MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
January
Sun Mon Tue Wed Thu Fri Sat
       
2017
Months
Jan


Tue, Jan 31, 2017 11:10 pm

Creating a rescue configuration for a Juniper SRX Firewall

You can create a rescue configuration to be used in the event you make some change to a Juniper Networks SRX router/firewall, which runs Junos OS, that makes the device inaccessible. With a rescue configuration saved on the device, you can return the router/firewall to a known operational state. The rescue configuration saved on the device can provide a last resort means of quickly restoring the device to operational status. You can use either the web-based graphical user interface (GUI) method to create a saved rescue configuration via a web browser connection to the system or a command line interface (CLI) method.

[ More Info ]

[/security/firewalls/SRX] permanent link

Mon, Jan 30, 2017 10:49 pm

Checking a website's security certificate with OpenSSL

You can use OpenSSL, which is commonly installed on Mac OS X and Linux systems and which is also available for other operating systems (the source code can be downloaded from OpenSSL Downloads and a Windows implementation is available at OpenSSL for Windows), to check the security certificate of a website using an openssl command in the form openssl s_client -showcerts -connect fqdn:port where fqdn is the fully qualified domain name (FQDN) of the website and port is the port that the website is listening on for HTTPS connections, which is usually well-known port 443, though it may sometimes be another port, such as the registered port 8443. The showcerts option instructs openssl to show all certificates in the public key certificate chain.

[ More Info ]

[/security/encryption/openssl] permanent link

Sun, Jan 29, 2017 7:52 pm

Setting up the Windows Subsystem for Linux on Windows 10

With the Anniversary Edition of the Microsoft Windows 10 operating system (OS), Microsoft provides a an Ubuntu-based Bash shell that will allow you to run Linux software on your Microsoft Windows 10 system. If you are unsure whether the Anniversary Edition update to Windows 10 is installed on a system, you can follow the steps listed at Determining which version of Windows 10 is installed. You can also use the instructions at Determining the version of Microsoft Windows from the command line. The Anniversary Edition is version 1607 of Windows. Or just checking the software build will reveal whether the Anniversary Edition is installed; if you see "build 14393" or later, then the Anniversary Edition is installed on the system.

The Windows system will also need to be using the 64-bit version of Windows 10 rather than the 32-bit version - see Determining if your version of Windows is a 32-bit or 64-bit version for methods that can be used to determine if the installed version of Windows is a 32-bit or 64-bit version.

If the version of Windows is appropriate, then you can follow these step by step instructions to install the Linux subsystem.

[/os/windows/win10] permanent link

Sat, Jan 28, 2017 9:46 pm

Setting the default mail application on Windows 10

If you wish to set or change the default mail app on a Microsoft Windows 10 system, you can take the following steps:
  1. Click on the Windows Start button.
  2. Click on Settings.
  3. Click on System.
  4. Click on Default apps.
  5. Click on "Choose a default" under Email.
  6. You should then see a list of email applications on the system; click on the one you wish to be the default mail application.
  7. Once you've chosen an email program, you can click on the "X" at the upper, right-hand corner of the window to close it.

[ More Info ]

[/os/windows/win10] permanent link

Fri, Jan 27, 2017 10:29 pm

Changing the UltraVNC passwords

To change the password used for connectivity to a system running the UltraVNC free and open-source software that provides remote-administration/remote-desktop-software functionality for Microsoft Windows, select the icon representing UltraVNC in the system tray; it has an eye within it.

UltraVNC system tray icon

Right-click on it and select Admin Properties. At the Admin Properties window, you can type a password in the "View-Ony Password" that can be used to allow remote users access to the system via VNC. It will only check the first 8 characters of a password.After making any password change, click on the Apply button.

[ More Info ]

[/os/windows/software/remote-control/vnc/ultravnc] permanent link

Thu, Jan 26, 2017 10:56 pm

You can't open the application "Firefox.app" because it is not responding

I killed Firefox on my MacBook Pro laptop running OS X Yosemite (10.10.5) by clicking on the Apple icon at the upper, left-hand corner of the screen then selecting Force Quit and then selecting Firefox and clicking on the Force Click button. But when I tried to reopen Firefox, I saw the message 'You can't open the application "Firefox.app" because it is not responding.'

I clicked on OK and used Force Quit Applications again. I saw Firefox in the list and again forced it to quit. I then clicked on the Firefox icon in the Dock at the bottom of the screen again, but Firefox didn't appear to open. I double-clicked on it again, but it still didn't appear to open, though it appeared in the Force Quit Applications list again with "not responding" appearing next to its entry in the list of open apps. I tried clicking on the Firefox icon in the Dock a third time and this time saw the 'You can't open the application "Firefox.app" because it is not responding' message again, though reopening Force Quit Applications again did not show "not responding" next to the Firefox entry in its list. Nor was any other application listed as being unresponsive. I tried the Force Quit step again. Firefox remained in the list until I closed and reopened Force Quit Applications. Though Firefox wasn't in the Force Quit Applications list, I did see a process associated with Firefox when I used the ps command to view processes running on the system.

$ ps -ef | grep -i Firefox | grep -v grep
723184451  6861     1   0  8:46AM ??         0:00.03 /Applications/Firefox.app/Conte
nts/MacOS/plugin-container.app/Contents/MacOS/plugin-container /Library/Internet Plu
g-Ins/JavaAppletPlugin.plugin -greomni /Applications/Firefox.app/Contents/Resources/
omni.ja -appomni /Applications/Firefox.app/Contents/Resources/browser/omni.ja -appdi
r /Applications/Firefox.app/Contents/Resources/browser 1635 gecko-crash-server-pipe.
1635 org.mozilla.machname.776527788 plugin
$

[ More Info ]

[/os/os-x] permanent link

Wed, Jan 25, 2017 11:08 pm

Extracting information from a pem file

The X.509 standard is used to manage digital certificates used for public key encryption. One of the filename extensions used for X.509 certificates is .pem, which stands for "Privacy Enhanced Mail". These certificates are Base64 encoded DER certificates. If you have a .pem certificate and want to view information about the contents of the certificate, you can do so with OpenSSL software, which is commonly found on Linux and Mac OS X systems, but is available for other operating systems as well. If you just want to view the expiration date for a certificate you can use an openssl command like the one below:

$ openssl x509 -enddate -noout -in cacert.pem
notAfter=Aug 13 23:59:00 2018 GMT
$

[ More Info ]

[/security/encryption/openssl] permanent link

Tue, Jan 24, 2017 9:28 pm

Viewing available upgrades in Radia Client Automation Application Self-Service Manager

If the Radia Client Automation Self-Service Manager is in use on a Mac OS X system, the app may be found in the Applications/HPCA/Agent folder on the system's disk drive. You can double-click on Application Self Service Manager.app to see what software updates are available for the system. If the system isn't connected to the corporate network, e.g., if you need to establish a virtual private network (VPN) connection to be able to connect to the server, and you see the message "Error code 769 encountered during the connect. Do you want to work offline?", you can click on Yes to still see available updates stored on the system which you can install.

[ More Info ]

[/software/hpca] permanent link

Mon, Jan 23, 2017 10:07 pm

Firefox Profile Location on an Apple OS X System

The Firefox web browser stores information about its user settings and state in a "profile" directory for each user. On a Mac OS X system (now macOS), such as my MacBook Pro laptop, you can have Firefox open a Finder window showing you the relevant profile folder or you can find it from a command line interface (CLI), i.e., a shell prompt, by opening a Terminal window (you can find the Terminal program in the Applications/Utilities folder). For the latter method, you can see the location of the profile directory by issing the command ls -l ~/Library/Application\ Support/Firefox/Profiles. (you need to put a backslash before the space in the directory path)

$ ls -l ~/Library/Application\ Support/Firefox/Profiles
total 0
drwx------  53 jasmith1  ABC\Domain Users  1802 Jan 23 11:56 bgq13udo.default
$

[ More Info ]

[/network/web/browser/firefox] permanent link

Sun, Jan 22, 2017 9:32 pm

Minecraft memory usage

You can control the amount of memory used by Java for the Minecraft sandbox video game by setting parameters in the server_start.bat file located in the directory where the Minecraft software was installed. To reduce the contention of the Minecraft server with other software running on the system for the system's memory, you can specify the maximum memory it will consume with a Xmx parameter. E.g., the following example uses a server_start.bat file where the maximum of memory that Java will use for running the game software is 1 gigabyte (GB)

java -Xmx1G -Xms1G -jar forgeserver.jar nogui
PAUSE

[ More Info ]

[/os/windows/software/games/minecraft] permanent link

Sat, Jan 21, 2017 11:33 pm

Error occurred message when upgrading freeSSHd

I needed to upgrade freeSSHd, which is free Secure Shell (SSH) server software for Microsoft Windows systems, on a Windows 8 system. The software allows remote users to log into a command line interface on the Windows system via SSH and provides the capability to transfer files via the SSH File Transfer Protocol (SFTP). When I attempted to install the latest version of the software over a prior version, however, the installation was unsuccessful. If you see the following error message, you may need to stop the SSHD service prior to performing the upgrade:

An error occurred while trying to replace the existing file:
DeleteFile failed; code 5.
Access is denied.

Click Retry to try again, Ignore to skip this file (not recommended), or Abort to cancel installation.

[ More Info ]

[/os/windows/network/ssh/freeSSHd] permanent link

Fri, Jan 20, 2017 10:02 pm

Installing an encryption plugin for UltraVNC

An encryption plugin is available for the UltraVNC open source remote administration/remote desktop software. The SecureVNC Plugin has the following specifications:

[ More Info ]

[/os/windows/software/remote-control/vnc/ultravnc] permanent link

Thu, Jan 19, 2017 11:06 pm

Setting up a Juniper Networks SRX100 Router/Firewall

You can configure a Juniper Networks router/firewall, such as a Dell J-SRX100H, which is manufacturered by Juniper Networks by connecting a network cable between one of the 0/1 through 0/7 ports on the SRX100; don't use the 0/0 port, because that is the default port for the "untrusted" side of the device, i.e., for connections on the "outside" or Internet-facing side of the device. If you have the connected device set to obtain an IP address by the Dynamic Host Configuration Protocol (DHCP), it will be assigned an address from the 192.168.1.1/24 subnet, 192.168.1.2. You can then log into the router by opening a browser window and pointing the browser to http://192.168.1.1.

[ More Info ]

[/security/firewalls/SRX100] permanent link

Wed, Jan 18, 2017 10:46 pm

Allowing inbound connectivity for an application under Windows 8

To permit inbound access to an application through the Microsoft Windows Firewall on a Windows 8 system, you can take the following steps:
  1. Move the mouse pointer to the lower, left-hand corner of the window until you see the Windows Start button appear. When you see it, right-click on it and select Control Panel.
  2. From the Control Panel, select System and Security.
  3. Click on Windows Firewall.
  4. Click on Allow an app or feature through Windows Firewall.
  5. Click on the Change settings button. Once you do so, the "Allow another app" button will no longer be grayed out and you can click on it.
  6. Find the application for which you wish to allow access through the firewall and click on it to highlight and select it.
  7. Click on the Add button. You should then see the program added to the list of apps allowed to communicate through Windows Firewall. By default access is allowed on "private" networks, such as your home or work network. If you also want to allow access on "public" networks, such as you would find at a coffe shop or airport, you can also click the check box for "public".
  8. Click on the OK button. You can then close the Windows Firewall window. You should be able to connect to whatever port or ports the application opens now from another system on the same local area network (LAN).

[ More Info ]

[/os/windows/win8] permanent link

Tue, Jan 17, 2017 10:30 pm

prisoner.iana.org

While using Wireshark to troubleshoot a Domain Name System (DNS) issue for a server that sits behind a firewall that performs Network Address Translation (NAT), I noticed a DNS response coming back where Wireshark showed the following in the "Info" field for a packet:

Standard query response 0x21e1 No such name PTR 5.1.168.192.in-addr.arpa SOA prisoner.iana.org

The server for which I was performing the troubleshooting has an IP address of 192.168.1.5, which is a private IP address. There are 3 private IP address ranges; these ranges are also sometimes referred to as "RFC 1918 addresses", since the private IP address space is defined in RFC 1918 . A Request for Comments (RFC) is a document published by the Internet Engineering Task Force (IETF). Some RFCs, such as RFC 1918 become Internet Standards.

[ More Info ]

[/network/dns] permanent link

Mon, Jan 16, 2017 10:35 pm

Selecting records containing a string in a MySQL or MariaDB database

If you wish to select only the records containing a particular string, e.g., some word, etc., from a MySQL or MariaDB database table then you can use LIKE in the SQL SELECT command. E.g., if I have a table named Books that contains book information and one of the columns in the database is Title, I can select any books from the database where the title contains "Unix" with the command below:

SELECT * FROM Books WHERE Title LIKE "%Unix%";

The percent sign (%) serves as a wildcard character indicating that any number of other charcters will match it. So by putting the percent sign before and after the word Unix, the expression will find any books with titles that have "Unix" anywhere in the title, e.g., at the beginning, middle, or end of the title. If I only wanted to find those records in the Books table where the title began with the word Unix, I could use the command below:

SELECT * FROM Books WHERE Title LIKE "Unix%";

Any characters that came after the word Unix would match, but the title would need to start with "Unix". To find only those books where the word appears at the end of the title, I could use the following command:

SELECT * FROM Books WHERE Title LIKE "%Unix";

If I wanted, instead, to find all of the records where the title doesn't contain the word "Unix", I could put NOT before LIKE.

SELECT * FROM Books WHERE Title NOT LIKE "%Unix%";

[/software/database/mysql] permanent link

Sun, Jan 15, 2017 10:30 pm

Turning on network discovery and file sharing on a Windows 8 system

If you wish to see folders from other Microsoft Windows systems on a local area network (LAN) or those shared from Linux systems via Samba, you may need to turn on network discovery on the Windows system(s) in order to see the shared folder. E.g., if you double-click on Network in the Windows File Explorer and see "Network discovery and file sharing are turned off. Network computers and devices are not visible. Click to change...", click on the message to enable network discovery.

[ More Info ]

[/os/windows/win8] permanent link

Sat, Jan 14, 2017 11:07 pm

Determining or changing the system name for a computer running Windows 8

To determine the system name for a computer running the Microsoft Windows 8 operating system, you can right-click on the Windows Start Button at the lower, left-hand corner of the screen. If you don't see it, hit the Esc key and move the mouse pointer to the lower, left-hand corner of the screen where it should appear. You will see the system's name listed in the "Computer name, domain, and workgroup settings" section. If you want to give the system a new name, click on Change settings and then click on the Change button.

If you want to obtain the information through a command-line interface (CLI) method, instead, you can do so either at a command prompt or PowerShell prompt.

[ More Info ]

[/os/windows/win8] permanent link

Fri, Jan 13, 2017 10:27 pm

Deleting up to a word or back to a word in the Vi or Vim editor

In the vi or Vim text editor, you can delete all characters on a line up to a specified word by placing the cursor on the line at the point where you wish to start the deletion then hit the d key followed by the slash key followed by the word up to which you wish to remove the characters on the line. E.g., suppose you have the following line:

If you can force your heart and nerve and sinew To serve your turn long after they are gone, And so hold on when there is nothing in you Except the Will which says to them: “Hold on”;

From the poem If— by Rudyard Kipling (1865-1936)

If you wished to delete all of the text on the line from the word "To" up until, but not including the word "And" in "And so hold on...", while in command mode, not insert mode, you could move the cursor to the "T" in "To" and then hit the d key followed by the forward slash key (/) and then type And (make sure you use the matching capitalization). The line would then appear as shown below.

If you can force your heart and nerve and sinew And so hold on when there is nothing in you Except the Will which says to them: “Hold on”;

Suppose, instead, you had the cursor at the word "To" as before, but wanted to delete backwards through the word "If", i.e., all the way to the beginning of the line, instead. You could then hit the d key while in command mode, then hit the question mark (?) key and type If. You would then have the text below.

To serve your turn long after they are gone, And so hold on when there is nothing in you Except the Will which says to them: “Hold on”;

For the backwards deletion, the word you type after the question mark is included in the deletion. In this case, if you wished to delete backwards to the beginning of the line, you could also have hit the d key followed by the ? key and then hit the caret (^) key, which represents the beginning of the line. Likewise, you could hit the dollar sign ($) key to delete forward to the end of the line, which it represents, or you could just hit the D key, instead of the lower-case "d" to delete from the current cursor position to the end of the line.

[/software/editors/vi] permanent link

Thu, Jan 12, 2017 10:13 pm

Whitelisting email from a sender or domain using GoDaddy's email service

If you are using Godaddy's email service and email sent from a particular sender isn't showing up in your inbox, check the bulk mail folder, since there is a possibility that the mail was treated as junk email and placed there. To keep email from a particular sender from being subjected to checks that may result in email from that sender going into the bulk mail folder or never appearing in any folder in your account, you can add the sender's email address to a list of whitelisted email addresses, i.e., ones that won't undergo the normal checks to ascertain if the email is email spam, which can sometimes result in false positives, i.e., a legitimate email you would want to receive is mistakenly classified as spam by a software algorithm that checks all incoming email. To whitelist an email address or an entire domain, e.g., all email from any email address at example.com, take the following steps while logged into your GoDaddy email account through the web interface to your email account.

[ More Info ]

[/network/email/godaddy] permanent link

Wed, Jan 11, 2017 10:36 pm

tar extraction errors - Cannot utime: Operation not permitted

I needed to copy the contents of one directory belonging to a user from one Linux system to another. While logged into her account on the source system, I created a tar file, aka a "tarball", of the directory with the command tar -cvf game.tar game to copy the contents of her "game" directory and all of its subdirectories to the tar file. The tar file was about 20 MB in size, so I compressed it with the gzip command gzip game.tar resulting in a game.tar.gz file about 5 MB in size, which I transferred to the destination system. While logged into her account on the destination system, I uncompressed the .gz file with gunzip game.tar.gz and then attempted to extract the contents of the tar file into the same directory on the destination system as on the source system. The directory already existed on the destination server because I had many months ago copied everything in her home directory from the source to the destination system. When I ran the command tar -xvf game.tar to extract the contents of the tar file, I saw files extracted, but I also saw several "Cannot open: File exists" lines in the output from the command, which terminated prematurely with the following lines:

game/Update
tar: game/Update: Cannot open: File exists
game/FAQ
tar: game/FAQ: Cannot open: File exists
game/CONVERT.22
tar: game/CONVERT.22: Cannot open: File exists
game/BETA
tar: game/BETA: Cannot open: File exists
tar: game: Cannot utime: Operation not permitted
tar: Exiting with failure status due to previous errors

[ More Info ]

[/os/unix/commands] permanent link

Tue, Jan 10, 2017 10:47 pm

Determining which version of Windows 10 is installed

There have been various iterations of Microsoft Windows 10 since it was first released. Though you might think of Windows 10 as one version compared to Windows XP, Vista, 7, 8, etc., but there are versions of Windows 10 itself and "builds" within those versions. You can determine which version of Microsoft Windows 10 is installed on a system running Windows 10 by typing winver in the Cortana "Ask me anything" field. You will then see a window, such as the one below, displaying the version and build number of the operating system. In the example shown below from a Dell laptop, the system is running Version 1511 build 10586.713 of the Windows 10 operating system (OS), which is the "November Update" to the OS.

Windows 10 version and build information

[ More Info ]

[/os/windows/win10] permanent link

Mon, Jan 09, 2017 10:32 pm

Thunderbird and Proxy Server Settings

When attempting to check email after installing Mozilla Thunderbird on a Windows 10 system and configuring an email account in Thunderbird, instead of email being downloaded, Thunderbird would show "Connecting to pop3.example.com" and seemed to be indefinitely stuck at that point. When I opened Wireshark to observe the network traffic between the Windows 10 laptop and the email server, I didn't see any traffic whether Thunderbird was configured to use the Post Office Protocol version 3 (POP3) port 110 or the secure version of the protocol POP3S on port 995. I set the Wireshark filter to be tcp.port eq 110 || tcp.port eq 995. I didn't see any traffic between to/from the server when I changed the filter to look for traffic to/from the IP address of the server with ip.addr == xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx was the IP address of the server. After puzzling over the matter for awhile, it finally dawned on me that I had prevoiusly configured the Microsoft Edge browser to use a SOCKS proxy server via a Secure Shell (SSH) tunnel set up with PuTTY. I had disconnected the PuTTY connection to the SSH server, but hadn't changed the proxy server settings for the system so I realized the was likely the cause of the problem, though I hadn't expected Thunderbird to use the system proxy server setting by default.

[More Info]

[/network/email/clients/thunderbird] permanent link

Sun, Jan 08, 2017 10:50 pm

Altering the contents of a file using sed

On Unix, Linux, and OS X systems, the sed (stream editor) utility can be used to modify the contents of a file replacing one string, i.e., sequence of characters, with another. E.g., suppose the file named myfile contains the following lines:

pink blue
red Blue
orange
blue purple blue
blue

If I want to replace all occurrences of the word "blue" with "green", I could issue the following sed command at a Bash shell prompt.

$ sed -i -e 's/blue/green/g' myfile

[ More Info ]

[/os/unix/commands] permanent link

Sat, Jan 07, 2017 11:12 pm

Day of the week for dates in Excel and Calc

If you wish to display the day of the week, i.e, Monday, Tuesday, Wednesday, etc., that corresponds to a particular date in Microsoft Excel you can simply format the display of the date using a custom format of ddd. E.g., in Microsoft Excel 2013, if I have dates in column A displayed in mm/dd/yyyy format, but I also want the day of the week corresponding to those days to appear in column B as shown below.

Excel 2013 dates with days of the week

[ More Info ]

[/os/windows/office/excel] permanent link

Fri, Jan 06, 2017 8:44 pm

Wireshark showing RST packets when unable to access website

I was unable to access a website on a webserver I frequently access. When I examined the network traffic to and from the server with Wireshark network analyzer software, I could see a repeating sequence of SYN packets from the IP address of the Windows laptop from which I was attempting to access the web server followed immediately by RST, ACK packets from the IP address of the server. That sequence repeated over and over again. E.g.:

130	2.766497	TCP	74	44970?80 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1029178963 TSecr=0 WS=16
131	2.768022	TCP	60	80?44970 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
132	2.800200	TCP	74	27779?80 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1029178972 TSecr=0 WS=16
133	2.801724	TCP	60	80?27779 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

[More Info ]

[/network/web/server] permanent link

Thu, Jan 05, 2017 4:02 pm

Email stuck in the sendmail queue

A user repoted that she didn't receive an email someone sent her today. I checked the /var/log/maillog file to see if the mail server, which is running Sendmail, received the email. When I searched on part of the sender's email address, I saw the message had been received by the mail server:

# grep sbear /var/log/maillog
Jan  5 14:08:08 moonpoint sendmail[6276]: v05IxmvR006276: from=<sbearab1@y0hoo.c
om>, size=2339942, class=0, nrcpts=1, msgid=<1226622358.574156.1483642780691@mai
l.y0hoo.com>, proto=ESMTP, daemon=MTA, relay=omp1011.mail.ne1.y0hoo.com [98.138.
87.11]

So I checked Sendmail's queue with the mailq command and saw the message was stuck there. Note: Mailq is identical to sendmail -bp .

# mailq
                        /var/spool/mqueue (1 request)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
v05IxmvR006276  2338155 Thu Jan  5 14:08 <sbearab1@y0hoo.com>
                 (host map: lookup (yahoo.com): deferred)
                                         <abad_kitty@moonpoint.com>
                Total requests: 1
#

The sendmail queue can be flushed with the command sendmail -q -v .

#  sendmail -q -v

Running /var/spool/mqueue/v05IxmvR006276 (sequence 1 of 1)
<abad_kitty@moonpoint.com>... aliased to ann
ann... Connecting to local...
ann... Sent
# mailq
/var/spool/mqueue is empty
                Total requests: 0
#

The meaning of the -q and -v options to the sendmail command are shown below:

  -q[time]
              Process saved messages in the queue at given intervals.  If time
              is  omitted,  process the queue once.  Time is given as a tagged
              number, with `s' being seconds, `m' being minutes (default), `h'
              being  hours, `d' being days, and `w' being weeks.  For example,
              `-q1h30m' or `-q90m' would both set  the  timeout  to  one  hour
              thirty  minutes.   By  default,  sendmail  will run in the back-
              ground.  This option can be used safely with -bd.

      -v     Go into verbose mode.  Alias expansions will be announced, etc.

[/network/email/sendmail] permanent link

Wed, Jan 04, 2017 10:32 pm

SSH brute-force break-in attempts from 49.116.40.31

While troubleshooting a problem with a Linux system this evening, I opened Wireshark and noticed a Secure Shell (SSH) packet from an unexpected source address, 49.116.40.31. When I checked the fail2ban log on the system, I noticed that the IP address had been banned temporarily several times today, but break-in attempts resumed whenever the timeout period for the ban expired.

# grep '49.116.40.31' /var/log/fail2ban.log | grep 'Ban\|Unban'
2017-01-04 17:20:46,190 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 17:30:47,135 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 17:31:15,276 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 17:41:16,250 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 17:41:43,390 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 17:51:44,299 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 17:52:14,441 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 18:02:15,243 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 18:02:43,383 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 18:12:44,182 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 18:13:13,323 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 18:23:14,227 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 18:24:23,414 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 18:34:24,183 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 18:35:33,368 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 18:45:34,148 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 18:46:44,331 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 18:56:45,126 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 18:57:14,282 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 19:07:15,124 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 19:07:44,270 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 19:17:45,043 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 19:18:14,190 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 19:28:15,111 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 19:29:23,297 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 19:39:23,304 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 19:39:51,441 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 19:49:52,326 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 19:50:21,472 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 20:00:22,251 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 20:00:49,390 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 20:10:50,192 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 20:11:19,338 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 20:21:20,121 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 20:21:49,263 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 20:31:50,036 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 20:33:38,258 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 20:43:39,059 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
2017-01-04 20:44:37,358 fail2ban.actions        [25142]: NOTICE  [sshd] Ban 49.116.40.31
2017-01-04 20:54:37,372 fail2ban.actions        [25142]: NOTICE  [sshd] UnBan 49.116.40.31
#

[ More Info ]

[/security/attacks/ssh] permanent link

Tue, Jan 03, 2017 10:23 pm

Executing a JavaScript function when a browser window is resized

Sometimes you may want to have a certain event take place if a visitor to your website resizes his or her browser window. With HTML 5, you can use the onresize Event Attribute. You can apply the event attribute to the body tag, e.g.:

<body onresize="someFunction()">

The event that would occur when the browser window is resized will depend upon the code you place in the JavaScript function referenced, which in this case I've named someFunction.

Note: the onresize attribute is new to HTML5 and isn't supported in HTML 4.01 and older versions oF HTML. You can expect current versions of browsers to support it, but if a visitor has an outdated browser version, the function may not work for the visistor.

[ More Info ]

[/network/web/html] permanent link

Mon, Jan 02, 2017 10:42 pm

Determining the program that is connecting to specific IP addresses

While troubleshooting a network issue using the free and open source (FOSS) network analyzer Wireshark, I noticed connections to IP addresses that I thought might be associated with adware sites. The connections were occurring from a Microsoft Windows 10 system. I suspected that the connections were occuring via a browser tab that was open to a website within the K-Meleon web browser, but I wanted to confirm that was the case and then, if it was, to attempt to identify the particular tab open in the browser and the web page that was responsible for the traffic, since there were several tabs open in the browser. There were also other browsers open on the system with multiple windows and tabs, so I might also need to check the tabs open in those browsers.

To see all of the connections to websites on the HTTP port, which is the well-known port 80, I can open a command prompt window and use the netstat command netstat -an and then pipe its output into the find command, looking for ":80". The -a option shows all connections and the -n option converts IP addresses and application layer protocols, such as HTTP, to numeric form.

[ More Info ]

[/os/windows] permanent link

Sun, Jan 01, 2017 8:45 pm

Determining if a directory exists in a Bash script

I have a Bash script that copies the prior day's mail log file from /var/log/maillog.1 to another directory for archiving. The archive directory contains a subdirectory for each year's mail logs. Today is the first day of a new year, so I needed to create a 2017 directory. I could manually create the directory, but I thought I'd modify the Bash script that runs from Cron to check on whether the current year's directory exists and, if it doesn't create it, so, if I forget in future years to create a new year's directory the script will create it for me.

You can check if a directory exists with code similar to what is shown below:

if [ -d "$DIRECTORY" ]; then
  # Insert code to be executed
fi

Or, to check if a directory doesn't exist and execute commands if it doesn't:

if [ ! -d "$DIRECTORY" ]; then
  # Insert code to be executed
fi

Note: putting the $DIRECTORY variable in double quotes allows for cases where the directory name may contain a space. Though that won't be the case for my yearly subdirectories, it is something you can allow for by enclosing the variable name in double quotes.

[ More Info ]

[/os/unix/bash] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo