamav-milter restart
Stopping Clamav Milter Daemon: [FAILED]
Starting Clamav Milter Daemon: Your LANG environment variable is set to 'en_US.U
TF-8'
This is known to cause problems for some clamav-milter installations.
If you get failures with temporary files, please try again with LANG unset.
LibClamAV Error: cl_cvdhead: Can't open file /var/clamav/daily.inc/daily.info
Loaded ClamAV version 0.93, clamav-milter version 0.93
ClamAV: Protecting against 280776 viruses
[ OK ]
# /etc/init.d/sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]The "failed" for the restart of clamav-milter was probably because it wasn't
started at the time; so I could have used clamav-milter start.
I also saw an error message regarding "LibClamAV Error: cl_cvdhead: Can't open
file /var/clamav/daily.inc/daily.info", but when I sent a test message to
an account on another system, I saw "X-Virus-Scanned: ClamAV version 0.93,
clamav-milter version 0.93" in the message's headers. I saw the same
header in a message I sent from the account on the other system to the
one running ClamAV. I also saw the header "X-Virus-Status: Clean". So
ClamAV appeared to be scanning incoming and outgoing email.
References:
-
Clam AntiVirus Milter Setup and Debugging
Jeremy Mates's Domain
-
Installing clamav-milter on FreeBSD
Ring of Saturn Internetworking
[/network/email/sendmail]
permanent link
Fri, May 09, 2008 10:03 pm
Scheduling a Backup Task in Symantec Ghost 7.5
- On the View menu, click Scheduler. All scheduled tasks will appear.
- On the Task menu, click New Task.
- Expand the Tasks folder.
- Select the task that you want to schedule, then click on the OK
button.
- On the Schedule tab, set the date, time, and frequency with which to
execute the task.
- On the Task tab, in the Run as field, type the user name of the
person who is running the task. The default is the logged on user.
- Click on the Set Password button.
- In the Password field, type your password. You must type a password
to run the task. The password is confirmed when the task runs.
- In the Confirm field, type your password again to confirm that it is
entered correctly.
- Click on the OK button.
[/os/windows/utilities/backup/ghost]
permanent link
Wed, May 07, 2008 9:21 pm
Online Tools to Check MX Records
Two webpages offering online tools to look up
MX record information
for a domain are listed below:
Check MX Records for Email Tool - Live2Support.com
MX Lookup - MXToolbox.com
[/network/dns]
permanent link
Wed, May 07, 2008 6:00 pm
Remote Web Workplace Users
A user in a domain with a Windows Small Business Server (SBS) 2003
domain controller told me that she could establish a
VPN from home
by entering her userid, password, and domain information, but then
when she opened her browser and pointed it to the SBS 2003 server
and tried to establish a "Remote Web Workplace" connection, her
userid and password wouldn't be accepted, though she was using
the same ones as for the VPN connection. She would see the error
message below:
The user name or password is incorrect. Verify that CAPS LOCK
is not on, and then retype the current user name and password.
If you receive this message again, contact your system
administrator to ensure that you have the correct permissions to
use the Remote Web Workplace.
In checking on the problem, I found her account was not a member
of the "Remote Web Workplace Users" group. The procedure for adding
an account to that group is listed below.
- Click on Start.
- Select Administrative Tools.
- Select Activer Directory Users and Computers.
- Under the domain name, select My Business, Users,
SBSUsers, and then the user's account or, under the domain name,
select Users and the user's account, if it is located there
instead.
- Right-click on the user's account and select Properties.
- Click on the Member Of tab.
- The user should already be a member of Domain Users. You need
to click on the Add button.
- In the "Enter the ojbect names to select" field, type Remote
Web Workplace.
- Click on the Check Names button. You should then see
"Remote Web Workplace Users" appear in the field underlined.
- Click on OK.
- Click on OK again to close the "Properties" window for the
user's account.
[/os/windows/server2003]
permanent link
Tue, May 06, 2008 10:58 pm
Sendmail Anti-Spam Blacklist Feature
To reduce the amount of spam reaching user's inboxes, I made some modifications
to the
/etc/mail/sendmail.mc file on a Linux server running
sendmail.
The sendmail.mc already had the line
FEATURE(`blacklist_recipients')dnl. The
blacklist_recipients feature turns on the ability to block
incoming mail for certain recipient usernames, hostnames, or addresses. For
example, you can block incoming mail to user nobody, host foo.mydomain.com, or
guest@bar.mydomain.com. These specifications are put in the
/etc/mail/access file.
Immediately below that line, I added the following lines to use the
McFadden Associates E-Mail Blacklist,
the Spamhaus Block List,
and the Passive Spam Block List.
FEATURE(`dnsbl', `bl.csma.biz', `550 Spam Block: mail from $&{client_addr} refused - See http://bl.csma.biz/')dnl
FEATURE(`dnsbl', `sbl.spamhaus.org', `550 Spam Block: mail from $&{client_addr} refused - See http://www.spamhaus.org/sbl/')dnl
FEATURE(`dnsbl', `psbl.surriel.com', `550 Spam Block: mail from $&{client_addr} refused - see http://psbl.surriel.com/')dnl
I removed the "dnl" from the beginning of the following line, which
"uncomments" the directive, to allow
the system to accept email from users who have authenticated by a trusted
mechanism defined by TRUST_AUTH_MECH (see
Sendmail Authorization for Outgoing Email).
dnl FEATURE(delay_checks)dnl
I didn't want a user's email to be rejected because the user's system
received a dynamically assigned IP
address previously assigned to a system sending out spam, which I've seen
happen previously. By using the delay_checks feature, you can
have sendmail skip the check_mail and check_relay
rulesets, if the sender has been authenticated by a "trusted" mechanism,
such as by sending the user's userid and password to the server when sending
email.
I then regenerated the sendmail.cf file from the sendmail.mc file and restarted sendmail with the commands below.
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart
References:
-
Sendmail cf/README -
Features
sendmail.org
-
Sendmail cf/README - Anti-Spam Configuration Control
sendmail.org
-
Passive Spam Block List (PSBL) Added
MoonPoint Support
-
Sendmail Authorization for Outgoing Email
MoonPoint Support
-
McFadden Associates E-Mail Blacklist
-
Spamhaus Block List
-
Passive Spam Block List
[/network/email/sendmail]
permanent link
Mon, May 05, 2008 10:23 pm
Outlook 2002 Email Messages Not Opening
I found that when I double-clicked on email messages in Outlook 2002
on a user's system, they would not open. I couldn't open a message by
right-clicking on the message and choosing
Open either.
I was able to eliminate the problem by turning off the Google Desktop
add-in within Outlook, which can be done by the following steps:
- Click on Tools.
- Select Options.
- Click on the Other tab.
- Click on the Advanced Options button.
- Click on the Add-in Manager button.
- Uncheck "Google Desktop Search Outlook Addin".
- Click on OK.
- Click on Com Add-ins.
- Uncheck "Google Desktop Outlook Toolbar.
- Click on OK.
- Click on OK again.
- Click on OK to close the Options window.
[/network/email/clients/outlook]
permanent link
Mon, May 05, 2008 7:37 pm
Sendmail Authorization for Outgoing Email
A CentOS 5.1 email server wasn't allowing email clients, such as Outlook,
to relay email through it by providing a userid and password for authorization
for outgoing email. I configured an email client,
SimpleCheck, to use
the same userid and password when sending email as for checking incoming email.
I configured it to use the "plain" authorization method when sending email.
That didn't work, nor did using "login" or "CRAM-MD5"
for the authorization method. I would get an error message stating "'PLAIN'
authorization is not supported by the server" when I used the "plain"
authorization method. I got similar messages for the other authorization
methods.
The server was running sendmail, which
supports SMTP AUTH
as defined in
RFC 2554 which is
based on SASL.
The Cyrus SASL
package should be installed to enable sendmail to support
the AUTH command for authorization. I checked on whether it was installed
with rpm -qi cyrus-sasl. I saw it was installed. I then
tried sendmail -d0.1 -bv root | grep SASL and saw
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS.
The "SASLv2" in the output confirmed that support for SASL was present.
But when I connected to the
SMTP port by telnet, I didn't see the AUTH command listed when I issued
an ehlo command. And I received messages that the "plain", "login",
"cram-md5", and "digest-md5" authorization methods weren't supported when I
issued auth commands for those authentication methods.
# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 example.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 6 May 2008 10:34:34 -0400
ehlo laptop
250-example.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
AUTH LOGIN
504 5.3.3 AUTH mechanism LOGIN not available
AUTH PLAIN
504 5.3.3 AUTH mechanism PLAIN not available
AUTH CRAM-MD5
504 5.3.3 AUTH mechanism CRAM-MD5 not available
AUTH DIGEST-MD5
504 5.3.3 AUTH mechanism DIGEST-MD5 not available
quit
When I used the testsaslauthd command to check that the
saslauthd daemon was installed and running properly, I saw that it
was working properly.
# testsaslauthd -s smtp -u jdoe -p HerPassword
0: OK "Success."
You can test SASL support with the testsaslauthd command by
specifying a username and its associated password on the system with
-u username -p password. The -s service option
specifies a particular service. Common service names are "imap", "sieve", and
"smtp".
I then looked at /etc/mail/sendmail.mc. I saw
define(`confAUTH_OPTIONS', `A')dnl, which provides a list
of options for SMTP AUTH was not commented out, so I left it
as is. I left the "dnl" at the beginning of the following line, which appeared
later in the file. The p option in it
would result in sendmail not accepting the PLAIN and LOGIN
AUTH methos unless they were protected by a security latyer, such as
is provided by STARTTLS.
dnl define(`confAUTH_OPTIONS', `A p')dnl
The
sendmail AUTH_OPTIONS options are as follows:
AuthOptions
[no short name] List of options for SMTP
AUTH consisting of single characters with
intervening white space or commas.
A Use the AUTH= parameter for the MAIL FROM
command only when authentication succeeded.
This can be used as a workaround for broken
MTAs that do not implement RFC 2554 correctly.
a protection from active (non-dictionary) attacks
during authentication exchange.
c require mechanisms which pass client credentials,
and allow mechanisms which can pass credentials
to do so.
d don't permit mechanisms susceptible to passive
dictionary attack.
f require forward secrecy between sessions
(breaking one won't help break next).
p don't permit mechanisms susceptible to simple
passive attack (e.g., PLAIN, LOGIN), unless a
security layer is active.
y don't permit mechanisms that allow anonymous login.
The first option applies to sendmail as a
client, the others to a server. Example:
O AuthOptions=p,y
would disallow ANONYMOUS as AUTH mechanism
and would allow PLAIN and LOGIN only if a
security layer (e.g., provided by STARTTLS)
is already active. The options 'a', 'c',
'd', 'f', 'p', and 'y' refer to properties
of the selected SASL mechanisms. Explana-
tions of these properties can be found in
the Cyrus SASL documentation.
I removed "dnl" from beginning of the following 2 lines to uncomment
them:
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
The relevant lines were then as follows:
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
I then rebuilt the sendmail.cf file from the
sendmail.mc file using m4 /etc/mail/sendmail.mc >
/etc/mail/sendmail.cf. I then restarted sendmail with
/etc/init.d/sendmail restart.
When I then used telnet to connect to the SMTP port, port 25, on the
server, I saw AUTH listed when I issued the ehlo
command.
# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 example.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 6 May 2008 13:44:58 -0400
ehlo laptop
250-example.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
Testing with
SimpleCheck, I was then able to send a message with it configured to
use the PLAIN or the LOGIN authorization mechanism.
References:
-
SMTP AUTH in sendmail 8.10-8.13
sendmail.org
-
Cyrus SASL for System Administrators
SEPP Application Catalog
-
sendmail AUTH_OPTIONS
lists.freebsd.org Mailing Lists
-
Using SMTP AUTH and STARTTLS with sendmail
A quick start guide for Red Hat/Fedora Linux
joreybump.com
[/network/email/sendmail]
permanent link
Sun, May 04, 2008 11:11 pm
Configuring Dovecot
I needed to provide
POP3 email
service on a CentOS system. The default POP server under Red Hat Enterprise
Linux is
/usr/lib/cyrus-imapd/pop3d and is provided by the
cyrus-imapd package. But that package was not installed on the system.
Another
IMAP and
POP3 package available for
CentOS systems is
Dovecot, which provies
an open source IMAP and POP3 server for Linux/UNIX-like systems.
I checked to see if dovecot was installed with
rpm -qi dovecot.
It was. I then checked on whether it was active. It was not.
# chkconfig --list dovecot
dovecot 0:off 1:off 2:off 3:off 4:off 5:off 6:off
I turned it on so that it would be operational after the next reboot
with chkconfig dovecot on.
# chkconfig dovecot on
[root@frostdragon ~]# chkconfig --list dovecot
dovecot 0:off 1:off 2:on 3:on 4:on 5:on 6:off
I then started the service with service dovecot start.
# service dovecot start
Starting Dovecot Imap: [ OK ]
I could then see that the system was listening on the imap, imaps, pop3, and
pop3s ports.
# netstat -a | grep imap
tcp 0 0 *:imaps *:* LISTEN
tcp 0 0 *:imap *:* LISTEN
[root@frostdragon archive]# netstat -a | grep pop3
tcp 0 0 *:pop3s *:* LISTEN
tcp 0 0 *:pop3 *:* LISTEN
Dovecot can be configured to handle mailboxes for system users, i.e. for
accounts on the system or for
virtual users. Since the majority of people who would be using the
server for email would have no need to log into the system and since I wanted
to be able to have john@example.com and john@anotherexample.com, I chose
to configure Dovecot for virtual users.
The Dovecot Wiki has this to say
about usernames and domains:
Usernames and domains
Dovecot doesn't care much about domains in usernames. IMAP and POP3 protocols
currently have no concept of "domain", so the username is just something that
shows up in your logs and maybe in some configuration, but they have no direct
functionality.
So although Dovecot makes it easier to handle "user@domain" style usernames
(eg. %n and %d variables),
nothing breaks if you use for example "domain%user" style usernames instead.
However some
authentication mechanisms do have an explicit support for realms (pretty
much the same as domains). If those mechanisms are used, the username is
changed to be "user@realm".
And of course there's no need to have domains at all in the usernames.
I followed the instructions in
Simple Virtual
User Installation. I didn't need to create a dovecot user,
since one already existed in /etc/passwd. I did need to create
a vmail user account and group, which is used to access the
mail for all users.
# grep dovecot /etc/passwd
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
# useradd -u 103 -c Dovecot vmail
The above useradd command created the vmail user and group and automatically
created a /home/vmail directory owned by vmail:vmail, under which
the email for all users is stored. [Note: you may want to use
a UID greater than 500 rather than 103 as in the example above to avoid the
problem noted below where the dovecot configuration file by default only
permits a UID greater than 500]
I created /var/log/dovecot.log and
/var/log/dovecot-info.log and changed the owner and group for
those files to vmail.
# touch /var/log/dovecot.log /var/log/dovecot-info.log
# chown vmail /var/log/dove*; chgrp vmail /var/log/dove*;
I then edited /etc/dovecot.conf and changed the settings for the
log files.
Original
# Use this logfile instead of syslog(). /dev/stderr can be used if you want to
# use stderr for logging (ONLY /dev/stderr - otherwise it is closed).
#log_path =
# For informational messages, use this logfile instead of the default
#info_log_path =
Modified
# Use this logfile instead of syslog(). /dev/stderr can be used if you want to
# use stderr for logging (ONLY /dev/stderr - otherwise it is closed).
log_path = /var/log/dovecot.log
# For informational messages, use this logfile
info_log_path = /var/log/dovecot-info.log
The default line in /etc/dovecot.conf for plaintext authentication
is as follows:
#disable_plaintext_auth = no
Since disable_plaintext_auth has a default value of "no", I didn't
have to uncomment that line.
I created a directory for the dovecot password file with
mkdir /etc/dovecot and then set up a password file in
/etc/dovecot/passwd. I changed the protection on the file with
chmod 600 /etc/dovecot/passwd, so that only root would have
access, since I don't want others with accounts on the system to be able to
read the contents of the file. I created entries in the passwd file with
entries like the following:
jdoe@example.com:{PLAIN}HerPasswordI then modified the checkpassword section of /etc/dovecot.conf
Original
# checkpassword executable authentication
# NOTE: You will probably want to use "userdb prefetch" with this.
# http://wiki.dovecot.org/PasswordDatabase/CheckPassword
#passdb checkpassword {
# Path for checkpassword binary
#args =
#}Modified
# passwd-like file with specified location
# http://wiki.dovecot.org/AuthDatabase/PasswdFile
passdb passwd-file {
# Path for passwd-file
args = /etc/dovecot/passwd
}I then restarted dovecot with service dovecot restart. I
then tested dovecot by using telnet to connect to port 110, the pop3
port, on the system. I could connect to port 110, but didn't get any
response to the user and pass commands. I looked in
/var/log/dovecot and saw the following errors recorded:
dovecot: May 04 13:35:26 Error: Temporary failure in creating login processes, slowing down for now
dovecot: May 04 13:35:26 Error: imap-login: imap-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: imap-login: imap-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory
dovecot: May 04 13:35:26 Error: child 30454 (login) returned error 127
dovecot: May 04 13:35:26 Error: child 30455 (login) returned error 127
At
Redhat Dovecot error while loading shared libraries: libsepol.so.1: failed
to map segment from shared object: Cannot allocate memory, I found
a suggestion to edit /etc/dovecot.conf and modify the
login_processes_size line so that it is
login_process_size = 64. The writer states on that webpage that
"This error is not related to shared libraries. You need to set maximum
process size in megabytes. If you don't use login_process_per_connection you
might need to grow this."
When I looked in /etc/dovecot.conf, I saw the following line:
I removed the "#" and changed the line to login_process_size = 64
. I then restarted dovecot with service dovecot restart.
I no longer saw the error messages in the /var/log/dovecot.log
file.
When I again checked email for accounts by using telnet 127.0.0.1
110, I was able to check an account, jsmith, listed in
/etc/passwd, but not the jdoe@example.com account listed in
the /etc/dovecot/passwd file I created.
# telnet 127.0.0.1 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Dovecot ready.
user jdoe@example.com
+OK
pass HerPassword
-ERR [IN-USE] Internal login failure. Refer to server log for more information.
Connection closed by foreign host.
[root@frostdragon log]# telnet 127.0.0.1 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Dovecot ready.
user jsmith
+OK
pass HisPassword
+OK Logged in.
stat
+OK 0 0
quit
+OK Logging out.
Connection closed by foreign host.
When I looked in /etc/dovecot.conf, I saw dovecot:
May 04 14:03:20 Error: auth(default):
userdb(jdoe@example.com,::ffff:127.0.0.1): user not found from userdb.
I then realized I also needed to modify the "userdb static" section of
/etc/dovecot.conf. I made the following changes:
Original
# static settings generated from template
# http://wiki.dovecot.org/UserDatabase/Static
#userdb static {
# Template for the fields. Can return anything a userdb could normally
# return. For example:
#
# args = uid=500 gid=500 home=/var/mail/%u
#
#args =
#}Modified
# static settings generated from template
# http://wiki.dovecot.org/UserDatabase/Static
userdb static {
# Template for the fields. Can return anything a userdb could normally
# return. For example:
#
# args = uid=500 gid=500 home=/var/mail/%u
#
args = uid=vmail gid=vmail home=/home/vmail/%u
}I then restarted dovecot with service dovecot restart. But
I still couldn't check email for the virtual user account jdoe@example.com.
In the /var/log/dovecot.log file, I saw dovecot:
May 04 14:34:19 Error: Logins with UID 103 (user jdoe@example.com) not
permitted (see first_valid_uid in config file)
When I checkd the /etc/dovecot.conf, I found the following:
# Valid UID range for users, defaults to 500 and above. This is mostly
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
#first_valid_uid = 500
#last_valid_uid = 0
I then realized, since I created the vmail account with a UID of 103,
that the dovecot configuration file was preventing a login for it, because
it was less than 500. I could have changed the first_valid_uid
value in dovecot.conf, but I decided to delete the vmail account and its
associated home directory and then recreate it with a UID greater than 500.
I then restarted dovecot
# userdel vmail
# rm -rf /home/vmail
# useradd -u 502 -c "Dovecot Virtual Users" vmail
# service dovecot restart
I was then able to check email for both user accounts on the system and
virtual user accounts. I saw that dovecot created a
/home/vmail/jdoe@example.com directory under
/home/vmail.
At this point, though I could login to the POP3 port, port 110, and get dovecot
to accept the userid and password for a virtual user, sendmail would return
a "user unknow" message, if I tried to send email to a virtual user, because
sendmail knew nothing about the dovecot virtual users. So using
the instructions in
Dovecot LDA with Sendmail as a starting point, I took the steps
below.
I created the file /usr/share/sendmail-cf/mailer/dovecot.m4 and
put the lines below in it:
######################*****##############
### DOVECOT Mailer specification ###
##################*****##################
Mdovecot, P=/usr/local/libexec/dovecot/deliver, F=DFMPhnu9,
S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
T=DNS/RFC822/X-Unix,
A=deliver -d $uIn /etc/mail/sendmail.mc, I had the following two lines:
MAILER(smtp)dnl
MAILER(procmail)dnl
I added MAILER(dovecot)dnl after those two lines.
I then regenerated the sendmail.cf file using the m4 command.
# m4 /etc/mail/sendmail.mc > /etc/mailsendmail.cf
Unfortunately, that did not resolve the issue with virtual users. I still
haven't been able to get that working.
References:
-
Chapter 23. Email
CentOS
-
Basic Configuration
Dovecot Wiki
-
Virtual Users
Dovecot Wiki
-
Simple Virtual User Installation
Dovecot Wiki
-
Passwd-file
Dovecot Wiki
-
Redhat Dovecot error while loading shared libraries: libsepol.so.1: failed to
map segment from shared object: Cannot allocate memory
nixCraft Insight Into Linux Admin Work
-
Dovecot LDA with Sendmail
Dovecot Wiki
[/network/email/dovecot]
permanent link
Sun, May 04, 2008 6:39 pm
Adding a New VIP Service to a NetScreen Firewall
To add a new Virtual IP (VIP) service to a NetScreen firewall, such
as the NetScreen-5GT, through the Web management user interface (WebUI) for the
firewall, take the following steps:
- Login into the firewall using a web browser.
- Click on Network.
- Click on Interfaces.
- For the Untrust interface, click on Edit.
- In the Properties line at the top of the webpage, you will
see VIP. Click on VIP.
- If you see an Add/Modify VIP Entry field with no
VIP services listed beneath it, select "Same as the untrusted interface
IP address" and click on Add, otherwise proceed to the
next step.
- Click on the New VIP Service button
- The Virtual IP field should show the IP address for the
Untrust interface. Put the appropriate value in the Virtual
Port field, e.g. 110 for POP3. Select the appropriate service for
the Map to Service field, e.g "POP3(110)" for POP3. For the
Map to IP value, put in the IP address for the internal server for
which you want to provide access to this service, e.g. 192.168.10.24, if
that was the IP address for the POP3 server behind the firewall.
- Click on the OK button.
Once the VIP service is configured, you need to set up a new firewall
rule, aka policy, to permit traffic from the outside of the firewall through
to the inside for this new service.
To do so, take the following steps:
- Click on Policies at the left side of the webpage.
- For the From field, select "Untrust" and select "Trust" for
the To field.
- Click on the New button.
- On the next webpage, put a name of your choosing in the Name field,
e.g.
POP3 for a POP3 service. You don't need to change the
Source Address, but for the Destination Address, select
"VIP(untrust)" from Address Book Entry for the
Desinstion Address. For Service, you can select "POP3" for
this example.
- If you want logging turned on for this policy, check Logging.
- If you want "counting" turned on for this policy, click on the
Advanced button and then check the Counting checkbox then
click on the OK button.
[/security/firewalls/netscreen]
permanent link
Sun, May 04, 2008 5:07 pm
Configuring Sendmail to Handle Email for Multiple Domains
If you need sendmail to handle email for alternate domain names, you can
add those domain names to
/etc/mail/local-host-names.
E.g., suppose the server on which sendmail is running is someexample.com.
Sendmail will accept email addresses to someone@someexample.com, but would
reject email for someone@example.com. But, if you want sendmail to also
handle email for example.com addresses, e.g. you are going to have the
server act as an
Mail
exchanger (MX) server for example.com, you would add example.com to
/etc/local-host-names:
# local-host-names - include all aliases for your machine here.
example.com
Then create the local-host-names.db file with
makemap hash /etc/mail/local-host-names < /etc/mail/local-host-names
. When you restart sendmail, which you can do with
/etc/init.d/sendmail restart, sendmail will then accept email
for example.com addresses.
Be aware that if you have an account jsmith which previously would receive
email addressed to jsmith@someexample.com, that
email addressed to jsmith@example.com will now go there as well.
[/network/email/sendmail]
permanent link
Sat, May 03, 2008 9:15 pm
Configuring Sendmail to Use a Smart Host
I needed to configure a
sendmail server that had a dynamic IP address to
route email out through an
SMTP
server belonging to an
ISP, since otherwise
some email servers might reject email from that sendmail server. Some email
servers will compare a sending email server's IP address to lists of addresses
known to be assigned by ISP's as dynamic IP addresses. By doing so, ISP's
hope to block spam from home user's PCs that have been compromised and put
to use as zombie systems by spammers.
The steps below can be taken on a Linux system running sendmail to have
it send email via a "smart
host" server. In essence, instead of the sendmail server sending email
directly to other email servers, it transmits all email to another server,
the "smart host", which handles the task of transmitting the received email
to the recipients' servers.
In /etc/mail/sendmail.mc, look for the following section:
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST', `smtp.your.provider')dnl
dnl #
Remove the dnl from the beginning of the
dnl define(`SMART_HOST', `smtp.your.provider')dnl line and
replace smtp.your.provider with the smart host you will be
using, e.g. mail.example.com.
define(`SMART_HOST', `mail.example.com')dnl
In /etc/mail/access add the following line, substituting
the actual SMTP server you will need to use for mail.example.com
and your actual username and password on the smart host server for
myloginname and mypasswd:
Authinfo:mail.example.com "U:myloginname" "P:mypasswd" "M:Plain"
Then regenerate the /etc/mail/access.db file with
makemap hash /etc/mail/access </etc/mail/access.
Regenerate /etc/mail/sendmail.cf with
m4 /etc/mail/sendmail.mc > /etc/mailsendmail.cf.
Then restart sendmail with service sendmail restart or
/etc/init.d/sendmail restart.
Once you have taken the above steps, you can send a test message from the
system. Sending one to a test email address on another system that will
allow you to view the message headers is ideal. At the destination, look at the
message headers for the email you sent. You should see it passing through
the smart host.
When I sent out a test message after making the changes above, the message
didn't reach the destination. I checked the mail queue with mailq
and saw the message had not gone out because of an "AUTH failure".
# mailq
/var/spool/mqueue (1 request)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
m43M1HT8032701 31 Sat May 3 18:01 <johnsmith@myserver.com>
(Deferred: Temporary AUTH failure)
<melvin@example.com>
I had sendmail attempt to send the queued message immediately and display
information on its progress with sendmail -q 0 -v (the
-v provides "verbose" information).
# sendmail -q 0 -v
Running /var/spool/mqueue/m43M1HT8032701 (sequence 1 of 1)
... Connecting to smtp.atlanticbb.net. via relay...
220 ECHO Labs SMTP Service - MX01
>>> EHLO myserver.com
250-BL-106 says EHLO to 72.45.13.244:1097
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-AUTH=LOGIN
250 AUTH LOGIN
>>> QUIT
221 BL-106 closing connection
... Deferred: Temporary AUTH failure
Closing connection to smtp.atlanticbb.net.
In this case I was using smtp.atlanticbb.net as the smart host. I could
see it supports an AUTH type of "LOGIN", but I didn't see "PLAIN" listed.
I edited /etc/mail/access, replacing "M:Plain"
with "M:Login".
Authinfo:smtp.atlanticbb.net "U:myloginname" "P:mypasswd" "M:Login"
I then ran makemap hash /etc/mail/access < /etc/mail/access
again. Then when I had sendmail process the mail queue immediately again,
the message was successfully transmitted.
# sendmail -q 0 -v
Running /var/spool/mqueue/m43M1HT8032701 (sequence 1 of 1)
... Connecting to smtp.atlanticbb.net. via relay...
220 ECHO Labs SMTP Service - MX02
>>> EHLO myserver.com
250-BL-206 says EHLO to 72.45.13.244:2430
250-8BITMIME
250-PIPELINING
250-AUTH=LOGIN
250-AUTH LOGIN
250 ENHANCEDSTATUSCODES
>>> AUTH LOGIN
334 VXNlcm4hcWU6
>>> bW9vbnBvbW40
334 UGFzc2dvdmQ6
>>> MVN0b2A1Njd=
235 Authed. Go on.
>>> MAIL From:
250 MAIL FROM accepted
>>> RCPT To:
>>> DATA
250 Recipient Accepted - Will relay per rbIP
354 continue. finished with "\r\n.\r\n"
>>> .
250 OK D4/2C-23466-1B9EC184
... Sent (OK D4/2C-23466-1B9EC184)
Closing connection to smtp.atlanticbb.net.
>>> QUIT
221 BL-206 closing connection
[/network/email/sendmail]
permanent link
Sat, May 03, 2008 4:59 pm
Alpine on CentOS
I've been using
Pine from the
University of Washington as my email client for a long time. Pine is an
acronym for
Program for
Internet
News &
Email. But
Pine is no longer under development. The University of Washington has developed
a successor package,
Alpine,
which it has released under the Apache License. When I set up a
CentOS 5.1 system, I decided to install
Alpine on it.
Alpine is available through RPMForge,
a repository for Linux packages in the RPM format. To install
Alpine, I downloaded the rpmforge-release package from
RPMforge/Using and
then installed it with rpm.
# rpm -Uhv rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
That placed two new files, mirrors-rpmforge and
rpmforge.repo in /etc/yum.repos.d. I installed
the yum-priorities plugin as described in
RPMForge Packages and Yum Priorites and set the RPMForge
repository to a lower priority than the default CentOS repository.
I installed Alpine with yum install alpine.
-
Alpine E-Mail Client Released -- Don't Call it a Comeback
By Michael Calore
December 21, 2007
Wired Blogs
-
Alpine Messaging System
University of Washington
-
RPMForge
[/network/email/clients/alpine]
permanent link
Sat, May 03, 2008 4:53 pm
RPMForge Packages and Yum Priorites
I wanted to be able to use
yum to install packages from
the
RPMForge repository.
Instructions for installing RPMForge support on a
CentOS Linux system can be found
at
Installing
RPMforge.
First, install the yum-priorities package with
yum install yum-priorities.
This plugin allows repositories to have different priorities.
Packages in a repository with a lower priority can't be overridden by packages
from a repository with a higher priority even if the repository with the
higher priority has a later version of the package. As the
Installing
RPMForge webpage states you should "Beware that some packages are newer
than the official CentOS version and you should not blindly install those
packages. Before you replace a CentOS package you should make sure that will
not break anything important. In most cases you can revert any mistakes but it
is best to avoid the mess." By usng the yum-priorities plugin,
you help avoid that problem.
Next verify that yum-priorities is enabled by ensuring that the
following lines are present in /etc/yum/pluginconf.d/priorities.conf
:
[main]
enabled = 1
The yum repository information is stored in /etc/yum.repos.d.
cd /etc/yum.repos.d
# ls -l
total 16
-rw-r--r-- 1 root root 2049 Nov 22 20:32 CentOS-Base.repo
-rw-r--r-- 1 root root 622 Nov 22 20:32 CentOS-Media.repo
I added priority=1 as the last line in the following sections
of CentOS-Base.repo:
[base]
[updates]
[extras]
I added priority=2 as the last line in the [centosplus]
section, which now contains the following lines:
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
priority=2
I installed the rpmforge-release package with
rpm -Uhv rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm, which created
two new files mirrors-rpmforge and rpmforge.repo in
/etc/yum.repos.d. I edited rpmforge.repo and added
priority = 11 at the end of the file.
Repositories with lower priority numbers are considered to have a higher
priority than than those with higher numbers. E.g. if repository A has
priority=4 associated with it while repository B has
priority=5 associated with it, repository A has a higher
priority than repository B.
References:
-
Installing RPMForge
CentOS Wiki
-
yum-plugin-priorities
CentOS Wiki
[/os/unix/linux/centos]
permanent link
Fri, May 02, 2008 6:23 pm
Return Microsoft Word to Single-Spacing
If you are using Microsoft Word and it is double-spacing text when you want
it to single-space text, you can hit the
Shift and
Enter
keys simultaneously at the end of lines to get Word to single-space the lines
or you can take the following steps to have all of the text in the document
single-spaced
*:
- Inside the document, hit the Ctrl and A keys
simultaneously to highlight all of the existing text.
- Click on "Format" at the top of the Word window.
- Select "Paragraph".
- Change the line spacing to "single".
- Change the "before" and "after" values to "0 pt".
- Click on "OK".
*Written for Word 2003
[/os/windows/office/word]
permanent link
Fri, May 02, 2008 12:58 pm
10-Gigabit Ethernet
There is an
ITBusinessEdge
article,
Full Steam Ahead to 10 GbE, published on April 28 that mentions there
are a lot of advances helping bring 10-Gigabit Ethernet (10 GbE) into the
mainstream. One of those mentioned is 10GBASE-T, which permits the use of
unshielded twisted-pair (UTP) cabling. The article states that
"While this technology is still in limited deployment, more vendors and
devices with reduced power requirements are expected by the end of the year."
[/network/cabling]
permanent link
Thu, May 01, 2008 8:10 pm
Microsoft Working with Law Enforcement to Squash Botnets
An April 29
InfoWorld article,
Microsoft botnet-hunting tool helps bust hackers, mentions that
Microsoft has been working with law enforcement agencies to help shut down
botnets. It mentions "In February, the Sûreté du Québec
used Microsoft's botnet-buster to break up a network that had infected nearly
500,000 computers in 110 countries, according to Captain Frederick Gaudreau,
who heads up the provincial police force's cybercrime unit."
A half of a million computers in a botnet is an incredible number.
Captain Gaudreau attributed his agency's success in the case against the
botnet operators to the use of a tool Microsoft provided that keeps tabs
on botnets.
[/security/botnets]
permanent link
Mon, Apr 28, 2008 9:08 pm
Configuring Microsoft Exchange to Use a Smart Host
If a Microsoft Exchange server doesn't have a
PTR
record, other email servers may reject email from the Exchange server
when they are unable to perform a reverse lookup on the IP address for
the Exchange server. A workaround for this problem is to use a "smart host"
to route outgoing email from the Exchange server.
[ More Info ]
[/network/email/exchange]
permanent link
Sun, Apr 27, 2008 8:30 pm
Store.Exe Consuming Excessive Memory
On a Microsoft Exchange 2003 server, I've found Task Manager reporting high
memory utilization. When I sort the running processes by memory utilization in
the Task Manager (click on the
Performance tab then click on the
Processes column header to sort them), I see
store.exe
consuming over 500 MB. This is happening at the moment on a Sunday evening when
few of the systems in the domain even have Outlook open to check email. The
CPU utilization is low, less than 10% at the moment when I am seeing the 500 MB
memory usage.
I've been seeing memory utilization jumping up to high values a lot lately.
Rebooting the system resolves the problem, but I don't want to be rebooting
the Exchange server every day. I can also reduce the memory utilization by
selecting Run and typing services.msc to bring up the
services list, I can then right-click on Microsoft Exchange Information
Store and stop the service and then restart it. I then see store.exe
using about 20 MB of memory when I check its utilization with the
Windows Task Manager
The Microsoft Exchange Information Store service manages the
Microsoft Exchange Information Store, which includes mailbox stores and
public folder stores. If the service is stopped, mailbox stores and public
folder stores on the computer become unavailable, so it needs to be restarted
immediately after stopping it.
References:
-
Store.exe High Memory Utilization
August 10, 2005
Tech Support, Manuals & Troubleshooting for Consumers
-
Memory leak in Store.exe - pub1.edb GIGANTIC
Server Watch Forums
[/network/email/exchange]
permanent link
Sat, Apr 26, 2008 10:16 pm
Blosxom Calendar Plugin on 64-bit System
I found that the
Calendar
plugin for Blosxom stopped working when I moved my blog from a 32-bit
Redhat Linux system to a 64-bit CentOS Linux system. Nothing would appear
within the blog. When I checked the error log for the website, I saw the
following:
[Sat Apr 26 21:53:00 2008] [error] [client 192.168.0.44] calendar debug 1:
start() called, enabled
[Sat Apr 26 21:53:00 2008] [error] [client 192.168.0.44] calendar debug 1:
filter() called
[Sat Apr 26 21:53:00 2008] [error] [client 192.168.0.44] Byte order is not
compatible at ../../lib/Storable.pm (autosplit into
../../lib/auto/Storable/_retrieve.al) line 331, line 32, at
/home/jsmith/www/blosxom/plugins/calendar line 322
[Sat Apr 26 21:53:00 2008] [error] [client 192.168.0.44] Premature end of
script headers: blosxom
At
[ic] HELP !FreeBSD 5.3 Box With newest version of perl storable problem
, I saw the following:
You appear to have a perl configured to use 64 bit integers in its scalar
variables. If you have existing data written with an earlier version of
Storable which this version of Storable refuses to load with a
Byte order is not compatible
error, then please read the section "64 bit data in perl 5.6.0 and 5.6.1"
in the Storable documentation for instructions on how to read your data.
(You can find the documentation at the end of Storable.pm in POD format)
That revealed that the problem was linked to the fact that I am now
using a 64-bit operating system.
I decided to see if an upgrade Storable module was available.
# cpan upgrade Storable
/usr/lib/perl5/5.8.8/CPAN/Config.pm initialized.
CPAN is the world-wide archive of perl resources. It consists of about
100 sites that all replicate the same contents all around the globe.
Many countries have at least one CPAN site already. The resources
found on CPAN are easily accessible with the CPAN.pm module. If you
want to use CPAN.pm, you have to configure it properly.
If you do not want to enter a dialog now, you can answer 'no' to this
question and I'll try to autoconfigure. (Note: you can revisit this
dialog anytime later by typing 'o conf init' at the cpan prompt.)
Are you ready for manual configuration? [yes]
I entered "no" to the prompt regarding whether I was ready for manual
configuration, which resulted in the autoconfigure process proceeding.
I then checked Storable again.
# cpan Storable
CPAN: Storable loaded ok
Going to read /root/.cpan/Metadata
Database was generated on Sat, 26 Apr 2008 17:29:46 GMT
Storable is up to date.
I checked the version of the module with
perlmodver.
The version was 2.18.
But the problem still remained. Taking a look at the code in the calendar
plugin, I realized it was reading a file, .calendar.cache in
the plugins/state directory. I had not noticed the file previously,
because I had checked the directory's contents only with ls. I
saw it with ls -a. The calendar plugin reads the contents of
that file. I had copied the file from the old 32-bit system to the new 64-bit
system when I copied the plugins directory and its subdirectores. When I
deleted the .calendar.cache file from the state
directory and then tried accessing the blog again, the calendar plugin
recreated it, but this time it was in the proper 64-bit format that the
Storable.pm module was expecting, so I was now able to view
the blog with the calendar functionality now working.
Further information on the issue can be found near the end of the
Storable.pm file (look in
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Storable.pm).
Perl 5.6.x introduced the ability to optional configure the perl interpreter
to use C's C type to allow scalars to store 64 bit integers on 32
bit systems. However, due to the way the Perl configuration system
generated the C configuration files on non-Windows platforms, and the way
Storable generates its header, nothing in the Storable file header reflected
whether the perl writing was using 32 or 64 bit integers, despite the fact
that Storable was storing some data differently in the file. Hence Storable
running on perl with 64 bit integers will read the header from a file
written by a 32 bit perl, not realise that the data is actually in a subtly
incompatible format, and then go horribly wrong (possibly crashing) if it
encountered a stored integer. This is a design failure.
Storable has now been changed to write out and read in a file header with
information about the size of integers. It's impossible to detect whether
an old file being read in was written with 32 or 64 bit integers (they have
the same header) so it's impossible to automatically switch to a correct
backwards compatibility mode. Hence this Storable defaults to the new,
correct behaviour.
What this means is that if you have data written by Storable 1.x running
on perl 5.6.0 or 5.6.1 configured with 64 bit integers on Unix or Linux
then by default this Storable will refuse to read it, giving the error
I. If you have such data then you you
should set C<$Storable::interwork_56_64bit> to a true value to make this
Storable read and write files with the old header. You should also
migrate your data, or any older perl you are communicating with, to this
current version of Storable.
If you don't have data written with specific configuration of perl described
above, then you do not and should not do anything. Don't set the flag -
not only will Storable on an identically configured perl refuse to load them,
but Storable a differently configured perl will load them believing them
to be correct for it, and then may well fail or crash part way through
reading them.
[/network/web/blogging/blosxom]
permanent link
Sat, Mar 08, 2008 4:34 pm
Turning on Display of Account at Welcome Screen
I had turned off the display of an account at the Windows XP welcome screen
(see
Hiding an Account from the Welcome Screen) and needed to turn
it back on temporarily.
I checked the setting of the account from the command line with the
reg query command. The account for which I had hidden the account
from the welcome screen display was the administrator account in this case.
C:\Documents and Settings\Administrator>reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList" /v Administrator
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList
Administrator REG_DWORD 0x0
The value of zero for HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList\Administrator means the account is
not shown on the welcome screen.
I turned the display of that account back on with the reg add
command.
C:\Documents and Settings\Administrator>reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList" /v Administrator /t REG_DWORD /d 1
Value Administrator exists, overwrite(Y/N)? y
The operation completed successfully
I had to reboot for the administrator account to be displayed with the
other accounts on the system at the welcome screen. The picture chosen for
the administrator account was then shown with those for the other accounts,
allowing one to click on it to logon.
[/os/windows/xp]
permanent link
Sat, Mar 08, 2008 12:19 pm
Rdesktop on Solaris 10
I wanted to be able to use
rdesktop,
which is an open source client for Windows NT Terminal Server and Windows
2000/2003 Terminal Services, on an Intel-architecture Solaris 10 system,
so I downloaded the
x86
Solaris 10 version of rdesktop from
Sunfreeware.com.
Since one of the requirements for rdesktop 1.5.0 was
libiconv
, I installed it. I checked the version of gcc on the system.
It was 3.4.3.
# /usr/sfw/bin/gcc -v
Reading specs from /usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/specs
Configured with: /builds/sfw10-gate/usr/src/cmd/gcc/gcc-3.4.3/configure --prefix=/usr/sfw --with-as=/usr/sfw/bin/gas --with-gnu-as --with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ --enable-shared
Thread model: posix
gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)
Version 3.4.6 was listed as a requirement, but I thought version 3.4.3 would
likely suffice.
Another requirement listed for rdesktop 1.5.0 was
openssl-0.9.8f. I checked the version of OpenSSL on the system with
openssl version. OpenSSL 0.9.7d was already on the system.
# /usr/sfw/bin/openssl version
OpenSSL 0.9.7d 17 Mar 2004 (+ security patches to 2006-09-29)
After installing rdesktop 1.5.0, I checked to see if it would run with the
exiting 0.9.7d version of OpenSSL, but I received an error message when
I attempted to run it.
# /usr/local/bin/rdesktop -0 gna.insursol.com
ld.so.1: rdesktop: fatal: libcrypto.so.0.9.8: open failed: No such file or directory
Killed
I checked to see what OpenSSL package was already on the system and
saw the following:
# pkginfo | grep -i openssl
system SUNWopenssl-commands OpenSSL Commands (Usr)
system SUNWopenssl-include OpenSSL Header Files
system SUNWopenssl-libraries OpenSSL Libraries (Usr)
system SUNWopenssl-man OpenSSL Manual Pages
system SUNWopensslr OpenSSL (Root)
I checked for further information on the SUNWopenssl-commands
package and saw the following:
# pkginfo -l SUNWopenssl-commands
PKGINST: SUNWopenssl-commands
NAME: OpenSSL Commands (Usr)
CATEGORY: system
ARCH: i386
VERSION: 11.10.0,REV=2005.01.21.16.34
BASEDIR: /
VENDOR: Sun Microsystems, Inc.
DESC: OpenSSL Commands (Use)
PSTAMP: on10-patch-x20061222002936
INSTDATE: Feb 03 2008 21:00
HOTLINE: Please contact your local service provider
STATUS: completely installed
FILES: 5 installed pathnames
3 shared pathnames
3 directories
2 executables
634 blocks used (approx)
I decided to download and install the
OpenSSL 0.9.8f package from
Sunfreeware.com.
# gunzip openssl-0.9.8f-sol10-x86-local.gz
# pkgadd -d ./openssl-0.9.8f-sol10-x86-local
But, when I attempted to run the new version, which is installed in
/usr/local/ssl, I received an error message.
# /usr/local/ssl/bin/openssl version
ld.so.1: openssl: fatal: libgcc_s.so.1: open failed: No such file or directory
Killed
I checked to see what versions of libgcc_s.so were installed
on the system and where they were located.
# find / -name libgcc_s.so\*
/usr/sfw/lib/amd64/libgcc_s.so.1
/usr/sfw/lib/libgcc_s.so
/usr/sfw/lib/libgcc_s.so.1
Since libgcc_s.so was located in /usr/sfw/lib,
I then set LD_LIBRARY_PATH to point to that directory. I was
then able to successfully run the version of openssl in /usr/local/ssl/bin
.
# LD_LIBRARY_PATH=/usr/sfw/lib
# export LD_LIBRARY_PATH
# /usr/local/ssl/bin/openssl version
OpenSSL 0.9.8f 11 Oct 2007
I was then able to use rdesktop on the Solaris 10 system to log into
a Windows Small Business Server (SBS) 2003 system as the administrator.
# /usr/local/bin/rdesktop -0 u administrator a.example.com
Note: if you use the above method of setting LD_LIBRARY_PATH
and exporting it to run rdesktop, you will need to do so each
time you open a new terminal window.
[/os/unix/solaris]
permanent link
Fri, Mar 07, 2008 7:46 pm
fping
I needed to determine the IP addresses of all the hosts on a
LAN from a Solaris 10
system. I knew that all of them will respond to pings. To do so, I used
fping. The
fping
program will allow you to quickly ping a range of hosts.
fping (Maintained by Thomas Dzubin)
fping is a ping(1) like program which uses the Internet Control Message
Protocol (ICMP) echo request to determine if a host is up. fping is
different from ping in that you can specify any number of hosts on
the command line, or specify a file containing the lists of hosts to
ping. Instead of trying one host until it timeouts or replies, fping will
send out a ping packet and move on to the next host in a round-robin
fashion. If a host replies, it is noted and removed from the list of
hosts to check. If a host does not respond within a certain time limit
and/or retry limit it will be considered unreachable.
Unlike ping, fping is meant to be used in scripts and its output is
easy to parse.
I downloaded the Intel architecture version of
fping for Solaris 10 from
Sunfreeware.com and installed it.
# gunzip fping-2.4b2-sol10-intel-local.gz
# pkgadd -d ./fping-2.4b2-sol10-intel-local
The following packages are available:
1 SMCfping fping
(intel) 2.4b2
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1
Processing package instance from
fping(intel) 2.4b2
ZeroHype Technologies Inc.
Using as the package base directory.
## Processing package information.
## Processing system information.
3 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
Installing fping as
## Installing part 1 of 1.
/usr/local/doc/fping/COPYING
/usr/local/doc/fping/ChangeLog
/usr/local/doc/fping/INSTALL
/usr/local/doc/fping/README
/usr/local/man/man8/fping.8
/usr/local/sbin/fping
[ verifying class ]
Installation of was successful.
Program usage information is shown below:
# /usr/local/sbin/fping -h
Usage: /usr/local/sbin/fping [options] [targets...]
-a show targets that are alive
-A show targets by address
-b n amount of ping data to send, in bytes (default 56)
-B f set exponential backoff factor to f
-c n count of pings to send to each target (default 1)
-C n same as -c, report results in verbose format
-e show elapsed time on return packets
-f file read list of targets from a file ( - means stdin) (only if no -g specified)
-g generate target list (only if no -f specified)
(specify the start and end IP in the target list, or supply a IP netmask)
(ex. /usr/local/sbin/fping -g 192.168.1.0 192.168.1.255 or /usr/local/sbin/fping -g 192.168.1.0/24)
-i n interval between sending ping packets (in millisec) (default 25)
-l loop sending pings forever
-m ping multiple interfaces on target host
-n show targets by name (-d is equivalent)
-p n interval between ping packets to one target (in millisec)
(in looping and counting modes, default 1000)
-q quiet (don't show per-target/per-ping results)
-Q n same as -q, but show summary every n seconds
-r n number of retries (default 3)
-s print final stats
-t n individual target initial timeout (in millisec) (default 500)
-u show targets that are unreachable
-v show version
targets list of targets to check (if no -f specified)
If I wanted to determine what hosts in the 192.168.1.0 to 192.168.1.255 range
exist and can be pinged, I could use the command fping -g 192.168.1.0
192.168.1.255.
# /usr/local/sbin/fping -g 192.168.1.0 192.168.1.255
192.168.1.0 is alive [<- 192.168.1.44]
192.168.1.1 is alive
192.168.1.6 is alive
192.168.1.7 is alive
192.168.1.33 is alive
192.168.1.44 is alive
192.168.1.255 is alive [<- 192.168.1.44]
192.168.1.2 is unreachable
192.168.1.3 is unreachable
192.168.1.4 is unreachable
192.168.1.5 is unreachable
192.168.1.8 is unreachable
192.168.1.9 is unreachable
192.168.1.10 is unreachable
<text snipped>
192.168.1.30 is unreachable
192.168.1.31 is unreachable
192.168.1.32 is unreachable
192.168.1.34 is unreachable
192.168.1.35 is unreachable
<text snipped>
192.168.1.40 is unreachable
192.168.1.41 is unreachable
192.168.1.42 is unreachable
192.168.1.43 is unreachable
192.168.1.45 is unreachable
<text snipped>
192.168.1.252 is unreachable
192.168.1.253 is unreachable
192.168.1.254 is unreachable
If I don't want anything displayed for IP addresses where there was no
response, I could use fping -a -g <start address> <end
address>, as in the example below.
# /usr/local/sbin/fping -a -g 192.168.1.0 192.168.1.255
192.168.1.0 [<- 192.168.1.44]
192.168.1.1
192.168.1.5
192.168.1.7
192.168.1.37
192.168.1.44
192.168.1.255 [<- 192.168.1.44]
The 192.168.1.0 and 192.168.1.255 addresses
are network and broadcast addresses respectively, not hosts responding to
ping packets. The 192.168.1.44 address is the address of the
system from which I ran the ping command.
[/os/unix/solaris]
permanent link
Fri, Mar 07, 2008 7:04 pm
Solaris Release Number
If you need to know the release number for Solaris 10 on a system, then
you can check
/etc/release. You will see something like the
following there:
Solaris 10 6/06 s10x_u2wos_09a X86
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
At this time, the current marketing release is
Solaris 10 8/07.
[/os/unix/solaris]
permanent link
Tue, Mar 04, 2008 10:59 pm
Symantec AntiVirus VBN Files
The
qextract.exe utility can be used to extract
quarantined files from the VBN files Symantec AntiVirus Corporate
Edition 8.0 and 8.1 (and possibly other versions) creates when
it quarantines infected files.
[ More Info ]
[/security/antivirus/symantec]
permanent link
Sun, Mar 02, 2008 1:56 pm
F-Secure Rescue CD 2.00
I've been using an
AVG Rescue CD to boot Windows systems from a CD, rather than the copy
of Windows installed on the system's hard drive, and then perform an antivirus
scan of the system. The AVG Rescue CD provides a Windows
GUI for performing scans
and I've found it works very well. The cost is currently $149.95 in U.S.
dollars.
Searching for other rescue CD's, I also found one from
F-Secure, which uses a
Knoppix LiveCD to boot a system to
perform an antivirus scan of the system. You can use it to boot a Windows
system to check the system for viruses without booting into a possibly
infected copy of the Windows operating system.
F-Secure Rescue CD 2.00 is free and can update itself over the network,
if a DHCP server is
available on the network to provide it with
IP configuration information.
You don't need to understand Linux to use the software; you are presented
with prompts to walk you through the process of scanning a system.
[ More Info ]
[/security/antivirus/f-secure]
permanent link
Sat, Mar 01, 2008 7:17 pm
Pins 4 and 5 in RJ-45 Cabling
I put a connector on an unterminated RJ-45 cable to connect a new system to a
LAN. I used the
T568B standard (see
Twisted Pair Connectors
for an explanation of the differences between
T568A and T568B) for the order of the pins in the connector.
I use a ByteBrothers
TVR10/100 for cable testing. I plugged the end of the cable onto which I had
just placed a connector into the remote unit and plugged the main unit into
the patch panel at the other end of the able using one of the cables
that came with the TVR10/100 test devices. The remote unit showed all 4 pairs
were ok, but at the remote unit, as the LEDs cycled green, I saw that the
4,5 pair was skipped. I disconnected the remote unit and found that the 4,5
LED was still lit on the main unit, which was odd.
I double-checked the connector I had put on the cable; it looked fine.
I punched down the end at the patch panel again without pulling the cable
out of the punchdown block, but the problem remained. I then wondered
whether I really needed pins 4 and 5 working for a 10 Mbs or 100 Mbs Ethernet
connection. Turns out I didn't. I ran a patch cable from the port on the
patch panel to the network switch and plugged the other end of the cable
into my laptop; the network connection worked.
The manual for the TVR10/100 LAN Tester provides the following information
on the cable pairs required for 10 Mbs and 100 Mbs Ethernet connections.
If a cable problem disables data communications at 100 MB/s.
The problem could be caused by not enough connected pairs: 10Base-T
data communications only requires two pair cables. There are two 100Base-T
standards, one requires two pair cables and the other requires four wire
pair cables. If a two pair cable is used, when four pair cables is required,
a slow 10 MB/s connection will be permanently established. The cable problem
could be caused by inverted pairs. A pair exists, but the pins are inverted
(e.g. 1,2 is 2,1). Or the problem could be the cabling is not rated for
100 MB/s speeds ("category 5" cable).
| LAN Type | Cable Pairs
Required |
| 10Base-T | 1,2 |
3,6 | | |
| 100Base-T (Type 1 or TX) |
1,2 | 3,6 | | |
| 100Base-T (Type 2 or T4) |
1,2 | 3,6 | 4,5 | 7,8 |
As shown in the above table, 10Base-T or 100Base-T (Type 1 or TX) LAN ports
use two pair cables. 100Base-T (Type 2 or T4) LANs require all four pairs. It is
best to use and install Category 5 cables with all four pairs to ensure
compatibility with all three types of Base-T LANs.
If there is a short or open on pairs 1, 2 and 3,6 all communications
will be prevented. If there is a short or open on pairs 4,5 or 7,8 the
data rate may drop to 10 MB/s.
A faulty cable with missing or faulty pairs 4,5 or 7,8 may cause the
data rate on that cable to drop to 10 MB/s If this faulty cable is
between a PC and hub, all data going to and from that single PC will
be at a slow rate. If the faulty cable is between two hubs then
communications will some times be quick and other times it will be
slow. Communications between PC connected to the same hub will
be quick. Communications betwen a PC on one hub across a
faulty cable to a PC on another hub will be slow. This type of
problem can be very difficult to find without a TVR10/100.
So, I should probably fix the problem when I have time, even though the cable
provides network connectivity at the moment.
There is a clear explanation of how to build an RJ-45 Ethernet cable
at
Building a RJ-45 Ethernet cable of a specific length (light version)
. A source explaining the difference between 568A and 568B standards
is
Twisted Pair Connectors.
How to wire Ethernet Cables is another good reference for Ethernet
cables.
[/network/cabling]
permanent link
Sun, Feb 24, 2008 11:22 pm
Memory Upgrade for Gateway PC Model Number MFATXPN1 ESX 500S P04
I upgraded the memory in a Gateway PC model number MFATXPN1 ESX 500S P04
(that is the model number listed on the back of the computer).
The system, which was running Windows XP Professional, had only 256 MB of
memory installed.
The following memory module was already in the system:
| MT8VDDT3264AG-265C4, PC2100U-25330-A1 |
US BZABW72029 200303 |
| 256MB, DDR, 266MHz, CL2.5V |
The BIOS memory information was as follows:
BIOS Settings
| BIOS Version | RG84510A.15A.0021.P11 |
| |
| Processor Type | Intel (R) Pentium (R) 4 |
| Processor Speed | 2 GHz |
| System Bus Speed | 400 MHz |
| System Memory Speed | 266 MHz |
| |
| Cache RAM | 512 KB |
| |
| Total Memory | 255 MB |
| Memory Bank 0 | 256 MB (DDR 266) |
| Memory Bank 1 | Not Installed |
I installed the following PNY
memory module in the second of the two memory slots in the system.
PNY 512MB
DDR
PC2700
333MHz / 266 MHz
OPTIMA&trade Memory
The following information was on a sticker on the module:
| 512MB,DDR DIMM,Q |
ASSY. IN TAIWAN |
| 64WQD-T PO135492 |
The package had "MD0512SD1-333-BB" on it above the
UPC. The
UPC was 7 51492 34983 1.
When I booted into Windows and ran winver, it showed
"Physical memory available to Windows: 784,176KB".
I ran a 30 minute test of the memory with
Windows Memory Diagnostic
Beta. No errors were found in the 3 passes of the diagnostic program that
were run.
[/hardware/pc/memory]
permanent link
Sun, Feb 24, 2008 10:44 pm
Memory Upgrade and Sound Card installation in Gateway E2300 PC
I upgraded the memory in a Gateway PC model number
MATXHDS MDW E 2300 (that is the model number listed on
the back of the computer; a sticker on the side of the
computer lists the model number as E2300). The system, which was running
Windows XP Professional, had only 256 MB of memory installed.
BIOS Utility - Main
| |
| BIOS Version | BF86510A.15A.0080.P18 |
| |
| Processor Type | Intel(R) Celeron(R) CPU |
| Processor Spped | 2.8 GHz |
| Systm Bus Speed | 533 MHz |
| System Memory Speed | 333 MHz |
| |
| L2 Cache RAM | 256 KB |
| Total Memory | 256 MB |
| Memory Mode | Single Channel |
| Memory Channel A Slot 0 | 256 MB (DDR333) |
| Memory Channel A Slot 1 | Not Installed |
| Memory Channel B Slot 0 | Not Installed |
| Memory Channel B Slot 1 | Not Installed |
I also needed to install a sound card, since the on-board audio stopped
working. I changed the BIOS settings for the on-board audio support from
"enabled" to "disabled". The option is listed under Advanced then
Peripheral Configuration in the BIOS Setup Utility.
I checked the Crucial Memory site
for information on the memory that the system will support.
| Manufacturer | Gateway |
| Product Line | E Series |
| Model | E2300 (4 DIMM slots) |
The Crucial Memory site providded the following information at
Computer memory upgrades for Gateway E-2300 Series (4 DIMM Slots)
| Maximum Memory: | 4096MB |
| Standard Memory | 256 or 512 removable |
| Slots: | 4 (2 banks of 2) |
Although the memory can be installed one module at a time, the best
performance comes from using matched pairs of modules.
Each memory slot can hold DDR PC3200, DDR PC2700 with a maximum of
1 GB per slot.*
*Not to exceed manufacturer supported memory.
The Crucial Memory site also had the following series of questions and
answers regarding memory for the system:
Q: Will my system recognize the maximum upgrade?
A: Possibly
How much memory your Windows OS will recognize depends on which version of
Windows you are running. 32-bit versions of Windows will see (and utilize)
only 3GB or 3.5GB. To utilize more memory, install a 64-bit version of your OS.
More information about OS memory maximums can be found at
http://www.crucial.com/kb/answer.aspx?qid=4251.
Q: What memory goes into my computer, and will a
faster speed be backward-compatible?
A: DDR memory with support for DDR PC3200,DDR PC2700 speeds.
Because DDR memory is backward-compatible, you can safely upgrade your system
with any of the guaranteed-compatible DDR speeds listed below, even if your
manual calls for PC1600 or PC2100 speeds. [DDR PC3200 and DDR PC2700 modules
were listed below the statement]
Q: How much memory can my computer handle?
A: 4096MB
Adding the maximum amount of memory will improve performance and help extend
the useful life of your system as you run increasingly demanding software
applications in the future.
Q: Do I have to install matching pairs?
A: Yes
Your system requires that you install memory in pairs.
The system had a 256 MB memory module in Channel A DIMM0. That module
had the following information on a sticker on it.:
| Hynix |
KOREA 03 |
| PC2700U | 0430 |
| 256MB DDR 333MHz CL2.5 |
| HYMD232646B8J-J AA-A |
I put the following memory in the system:
Kingston Technology
Value RAM
KVR333/1GR
The module had a sticker on it with the following information:
Kingston
Technology |
KVR |
| KVR333/1GR |
| 740617072662 | 2.5V |
| Warranty Void if Removed |
The Crucial Memory site indicated that memory must be installed in
matching pairs, but I wasn't sure if that applied just to modules inserted
in the same channel, i.e., I wasn't sure if I could install the 1 GB module
in Channel B, since the 256 MB module was in channel A.
I put the new module in Channel B DIMM0. When I powered on the system,
I saw "1264MB System RAM" but then received the error message
"Dual-channel operation requires identical paired
DIMMs installed across both memory channels." I then tried the new
1 GB module in Channel A DIMM1. Again I saw "1264MB System RAM" and
the same error message, so I removed the 256 MB module and moved
the 1 GB module to Channel A DIMM0. This time when I powered on the
system I saw "1008 System RAM" followed by "Keyboard Error" and then
"Memory Size Decrease". I powered the system off and on and didn't
see the keyboard or "memory size decrease" messages again, though
the system did display "1008 System RAM" again.
When I checked the BIOS configuration, I saw the following:
BIOS Utility - Main
| |
| BIOS Version | BF86510A.15A.0080.P18 |
| |
| Processor Type | Intel(R) Celeron(R) CPU |
| Processor Spped | 2.8 GHz |
| Systm Bus Speed | 533 MHz |
| System Memory Speed | 333 MHz |
| |
| L2 Cache RAM | 256 KB |
| Total Memory | 1024 MB |
| Memory Mode | Single Channel |
| Memory Channel A Slot 0 | 1024 MB (DDR333) |
| Memory Channel A Slot 1 | Not Installed |
| Memory Channel B Slot 0 | Not Installed |
| Memory Channel B Slot 1 | Not Installed |
When I selected the Advancecd tab in the BIOS Setup Utility
and then chose Video Configuration, I saw the following:
| Video Configuration |
| Primary Video Adapter |
[AGP] |
| Frame Buffer Size |
[ 16MB] |
Presumably, the remaining 16 MB of the 1024 MB module is being allocated
to the frame buffer, which is why the system is reporting 1,008 MB during
the Power-on
Self-test (POST) process.
When I booted into Windows and ran winver, I saw
"Physical memory available to Windows: 1,030,896 KB".
I had also installed a Dynex model DX-SC51 sound card in PCI slot 1
at the same time I installed the memory.
When I checked on the sound card, Windows Media Player reported
"Windows Media Player cannot play the file because there is a problem
with your sound device. There might not be a sound device installed
on your computer, it might be in use by another program, or it might not be
functioning properly."
Under the Device Manager, I saw "Unknown device" listed under
display adapters, but no new audio device listed. When I tried
to install the Dynex driver, I saw the warning message "Undetermine Card!
Please do not click cancel on device manager!" Clicking on OK
there produced another warning message "OS not support!"
I opened the case and checked the sound card. I found it wasn't
seated fully in its slot. I reseated the card. When I rebooted and logged
in as the adminsitrator, the Found New Hardware Wizard appeared.
I inserted the CD that came with the sound card. The wizard indicated it
found a Multimedia Audio Controller, an Envy24 Family Audio Controller WDM.
After the sotware was installed, I was able to play music files on the
system and hear sound from the speakers.
I ran a memory test on the new memory module with
Windows Memory Diagnostic
Beta. I let the test run for an hour and 30 minutes. The diagnostic program
completed 22 passes with no errors found.
[/hardware/pc/memory]
permanent link
Sun, Feb 24, 2008 11:51 am
Switching Rdesktop from Full-Screen to Windowed Mode
Rdesktop is free, open-source,
software that provides the capability for remotely controlling a
Microsoft Windows system from a Linux or Unix system.
I sometimes encounter a problem where I can't see the taskbar at the
bottom of the Windows display or the bottom of windows displayed on the
remote Windows system due to differences in the resolution for the
screen on the Linux/Unix system and the resolution of the Windows system.
The problem can be resolved by specifying the -f option when
starting rdesktop, so that you get a full screen display., e.g.
rdesktop -0 -f -u jsmith 192.168.0.44. But what do you do
when you wish to put the remote session in a window rather than have it
occupy the full screen without disconnecting? You can hit the
Ctrl-Alt-Enter keys simultaneously to switch to a windowed
view. You can also use Ctrl-Alt-Enter to switch to a full-screen
view, if you didn't start redesktop with the -f
option.
References:
- Rdesktop
Rdesktop.Org
-
Controlling a Windows System from a Linux System
January 12, 2006
MoonPoint Support
[/os/windows/software/remote-control/rdp]
permanent link
Sat, Feb 23, 2008 11:34 pm
Ghost Console Waiting for Console Services
On a system with Symantec Ghost 7.5,
I tried starting the
Ghost Console, but it hung
with the following message:
| Wait... |
Waiting for console services to start |
Cancel
|
When I checked the Ghost services (click on Start, select
Run, type services.msc and hit Enter),
I found the Symantec Ghost COnfiguration Server was
started, but not the Symantec Ghost Database Service,
which had a manual startup type. I double-clicked on
Symantec Ghost Database Service and clicked on the
Start button to start it. I received the error message below:
| Services |
 |
Could not start the Symantec Ghost Database Service service on Local
Computer.
Error 2: The system cannot find the file specified.
OK
|
The "path to executable" value was C:\Program Files\Symantec\Ghost\bin\dbserv.exe. When I
checked, I found there was no C:\Program
Files\Symantec\Ghost directory. I believe
it wasn't recovered when a disk drive problem
occurred previously. To correct the problem, I reinstalled
Symantec Ghost. I chose the Repair option
during the installation. At the end of the repair operation,
I saw the error message below:
| Symantec Ghost Configuration
Server |
|
|
08001 [Sybase][ODBC Driver][Adaptive Server
Anywhere]Unable to connect to
database server: Database server not running
Error 2: The system cannot find the file specified.
OK
|
So I tried the Remove option to "Remove
Symantec Ghost Corporate Edition from your computer".
After deinstalling the software, I reinstalled it.
The Symantec Ghost Console then started
without a problem. And when I checked the running
services, I saw that both Symantec Ghost
Configuration Server and Symantec
Ghost Database Service were started.
I didn't see the client systems in the default machine
group, so thought I had to add the client systems back into the
console. When I tried to reinstall the client
software on a system, the installation failed.
When I checked the
RemoteInstall.log, I saw the reason listed
as "Remotely Installed Client is installed on this
machine."
To resolve the problem I restored the
privkey.crt, pubkey.crt,
and C:\Program Files\Symantec\Ghost
directory from a Ghost backup I had from some time ago.
To backup those files and that directory or restore
over them, you should close the Ghost Console,
if you have it open, and stop the running Ghost services.
You can stop the Ghost services by clicking on
Start, then selecting Run
and typing the following command and hitting
Enter. You need to include the double
quotes where shown below.
"c:\program files\symantec\ghost\ngserver.exe" -stop
If you check the running services, you should then see
both Symantec Ghost Configuration Server and
Symantec Ghost Database Service are stopped.
I then restored the privkey.crt,
pubkey.crt, and C:\Program
Files\Symantec\Ghost directory from the backup.
Afterwards, I ran the command
"c:\program files\symantec\ghost\ngserver.exe" -start
to restart the Symantec Ghost services. I then saw the
systems in the default machine group I had been using
previously for the Ghost backups.
References:
-
How to move the Symantec Ghost Solution Suite 1.x Console to a different computer
or retain Console settings during a reinstall
Document ID: 2001050812540225
Last Modified: 11/08/2007
Date Created: 05/08/2001
Operating System(s): DOS, Windows 95, Windows 98, Windows NT,
Windows 2000, Windows ME
Product(s): Symantec Ghost 7.0, Symantec Ghost 7.5,
Symantec Ghost 8.0, Symantec Ghost 8.2, Symantec Ghost Solution Suite 1.0,
Symantec Ghost Solution Suite 1.1
Release(s): Ghost 7.0 [All Releases], Ghost 7.5 [All Releases],
Ghost 8.0 [All Releases], Symantec Ghost 8.2 [All Releases], Symantec
Ghost Solution Suite 1.0 [All Releases], Symantec Ghost Solution Suite 1.1
Symantec Corporation
[/os/windows/utilities/backup/ghost]
permanent link
Sat, Feb 23, 2008 2:21 pm
Bopup Scanner
Bopup Scanner is a
freeware network scanner that displays active computers with user names
logged into the computers (NetBIOS), MAC and IP addresses. Bopup Scanner also
recognizes and shows HTTP (Web) servers running on remote computers (TCP ports
80, 8080), if you select the option to have it scan for webservers, quickly
detects online computers, and allows you to browse shared resources of a remote
computer. You can save the results of a scan to a text file.
Bopup Scanner will perform a NetBIOS scan of a network, which will
show Windows systems on the network. The program first tries to
ping an address it is scanning. So, if you were watching its
scan with a sniffer, you would see an
ARP request
for the IP address. If there is a reply to the ARP request, an
ICMP echo
request is sent to the IP address. If an echo reply is received,
Bopup Scanner will then check for a response from the scanned IP address on
UDP port 137.
Port 137 is associated with the NetBIOS Name Service commonly used
on systems running the Microsoft Windows operating system. The
NetBIOS Name Service is typically how Windows computers find out information
concerning the networking features offered by a computer, such as system name,
file shares, etc.
Because it is only scanning for responses to NetBIOS Name Service requests,
Bopup Scanner will show a red circle for IP addresses where it received no
response to a NetBIOS Name Service query, even though there may be a system
at that address. E.g. there may be a Linux system, networked copier, router,
etc. at the address.
Regarding installation of the software, there is no installation procedure for
the program. You simply run scanner.exe. When you first run it,
it will create the following registry entries:
Keys added: 5
-------------
HKEY_CURRENT_USER\Software\B Labs
HKEY_CURRENT_USER\Software\B Labs\Bopup Scanner
HKEY_CURRENT_USER\Software\Bopup Scanner
HKEY_CURRENT_USER\Software\Bopup Scanner\Scanner
HKEY_CURRENT_USER\Software\Bopup Scanner\Scanner\Settings
After starting the program, click on the Refresh button with
the green arrows next to it on the toolbar menu to begin a scan of the
subnet the system is on.
If you wish to check on whether a webserver is running on any of the
scanned IP addresses, click
on Options and check "Scan for HTTP servers (80, 8080 ports)".
You can save the results to a text file by clicking on Actions
and selecting Save list.
The developer, B-Labs Software,
also offers other
software that can be used for secure instant messaging.
Download Bopup Scanner
Developer Website
MoonPoint
Support (may not be the most current version)
[/network/tools/scanning/bopupscanner]
permanent link
Thu, Feb 21, 2008 12:34 pm
Internet Explorer Crash Recovery
An area in which
Opera is far superior
to Internet Explorer as a web browser is crash recovery. Internet Explorer,
even in version 7.0, does not provide any crash recovery features. In
Opera, should the browser or system crash, when you reopen the browser,
you can go back to exactly where you were prior to the crash. You can
have all of your tabs reopened and even move backwards through the prior
URLs you visited
in each tab. In contrast, Internet Explorer offers no crash recovery
features. Since I've often encountered probelms with Internet Explorer
crashing or hanging, I find the lack of any crash recovery features in the
browser to be a major drawback to using Internet Explorer.
So, I decided to look for an add-on that might add similar
functionality for Internet Explorer. I found a free add-on, IE7Pro, that offers that functionality
as well as other enhancements for Internet Explorer. The developer states
"IE7Pro includes Tabbed Browsing Management, AD Blocker, Flash Block,
Super Drag Drop, Crash Recovery, Proxy Switcher, Mouse Gesture, Tab
History Browser, Inline Search, User Agent Switcher, Webpage Capturer,
Greasemonkey like User Scripts platform, User Plug-ins and many more
power packed features. You can customize not just internet Explorer, but
even your favorite web site according to your need and taste using IE7Pro."
During the installation, which uses a Nullsoft Install System v2.33
installation program, you are given the option to select default settings,
which are shown below:
Please select default settings:
[x] Enable ADblock
[ ] Enable Userscripts
[ ] Enable Plugins
[X] Enable Spelling Checker
[ ] Set EasyHome as Homepage
At the end of the installation, you are requested to set the default
search engine to be IEPro's Google based search, to help finance
further development of the software, but you don't have to
do so. Selecting that option is certainly a small measure that you can
take to make continued development of the software possible.
To simulate a system crash, I powered off the system. When I
restarted the system and opened Internet Explorer, I saw a "Crash
Recovery" window stating "Your last session crashed, Please review and
open last URLs. All of the Internet Explorer 7 tabs I had open previously
were listed and checked to be reopened. I could deselect tabs I didn't
want reopened, if I wished. There were also Select All and
Select None buttons. I chose to reopen all of the tabs I had
open previously. Unfortunately, unlike Opera's crash recovery feature,
I couldn't click on the backwards arrow button in Internet Explorer
to view my history of previously visited sites in any tab. So, IE7Pro
definitely offered an improvement over the total lack of crash recovery
features in Internet Explorer, but also falls far short of the built-in
crash recovery features of Opera.
References:
-
IE7Pro User Guide
IE7Pro.com
-
IE7Pro FAQ
IE7Pro.com
[/network/web/browser/ie]
permanent link
Tue, Feb 19, 2008 11:27 pm
Counting Non-Blank Cells in a Spreadsheet and Using Multiple Criteria for Counting
Either the
counta or
countif functions can
be used to count the number of cells that are not blank in
a spreadsheet.
E.g., suppose you have the following information in a spreadsheet
| | A | B |
| 1 |
apple | maple |
| 2 |
| oak |
| 3 |
plum | birch |
| 4 | | birch |
| 5 | apricot | |
The function counta(A1:A5) would count those cells that
aren't empty in cells A1 to A5 yielding 3.
The function countif(B1:B5,"*") would also count those
cells that contain text in cells B1 to B5, yielding 4
as well.
Note: counta will count cells that have formulas
in them even though those formulas may amount to nothing appearing
in the cell, i.e. they evaluate to "".
If you wanted to count the number of cells that contained specific
text, e.g. birch, you could use
countif(B1:B5,"birch"), which would yield 2.
The count is case insensitive, i.e., if one of the cells contained "BIRCH",
instead of "birch", the count would still be equal to two.
If you wanted to count the number of cells that contained "birch" in
column B and "plum" in column A, then countif won't work, since
you can only specify one criteria with it. You could use sum
instead. E.g. sum((B1:B5="birch")*(A1:A5="plum")), which
yields 1. The * in this case "ands" the two
conditions. Note: You have to hit the Ctrl, Shift, and Enter keys
simultaneously when you've typed the formula in order to enter it. If you
don't, you will see a #value appear in the cell. This type of
formula is considered to be an "array" formula or CSE formula, since it
requires the Ctrl-Shift-Enter keys to be hit to enter it. When it is entered,
you will see {} appear around the formula.
References:
-
Excel -- Worksheet Functions -- Count Cells
Last updated: November 11, 2006
Contextures -- Microsoft Office
Consulting
-
Excel Developer Tip: Summing and Counting Using Multiple Criteria
Excel Developer Tip Archives
[/os/windows/office/excel]
permanent link
Mon, Feb 18, 2008 8:30 am
Symantec AntiVirus Server Could Not Collect Log Data From Client
On a Symantec AntiVirus Corporate Edition 8.1 server, I tried checking the
logs for a client system through the Symantec System Center by unlocking
the server group, right-clicking on a client system, selecting
All
Tasks,
Symantec AntiVirus,
Logs, and
Scan
History. I received a message that the log data couldn't be
collected from the selected computer.
| Symantec AntiVirus Management Snap-In |
Symantec AntiVirus could not collect all the log
data from the selected computer(s).
Please verify that Symantec AntiVirus is running on these computers.
OK
|
I received the same message if I tried viewing any log.
Symantec has a knowledgebase article on the problem at
Error: "Symantec AntiVirus could not collect all the log data from the
selected computer(s) . . ." when viewing client logs in Symantec System Center
. I followed the steps listed in that article.
I could ping the IP address of the system and ping -a 192.168.0.7
showed the hostname associated with the address. I could also ping the server
from the client system using ping and ping -a,
which confirmed network connectivity and the ability to do reverse lookups
on the IP addresses to get host names.
I checked for the presence of any .cer server group root certificate on
the server and the client. I didn't see any .cer file on either system, but
nor did I see a certificate on a client for which I could successfully check
log files from the antivirus server, so I didn't think that was the source
of the problem.
I could successfully start the Symantec AntiVirus Client program on
the client system. It showed the correct server name. Though nothing
was listed for "group", nothing was listed for "group" on a system I could
successfully query from the server, either.
And from the server, I could query the client and see that the
Symantec rtvscan.exe program was running.
C:\>tasklist /s 192.168.0.7 /fi "imagename eq rtvscan.exe"
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
Rtvscan.exe 1760 0 46,604 K
When I checked the Windows XP firewall settings on a system I could successfully
query from the antivirus server, I saw a firewall rule listed for
User Datagram
Protocol (UDP) port 2967, which the Symantec RTVScan program uses.
I checked the firewall rules on the system
I couldn't successfully query with the command netsh firewall show
portopening. I did not see a rule for RTVScan, so I created one from
the command line using the command netsh firewall set portopening
protocol = UDP port = 2967 name = "Symantec AntiVirus Client Management"
mode = ENABLE scope = CUSTOM 192.168.0.33 (IP address 192.168.0.33
corresponds to the IP address of the antivirus server).
When I tried checking the antivirus log files from the server again, I
still could not do so. Looking at the firewall rules on the client
with netsh firewall show portopening verbose = enable (you
have to specify the verbose option to see the scope of
rules), I saw that I had mistyped the IP address of the server when I
created the RTVScan rule with the netsh command. So I re-entered the
netsh firewall set portopening protocol = UDP port = 2967 name =
"Symantec AntiVirus Client Management" mode = ENABLE scope = CUSTOM
192.168.0.33 command exactly as before with the exception that this
time I specified the IP address correctly.
I was then able to check the virus history and other logs on the client
from the Symantec System Center.
References:
-
Error: "Symantec AntiVirus could not collect all the log data from the
selected computer(s) . . ." when viewing client logs in Symantec System Center
Document ID: 2003032010404748
Last Modified: 11/15/2006
Date Created: 03/20/2003
Operating System(s): Windows 2000, Windows Server 2003 32-bit Edition,
Windows 98, Windows Me, Windows NT 4.0 SP6a, Windows 2000 Professional, Windows
XP Professional
Product(s): Symantec AntiVirus Corporate Edition 10.0, Symantec
AntiVirus Corporate Edition 8.0, Symantec AntiVirus Corporate Edition 9.0,
Symantec Client Security 3.0, Symantec AntiVirus 10.1, Symantec Client Security
3.1
Release(s): SAV 10.0 [All Releases], SAV 8.0 [All Releases], SAV 9.0
[All Releases], Symantec Client Security 3.x [All versions], Symantec AntiVirus
10.1, Symantec Client Security 3.1
Symantec Corporation
-
Allow Rtvscan Access Through Windows XP Firewall
April 9, 2007
MoonPoint Support
-
Configuring Windows XP Firewall for Symantec Antivirus Client
April 9, 2007
MoonPoint Support
[/security/antivirus/symantec]
permanent link
Sun, Feb 17, 2008 11:45 pm
Unable to Unlock Symantec AntiVirus Server Group
I was unable to unlock the server group on a Symantec AntiVirus Corporate
Edition 8.1 server. I was also unable to start the Symantec AntiVirus
Server service or update the virus definitions on the server.
I discovered the problem was due to corrupt virus definitions.
[ More Info ]
[/security/antivirus/symantec]
permanent link
Sun, Feb 17, 2008 8:18 pm
Encoding Spaces in URLs
If you have a filename that includes spaces, you should encode the URL that you
use for any links to the document, i.e.
%20 should be used wherever
a space occurs in the filename.
You can go to
URL Encoding to see a list of characters that should be encoded, such as the
space character. You can also plug in a URL there and have it converted to a browser
safe version.
[/network/web/browser]
permanent link
Sun, Feb 17, 2008 5:41 pm
IP and Domain Name Reputation Sites
An
IP address may be added to a
DNS Blacklist (DNSBL), if spam
is detected as emanating from that IP address. You can check for the presence
of an IP address on various blacklists using the
MxToolBox Email Blacklist
Check, which currently checks 124 blacklists, or at individual
blacklist sites, such as
MAPS.
You can check on whether an IP address has been associated with attacks
on other systems at DShield
or myNetWatchman by
performing an IP lookup.
You can also obtain information on the "reputation" for a site
at Barracuda
Central by performing a lookup on either an IP address or a domain name.
Barracuda Networks sells widely used spam firewall devices, so a poor
reputation listing at Barracuda Central may lead to email from an IP address
listed there, or with a domain name in the body of email messages being found
there, being blocked by those using Barracuda Networks security devices.
Another reputation site is
TrustedSource. You can lookup an IP address there and see a graph
of activity associated with that site. If you see red bars on the
graph, those represent malicious activity associated with the IP address
on the days for which those bars appear.
[/network/Internet/domains]
permanent link
Sun, Feb 17, 2008 4:46 pm
Locating Cybersquatters Capitalizing on a Variant of Your Domain
Cybersquatters
may buy domains similar to yours hoping to take advantage
of someone mistyping your domain name or to mislead someone into thinking
a domain name in a URL belongs to a legitimate company or organization.
For instance many people might visit microsoft.com, so a cybersquatter might
buy micrsoft.com, which has a missing "o", so that someone making a typo that
left out that "o" would be directed to the cybersquatter's site instead, where
the cybersquatter may have nothing but ads, hoping to get money generated
from those viewing those ads. If millions of people visit microsoft.com every
week, the cybersquatter will probably get a signifiant amount of traffic
from such a typo.
Or perhaps you own example.com. The cybersquatter may purchase example.net,
if it is available. Someone seeing example.net in an email may think the
domain belongs to your company and visit a site that might have nothing but ads,
perhaps even risque ones, or the site might try to infect visitors with
adware/spyware, which might harm your company's reputation, even though you
don't own the domain name and have no control over the site.
CitizenHawk helps you locate
potential cybersquatter sites for your domain name.
[/network/Internet/domains]
permanent link
Sun, Feb 17, 2008 12:54 pm
Configure Sendmail to Listen on All Addresses
If you can't connect to the
SMTP port on a system, i.e.
port 25, from external hosts, but you can connect from the system itself,
then you need to comment out a line in
sendmail.mc that
restricts connections to the local loopback address, 127.0.0.1.
I.e., if you can use telnet 127.0.0.1 25 and see the sendmail
banner, but when you use telnet 192.168.0.44 25 (presuming
192.168.0.44 is the IP address for the mail server), you get "connection
refused" messages, then the default configuration option in
sendmail.mc is likely preventing the connection by causing
sendmail to only listen on the loopback address.
# telnet 192.168.0.44 25
Trying 192.168.0.44...
telnet: connect to address 192.168.0.44: Connection refused
telnet: Unable to connect to remote host: Connection refused
To resolve the problem, look for the following lines in sendmail.mc
, which on a Linux system will likely be in the /etc/mail
directory.
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
Edit the sendmail.mc file from the root account. Put a
dnl # at the beginning of the DAEMON_OPTIONS
line to comment out the line.
dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
Then issue the following commands:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart
The first command rebuilds the .cf configuration file from the modified
.mc file. The second restarts sendmail so that it is using the new
configuration file.
[/network/email/sendmail]
permanent link
Fri, Feb 15, 2008 7:02 pm
216-115-223-200.expertcity.com HTTPS Access
While monitoring a
LAN
with
Show Traffic, a
network monitoring application for Windows systems, I noticed two
systems contacting 216.115.223.200 [ 216-115-223-200.expertcity.com ]
on port 443 (HTTPS).
Since the communications occurred at 18:30 when the
employees using those systems would have gone home, I did a
Google search on the
FQDN,
216-115-223-200.expertcity.com, which was associated with that address.
A
McAfee SiteAdvisor webpage linked the site with
GoToMeeting, i.e.
legitimate software on the users' systems. That webpage stated "When we
installed and ran GoToMeeting 2.0.0.127 (gotomeeting.exe), the following
network servers were contacted." It then listed the following addresses:
216-115-222-200.expertcity.com
216-115-223-200.expertcity.com
[/os/windows/network/monitoring/show_traffic]
permanent link
Fri, Feb 15, 2008 5:08 pm
Wed, Feb 13, 2008 10:53 pm
Configuring SNMP on a Netopia R7220-T Router
To configure
SNMP
on a Netopia R7220-T router, take the following steps:
- From the main menu, select System Configuration.
Netopia R7220-T v4.6.2
Easy Setup...
WAN Configuration...
System Configuration...
Utilities & Diagnostics...
Statistics & Logs...
Quick Menus...
Quick View...
Return/Enter displays options for the system.
You always start from this main screen.From the System Configuration menu, select SNMP
(Simple Network Management Protocol)....
System Configuration
Network Protocols Setup...
Filter Sets...
IP Address Serving...
Date and Time...
Console Configuration...
SNMP (Simple Network Management Protocol)...
Security...
Upgrade Feature Set...
Logging...
Return/Enter to set up basic SNMP options (Community Strings, Traps, etc.).From the SNMP Setup window, specify the desired SNMMP configuration.
SNMP Setup
System Name:
System Location:
System Contact:
Read-Only Community String: public
Read/Write Community String:
Authentication Traps Enable: Off
IP Trap Receivers...
Configure optional SNMP parameters from here.
You can put in whatever name you would like to use for the router in the
System Name field, e.g. Netopia Router and then hit
Enter to advance to the next field, where you can specify the location,
e.g. 1020 Maple Street. Hit Enter to fill in the
System Contact field. The default read-only community string is
public. To prevent others from accessing information from the
router, you can provide another community string. You can provide a
read/write community string as well, if you like. If you want authentication
traps sent to another device, enable authentication traps and specify IP
trap receivers. Otherwise, you can leave these as is.
You can return to the main menu, if you wish, by hitting the
Escape key until to back up through the menus.
If you want a free program to monitor the router via SNMP from a Windows
system, try PRTG Traffic Grapher.
It is fairly straight-forward to set up and can even install its own
webserver on the system on which you install it. If you already have webserver
software running on the system on which you install it using port 80, PRTG
will automatically set up its own webserver at port 8080. Or you can choose
a different port, if you prefer. You can specify userids and passwords granted
access to the webserver, where the PRTG graphs are displayed.
[/hardware/network/router/netopia]
permanent link
Wed, Feb 13, 2008 9:25 pm
FTP Attacks from 221.130.187.49 and 202.57.128.159
The system became unresponsive for a time. I ran
kripp and found two systems conducting FTP brute-force
password guessing attempts.
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: poiuyt [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: purple [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: ranger [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: 111111 [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: purple [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: ranger [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: 111111 [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: 123go [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: 000000 [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: Airhead [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: oracle [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: Braves [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: library [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: Sparky [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: linux [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: angela [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: unix [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: brandy [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: amanda [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: cindy [F]
I blocked the 221.130.187.49 system with route add 221.130.187.49 reject
. I then checked DShield to
learn if it has been observed attacking other systems. The
DShield report
for 221.130.187.49 showed it was first reported engaged in hostile
activity on 2008-02-11 and the last reported incident was today
2008-02-13. The IP address is a Chinese address. When I checked the
IP Details
for the ports the system was attacking, I found it was listed only
for port 21 attacks, i.e. FTP
attacks.
It was also listed at myNetWatchman.
The Incident
Detail report for that IP address at myNetWatchman showed the system
had been attacking other systems on port 21 and port 22 (SSH) as well from
February 5, 2008 onwards.
I then checked the second system attacking, which was
202.57.128.159.sta.isp-thailand.com. The IP address for it is 202.57.128.159.
Note: a reverse lookup on 202.57.128.159 yields a Fully Qualified Domain Name
(FQDN) of 202.57.128.159.sta.isp-thailand.com, but a forward lookup on
202.57.128.159.sta.isp-thailand.com does not yield an IP address.
I ran an nmap scan of it to see what operating system it was running. I got
the following results:
# nmap -P0 -O 202.57.128.159
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Insufficient responses for TCP sequencing (1), OS detection may be less accurate
Interesting ports on 202.57.128.159.sta.isp-thailand.com (202.57.128.159):
(The 1588 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
80/tcp open http
111/tcp open sunrpc
135/tcp filtered loc-srv
137/tcp filtered netbios-ns
199/tcp open smux
443/tcp open https
445/tcp filtered microsoft-ds
3306/tcp open mysql
4444/tcp filtered krb524
8009/tcp open ajp13
8080/tcp open http-proxy
10000/tcp open snet-sensor-mgmt
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Nmap run completed -- 1 IP address (1 host up) scanned in 173 seconds
Visting http://202.57.128.159/ with
a browser showed "Welcome to web4.thaibestserver.net".
When I checked DShield for any reports
on hostile activity for that IP address, which is a Thai address,
I found it was first reported
engaged in hostile activity on 2008-02-08 with the most recent report
dated 2008-02-09 (see
IP Info
(202.57.128.159)). The
IP Details
202.57.128.159 report showed all of the incidents to be FTP attacks.
There was also an
Incident Detail report for it at
myNetWatchman, which also showed the system engaged in FTP attacks from
February 6 onwards.
I blocked it with route add 202.57.128.159 reject.
I also turned off the FTP service on the system, since it isn't needed
at the moment.
[/security/attacks]
permanent link
Wed, Feb 13, 2008 3:41 pm
PrimoPDF Producing Zero Byte Files
I installed
PrimoPDF 3.0 on a system.
PrimoPDF provides free PDF converter software that will allow you to
"print" documents to a PDF file. After installing the software,
I could print to PDF files without a problem from the administrator account
from which I installed the software, but when I printed to a PDF file using
the PrimoPDF "printer", I would receive the error message below:
| Adobe Reader |
Adobe Reader could not open 'http.pdf' because it
is either not a supported file
type or because the file has been damaged (for example, it was sent as an
email attachment and wan't correctly decoded).
OK
|
When I checked the PDF files produced by PrimoPDF, I found they were always
zero bytes in size. When the files were being produced I would hear an
error beep.
An
Error after converting posting at the
PrimoPDF Forums, suggested giving the
Users group on the system full control of the directory into which PrimoPDF
is installed.
From the Windows Explorer, I right-clicked on the directory under
Program Files into which I had installed PrimoPDF and chose
Properties. I saw that the Users group had only read access, i.e. only
the read & execute, list folder contents, and read permissions were granted
to the Users group for that folder.
Note: you can use the cacls command to check permission from
the command line, e.g. cacls "\program files\primopdf", if
the installation directory was \program files\primopdf. You
will see BUILTIN\Users:(OI)(CI)R. The R at the
end indicates that the Users group on the system, to which all normal user
accounts belong, has only read access to that directory.
If you are logged into an account that is a member of the Administrators
group on the system, you can right-click on the directory and choose
Properties to reset the security permissions. Click on the
Security tab, then select the Users group under "group or user
names", then grant Full Control.
Since I was logged into a normal user account at the time I encountered
the problem and had a lot of windows open and didn't want to have to close
all of them, logoff, logon as an administrator, logoff, logon to my user
account again, and then reopen all of the applications and files I previously
had open, I used the cacls command to reset the permissions.
To use that method, you need to take the following steps, if you are currently
logged into an unprivileged user account.
- Open a command prompt window as the Administrator. On Windows XP systems,
you can do so by going to
C:\WINDOWS\system32\ and right-clicking
on cmd.exe while holding down the shift key (if you don't hold
down the shift key at the same time, you won't see the "run as" option). Then
select Run as. Click on The following user and put in
Administrator, or some other account with administrator access, for
the user name, and enter the appropriate password. Then hit Enter
or click on OK. A command prompt window will open with Administrator
credentials.
- Enter the command
cacls "\program files\primopdf" /E /G Users:F
to give all users of the system full control of the directory where you
installed PrimoPDF, presuming that you installed it in \program
files\primopdf. Granting full control of the directory means
they can add or delete files in that directory. The Users group will still
only have "read" access to the dll and exe files in the directory, though.
The /E means "edit the existing Access Control List (ACL)
rather than creating a new one and the /G grants access
for the account or accounts specified as a parameter. The F
at the end grants "full" access. You can enter cacls /?
for help with the cacls command. You will see something
like "processed dir: C:\program files\PrimoPDF", if the
command is successfully executed.
[/os/windows/software/pdf]
permanent link
Tue, Feb 12, 2008 9:43 pm
Smart Network Data Services for Tracking Email to Hotmail.com Addresses
Microsoft offers
Smart Network Data Services, which allows someone to view data
on email transmitted from IP addresses for which he or she is resonsible
to hotmail.com email addresses. Microsoft describes the service as
follows:
Smart Network Data Services (SNDS) is a revolutionary Windows Live Mail
initiative designed to allow everyone who owns IP space to contribute to the
fight against spam, malware, viruses, and other internet evils, and to protect
e-mail and the internet as a valued communications, productivity and commerce
tool. Windows Live Mail and MSN Hotmail, with over 250 million active user
accounts world-wide, is in a unique position to collect and analyze e-mail
activity data. By providing that data to service providers, most of whom
wouldn.t otherwise have access to any such data, they are empowered to use
their relationship with their customers to react and take repair actions, such
as preventing spam from originating within their IP space. The overarching
goal of SNDS is to make the Internet a better, safer place. Working together,
Windows Live Mail and service providers can make their respective customers
happier and more satisfied with the various services we all provide.
To request a Smart Network Data Services account, go to
SNDS - Request
Access. Enter the IP address or address range for which you are
responsible and for which you wish to track email being sent to Hotmail.com
addresses.
When you click on Submit you will see the message "We've determined
that the following email addresses are associated with the specified network
in an appropriately authoritative way. Please choose one that you can receive
mail at and we will send instructions for completing the signup process to that
address." You may then see 4 addresses similar to those below:
abuse@yourdomain.com
noc@isp1.net
noc@isp2.net
postmaster@yourdomain.com
Two of the addresses will be of the form abuse@yourdomain.com and
postmaser@yourdomain.com, assuming that a reverse DNS lookup on
a provided IP address yields "yourdomain.com".
A "whois" lookup will also be done on a provided IP address using the
relevant registrar, which, if you are in the U.S. will likely be
the American Registry for Internet Numbers
(ARIN). The "OrgTechEmail" address listed for the IP address may
be used as one of the possible addresses, e.g. noc@isp1.net, if that
was the "OrgTechEmail" listed for the
ISP.
You can see further information on how the email addresses are derived
at
SNDS - FAQ.
If you have PTR record in DNS that points back to yourdomain.com,
and wish to use one of those email addresses, make sure that you have valid
abuse@yourdomain.com and postmaster@yourdomain.com email addresses.
What data does SNDS provide?
The data provided by SNDS is meant to provide as broad a picture of an IP's
mail sending behavior as necessary for the system's consumers to be
able to stop spam. It reports on a variety of characteristics of mail
traffic. The data points provided are designed to be difficult
or impossible for spammers to avoid differentiating themselves from
well-behaved mailers. Similarly however, data isn't provided on IPs that
send very little mail because they (currently) account for a negligible amount
of spam. For each IP within the ranges that the user has been authorized,
the following data is provided:
Virus-infected emails
Malware
hosting
Open proxy
status
An email message is sent to the address you specified. You will need to go
to a link provided in that email message to grant access to the data to a
Windows Live ID account, such as a hotmail.com email address,
you specified when you requested an account.
Once you have confirmed access, you can view data at
SNDS - View Data
There you will see a calendar where you can select dates for which to view
data. You have the option to change your settings to allow access your data as
a .CSV file without the need for browser-based authentication technologies such
as Windows Live™ ID. This
facilitates access to your data via your own automated scripts or programs.
I didn't see any data listed for an IP address I specified. I know email is
sent from that address to hotmail.com users, but the volume of traffic is
fairly low. The
SNDS - FAQ
states that "data isn't provided on IPs that send very little mail because
they (currently) account for a negligible amount of spam."
[/network/email/spam]
permanent link
Tue, Feb 12, 2008 8:42 pm
Viewing Exchange Logs in Excel
The email log files for a Microsoft Exchange server can be analyzed with
Microsoft Excel. Exchange stores the log entries in a text file, which can
be imported in Excel for analysis.
[
More Info ]
[/network/email/exchange]
permanent link
Tue, Feb 12, 2008 12:30 pm
IP on LASHBACK DNS Blocklist
An IP address for a site had gotten on some blocklists, apparently
due to an infected system at the site.
I went to the
MxToolBox Email Blacklist Check page, which currently checks for the
presence of an IP address on 124 blacklists. I checked on whether the IP
address was present on any of the lists queried by the MxToolBox blacklist
check tool. It was on the
LASHBACK blacklist, with the
reason listed as "Sender has sent to LashBack Unsubscribe Probe accounts
Return codes were: 127.0.0.2", but no others.
I requested a delisting from their
Unsubscribe Blacklist
Support page. When I looked up the address at LASHBACK, I found it was
listed. When I requested it be delisted at 12:30 PM, I was notified that it
would be removed within 1 hour. When I had checked for the address on
the
MxToolBox Email Blacklist Check page, I had seen a
TTL
value of 3594, which is 59.9 minutes, listed for it for the LASHBACK list.
[/network/email/blacklist]
permanent link
Mon, Feb 11, 2008 9:03 pm
System Not Recognizing EasyShare printer dock plus
A user told me that she was no longer able to communicate
with her Kodak EasyShare C340 camera, which she plugs into
a Kodak EasyShare printer dock plus.
The following steps can be taken to see if the system is
recognizing the presence of the printer dock.
- Click on Start.
- Select All Programs.
- Select Kodak.
- Select Kodak EasyShare printer dock.
- Select Kodak printer dock firmware updater.
When the application opens, you should see the printer
name listed along with the current firmware version number
as shown below.
In this case nothing was listed under "Printer Name" nor under
"Firmware Version Number". I unplugged the
USB cable
from the computer and plugged it back in. I then saw the
message below:
USB Device Not Recognized
One of the USB devices attached to this computer has
malfunctioned, and Windows does not recognize it.
For assistance in solving this problem, click this message.
I tried plugging the device into two other USB ports
with the same results. I unplugged the cable from the
printer dock and powered it off. I plugged the cable
back in and powered it on. I then heard noises from
the unit and when I exited the Kodak printer dock firmware
updater program and restarted it, I saw entries listed
under "Printer Name" and "Firmware Version Number"
[/hardware/camera]
permanent link
Sun, Feb 10, 2008 9:45 pm
Use Custom Filter with Netopia R7220-T Router
A Netopia R7220-T router has built-in firewall capabilities.
It comes with two filter sets preconfigured, "Basic Firewall"
and "NetBIOS", but you can create your own custom filters.
To use a custom filter you have created, take the following steps.
- From the main menu, select Quick Menus and hit Enter.
Netopia R7220-T v4.6.2
Easy Setup...
WAN Configuration...
System Configuration...
Utilities & Diagnostics...
Statistics & Logs...
Quick Menus...
Quick View...
Return/Enter displays options for the system.
You always start from this main screen.
- From the Quick Menu, select Change Connection Profiles
and hit Enter.
Quick Menu
Connection Profiles Line Configuration IP Setup
Add Connection Profiles IP Address Serving Setup
Change Connection Profiles IP Filter Sets
Delete Connection Profiles Backup Config Static Routes
WAN Default Profile Network Address Translation
IPX Setup
IPX Filters & Filter Sets
Console Configuration TFTP
SNMP Setup
This menu allows you to visit most configuration screens.
- When your connection profile, e.g. Easy Setup Profile, appears
hit enter to accept it for editing.
Quick Menu
+-Profile Name---------------------IP Address----IPX Network-+
Connecti+------------------------------------------------------------+
Add Conn| Easy Setup Profile 192.168.6.25 | Setup
Change C| |
Delete C| |
WAN Defa| |anslation
| |
| |
| |er Sets
| |
| |
| |
| |
Console | |
SNMP Set| |
| |
| |
| |
+------------------------------------------------------------+
Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.
- Select IP Profile Parameters... and hit Enter.
Change Connection Profile
Profile Name: Easy Setup Profile
Profile Enabled: Yes
Data Link Encapsulation... RFC1483
IP Enabled: Yes
IP Profile Parameters...
IPX Enabled: No
Interface Group... Primary
Return accepts * ESC cancels * Left/Right moves insertion point * Del deletes.
Modify Connection Profile here. Changes are immediate.
- Select Filter Set... and hit Enter.
IP Profile Parameters
Address Translation Enabled: Yes
IP Addressing... Numbered
NAT Map List... Easy-PAT List
NAT Server List... Easy-Servers
Local WAN IP Address: 192.168.6.25
Local WAN IP Mask: 255.255.254.0
Filter Set... NetBIOS Filter
Remove Filter Set
Receive RIP: Both
Return/Enter to select Filter Set (Firewall) for this profile.
Configure IP requirements for a remote network connection here.
- Select the custom filter set you created, e.g. "Custom", if that was the
name you used, and hit Enter.
IP Profile Parameters
+-----------------------------------+
Address Translati+-----------------------------------+
IP Addressing... | Basic Firewall |
| NetBIOS Filter |
NAT Map List... | Custom |
NAT Server List..| |
| |
Local WAN IP Addr| |
Local WAN IP Mask| |
| |
+-----------------------------------+
Filter Set... NetBIOS Filter
Remove Filter Set
Receive RIP: Both
Up/Down Arrows to select, then Return/Enter; ESC to cancel.
- Hit Esc to go back to the prior IP Profile Parameters
menu. You should now see whatever name you used for your custom filter listed
on the same line as Filter Set....
IP Profile Parameters
Address Translation Enabled: Yes
IP Addressing... Numbered
NAT Map List... Easy-PAT List
NAT Server List... Easy-Servers
Local WAN IP Address: 66.159.76.25
Local WAN IP Mask: 255.255.254.0
Filter Set... Custom
Remove Filter Set
Receive RIP: Both
Toggle to Yes if this is a single IP address ISP account.
Configure IP requirements for a remote network connection here.
- You can then keep hitting Esc until you get back to the main
menu or just disconnect from the router
[/hardware/network/router/netopia]
permanent link
Sun, Feb 10, 2008 4:39 pm
Colasoft MAC Scanner 1.1
If you need to determine the
Media Access
Control (MAC) addresses on a
LAN using a Windows system,
Colasoft provides a tool,
MAC Scanner,
which you can use to scan all IP addresses in a subnet to obtain a list
of the MAC, aka hardware addresses, associated with those IP addresses.
The
results
can be exported to a text or Comma Separated Value (CSV) file.
[/os/windows/software/network/scanner]
permanent link
Sun, Feb 10, 2008 2:02 pm
Dell PowerConnect 3024 - Finding MAC Addresses
To determine the
Media Access Control (MAC) addresses of devices connected to a Dell
PowerConnect 3024 switch, take the following steps:
- Select Address Manager from the main menu.
PowerConnect 3024
Main Menu
a. System Manager
b. Port Manager
c. Address Manager
d. Spanning Tree
e. VLAN and CoS Setup
f. Port Trunking
g. Port Mirroring
h. SNMP Management
i. Multimedia Support
j. Statistics
k. Save Configuration
Hit to configure Static Address Table or Address Aging Time
<Ctrl-L> Refresh <Ctrl-W> Save
- Select Dynamic Addresses from the Address Manager menu.
PowerConnect 3024
Address Manager
a. Static Addresses
b. Dynamic Addresses
c. Address Aging
d. Static Multicast Groups Administration
e. Static Multicast Groups Membership
Hit <Enter> to view Dynamic Addresses
<ESC> Back <Ctrl-L> Refresh <Ctrl-W> Save
You will then see the MAC addresses that have been seen by the switch for each
port. Ports with no device attached will not be listed. If nothing is listed
for a port at the time you check, though, that does not necessarily mean that
no device is attached to that port, only that no activity has been seen on
that port recently. A system could be attached to the port, but turned off, or
may be on, but has not communicated with another device over the network
recently.
If the switch is seeing multiple MAC addresses on a port, as it would
if there is another switch or hub plugged into the port, which itself
has multiple systems plugged into it, it will show all of the MAC addresses. In
the example below, 5 addreses are listed for port 6 and 4 addresses
are listed for port 16. There is another switch connected to port 6
and a hub connected to port 16.
PowerConnect 3024
Address Manager/Dynamic Addresses
Dynamic Address Learning is: Enabled
Port: VLAN ID: MAC Address: Query Next Prev
Port VLAN MAC Address Port VLAN MAC Address
--------------------------------------------------------------------------------
1:3 1 00:0c:f1:c8:99:09 1:16 1 00:09:6b:19:38:a5
1:4 1 00:13:20:97:de:e4 1:20 1 00:16:01:41:72:3b
1:5 1 00:1d:09:0a:5d:55
1:6 1 00:11:11:64:ec:bc
1:6 1 00:13:20:97:e2:cf
1:6 1 00:13:72:3b:4a:b6
1:6 1 00:16:76:96:cb:1e
1:6 1 00:17:a4:26:88:d5
1:7 1 00:11:11:5e:b5:90
1:8 1 00:11:11:a8:9c:b0
1:15 1 00:30:18:aa:70:a5
1:16 1 00:00:74:ad:e8:c6
1:16 1 00:00:c5:7c:08:7c
1:16 1 00:06:25:b5:b4:62
Hit <Space> to Enable or Disable Dynamic Address Learning
<ESC> Back <Ctrl-L> Refresh <Ctrl-W> Save
If you see a MAC address which you don't recognize, you can lookup up the
manufacturer of the network adapter associated with that address at
Vendor/Ethernet MAC Address
Lookup and Search, which may help you identify what type of device
is connected on the port showing that MAC address. For instance, when I look
up 00:09:6b:19:38:a5, I see the vendor listed as
"IBM Corporation". When I look up 00:17:a4:26:88:d5, I see
"Global Data Services (may now be Hewlett-Packard, HP)" listed and, in
this case, the device is an HP K5400 printer.
References:
-
Vendor/Ethernet MAC Address Lookup and Search
Coffer.com
[/hardware/network/switch/dell]
permanent link
Sat, Feb 09, 2008 8:22 pm
Setting IP Information From the Command Line
On a Windows system, you can use the
netsh interface ip set
command to configure IP parameters for the system from the command line.
E.g. the command netsh interface ip set address name="Local Area
Connection" static 192.168.0.66 255.255.255.0 192.168.0.1 1 could
be used to set the IP address to a static value of 192.168.0.66
with a subnet mask of 255.255.255.0 and a default gateway of
192.168.0.1.
[ More Info ]
[/os/windows/commands]
permanent link
Fri, Feb 08, 2008 10:16 pm
Uploading Blocked Files to a SharePoint Server
On a Windows Small Business Server (SBS) 2003 system, I tried uploading an
exe file to the SharePoint
server, but saw the following displayed when I attempted to upload it.
Form Validation Error
Please correct the information you provided by following these steps, then
submit the information again:
- The following file(s) have been blocked by the administrator:
Downloads/Security/clamwin-0.92-setup.exe
The following steps can be taken to allow the upload of an .exe file.
Similar steps can be followed to allow the upload of other blocked
files.
- Click on Start.
- Select All Programs.
- Select Administrative Tools.
- Select SharePoint Central Administration.
- Under Security Configuration, click on Manage blocked
file types.
- Delete
exe from the list and click on OK.
[/os/windows/sharepoint]
permanent link
Thu, Feb 07, 2008 8:01 pm
Determining Version of Microsoft Exchange
To determine what version of Microsoft Exchange is running on
a system, you can take the following steps:
- Click on Start.
- Select All Programs.
- Select Microsoft Exchange.
- Select System Manager. Note: the System Manager
is applicable if you have Exchange Server 2000 and later. For
Exchange Server 5.5 and earlier, you will need to run
Exchange Administrator.
- Click Servers. You will then see the version
displayed. For Exchange Server 2000, the version is 6.0;
for Exchange Server 2003, the version is 6.5.
You can also determine the version number, by going to
C:\Program Files\Exchsrver\bin, right-clicking on
store.exe, selecting Properties, and
clicking on the Version tab.
Clicking on Product version will show the version
of the Exchange software. In the case shown above, the
file version is listed as 6.5.7651.61 while the product version
is 6.5. The digits after the 6.5 in the file version don't
necessarily match the build version displayed using the first
method.
Note: the version number you see using the above methods
may not necessarily be the same version number you would
see displayed if you telnet to port 25 on the Exchange server. E.g.
the above method of determining the version of Exchange running
on a system shows it to be 6.5 (Build 7638.2: Service Pack 2), but
if I telnet to port 25 on that same Exchange server, I see the
following:
220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at
Wed, 13 Feb 2008 19:07:30 -0500
I.e. the "ESMTP MAIL Service" version is not the same as the version number
for the Exchange server software on the system, so you can't infer that
the version number you see displayed when you connect to port 25 on the
system is the Exchange server version number.
References:
-
How to tell which software version your computer is using
Published: June 18, 2004
Microsoft Corporation
[/network/email/exchange]
permanent link
Wed, Feb 06, 2008 9:38 pm
HPProduct Assistant Installation Failure
While checking a user's Windows XP system, I found that every time
I logged into it a window opened for the installation of
HPProductAssistant.
| HPProductAssistant |
Please wait while Windows configures HPProductAssistant
Cancel
|
Then another HPProductAssistant window would appear stating "The feature
you are trying to use is on a CD-ROM or other removalable disk that is not
available" and asking me to "Insert the 'HPProductAssistant' disk and click OK"
with "1" appearing in the "use source" field. When I clicked on the browse
button, I saw it was looking for hpproductassistant.msi.
If I clicked on the Cancel button, I would see the error message below:
| HPProductAssistant |
Error 1706.No valid source could be found for product
HPProductAssistant. The Windows Installer cannot
continue.
OK
|
If I clicked on OK, which was the only option, the process would
just repeat. Clicking on the Cancel button at the point where it
prompted for the HPProductAssistant installation file, just kept the process
repeating as well. I had to kill the application through the Task Manager to
stop it.
When I checked on what process was associated with the HPProductAssistant in the
Task Manager by right-clicking on HPProductAssistant under the Applications
tab in the Task Manager and selecting Go To Process , I found it was
hpqtra08.exe That file is associated with
"HP Digital Imaging Monitor" software and is located in
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
When I went to Start, All Programs, and Startup, I
found "HP Digital Imaging Monitor" listed there. It was probably put there
during the installation of software for the user's printer. HP will install
a lot of other software in addition to a printer driver when you use the
HP-provided installation disc for one of their printers. Since it wasn't working
and I doubted the user had any need for it, I clicked on Start,
All Programs and Startup then right-clicked on "HP Digital
Imaging Monitor and selected Delete to get rid of the entry
from the startup group. I rebooted the system to verify that the problem would
no longer occur; it did not.
References:
-
Wait while Windows configures HPProductAssistant???
Yahoo! Answers
-
How to remove hpqtra08 error
file.net
[/os/windows/processes]
permanent link
Sun, Feb 03, 2008 7:36 pm
Determing the Package to Which a File Belongs
If you wish to determine what package a file belongs to under Solaris,
you can use the command
pkgchk -l -p /path/file. E.g.
to determine the package to which the
openssl program located
in
/usr/sfw/bin belongs, the following command could be used:
# pkgchk -l -p /usr/sfw/bin/openssl
Pathname: /usr/sfw/bin/openssl
Type: regular file
Expected mode: 0555
Expected owner: root
Expected group: bin
Expected file size (bytes): 318668
Expected sum(1) of contents: 16493
Expected last modification: Jan 26 21:01:01 2006
Referenced by the following packages:
SUNWopenssl-commands
Current status: installed
From the above information, I can see the file belongs to the package
SUNWopenssl-commands. I can get further information on that
package, such as the date the package was installed with the command
pkginfo -l SUNWopenssl-commands.
# pkginfo -l SUNWopenssl-commands
PKGINST: SUNWopenssl-commands
NAME: OpenSSL Commands (Usr)
CATEGORY: system
ARCH: i386
VERSION: 11.10.0,REV=2005.01.21.16.34
BASEDIR: /
VENDOR: Sun Microsystems, Inc.
DESC: OpenSSL Commands (Use)
PSTAMP: on10-patch-x20060126144406
INSTDATE: Jul 08 2006 23:31
HOTLINE: Please contact your local service provider
STATUS: completely installed
FILES: 5 installed pathnames
3 shared pathnames
3 directories
2 executables
634 blocks used (approx)
References:
-
Solaris find out a package which a file belongs to
nixCraft - Insight Into Linux Admin
Work
[/os/unix/solaris/commands]
permanent link
Sun, Feb 03, 2008 11:08 am
Internet Explorer Shortcut Keys
I use
Furl to save copies of webpages
I've found interesting. Furl creates an online bookmarks or "favorites"
list for you. If you make your Furl archive public, others can also
have access to your links. You also get an online archived copy of the webpage
you've "furled". So if the webpage disappears or the website where it resided
is inaccessible for some other reason the next time you want to view it,
you have a stored copy at Furl.
But sometimes I run into difficulty with multi-page news articles. I don't
want to have to furl each page individually. Some websites offer a "print"
function, so that you can display a copy of all pages of the article at
once to send them to the printer at once. But often, when the window opens
that displays the entire article for printing, I don't see the Internet
Explorer (IE) menubar with "File, Edit, View, Favorites, Tooks, and Help" on it.
The link to furl pages is under "Favorites", so I don't then have access
to that link.
One alternative is to right-click on the "print" version of the webpage,
choose "Properties" and then copy the URL for the webpage, which you can
paste into another IE window with the menubard displayed to access the page.
Another method is to hit the Ctrl and "I" keys simultaneously, which will
bring up the IE Favorites box.
Other IE shortcut keys to view and explore web pages are listed below:
To do this Press this key
----------------------------------------------------------------------
Display Internet Explorer Help or to F1
display context Help about an item in
a dialog box
Toggle between full-screen and other F11
views in the browser
Move forward through the items on a TAB
Web page, the Address box, or the
Links box
Move through the items on a Web page, SHIFT+TAB
the Address box, or the Links box
Go to your Home page ALT+HOME
Go to the next page ALT+RIGHT ARROW
Go to the previous page ALT+LEFT ARROW or BACKSPACE
Display a shortcut menu for a link SHIFT+F10
Move forward between frames CTRL+TAB or F6
Move back between frames SHIFT+CTRL+TAB
Scroll toward the beginning of a UP ARROW
document
Scroll toward the end of a document DOWN ARROW
Scroll toward the beginning of a PAGE UP
document in larger increments
Scroll toward the end of a document PAGE DOWN
in larger increments
Move to the beginning of a document HOME
Move to the end of a document END
Find on this page CTRL+F
Refresh the current Web page F5 or CTRL+R
Refresh the current Web page, even if CTRL+F5
the time stamp for the Web version and
your locally stored version are the same
Stop downloading a page ESC
Go to a new location CTRL+O or CTRL+L
Open a new window CTRL+N
Close the current window CTRL+W
Save the current page CTRL+S
Print the current page or active frame CTRL+P
Activate a selected link ENTER
Open the Search box CTRL+E
Open the Favorites box CTRL+I
Open the History box CTRL+H
In the History or Favorites boxes, CTRL+click
open multiple folders
References:
-
Internet Explorer Keyboard Shortcuts
Article ID : 306832
Last Review : May 7, 2007
Revision : 2.3
Microsoft Help and Support
[/network/web/browser/ie]
permanent link
Fri, Feb 01, 2008 9:41 pm
Removing a Package
Removing a package that has been installed on a Solaris system is handled
by the
pkgrm command, which must be run from the root account.
E.g.
pkgrm SMCx11vnc would remove the previously installed
x11vnc package from a system. The output produced from
running the command appears below.
# pkgrm SMCx11vnc
The following package is currently installed:
SMCx11vnc x11vnc
(sparc) 0.7
Do you want to remove this package? [y,n,?,q] y
## Removing installed package instance <SMCx11vnc>
## Verifying package <SMCx11vnc> dependencies in global zone
## Processing package information.
## Removing pathnames in class <none>
/usr/local/share/x11vnc/classes/index.vnc
/usr/local/share/x11vnc/classes/VncViewer.jar
/usr/local/share/x11vnc/classes
/usr/local/share/x11vnc
/usr/local/share <shared pathname not removed>
/usr/local/man/man1/x11vnc.1
/usr/local/man/man1
/usr/local/man
/usr/local/doc/x11vnc/TODO
/usr/local/doc/x11vnc/README
/usr/local/doc/x11vnc/NEWS
/usr/local/doc/x11vnc/INSTALL
/usr/local/doc/x11vnc/ChangeLog
/usr/local/doc/x11vnc/COPYING
/usr/local/doc/x11vnc/AUTHORS
/usr/local/doc/x11vnc
/usr/local/doc <shared pathname not removed>
/usr/local/bin/x11vnc
/usr/local/bin <shared pathname not removed>
## Updating system information.
Removal of <SMCx11vnc> was successful.
References:
-
Remove a Solaris package with pkgrm
November 28, 2005
tech-recipes - Your cookbook of
tech-tutorials
[/os/unix/solaris/commands]
permanent link
Fri, Feb 01, 2008 8:40 pm
Pkginfo Command
On Solaris systems, the
pkginfo command can be used to obtain
information on installed packages. It is somewhat aking to the
rpm and similar commands on Linux systems.
usage:
pkginfo [-q] [-pi] [-x|l] [options] [pkg ...]
pkginfo -d device [-q] [-x|l] [options] [pkg ...]
where
-q #quiet mode
-p #select partially installed packages
-i #select completely installed packages
-x #extracted listing
-l #long listing
-r #relocation base
and options may include:
-c category, [category...]
-a architecture
-v version
If you just issue the command pkginfo, you will see list of
all of the installed packages on the system with a one-line listing per
package.
# pkginfo
system CADP160 Adaptec Ultra160 SCSI Host Adapter
Driver
application CFWWine WINE
system HPFC Agilent Fibre Channel HBA Driver
system NCRos86r NCR Platform Support, OS Functional
ity (Root)
system SK98sol SysKonnect SK-NET Gigabit Ethernet
Adapter SK-98xx
system SKfp SysKonnect PCI-FDDI Host Adapter
application SMChtdig htdig
<text snipped>
system SUNWzlib The Zip compression library
system SUNWzoner Solaris Zones (Root)
system SUNWzoneu Solaris Zones (Usr)
system SUNWzsh Z shell (zsh)
system SYMhisl Symbios 895A, 896 and 1010 SCSI driver
If you are just interested in a particular package, you can use pkginfo
pkgname where pkgname is the relevant package. But you need
to bear in mind that the name assigned to the package may have SUNW
in front of it or may not otherwise be exactly what you expect. E.g., suppose
I want to know whether the zlib package is installed, because
I want to install some other package that lists the zlib software
as a dependency. If I use the command pkginfo zlib, I see the
following:
# pkginfo zlib
ERROR: information for "zlib" was not found
Using pkginfo | grep -i pkgname will likely be better, unless
you are certain of the package name.
# pkginfo | grep -i zlib
system SUNWzlib The Zip compression library
Now I see the package name for the zlib package is SUNWzlib
and I could use that command with the pkginfo command, but
I want see any more information unless I use the -l option to
get a long listing.
# pkginfo SUNWzlib
system SUNWzlib The Zip compression library
# pkginfo -l SUNWzlib
PKGINST: SUNWzlib
NAME: The Zip compression library
CATEGORY: system
ARCH: i386
VERSION: 11.10.0,REV=2005.01.08.01.09
BASEDIR: /
VENDOR: Sun Microsystems, Inc.
DESC: The Zip compression library
PSTAMP: sfw10-x20050108014620
INSTDATE: Jul 08 2006 23:00
HOTLINE: Please contact your local service provider
STATUS: completely installed
FILES: 13 installed pathnames
4 shared pathnames
4 directories
2 executables
424 blocks used (approx)
The long listing shows me the version of zlib installed, which
in this case is version 11.10.0. I also see the installation date was
July 8, 2006 at 11:00 P.M.
References:
-
Solaris: list installed packages with pkginfo
November 28, 2005
tech-recipes - Your cookbook of
tech-tutorials
[/os/unix/solaris/commands]
permanent link
Thu, Jan 31, 2008 4:59 pm
Make wget Pretend to Be Internet Explorer
I have a script that I manually run to download a particular webpage based
on a parameter that I submit to the script. The script downloads the
webpage with
wget then parses the
webpage for specific information and displays only that information.
The script had been running fine until today, but produced an error message
when I ran it today. When I checked the information being retrieved by
wget, I found that instead of the desired webpage, I was getting
"Sorry. This page may not be spidered."
When a browser retrieves a webpage, it sends a set of values to the webserver.
Those values, which are called "headers", include a "user-agent" header
that identifies the browser to the server. E.g. a particular version of
Internet Explorer may identify itself as "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.0)".
Some websites may use the user-agent header for statistical purposes, e.g.
to determine which browsers are most commonly used to access the website.
Such information may help a web developer tailor the site to the ones most
commonly used to view the site. Or the the website developer can use the
information to tailor its output to the browser being used by a particular
user. E.g., if a browser doesn't support a particular feature used in the
code on the website, the website software can present the viewer with
an alternative webpage.
Wget identifies itself as "wget x.y.z", where x.y.z is the version of wget
in use, e.g. "wget 1.8.2". So, if you retrieve a webpage with wget, the
webserver might see User-Agent: Wget/1.8.2" as one of the
headers submitted to it by the browser.
In this case the website, where the page resided I wanted to access, was
seeing User-Agent: Wget/1.8.2" and denying access to the
page. Fortunately, you can use the --user-agent argument for
wget to specify that wget announce itself to a webserver as any browser
you might wish to emulate.
-U agent-string
--user-agent=agent-string
Identify as agent-string to the HTTP server.
The HTTP protocol allows the clients to identify themselves using a
"User-Agent" header field. This enables distinguishing the WWW
software, usually for statistical purposes or for tracing of proto-
col violations. Wget normally identifies as Wget/version, version
being the current version number of Wget.
However, some sites have been known to impose the policy of tailor-
ing the output according to the "User-Agent"-supplied information.
While conceptually this is not such a bad idea, it has been abused
by servers denying information to clients other than "Mozilla" or
Microsoft "Internet Explorer". This option allows you to change
the "User-Agent" line issued by Wget. Use of this option is dis-
couraged, unless you really know what you are doing.
I had wget pretend to be Internet Explorer by using the command below:
wget --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" --quiet --output-document=$outfile $url
After editing my script to use the --user-agent option, the
script was able to download the webpage as before, placing the output
in the file designated by the $outfile variable in the
script and using the URL I specified as an argument to the script.
References:
-
Masquerading Your Browser
By Eric Giguere
September 19, 2003
Updated October 28, 2004
ericgiguère.com resources
for software developers
[/network/web/tools/wget]
permanent link
Sun, Jan 27, 2008 10:42 pm
Upgrade of Apache From Version 2.0.39 to Version 2.0.59
A scan of a Solaris 7 system found several vulnerabilities for
Apache on the system. Most of them appeared to be due to the version
of Apache on the system not being up-to-date.
I checked the version of Apache running on the system by using telnet
to connect to port 80 and then issuing the
HEAD / HTTP/1.0
command.
# telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Fri, 25 Jan 2008 03:29:30 GMT
Server: Apache/2.0.39 (Unix)
Last-Modified: Thu, 29 Nov 2007 04:39:44 GMT
ETag: "89124-5df-e729c400"
Accept-Ranges: bytes
Content-Length: 1503
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Connection closed by foreign host.
The version was 2.0.39, so it was out-of-date.
You can also check the version with the apachectl command.
# /usr/local/apache2/bin/apachectl -v
Server version: Apache/2.0.39
Server built: Jun 26 2002 01:03:14
Version 2.0.59 is the current version listed at
Sunfreeware.com -
SPARC/Solaris 7 Packages.
The dependencies statement for Apache 2.0.59 listed libiconv as a
dependency and stated "you may need /usr/local/lib/libgcc_s.so.1 either from
the libgcc-3.3 or gcc-3.3.2 or higher packages." When I checked the version
of gcc with gcc -v, I saw it was 3.0.4. So I first
upgraded libiconv.
I installed
libiconv 1.11 on a Sun SPARC Solaris 7 system. I obtained the package
from Sunfreeware.com -
SPARC/Solaris 7 Packages.
# gunzip libiconv-1.11-sol7-sparc-local.gz
# pkgadd -d libiconv-1.11-sol7-sparc-local
The following packages are available:
1 SMCliconv libiconv
(sparc) 1.11
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all
Processing package instance from
libiconv
(sparc) 1.11
Bruno Haible
Using as the package base directory.
## Processing package information.
## Processing system information.
12 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
The following files are already installed on the system and are being
used by another package:
/usr/local/bin/iconv
/usr/local/doc/libiconv/ABOUT-NLS
/usr/local/doc/libiconv/AUTHORS
/usr/local/doc/libiconv/COPYING.LIB
/usr/local/doc/libiconv/ChangeLog
/usr/local/doc/libiconv/DESIGN
/usr/local/doc/libiconv/INSTALL.generic
/usr/local/doc/libiconv/NEWS
/usr/local/doc/libiconv/NOTES
/usr/local/doc/libiconv/PORTS
/usr/local/doc/libiconv/README
/usr/local/doc/libiconv/README.djgpp
/usr/local/doc/libiconv/README.os2
/usr/local/doc/libiconv/README.woe32
/usr/local/doc/libiconv/THANKS
/usr/local/include/iconv.h
/usr/local/include/libcharset.h
/usr/local/lib/libcharset.a
/usr/local/lib/libcharset.la
[Hit to continue display]
/usr/local/lib/libcharset.so.1.0.0
/usr/local/lib/libiconv.la
/usr/local/lib/libiconv.so
/usr/local/lib/libiconv.so.2
/usr/local/man/man1/iconv.1
/usr/local/man/man3/iconv.3
/usr/local/man/man3/iconv_close.3
/usr/local/man/man3/iconv_open.3
* - conflict with a file which does not belong to any package.
Do you want to install these conflicting files [y,n,?,q] y
## Checking for setuid/setgid programs.
Installing libiconv as
## Installing part 1 of 1.
/usr/local/bin/iconv
/usr/local/doc/libiconv/ABOUT-NLS
/usr/local/doc/libiconv/AUTHORS
/usr/local/doc/libiconv/COPYING.LIB
/usr/local/doc/libiconv/ChangeLog
/usr/local/doc/libiconv/DESIGN
/usr/local/doc/libiconv/INSTALL.generic
/usr/local/doc/libiconv/NEWS
/usr/local/doc/libiconv/NOTES
/usr/local/doc/libiconv/PORTS
/usr/local/doc/libiconv/README
/usr/local/doc/libiconv/README.djgpp
/usr/local/doc/libiconv/README.os2
/usr/local/doc/libiconv/README.woe32
/usr/local/doc/libiconv/THANKS
/usr/local/include/iconv.h
/usr/local/include/libcharset.h
/usr/local/include/localcharset.h
/usr/local/lib/libcharset.a
/usr/local/lib/libcharset.la
/usr/local/lib/libcharset.so.1.0.0
/usr/local/lib/libiconv.la
/usr/local/lib/libiconv.so
/usr/local/lib/libiconv.so.2
/usr/local/lib/libiconv.so.2.4.0
/usr/local/lib/preloadable_libiconv.so
/usr/local/man/man1/iconv.1
/usr/local/man/man3/iconv.3
/usr/local/man/man3/iconv_close.3
/usr/local/man/man3/iconv_open.3
/usr/local/man/man3/iconvctl.3
/usr/local/share/doc/iconv.1.html
/usr/local/share/doc/iconv.3.html
/usr/local/share/doc/iconv_close.3.html
/usr/local/share/doc/iconv_open.3.html
/usr/local/share/doc/iconvctl.3.html
[ verifying class ]
Installation of was successful.
Since libintl was listed as a dependency for
libiconv, I tried to determine if libintl
on the system was the latest version.
I looked for libiintl files on the system. I found several.
# find / -name libintl\* -print
/usr/lib/sparcv9/libintl.so
/usr/lib/sparcv9/libintl.so.1
/usr/lib/libintl.so
/usr/lib/libintl.so.1
/usr/lib/libintl.a
/usr/include/libintl.h
/usr/share/man/sman4/libintl.4
/usr/local/lib/gcc-lib/sparc-sun-solaris2.7/3.0.4/include/libintl.h
When I looked in /usr/include/libintl.h, I saw it was version
1.12, so I upgraded libintl to the 3.4.0 version from
Sunfreeware.com -
SPARC/Solaris 7 Packages.
# gunzip libintl-3.4.0-sol7-sparc-local.gz
# pkgadd -d libintl-3.4.0-sol7-sparc-local
The following packages are available:
1 SMClintl libintl
(sparc) 3.4.0
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
Processing package instance from
libintl
(sparc) 3.4.0
FSF
Using as the package base directory.
## Processing package information.
## Processing system information.
2 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
Installing libintl as
## Installing part 1 of 1.
/usr/local/include/libintl.h
/usr/local/lib/libintl.a
/usr/local/lib/libintl.la
/usr/local/lib/libintl.so
/usr/local/lib/libintl.so.3
/usr/local/lib/libintl.so.3.4.0
/usr/local/lib/libintl.so.8
/usr/local/lib/libintl.so.8.0.2
[ verifying class ]
Installation of was successful.
I then upgraded gcc.
# gunzip gcc-3.4.6-sol7-sparc-local.gz
# pkgadd -d gcc-3.4.6-sol7-sparc-local
The following packages are available:
1 SMCgcc gcc
(sparc) 3.4.6
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
Processing package instance from
gcc
(sparc) 3.4.6
FSF
Using as the package base directory.
## Processing package information.
## Processing system information.
10 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
The following files are already installed on the system and are being
used by another package:
* /usr/local/bin/c++
* /usr/local/bin/cpp
* /usr/local/bin/g++
* /usr/local/bin/g77
* /usr/local/bin/gcc
* /usr/local/bin/gccbug
* /usr/local/bin/gcov
* /usr/local/bin/sparc-sun-solaris2.7-c++
* /usr/local/bin/sparc-sun-solaris2.7-g++
* /usr/local/bin/sparc-sun-solaris2.7-gcc
* /usr/local/info
* /usr/local/info/cpp.info
* /usr/local/info/cppinternals.info
* /usr/local/info/g77.info
* /usr/local/info/gcc.info
* /usr/local/lib/libgcc_s.so.1
* /usr/local/lib/libiberty.a
* /usr/local/lib/libstdc++.a
* /usr/local/lib/libstdc++.la
[Hit to continue display]
* /usr/local/lib/libsupc++.a
* /usr/local/lib/libsupc++.la
* /usr/local/man/man1/cpp.1
* /usr/local/man/man1/g++.1
* /usr/local/man/man1/g77.1
* /usr/local/man/man1/gcc.1
* /usr/local/man/man1/gcov.1
* /usr/local/man/man7
* /usr/local/man/man7/fsf-funding.7
* /usr/local/man/man7/gfdl.7
* /usr/local/man/man7/gpl.7
* /usr/local/share/locale
* /usr/local/share/locale/be
* /usr/local/share/locale/be/LC_MESSAGES
* /usr/local/share/locale/ca
* /usr/local/share/locale/ca/LC_MESSAGES
* /usr/local/share/locale/da
* /usr/local/share/locale/da/LC_MESSAGES
* /usr/local/share/locale/de
* /usr/local/share/locale/de/LC_MESSAGES
[Hit to continue display]
* /usr/local/share/locale/el
* /usr/local/share/locale/el/LC_MESSAGES
* /usr/local/share/locale/es
* /usr/local/share/locale/es/LC_MESSAGES
* /usr/local/share/locale/fr
* /usr/local/share/locale/fr/LC_MESSAGES
* /usr/local/share/locale/ja
* /usr/local/share/locale/ja/LC_MESSAGES
* /usr/local/share/locale/nl
* /usr/local/share/locale/nl/LC_MESSAGES
* /usr/local/share/locale/sv
* /usr/local/share/locale/sv/LC_MESSAGES
* /usr/local/share/locale/tr
* /usr/local/share/locale/tr/LC_MESSAGES
* - conflict with a file which does not belong to any package.
Do you want to install these conflicting files [y,n,?,q] y
<text snipped>
/usr/local/share/locale/tr/LC_MESSAGES/gcc.mo
[ verifying class ]
Installation of was successful.
I then downloaded the 2.0.59 version of Apache and installed it.
# gunzip apache-2.0.59-sol7-sparc-local.gz
# pkgadd -d apache-2.0.59-sol7-sparc-local
The following packages are available:
1 SMCap2059 apache
(sparc) 2.0.59
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
Processing package instance from
apache
(sparc) 2.0.59
The Apache Group
Using as the package base directory.
## Processing package information.
## Processing system information.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
The following files are already installed on the system and are being
used by another package:
* /usr/local/apache2/bin
* /usr/local/apache2/bin/ab
* /usr/local/apache2/bin/apachectl
* /usr/local/apache2/bin/apr-config
* /usr/local/apache2/bin/apu-config
* /usr/local/apache2/bin/apxs
* /usr/local/apache2/bin/checkgid
* /usr/local/apache2/bin/dbmmanage
* /usr/local/apache2/bin/envvars
* /usr/local/apache2/bin/envvars-std
* /usr/local/apache2/bin/htdbm
* /usr/local/apache2/bin/htdigest
* /usr/local/apache2/bin/htpasswd
* /usr/local/apache2/bin/httpd
* /usr/local/apache2/bin/logresolve
* /usr/local/apache2/bin/rotatelogs
* /usr/local/apache2/build
* /usr/local/apache2/build/config_vars.mk
* /usr/local/apache2/build/instdso.sh
[Hit to continue display]
<text snipped>
* /usr/local/apache2/manual/vhosts/index.html.en
* /usr/local/apache2/manual/vhosts/ip-based.html
* /usr/local/apache2/manual/vhosts/mass.html
* /usr/local/apache2/manual/vhosts/name-based.html
* /usr/local/apache2/manual/vhosts/name-based.html.en
* /usr/local/apache2/modules
* /usr/local/apache2/modules/httpd.exp
* - conflict with a file which does not belong to any package.
Do you want to install these conflicting files [y,n,?,q] y
[ verifying class ]
Installation of was successful.
When I tried to restart Apache to run the new version, I received
the message below:
# ../bin/apachectl restart
Syntax error on line 344 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'Order', perhaps mis-spelled or defined by a module not included in the server configuration
When I checked what was at line 344, I found Order allow,deny.
<Directory "/usr/local/apache2/htdocs">
<text snipped>
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
I commented out the "order" and "allow" lines to see what would happen. I
then received an error message concerning the UserDir command
in httpd.conf.
I checked the compiled-in modules for Apache with httpd -l and
saw the following:
# ../bin/httpd -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
The order command requires the mod_access module
to be loaded in Apache. It was apparently compiled into the previous version
I had running on the system, but it isn't compiled into the current version,
so I added
LoadModule access_module /usr/local/apache2/modules/mod_access.so
to /usr/local/apache2/conf/httpd.conf.
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule access_module /usr/local/apache2/modules/mod_access.so
Note: the location of mod_access.so and other modules
may be in a different location on other systems, e.g. under Linux it may be at
/etc/httpd/modules/mod_access.so. I also discovered later
that I should have put LoadModule auth_module
/usr/local/apache2/modules/mod_auth.so in as well to address
this error as shown at
Adding Modules to httpd.conf With Apache 2.
When I added the mod_access.so line and ran apachectl
restart, I then received the error message below:
# ../bin/apachectl restart
Syntax error on line 354 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'UserDir', perhaps mis-spelled or defined by a module not
included in the server configuration
I then added the line
LoadModule userdir_module
/usr/local/apache2/modules/mod_userdir.so below the
LoadModule access_module /usr/local/apache2/modules/mod_access.so
line in
httpd.conf. That eliminated the error related to the
UserDir command, but I then saw another module related error
message.
# ../bin/apachectl restart
Syntax error on line 382 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'DirectoryIndex', perhaps mis-spelled or defined by a module not included in the server configuration
I added LoadModule dir_module /usr/local/apache2/modules/mod_dir.so
beneath the other LoadModule statements and reran
apacectl restart. The error message for DirectoryIndex
was eliminated and I got further in the configuration file, but I received
another error message when I restarted Apache.
# ../bin/apachectl restart
Syntax error on line 403 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'TypesConfig', perhaps mis-spelled or defined by a module not included in the server configuration
So I then added LoadModule mime_module
/usr/local/apache2/modules/mod_mime.so and attempted again to restart
Apache. The next error message is shown below.
# ../bin/apachectl restart
Syntax error on line 456 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'LogFormat', perhaps mis-spelled or defined by a module not included in the server configuration
I then added LoadModule log_config_module
/usr/local/apache2/modules/mod_log_config.so. When I attempted to
restart Apache, I then saw the message below.
# ../bin/apachectl restart
Syntax error on line 506 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'Alias', perhaps mis-spelled or defined by a module not included in the server configuration
I then added LoadModule alias_module
/usr/local/apache2/modules/mod_alias.so, which led to the next
error message.
# ../bin/apachectl restart
Syntax error on line 576 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'IndexOptions', perhaps mis-spelled or defined by a module not included in the server configuration
I then added LoadModule autoindex_module
/usr/local/apache2/modules/mod_audoindex.so and attempted to restart
Apache again.
# ../bin/apachectl restart
Syntax error on line 724 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'LanguagePriority', perhaps mis-spelled or defined by a module not included in the server configuration
I added LoadModule negotiation_module
/usr/local/apache2/modules/mod_negotiation.so to address that error.
# ../bin/apachectl restart
Syntax error on line 908 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'BrowserMatch', perhaps mis-spelled or defined by a module not included in the server configuration
I then added LoadModule setenvif_module
/usr/local/apache2/modules/mod_setevnif.so and attempted to restart
again with apachectl restart. At last it restarted without an
error message. Yeah! Except when I tried telnet 1270.0.1 80 to
connect to the default HTTP port on the local loopback address, it failed.
# telnet 127.0.0.1 80
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
When I looked in /usr/local/apache2/logs/error_log, I saw the
following:
[Sun Jan 27 22:09:30 2008] [notice] SIGHUP received. Attempting to restart
Syntax error on line 219 of /usr/local/apache2/conf/httpd.conf:
module access_module is built-in and can't be loaded
So I removed LoadModule access_module
/usr/local/apache2/modules/mod_access.so from httpd.conf.
But then I got the Invalid command 'Order' error message again.
# ../bin/apachectl restart
Syntax error on line 352 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'Order', perhaps mis-spelled or defined by a module not included in the server configuration
I put LoadModule access_module
/usr/local/apache2/modules/mod_access.so
and added LoadModule auth_module
/usr/local/apache2/modules/mod_auth.so below it.
# ../bin/apachectl restart
httpd not running, trying to start
I tried connecting to port 80 on the loopback address again. This time
I was successful. I entered the command HEAD / HTTP/1.0 and
hit return a couple of times. Apache then responded with information showing
me that version 2.0.59 was running at last.
I now have the following module section in httpd.conf
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule access_module /usr/local/apache2/modules/mod_access.so
LoadModule auth_module /usr/local/apache2/modules/mod_auth.so
LoadModule userdir_module /usr/local/apache2/modules/mod_userdir.so
LoadModule dir_module /usr/local/apache2/modules/mod_dir.so
LoadModule mime_module /usr/local/apache2/modules/mod_mime.so
LoadModule log_config_module /usr/local/apache2/modules/mod_log_config.so
LoadModule alias_module /usr/local/apache2/modules/mod_alias.so
LoadModule autoindex_module /usr/local/apache2/modules/mod_autoindex.so
LoadModule negotiation_module /usr/local/apache2/modules/mod_negotiation.so
LoadModule setenvif_module /usr/local/apache2/modules/mod_setenvif.so
References:
-
Adding Modules to httpd.conf With Apache 2
Posted:2005-03-01
Network Administration Tools: GNU/Linux, Windows 2003, Windows 2000, NT, and
more...
[/os/unix/solaris/network]
permanent link
Sun, Jan 27, 2008 7:00 pm
Installing RealVNC 4.1.2 under Windows
I installed the free edition of
RealVNC
4.1.2 on a Windows XP system.
Windows
Defender 1.1.1593 was installed on the system and popped up a warning
when I started the installation of RealVNC.
To get Windows Defender to accept RealVNC, select "always allow" for
the action and then click on "Apply Actions".
When you are configuring RealVNC during installation, under the
Connections tab in RealVNC, you can set the ports or retain the
default ports that will be used for listening for connections, if
you are installing the server portion of the software so you
can connect remotely to the system you are installing it on. The
default values are shown below:
Accept connections on port: 5900
Disconnect idle clients after (seconds): 3600
Serve Java viewer via HTTP on port: 5800
Under Access Control in the Connections section, you
can check "Only accept connections from the local machine", if you wnat
to require access to be through an SSH connection.
If you install the server portion of the software to run as a service
on the Windows system, but don't want it to start automatically, click
on the Windows Start button, select Run and type
services.msc. Find "VNC Server Version 4" within the services
list, double-click on it and change the startup type from "automatic" to
"manual", then click on OK.
References:
-
Malicious Software Encyclopedia: RemoteAccess:Win32/RealVNC
Published: September 12, 2006
Microsoft Corporation
[/os/windows/software/remote-control/vnc]
permanent link
Sun, Jan 27, 2008 6:01 pm
mshta.exe
The file
mshta.exe in
c:\windwows\system32
is part of the Windows operating system. Known file sizes on Windows
XP are 29184 bytes, 30720 bytes, 45568 bytes,
24064 bytes, and 26624 bytes. The description assigned to it by Microsoft is
"Microsoft HTML Application Host". The program is needed to execute
.HTA (Hypertext
Application) files, which allow applications to be run from HTML
documents.
On a Windows XP Tablet PC Edition system with Service Pack 2 installed,
I see the following information for the file when I right-click on it
and select Properties:
| Size: | 44.5 KB (45,568 bytes) |
| Created: | Thursday, August 23, 2001, 7:00:00 AM |
| Modified: | Monday, August 13, 2007, 6:32:30 PM |
| File version: | 7.0.5730.13 |
At
Introduction to HTML Applications (HTAs), Microsoft states
the the following in regards to why someone would use HTAs:
Historically, programming languages like C++ and Microsoft Visual Basic have
provided the object models and access to system resources that developers
demand. With HTAs, Dynamic HTML (DHTML) with script can be added to that list.
HTAs not only support everything a Web page does - namely HTML, Cascading Style
Sheets (CSS), scripting languages, and behaviors - but also HTA-specific
functionality. This added functionality provides control over user interface
design and access to the client system. Moreover, run as trusted applications,
HTAs are not subject to the same security constraints as Web pages. As with any
executable file, the user is asked once, before the HTA is downloaded, whether
to save or run the application; if saved to the client machine, it simply runs
on demand thereafter. The end result is that an HTA runs like any executable
(.exe) written in C++ or Visual Basic.
The .HTA file type can become infected by malware. It is important to
note that, as fully trusted applications, HTAs can carry out actions that
Internet Explorer would never permit in a Web page. Microsoft also states
"In HTAs, the restrictions against allowing script to manipulate the client
machine are lifted. For example, all command codes are supported without
scripting limitations (see
command
id). And HTAs have read/write access to the files and system registry on
the client machine."
Execution of .HTA files by mshta.exe can be debugged with the Microsoft
Script Editor, MSE7.exe.
References:
-
mshta.exe
Windows process - What is it?
file.net
-
mshta.exe - mshta - Process Information
Uniblue™ ProcessLibrary™
-
File Extension .HTA Details
FILExt - The File Extension Source
-
.HTA File Extension
FileInfo.net
-
Introduction to HTML Applications (HTAs) - Windows Internet Explorer
Microsoft
Developer Network
[/os/windows/processes]
permanent link
Mon, Jan 21, 2008 10:47 pm
Generating a New Encryption Key with BlackBerry Desktop Manager
If you get the message "Current Encryption Key is out of date. A new
encryption key will have to be generated.", when attempting to synchronize
your BlackBerry with the BlackBerry Desktop Manager you must generate
a new encryption key.
Messages are encrypted prior to being sent between the BlackBerry Desktop
Manager software and your BlackBerry. The encryption key for the BlackBerry
Desktop Manager and the BlackBerry's own encryption key must match in order
for messages to be decrypted at the receiving end. Encryption keys can
be manually or automatically generated.
If you are using the BlackBerry Desktop Manager for synchronization, take the
following steps to generate a new encryption key:
- Connect the BlackBerry device to the computer.
- In BlackBerry Desktop Manager, double-click
Redirector Settings.
- In the Redirector Settings window, click the
Security tab.
- Select Generate keys manually, then
click Generate. The Generating New Key window will appear.
- Move the mouse around until the Generating
New Key window closes. The random mouse movements help randomize the
encryption key. When the window closes, a new encryption key has been generated.
- If you want to be prompted to generate a new
encryption key every 31 days, select Generate keys automatically.
- Click Apply, then click OK.
References:
-
Encryption keys
Doc ID : KB00171
Last Modified : 2007-03-22
Research In Motion Limited
-
Generate a new encryption key
Doc ID : KB02740
Last Modified : 2007-06-07
Research In Motion Limited
[/network/email/blackberry]
permanent link
Tue, Jan 15, 2008 8:41 pm
Moving WinAmp Playlists from One Computer to Another
WinAmp 5.51 stores its playlists in its
Plugins\ml directory, which will usually be
C:\Program Files\Winamp\Plugins\ml. The individual playlists
will be in
.m3u8
files with names like
plfxxxx.m3u8
and
plfE454.m3u8 where
xxxx is a combination of letters and numbers, e.g.
plf7501.m3u8. The mapping between the name you give the list
and those names is in a
playlists.xml file in the same directory.
Sample Playlists.Xml File
<?xml version="1.0" encoding="UTF-16"?>
<playlists playlists="2">
<playlist filename="plfE454.m3u8" title="Xmas - Hilary Duff - Santa Claus Lane" id="{C0112AC9-0575-422F-B216-9A104962C563}" songs="11" seconds="2200"/>
<playlist filename="plf7501.m3u8" title="Xmas - The Time-Life Treasury Of Christmas" id="{3463FBFD-C77E-44BD-BC13-6044D2E6BEE7}" songs="45" seconds="8327"/>
</playlists>
So, if you want to copy your playlists from one system to another, copy
the .m3u8 files and the playlists.xml files from
the first system to the second system.
But what if the music files, e.g. your .mp3 files, are not in the same directory
on the second system as the first system? Then you will need to edit each
.m3u8 file and update the reference to the actual location
of the music files. E.g. if the files were on drive C:\MP3s on the
first system, but drive D:\MP3s on the second system, you will
need to do a global search and replace on C:\MP3s substituting
D:\MP3s for it. You can use any text editor, such as
Notepad, which comes with Windows, since the .m3u8
files are just text files.
References:
-
Lost playlist
Posted on July 30, 2006
WINAMP.COM | Forums
[/os/windows/software/audio/winamp]
permanent link
Thu, Jan 10, 2008 11:45 pm
Querying the Dell Service Tag with VBS
I needed to produce a list of the service tags for all of the Dell
systems at a site. I found a Visual Basic script at
Query Dell Service Tag that could query a Dell system for the service
tag. There were two versions there, one that would request the system
name through a pop up window and another that could be run from a command
prompt.
I wanted to be able to run such queries from a command prompt, so the
second version appealed to me. But it only queried one system at a time,
so I modified the script to allow me to specify multiple systems at one time
on the command line. The updated script is available at
Dell-ServiceTag.vbs.
Usage:
cscript /nologo Dell-ServiceTag.vbs a b c
Output:
Computer: a Dell Service Tag: AGXQVD1
Computer: b Dell Service Tag: BRKF462
Computer: c Dell Service Tag: 1NFWLB3
[/languages/vbs]
permanent link
Thu, Jan 10, 2008 3:45 pm
Changing the Background Color for a Table in Microsoft Word 2000
To change the background color in a table in Microsoft Word 2000,
take the following steps:
- Right-click somewhere in the table.
- Choose Table Properties.
- Click on the Borders and Shading button.
- Select the color you want for the table's background under
Fill.
- Click on OK.
- Click on OK again.
If you want to change the background color for just one cell in the table,
take the same steps as above, but before you click on OK after
selecting the fill color, change the value in the Apply to field
from "table" to "cell".
If you want to change the background color for an entire row in the table,
the steps are basically the same, but you need to highlight all the cells
in the row before selecting Table Properties.
- Right-click somewhere in the table.
- Choose Table Properties.
- Click on the Table tab.
- Click on the Borders and Shading button.
- Select the color you want for the table's background under
Fill.
- Click on OK.
- Click on OK again.
[/os/windows/office/word]
permanent link
Wed, Jan 09, 2008 10:10 pm
Unable to Backup HP Laptop with Ghost 2003
When I attempted to backup the hard drive in an HP laptop with
Norton Ghost 2003, I received the following error message:
| Error |
|
There is no valid Source Drive to choose (11032)
OK
|
I tried another Norton Ghost 2003 boot diskette, but had the same results.
I then tried a PartImage Is Not Ghost
(PING) boot CD. During the boot process I saw the following:
ata1: port is slow to respond, please be patient (Status 0x80)
ata1: softreset failed (device not ready)
PING dropped me to a shell prompt, since that was the option I picked for
when it completed, without giving me a chance to start the backup. I powered
the system off and on and rebooted. I did not see the messages noted above
then and I was able to backup the system to an external USB disk drive.
I then tried again with a Norton Ghost 2003. This time Norton Ghost saw
the drive, but when I attempted to backup the drive, I received the
error below:
| Application Error 29089 |
Write to image failed
If this problem persists, contact Symantec Technical Support
at http://service.symantec.com
OK
|
I tried again with a boot diskette that I had created using the Norton Ghost
Boot Wizard just a couple of days ago, since the first time I used a boot
CD that I had created a couple of years ago. The results were the same, however.
The next night I backed up the system with PING again and, afterwards,
tried a Norton Ghost 2003 boot disc with the USB 1.1 drivers provided
by Symantec with Ghost 2003.
| Part | Type | ID | Description |
Volume
Label | Size
in MB | Data Size
in MB |
| 1 | Primary | 07 |
NTFS | No name |
76316 | 14802 |
| | | | |
Free | 2 | |
|
| | | | |
Total | 76319 |
14802 |
This time I saw the error message "File Name ? (546)".
When I clicked on OK, I saw the message below:
| Internal Error 36000 |
An internal inconsistency has been detected
If this problem persists, contact Symantec Technical Support
at http://service.symantec.com
OK
|
When I was dropped to a command prompt, though, I saw the following:
ABORT: 29089, Write to image file failed
ABORT: 36000, A GeneralException occurred
[/os/windows/utilities/backup/ghost]
permanent link
Wed, Jan 09, 2008 8:11 pm
Determining Version of a PDF File
If you examine the contents in the first few byes of a
PDF file, you
will see the PDF format version listed. E.g. you will see something such
as the following:
Hex: 25 50 44 46 2D 31 2E
ASCII: %PDF-1.
The bytes shown might be %PDF-1.4 (Hex 25 50 44 46 2D 31 2E
34), if the version is 1.4.
But there are cases where the information in the first few bytes of the
file can be overridden by information appearing later in the file. Derek
Clegg states at
Re: How do you determine PDF version that "The version of a PDF file
isn't solely determined by the first few bytes of the PDF; in PDF 1.4 and
later, the version specified at the start of the PDF file can be overridden by
a / Version entry in the document's catalog. (See section 3.4.1 of the PDF 1.5
specification for more info.) This is why Quartz PDF files always start with
%PDF-1.3 but may, in fact, be PDF 1.4 or later."
The PDF version number determines features incorporated into the format. For
instance version 1.4 was the first first to support transparency and
metadata. Some older PDF viewers may not be able to view PDF files written
in a newer PDF format. A listing of versions and features is available at
Create better PDFs by understanding the formats.
On a Unix or Linux system, you can use the od command to view
the first few bytes of a PDF file.
# od -c -N 10 EBIA_ERISA_3rdQtr2007.pdf
0000000 % P D F - 1 . 4 \n %
0000012
The \n that appears after the "1.4" is just a newline character.
Though Windows doesn't come with a hexadecimal editor, there are free
hexadecimal editors available for Windows systems as well that
will allow you to view those first few bytes in the PDF file.
References:
-
PDF Developer Center: PDF reference
Adobe Systems Incorporated
-
Re: How do you determine PDF version?
By: Derek Clegg
Date: February 21, 2006
Apple Mailing Lists
-
Create better PDFs by understanding the formats
By James Dempsey
December 14, 2006
Creative Guy
[/software/file_formats/pdf]
permanent link
Tue, Jan 08, 2008 4:16 pm
Removing Windows Messenger 4.7
I used the
Windows Update function in Internet Explorer on a
Windows XP system to check for patches for a laptop. Including optional
hardware and software patches, there were 63 available. I chose to
download and install them all. Windows Messenger 4.7 was among those
available; I hadn't paid attention to the fact it was among those to
be installed. It was the first one installed. I saw a Windows Firewall
notice pop up asking me whether I wanted to continue to block Windows
Messenger. I did, but the system gave me a Blue Screen of Death (BSOD)
when I attempted to block it.
When the system rebooted, Windows Messenger 4.7 opened. I didn't want
the software on this laptop anyway. So I opened the Control Panel
(Click on Start, select Settings, then Control
Panel). Under Add or Remove Programs in the Control Panel,
I chose Add/Remove Windows Components. Windows Messenger was
unchecked and had a size of 0.0 MB listed, so I couldn.t uninstall it
that way. I was able to remove it using the steps below, however:
- Close Messenger if it is running. If you see an icon for it
at the lower-right hand corner of your screen, right-click on it
and choose Exit.
- Click on the Start button.
- Select Run.
- In the Open field of the window that appears, copy and
paste
RunDll32 advpack.dll,LaunchINFSection
%windir%\INF\msmsgs.inf,BLC.Remove
- When you see the confirmation prompt below, choose "Yes"
after closing any of the referenced programs, if they are open.
To remove Messenger, you must first exit from it: Click the Messenger
icon in the taskbar, then Exit. Please also close all other programs
that display your contact list (for example, Internet Explorer, Outlook,
Outlook Express, MSN Explorer). Make sure to close programs for all users
signed in to this computer. Do you want to continue?
You will see a notice appear stating Windows Messenger has been removed
when the uninstall process completes.
If you don't want to remove Windows Messenger 4.7, but just want to
stop it from running automatically when you login to a system, instead
of following the procedure above, open Windows Messenger and take the
following steps:
- Click on Tools.
- Select Options.
- Click on the Preferences tab.
- Uncheck "Run this program when Windows starts".
- Click on OK.
References:
-
How to remove Windows Messenger 4.7 permanently
By
Darrell Norton
Posted: March 10, 2004
Darrell Norton's Blog
-
How do I get rid of Messenger 4.7?
By Leo Notenbom
Posted: May 28, 2004
Ask Leo! Tech Questions? Get Answers!
[/network/chat]
permanent link
Tue, Jan 08, 2008 12:18 pm
AntiVirus Reconnaissance
In analyzing the backend code associated with the
Pushdo Trojan downloader, security guru Joe Stewart found that
the malware being distributed would log the hard drive serial number on a
victim's computer. He speculates that perhaps the malware is checking the
hard drive serial number in order to check whether it is running on a
Virtual Machine (VM).
If the malware logs the same serial number for what would otherwise appear
to be separate machines, then it is likely that it is running on a VM.
Since antivirus companies use VM's to analyze malware in controlled
environments, the knowledge that the malware is running on a VM might be of
interest to the malware developer or distributor for that reason.
Some malware attempts to kill or disable antivirus software processes.
Pushdo does not. It merely reports back to its controlling server on
which antivirus software it has detected on the victim's sysetm. Pushdo
compares all of the processes running on the sysetm with its own list of
antivirus and personal firewall process names and then provides a report
to its controller listing the ones it has found.
In checking the Pushdo controller server, Stewart found malware samples
with rootkit
characteristics, which allow malware to hide from antivirus
and antispyware software, and also evidence of a spam
botnet.
References:
-
Inside a Modern Malware Distribution System
By Ryan Naraine
December 21, 2007
eWeek.com
[/security/malware]
permanent link
Tue, Jan 08, 2008 9:50 am
Internet Usage Statistics
If you want to see statistics on Internet usage for various parts of the
world, check
Internet Usage
World Status - Internet and Population Statistics, a
"website featuring up to date world Internet Usage, Population Statistics and
Internet Market Research Data, for over 233 individual countries and world
regions."
[/network/Internet]
permanent link
Mon, Jan 07, 2008 11:20 pm
Folders Could Not Be Opened
On a Windows XP system that was in a domain using a Microsoft Exchange
server, whenever a user attempted to use Outlook 2003, Outlook would
start to open then crash. The error message displayed was "the set of folders
could not be opened." I confirmed that the user's Outlook
.ost file still existed
and that the user had appropriate access permissions. I also ran the
scanost utility that Microsoft provides with Office to verify
the integrity of the user's OST file. It did not find any problems with the
file. I found the problem was on the Exchange server. The mail store was
not loaded due to inconsistencies in it after a system crash. When I repaired
the mail store and the Exchange server was running properly again, the user
was able to open Outlook normally.
I don't know why this problem only occurred on this user's system. Outlook
2003 opened normally on other users' systems. They were not able to access
email on the Exchange server and Outlook indicated they were disconnected
from the Exchange server, but they were at least able to access email,
contacts, etc. that were stored in their OST offline storage files.
References:
-
Repair an .ost or .pst file in Outlook
Office Online Home Page
-
Repairing Outlook PST File Corruption at 2 GB Limit
MoonPoint Support
-
Using ScanOST to Repair OST Files
MoonPoint Support
[/network/email/clients/outlook]
permanent link
in the Tasks
toolbar and choose Password Encrypt.
