Importing a Public Key with GPG

You can import someone's public key into your GPG keyring in a number of ways.

Suppose you have received the following key by email or see it on a webpage. (the key below is from the The Linux Kernel Archives OpenPGP Signature webpage.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDnirDkRBADCTL/iUTeZKb0tiAcKdZdsUP/KSnrGGjlinolUAsUC0D6/hUB1
RdCpJOOERTIEr1yvehqDM7veRhNMoxJNQxa/sSrkywey5qc8uaskUNEqenimq/70
bahWJeoWXjad68mQFh65lULnHQrrioeJnh9UpyGJppNb/yIjdnymH9aYEwCglgP7
UegBzH22h8NVQEK2PWWbyUUD/jQA4lI0wRWcL9HpkYkHcH0LTKRB9zYpQYtyvzJi
yTGwJyFMfYNXy0RT11dICeLkf3HMR84hkPERKMhALobLxVUbfc7j2AygmzGphWGy
DH/xjptQP/zrsq87ylYRONK18w1J42cm+yZa4XThMDPJMrb9/l8qnxU1JnW7W1al
HKTpBACbs+91KLqrnIGcF44TMwxgUj5CUrayPoEnLU+ZMBqfSjmu8RqEYmTxJCKv
7erBFSuazBGj5X7twunrtrW3bxO63MbLbHjfXSRrMnKOb8dRULIg6eWAnoAx8VVZ
YjrOpwAntU3WxYOpbiCHt9kLbb+N5rvNtFcmOqRRQaCIUFOOaLQ8TGludXggS2Vy
bmVsIEFyY2hpdmVzIFZlcmlmaWNhdGlvbiBLZXkgPGZ0cGFkbWluQGtlcm5lbC5v
cmc+iFUEExECABUFAjnirDkDCwoDAxUDAgMWAgECF4AACgkQyGugalF9Dw4MNACe
JiQTyCmQzPGou2cl/RyOXj79kYYAnAsT6xt72hp/PFiywYM9vBsDVv9niQEVAwUQ
OeKwNWx5eAAqlgcFAQEdZgf/Vn2dMKrn8021NhavP0uA3pHGRmdKQ2WJBdLiN2tv
LkpAioZtho+op+xBz8j1zdIJQ/7XWko869KHge2BAFwA8rWDzjtaAWdE0Jo/NiAR
epUwV2FdRRwSxIcNG2CCPyJnfPokRqjdl2z9k2PkwidHSq+2k6JxCWnOcIXChSKf
kHnemtA65ixAlhuxvyN3MPuYs1jAHyDGcyMfomp1qH9tXFQhhyXRrG2eMAfslstC
XGXLcoLN3O2BMR/fG2GlV6kOqGOvoMIW3clVeQLQ9B1yyekKiVY6Vg+CgK5qhg8z
9tjH4f33zzNDwsx1WSCOU/1LIPzFBNbR9QtTF2XmOUfRs4hGBBARAgAGBQI54rBc
AAoJEH2d7s4ry8YhmjsAoMUW9RxfXBSos0A6LwGd+5pXv/MRAKCYFLG2T4GSV+qf
iRsXnrgDHQHD04hGBBARAgAGBQI54rOZAAoJEPKlddweGoeC/+sAoL5f7JF21mRe
Z8VV4nhh7prm+idSAKCMXDWW/tBOeJDYpiEhgyGSGgJJWrkEDQQ54q+cEBAAjRmb
txamcZ9EYsQTnQvVL2l6vY5Rnbc1JDdcyHEV1kH5OwZWqvckL4QgKKBbTQwyB9pC
o0nGK4PkBbrwL0outfHQ5jl9DUzTKIu+asWUyf3fxfUV6j2A6BMo59KNnJzUyJ2+
B5na6NN8nEqEtmogROtjT8LkOvYwqD4A/5re2vwtie+h5yU6A+JbyGQF6lFxThZj
4WGctBgCcDBqRkPAG8DFFAdeN5SMAArktCYuUGXi2q88EDoOs3Ykw0kB8+ZFECz/
4/b93so5Wt2hC15cxAJoXFfR3mXHm40EHzMdEublWV4blB2KvFocQC74/H74QPUk
cWlc6EhPodKvcuOfTimDxXaiGNFONUPgNAmCXeVoOapdWpb3x7iOHPwSaXeJSrO9
fc4GtVjDv90DT2ekK7cvYk8s6B3t7p7W21Xi+hRgrw63B3HElr01gdMZY5XA5ey/
WmnyBS6LOxXlnVBE+2uSQ+aZHqrLpXcRvq2ZonOziDSE0i940ZvIwlSzn0U5BQWl
9hBDQw78RacYqaFvlpcGiPj75bScB4eemxV6Wdo9mtK0Vrr+9bWScXHEv7did4X+
7tBWKbA8M+g290OSzjeQBGLuPmbjxzEKH9jcUumzBzzC5x5GFh7On9TLXQ4K/oRT
6QQpS93YrTVbR60G4MKsePWLJmg7IgYUtNdLGjsAAwUP/0aAAq8CmWtourj1XxNY
pFmOAU45d65fPWVadKyF++B+uDyRNYN7HQCqrJ7ddn0sH7OBtlE8yaBYgR0TFly9
9+LqQO4r4IGCw2TBgA5tKnOWoPGEzvrLeoxR3SnPrKBlDvx6Rr9h3OJ9UV5u/NLh
mCP9iN10gWCGzsWbONc6qD6PugbTur44D6s4CRK9xfliSrtG3GBHW914UKjJeB9s
e3oc1rkmNv39kKcu33w4XVETAj4qpXnwoJvy639dfvnQt1TWFjIt20iP7m+jkT3B
b526uJ5GuJl6r8sm5OYYRs5cLigvUzRZVgYnjjqlRRACx0WcinKK55Li2Pq4qcRV
vSE5Tr3kTUTGxdmy113FbscrhLhesGALv3Hb7jeeWC8jviGEaHppgUumR6v0hsI1
rZ3K8kCjFRAYV8OKtcEeMqjouArGi5dn0ClmG4lwH4SEdqC/TRNWGG+iVpWf5yCj
9mvtvUhLtl6QjXHLrJdSGyafvqR1EQMJadFt4URvx0M7tqZIcwPUnb+7Oc+J96po
e/EQmnm6rFnTpWz0BbY4mbJC7vUH4JyLs0nlxiKrBjaO9C1DSAKBpjqaga8dQe1Z
kLOI2F7IWFeKV2LaMl+ZvvfWMECNcqNW2fkCuP9Fpz5K+xg21TwovVy93aWKgFL6
06jK51oQp3fW86xXK9ZGKYqQiEYEGBECAAYFAjnir5wACgkQyGugalF9Dw5M9QCg
hhmHalzWf8B3AVrjPrtrRHA1vlgAn3YRlU5l0V5W1iXvHXQCUHIESpgm
=SZZb
-----END PGP PUBLIC KEY BLOCK-----

1. Copy and Paste
   
   
   1. Copy the entire block from the "BEGIN PGP PUBLIC KEY BLOCK" line to the "END PGP PUBLIC KEY BLOCK" line (get the dashes on those lines as well).
   2. At a shell prompt, type gpg --import. The gpg program will start awaiting your input.
   3. Paste the PGP key and then hit enter followed by Ctrl-D to terminate the program.
   4. You should then see something like the following (the email address has been altered to preclude spam spiders picking it up).
      
      gpg: key 517D0F0E: public key "Linux Kernel Archives Verification Key <ftpadmin@kernel69296.org>" imported
      gpg: Total number processed: 1
      gpg: imported: 1
      
2. Import File
   
   
   1. Save the PGP public key above to a file. The file should contain the entire block from the "BEGIN PGP PUBLIC KEY BLOCK" line to the "END PGP PUBLIC KEY BLOCK" line (get the dashes on those lines as well).
   2. If you saved the file as ftpadmin.txt you would issue the command gpg --import ftpadmin.txt
      
3. Obtain from a Keyserver
   
   
   1. Public keys are normally available from a key server, but you need to know which key server or key servers have the key. In this case the key is available from wwwkeys.pgp.net, so you could issue the command gpg --keyserver wwwkeys.pgp.net --recv-keys 0x517D0F0E presuming you know the key id is the hexadecimal value 517D0F0E.

After you have imported a key, you can verify it is on your keyring using the command gpg --list-keys. You can delete a key with the command gpg --delete-keys. E.g., suppose I have the ftpadmin@kernel69296.org public key on my keyring, but wish to delete it. I can issue the command gpg --delete-keys ftpadmin@kernel69296.org to remove it from the public keyring. It is possible that you may have multiple public keys for the same email address. Perhaps you have one that is no longer used by the person to which it belongs and want to delete that specific one. You can use the key id associated with that one, e.g. gpg --delete-keys 517D0F0E in this case.

The key id is the sequence of numbers and letters after the slash that you see when you list the keys on the keyring. E.g. for the Linux Kernel Archives Verification Key, I see the following, if I issue the command gpg --list-keys when it is on my public keyring:

pub  1024D/517D0F0E 2000-10-10 Linux Kernel Archives Verification Key 
<ftpadmin@kernel69296.org>
sub  4096g/E50A8F2A 2000-10-10

In this case, the key ID is 517D0F0E

References:

1. The GNU Privacy Guard (GnuPG)

[/security/encryption/gnupg] permanent link

Using ScanOST to Repair OST Files

Sometimes an Outlook Offline Folder file, i.e. an outlook.ost file, will become corrupted. In such cases you can use Microsoft's OST Integrity Check Took, scanost.exe, to analyze and, hopefully, repair any corruption in the file.

[ More Info ]

[/network/email/clients/outlook] permanent link

Suspending An Errant Process with PsSuspend

Quite often I will find some process, usually Internet Explorer or Firefox, will go amuck and start consuming most of the CPU cycles. I usually have to kill the process through the Task Manager, which can be run by hitting the Ctrl, Alt, and Del keys simultaneously and selecting "Task Manager". You can then select the misbehaving application by clicking on it and kill it by then clicking on "End Task". Another alternative for killing a misbehaving task is to get a command prompt and use the taskkill command, which is available on Windows XP and 2003 systems.

There are occasions, though, where I only want to suspend the errant process, not kill it. For instance, if Internet Explorer is the errant application, but you have multiple copies of Internet Explorer open, killing the one that is not responding through the Task Manager will result in all of the other copies of Internet Explorer closing as well.

An alternative is to use the free Sysinternals utility PsSuspend, which allows you to suspend a process temporaily and then resume it when you choose. The PsSuspend command is run from a command prompt. With it you can suspend a process on the system on which you run it or you can even suspend a process on a remote system, if you have administrator access to that system. By using PsSuspend, I can suspend just the one errant Internet Explorer process allowing me to continue working with other open copies of Internet Explorer or other applications without the system being bogged down so much by the errant process consuming 95% to 100% of the CPU's cycles, making working on the system aggravating.

[ More Info ]

[/os/windows/software/utilities/sysinternals] permanent link

Installing and Uninstalling digestIT 2004 with WPKG

I installed digestIT 2004, a program that can generate an MD5 sum for a file, with WPKG, a software deployment, upgrade and removal script for Windows. I had never tried removing a program from a system before with WPGK, so I decided to test a deinstallation of digestIT 2004. You can remove a program from a system using WPKG by removing the program's entry from the appropriate section or sections of WPKG's profiles.xml file. When I initially tried to remove the digestIT 2004, the uninstall failed. I realized I had an incorrect removal section for it in WPKG's packages.xml file, which I then corrected. But even after I made the correction, WPKG was still trying to use the incorrect removal instruction from the previous version of packages.xml.

I then discovered that WPKG creates a c:\windows\system32\wpkg.xml file on the systems where you install software using WPKG. Even though I was updating the packages.xml file on the server from which I was installing the software, WPKG was not looking at it for the uninstall instruction. Instead it was checking the wpkg.xml file in the c:\windows\system32 directory on the system on which I had installed digestIT 2004. The instruction for removing digestIT 2004 in that file was the one placed in the file when I installed the software, so it was the incorrect version. I made the correction in the wpkg.xml file as well and then was able to uninstall the program using WPGK.

[ More Info ]

[/os/windows/software/wpkg] permanent link

Installation of RealPopup 2.6 Build 167

When I installed RealPopup 2.6 Build 167 on a new system at a site that uses RealPopup for communications among users on the LAN at the site, I received the error message below:

Error
C:\WINDOWS\system32\mfc71.dll The existing file is marked as read-only. Click Retry to remove the read-only attribute and try again, Ignore to skip this file, or Abort to cancel installation. [ Abort ] [ Retry ] [ Ignore ]

I copied the existing file to another location and chose "Retry" to remove the read-only attribute on the existing file and replace it. I checked the version numbers of the one that had been on the system and the one that RealPopup placed on the system afterwards by right-clicking on the files and choosing "Properties" then "Version". The one placed on the system by RealPopup was a later version, though they are the same size. The system has Windows XP Professional Service Pack 2 installed.

mfc71.dll

	Previous	New
File version	7.10.2292.0	7.10.3077.0
Date modified	Wednesday, January 29, 2003, 11:34:40 PM	Wednesday, March 19, 2003, 6:19:59 AM
Size	1.01 MB (1,060,864 bytes)	1.01 MB (1,060,864 bytes)
MD5 Sum	dee7a82b7ebe7ae2b21d611580bcb911	f35a584e947a5b401feb0fe01db4a0d7

The mfc71.dll is a Dynamic Link Library (DLL) file with a description of "MFCDLL Shared Library - Retail Version". It is is the module that contains the Microsoft Foundation Classes (MFC) functions used by applications created in Microsoft Visual Studio.

References:

1. MFC71 - MFC71.dll - DLL Information
   WinTasks DLL Library

[/os/windows/software/network/chat] permanent link

Fuser

You can use the fuser command on Unix or Linux systems to determine if any process has a file open or determine the specific process that has the file open. The fuser program is usually locate in /sbin, so you will need to spcificy /sbin/fuser if it isn't in your path.

The output of the command may differ somewhat depending on the operating system you are running. I've found that on a Solaris 7, Solaris 10, and SGI IRIX64 system that a command like fuser somefile.txt will return the filename followed by a colon and then the process ID (PID) of the process that has the file open with a letter code indicating how the file is being used. The letter code will be an "o", if the process is using the file as an open file. Fuser will still return the filename followed by a colon even if no process has the file open.

fuser somefile.txt
somefile.txt

However, on a Linux system, specifically a Redhat Linux 9 system, nothing is returned, if no process has the file open. You have to use a "-a" option if you want the same response as on the Unix systems mentioned above. If you use the "-a" option, you will see the filename followed by a colon and nothing else, but then you will also see "no process references; use -v for the complete list" on a line below.

$ /sbin/fuser -a somefile.txt
somefile.txt:
No process references; use -v for the complete list

I also don't see a letter code appended to the end of the PID when I run fuser on a Linux system and some process has the file open.

If you run fuser from a regular user account, you may get an indication that no process has a file open when a process owned by another account has the file open. E.g. I know that the /var/log/maillog file is open, but checking it with fuser from a user account doesn't show that the file is open. But, if I rerun fuser from the root account, I do see which PID has the process open and can issue a ps -p command followed by that PID to see the name of the process that has the file open.

$ /sbin/fuser /var/log/maillog
$ /sbin/fuser -a /var/log/maillog
/var/log/maillog:
No process references; use -v for the complete list
$ su - root
Password:
# fuser /var/log/maillog
/var/log/maillog:     2599
# ps -p 2599
  PID TTY          TIME CMD
 2599 ?        00:00:14 syslogd

You can kill a process that has a file open with the "-k" option, e.g. fuser -k somefile.txt

[/os/unix/commands] permanent link

Mboxgrep Installation on Solaris 10

Mboxgrep is a nifty little utility for finding particular messages in a mailbox on a Unix or Linux system. It allows you to scan an entire mailbox file for messages using a regular expression. Its features include the following:

Features:

• support for mbox (either plain or compressed), MH, nnmh, nnml and maildir folders
• ability of reading mbox folders and out from another mboxgrep process from standard input
• support for basic and extended POSIX regular expressions, and optionally, Perl-complatible regular expressions (if linked with the PCRE library)
• ability of limiting the search to message body or headers (although the whole message is scanned by default)
• message counting
• recursive search through directories
• ability to invert the sense of matching
• ability to write found messages to another mailbox
• filtering duplicate messages

But if you have a default Solaris 10 installation, you may have to set path variables appropriately to compile and run it.

[ More Info ]

[/os/unix/solaris] permanent link

NicTech.BM2 guard.tmp file

Microsoft AntiSpyware reported the presence of NicTech.BM2 on a Windows XP system. It did not report any other files or registry keys associated with the malware. I did not find any processes running that appeared to be related to that file, which I removed.

I submitted the file for analysis by 14 different antivirus programs to Jotti's Online Malware Scan. One half of the antivirus programs reported the file as being associated with malware.

BitDefender	Adware.Look2me
Dr. Web	Adware.Look2me
Fortinet	Adware/Look2me
Kaspersky Anti-Virus	not-a-virus:Adware.Win32.Look2Me.u
NOD32	Win32/Adware.Look2Me application
Norman Virus Control	Look2Me.U
VBA32	AdWareLook2Me.u

[ More Info ]

[/security/spyware] permanent link

Oracle Acquires Sleepycat

Oracle has acquired database developer Sleeycat Software, Inc., which produces open-source database software and will add Sleepycat's Berkeley DB to its line of embedded databases.

Sleepycat's Berkeley DB may be the most sidely used open-source database software with an estimated 200 million deployments. Bekeley DB is a programmatic toolkit that provides fast, reliable, scalable, and mission-critical database support to software developers. I use it for makemap hash support for Sendmail.

References:

1. Oracle Pounces on Sleepycat
   By John G. Spooner
   eweek.com
   February 14, 2006
2. Installing Sendmail on Solaris

[/software/database] permanent link

Spam from 211.32.91.234

Looking through email logs for this week, I noticed someone attempted to send email from IP address 211.32.91.234 to an email list on the system that I invalidated over a month ago. The email was coming from an IP address that appears to belong to a South Korean Internet Service Provider (ISP), which was suspicious, sine the address was only supposed to be known by 4 to 5 people in an office of an organization in the U.S. The office was closed down at the end of last year.

The email was blocked because the sending IP address was on a blacklist that I use to curtail spam coming into the email server. When I checked the IP address against other blacklists, I found it was present on several lists. The system may be running an open SOCKS proxy service.

[ More Info ]

[/network/email/spam/blocklists] permanent link

Incompatibility between OpenSSH for Windows and ClamWin

When I attempted to scan a directory with 83 .exe files with ClamWin, the scan completed almost instantly and I saw the message below.

-------------------
Completed
-------------------


I was skeptical that any scan had actually been conducted. I suspected a cygwin.dll incompatibility, since I also had installed OpenSSH for Windows to set up the Windows 2000 Professional system as an SSH server. So I got a command prompt and attempted to run clamscan on one of the files in the directory. The ClamWin application uses clamscan.exe to do the actual scanning for viruses. Sure enough, when I ran clamscan, I received a message, which is shown below, informing me that there was a likely cygwin.dll compatibility problem instructing me to search for multiple versions of cygwin1.dll on the system.

C:\Program Files\Security\AntiVirus\ClamWin\bin>clamscan \zips\11700.exe
C:\Program Files\Security\AntiVirus\ClamWin\bin\clamscan.exe (1356): *** system
shared memory version mismatch detected - 0x75BE0074/0x75BE0084.
This problem is probably due to using incompatible versions of the cygwin DLL.
Search for cygwin1.dll using the Windows Start->Find/Search facility
and delete all but the most recent version.  The most recent version *should*
reside in x:\cygwin\bin, where 'x' is the drive on which you have
installed the cygwin distribution.  Rebooting is also suggested if you
are unable to find another cygwin DLL.

I looked at the versions of cygwin1.dll which came with each application and found the versions shown below. The cygwin1.dll files are in the Clamwin\bin and OpenSSH\bin subdirectories underneath \Program Files, if you installed the applications in the default directories. You can check the version number for the dll files by right-clicking on them and selecting "Properties" and then clicking on the "Version" tab of the window that opens. You will see "File Version" listed near the top of the window then. You will also see "Product Version" listed under the "Item name" section of the version window. You will need to click on "Product Version" to see the value for it. The timestamps on the files also showed the ClamWin version of cygwin1.dll to be a later version.

Program	Program Version	Cygwin1.dll File Version	Product Version	Timestamp
ClamWin	0.88	1005.18.0.0	1.5.18	July 03, 2005, 11:30:52 AM
OpenSSH	3.8.1p1-1	1005.10.0.0	1.5.10-cr-0x5e6	Tuesday, May 25, 2004, 9:07:50 PM

Obviously, ClamWin 0.88 has a later version of the DLL file cygwin1.dll than OpenSSH for Windows 3.8.1p1-1. I shouldn't have had a problem if the later version was loaded into memory, so OpenSSH must have started first. Windows won't load another version of a DLL file with the same name as one already loaded.

You can resolve such a problem by overwriting the older version with the newer version. In this case, since OpenSSH for Windows had its copy of cygwin1.dll loaded in memory already, I couldn't overwrite its copy of the dll file without stopping it first. Otherwise I would get an error message "Cannot copy cygwin1: There has been a sharing violation. The source or destination file may be in use." So I stopped OpenSSH with the command net stop opensshd, copied the newer version of the cygwin1.dll file from Clamwin's bin directory to the OpenSSH bin directory, overwriting the existing version, and then restarted OpenSSH with net start opensshd. Note: if you have any SSH connections open, you will need to close those as well in order to overwrite the cygwin1.dll file in the OpenSSH bin directory.

I then rescaned the directory I had been trying to scan with ClamWin earlier. This time it took considerably longer to finish and produced a report at the end indicating the number of directories and files it had scanned. It found 3 infected files in the directory.

[/security/antivirus/clamav] permanent link

Site Not Present in the Wayback Machine

Due to a power outage at the facility where I house my web server, I was unable to access it today. There was some PHP code I wanted to retrieve from one of my webpages. I had obtained the code from another site, but was unable to relocate the information with a Google search. I had posted the information relatively recently and didn't think I had it on a server where I keep a backup of the website files. I thought I would check the Wayback Machine to see if the information was archived there, but found that there was no archive of this website, which I've maintained for about two years now.

The Wayback Machine aka Internet Archive is an attempt to preserve a historical record of the Web, just as libraries perserve written materials for posterity.

In the words of its maintainers:

The Internet Archive is a 501(c)(3) non-profit that was founded to build an .Internet library,. with the purpose of offering permanent access for researchers, historians, and scholars to historical collections that exist in digital format. Founded in 1996 and located in the Presidio of San Francisco, the Archive has been receiving data donations from Alexa Internet and others. In late 1999, the organization started to grow to include more well-rounded collections. Now the Internet Archive includes texts, audio, moving images, and software as well as archived web pages in our collections.

I've encountered instances where I or someone else had a bookmark to a site with needed information that was once there, but when I attempted to visit the bookmarked webpage again, the site no longer existed or the relevant information was no longer there. And I couldn't find it anywhere else on the web. But in several such instances I've been able to go to the Wayback Machine, type in the site's address and locate the information in an archive of the website within the Wayback Machine. The Wayback Machine will often have snapshots of the site at various points in time. So, if the site existed two years ago, but is no longer present, you may still be able to retrieve information it contained from the Wayback Machine.

Since this site wasn't there, I wanted to add it. The FAQ for the site states that you can go to Alexa Web Search -- For Webmasters to submit your site to an Alexa search, which will result in it being incorporated into the Internet Archive. The FAQ states "Sites are usually crawled within 24 hours and no more then 48. Right now there is a 6-12 month lag between the date a site is crawled and the date it appears in the Wayback Machine."

I submitted my site, but then realized I probably should have waited until power is restored to the facility where the webserver is housed, since I don't know what will occur if the Alexa webcrawler tries to access it, but finds it isn't accessible. Will it try again later or just discard the request? I suppose I should resubmit the request once the site is available again.

Some of you may recall another "Wayback Machine". There was a cartoon, "Peabody's Improbable History", which I used to watch as a boy. In it a boy, Sherman, and his erudite talking dog, Mr. Peabody would travel back in time each episode using Mr. Peabody's time machine, which was called the "Wayback Machine". They would then fix problems to make sure history would turn out the way we know it.

References:

1. Internet Archive
   Universal Access to Human Knowledge
2. Peabody's Improbable History
   Don Markstein's Toonopedia
3. Mr. Peabody
   Wikipedia
4. Hollywood on Shakespeare and Bacon
   Sir Francis Bacon's New Advancement of Learning

[/network/web/search] permanent link

PWS.Bancos.A (Password Stealer) False Positive

When I remotely logged into a user's system this morning to check an FTP transfer log on it prior to running a backup of the system, I saw Microsoft AntiSpyware's scan report indicated it had detected one item during its nightly scan of the system. The spyware it detected was "PWS.Bancos.A (Password Stealer)".

When I looked at the registry key values detected, I saw they referred to "Intel\Landesk\VirusProtect6" (see Scan Results).

The Intel LANDesk software allows enterprises to manage client PCs¹, so I thought this might be a false positive.

The spyware definitions on the system were version 5805 (2/11/2006 8:12:18 AM).

Microsoft AntiSpyware Version: 1.0.701
This version expires on: 7/31/2006
Spyware Definition Version: 5805 (2/11/2006 8:12:18 AM)

After finding PWS.Bancos.A Password Stealer on the user's system, I checked the Microsoft Antispyware results from its early morning run on my wife's PC. I found the same report of PWS.Bancos.A being detected with references to the same registry entries. And a short time later, I received an email from the vice president of the company where I had found the first report of the problem. She had also found the same scan results when she came in to the office to work on her system.

After extensive searching for any postings regarding this detection, I did find an indication that it was a false positive in a February 10, 2006 posting at Siljaline's IE & Security Blog, where I found the following posted.

Definitions "5807" released to address a false-positive detection some essential components of several Symantec Corporate Antivirus versions are being identified as PWS.Banco.A

The 3 systems in question are all running Symantec AntiVirus Corporate Edition 8.0. I monitor the installation of programs on systems with Inctrl. Inctrl² can record the file and registry changes that occur during software installation. Looking at an installation report for SAV 8.0, I found that the Software\Intel\Landesk registry keys were created during the installation of that software.

According to Trend Micro, the company was one of the original developers of the Intel LANDesk Virus Protect (LDVP) technology ³. But in 1998, Symantec purchased Intel Corporation's anti-virus business and also licensed Intel systems management technology which it combined with its own antivirus technology⁴.

Inside Microsoft Antispyware, I went to "File" and selected "Check Updates". Newer spyware definitions were downloaded and I then saw the version number listed as 5807 when I selected "Help" and "About Microsoft AntiSpyware".

Microsoft AntiSpyware Version: 1.0.701
This version expires on: 7/31/2006
Spyware Definition Version: 5807 (2/11/2006 8:12:18 AM)

When I ran a full scan with those definitions nothing was detected. I updated the definitions on my wife's system and ran a scan of her system also. Likewise, this time nothing was detected.

For anyone who finds Microsoft AntiSpyware is reporting a false positive, Microsoft provides a False Positive Report Form.

Reference:

1. LANDesk Management Suite 8.6
   Network America
2. Stay in Control
   PC Magazine
   By Neil J. Rubenking
3. Trend Micro Offers Free Upgrades And Support to Intel Landesk Virus Protect Customers Worldwide
   Trend Micro
   1998 Press Release
4. Symantec buys Intel's Anti-Virus Business
   Symantec Corporation
   September 28, 1998
5. MS Anti-Spyware Defs. "5807" now available
   Siljaline's IE & Security Blog
   Posted Friday, February 10, 2006 3:41 PM by siljaline
6. Microsoft AntiSpyware False Positive Report Form
   Microsoft Corporation

[/security/spyware/MS-Antispyware] permanent link

RTF Converter

If you need a utility to convert RTF files to HTML, you can use rtf-converter.

The program won't put in the <html>, <body>, etc. tags, so you will have to add those manually. I've also found it doesn't deal well with underlining in the RTF file and, though it will put in <br> tags for line breaks, it doesn't break the line at those spots in the output, so you'll have to do some editing to the resultant HTML output files. To put in line feeds, I use the following vi command to insert them after the <br> tags.

:1,$ s/<br>/<br>\r/g

You will need a C++ compiler to compile the source code into an executable file.

[/languages/c++] permanent link

Passive Spam Block List (PSBL) Added

I added the Passive Spam Block List (PSBL) to the spam blacklists I employ on my email server. I now am using six different blacklists on the system to combat spam. The ones I'm now using are as follows:

Blitzed Open Proxy Monitor List
Open Relay Database
Composite Block List (CBL)
McFadden Associates E-Mail Blacklist
Spam and Open Relay Blocking System (SORBS)
Passive Spam Block List (PSBL)

To add the PSBL to the blacklists queried by sendmail, I added the following line to /etc/mail/sendmail.mc.

FEATURE(`dnsbl', `psbl.surriel.com', `"550 Mail from " $`'&{client_addr} " refused - see http://psbl.surriel.com/"')dnl

I then regenerated the sendmail.cf file from the sendmail.mc file and restarted sendmail with the commands below.

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart

[/network/email/spam/blocklists] permanent link

Who Is Logged On?

If you need to determine who is logged into a Windows system, there are several alternatives for collecting that information from a command line interface. One of method is to use a Visual Basic script to determine who is logged on, such as the WhoLogon.vbs script by Guy Thomas. Or you can use the free PsLoggedOn utility by Mark Russinovich at Sysinternals. There is also a whoami utility within the Native Win32 ports of some GNU utilities, which contains ports of some common GNU utilities to native Win32.

[ More Info ]

[/languages/vbs/sysadmin] permanent link

Why Is Email From a Hotmail.Com or MSN.Com Account Rejected?

I have received reports from three users recently that email addressed to the users from either a hotmail.com or msn.com email address is not getting through. The reason is that the hotmail.com servers, which handle email from hotmail.com and msn.com accounts, are currently on the SORBS blacklist.

[ More Info ]

[/network/email/spam/blocklists] permanent link

Creating an ISO File From a CD on Solaris 10

Insert the data CD from which you wish to create an ISO file in the CD-ROM drive. Then issue the command below when the CD is mounted.

mkisofs -r -R -J -l -L -o /dirname/filename.iso /cdrom/cdname

You specify the name of the ISO-9660 output file with the -o parameter. You can include the full path name prior to the filname.

The last argument on the line is the location of the CD you wish to use. When you insert the CD, you should see a File Browser window open with this information. E.g., if I was copying a Slax Linux CD, I might see /cdrom/slax.

You can see the meaning of the other parameters by issuing the command mkisofs -help or by going to YoLinux Tutorial: Burning a CD.

Note: you may have a problem copying CDs using the Joliet format rather than the standard ISO-9660 format. The Joliet format is a Microsoft extension to ISO-9660. It uses Microsoft Windows 95 like 8.3 file names with translation to 64 character names. If you create an ISO file from the CD and get a .iso file that is only a few hundred kilobytes in size, that is likely the cause of the problem.

References:

1. YoLinux Tutorial: Burning a CD

[/os/unix/solaris] permanent link

Pcal

If you need to generate a calendar in HTML, Pcal will allow you do generate one. To generate an HTML file you specify the -H parameter. You specify the output file with the -o parameter. Otherwise output will go to standard output, e.g. the screen. You can specify that a calendar be created for an entire year by putting a two digit representation of the year at the end of the command line. You can specify text to be used for both the title of the webpage, i.e. what you commonly see in the top line of your browser, and for the webpage heading by using the -C parameter. E.g. to create a file /tmp/mycalendar.html for 2006 with a title and heading of "My 2006 Calendar", you could use the command below. Remember, the case of the letters you use for the parameter is significant. A -O is not the same as a -o.

pcal -H -o /tmp/mycalendar.html -C "2006 Calendar" 06

2006 Calendar created by the above command. The program can also produce postscript output.

If a file exists by that name in the specified directory, it will be overwritten. I've created a simple BASH script, generate-calendar, that takes 3 parameters, two of which are optional, that will check if the output file exists. If it does, it will prompt as to whether it should be overwritten.

Usage: generate-calendar -o output_file [-t title]  [-y yy]

The script takes optional title and year arguments

-o specifies the HTML output file, e.g. /example/index.html
-t specifies the title and heading for the HTML file
   If there is a space in the title enclose it in double quotes
-y specifies the year for the calendar, e.g. 06
   If no year is specified, the calendar will be created only
   for the current month

A companion program for pcal is Lcal, which generates a graphical "lunar phase" calendar for an entire year.

[/os/unix/programs/utilities] permanent link

Including Files in a Web Page with PHP

If you want to pull in code from other files into your webpages, you can use the PHP include function.

Suppose you want to include a header and footer file in each webpage you create so that you don't have to type the same HTML code into each webpage to get a standard header and footer for each webpage. You can create a template directory beneath the root directory of your website and put two files there: header.php and footer.php. The files can contain standard HTML code, though of course you just have the snippets of code you need not the <html>, <body>, and other tags you would have in a complete webpage.

For instance, suppose you just want to include a logo for your site at the top of every page. You could create a header.php file with just the following code.

<div id="header" align="center">
<img src="/images/mplogo-white.jpg" alt="MoonPoint Support Logo">
</div>

Let's suppose that you have two directories called examples and template beneath the root directory for your website. You place all template files, such as header.php, footer.php, menu.php, etc. in the template directory. You want to place those in every webpage on your site. In the examples directory you have a webpage titled mywebpage.php. To include the header file in the page you could insert the following line at the appropriate place in mywebpage.php. You would insert similar lines for any other files you wished to include.

<?php include("../template/header.php"); ?>

Now, whenever you want to change the header file, you don't have to edit every webpage on the site and make the needed changes. You just edit header.php.

But one caveat to this approach is that you have to keep in mind the directory structure for the site every time you use the include function. For instance you may have 8 levels of directories beneath the root directory of your website. For a particular dirctory you might need to use <?php include("../../../../../template/header.php"); ?>. Keeping track of the number of dots and slashes you need can be a little cumbersome. And, if you rearrange the directory structure for the site, you may have to edit every webpage in the affected directories to put in the appropriate number of dots and dashes for the new directory structure.

However, you could also insert the following code provided by Paul Whitrow at PHP Include File Path Finder in the webpages instead.

<?php

function incfile($file,$d=""){
while(!is_file($d.$file)){$d.="../";}
include ($d.$file);
}

?>

Then instead of using PHP's include function to insert the header file, you could place the incfile function in your webpages where you want the header to appear, as below. Make sure you have inserted the incfile function code shown above prior to the point where you call it.

<?php incfile("template/header.php"); ?>

You could use either incfile("template/header.php"); or just incfile("header.php");. The incfile function will check the current directory, i.e. the one in which the webpage is located, for a subdirectory named template with header.php within it if you use the first form or will look for header.php within the current directory if you use the second form. If it doesn't find the requested file, then it will put a "../" in front of the directory path and try again. If it still doesn't find header.php, it will prepend another "../" and try again and so on.

So using including the incfile function in your webpages and calling it to look for files you want to include will save you from figuring out how many sets of dots and slashes you need to locate the file you want to include and from having to edit webpages to modify the number of dots and slashes should you alter the directory structure of your website.

One note of warning, though. The file you include must exist. Otherwise your website visitors may see many repetitions of lines like the following when they visit your webpages where you used incfile.

Warning: stat failed for ../../../../../../../../../../../../../../../../../../../.
in /www/mysite/examples/linux/test.php on line 22

References:

1. PHP Include File Path Finder
   By Paul Whitrow
   September 28, 2005

[/languages/php] permanent link

Lists of Blacklists

One way to combat spam at the email server level is to use blacklists, aka blocklists, which are lists of IP addresses of systems known to regularly transmit spam or at least to have recently transmitted spam. Various organizations and companies throughout the Internet create their own lists and then, frequently, to help other email server administrators combat spam, will provide access to those lists to others on a real-time basis.

To find out whether your IP address is on such a list or to see what lists you might use for your own email server, I've created a list of sites that provide links to multiple blocklists from one webpage and also my own list of sites.

[/network/email/spam/blocklists] permanent link

Setting up Apache on a Solaris 10 System

First you need to create an httpd.conf configuration file. There is an example configuration file, httpd.conf-example in /etc/apache2. You can use it as a starting point.

# cd /etc/apache2
# cp httpd.conf-example httpd.conf


Apache will run with the username of webservd and the group of webservd when using the default configuration provided when Solaris 10 was installed, which means you will find the following two lines in the httpd.conf file.

User webservd
Group webservd

With the default setup, you should also have the following entries in /etc/passwd and /etc/group.

# grep webservd /etc/passwd
webservd:x:80:80:WebServer Reserved UID:/:
# grep webservd /etc/group
webservd::80:

You should find the following line within httpd.conf and modify the email address to be the email address which you would like to use to receive email related to problems with the web server.

ServerAdmin you@yourhost.com

Next find the following line.

ServerName 127.0.0.1

ServerName is the name that the server uses to identify itself. It should be set to a valid DNS name for your host, e.g. www1.example.com, or, if no DNS name is available, then the IP address for the system. Note: this does not preclude having multiple domain names handled by one server through virtual hosts. This name should be the primary name for the system if you will have multiple websites hosted on the system with unique domain names. You can also include a port number after the name, e.g. www1.example.com:80.

Next find the following line.

DocumentRoot "/var/apache2/htdocs"

This specifies the directory out of which you will serve your documents. If instead, you would like to place your website under /home/www, you would change the line accordingly. Don't put a slash at the end of the directory name.

With the default configuration, if someone visits your website, the IP address of her system will be stored in Apache's log files. If you want the Fully Qualified Domain Name (FQDN) stored as well, change the following line from "Off" to "On". E.g., if you would like www.apache.org as well as 204.62.129.132, you would change the value to "On".

HostnameLookups Off

Changing the value to "On" means it is more apparent from the log files where your visitors are coming from, but adds additional bandwidth usage, because every time someone visits the website, the server must perform an IP address to name lookup. If you are likey to get only a few hundred or less hits on the websites on the server per day, then the name lookups will be adding little traffic, but if you expect hundreds of thousands of hits a day, it might be preferable to leave HostnameLookups off.

If someone tries to access a webpage on the server, but it doesn't exist or there is some other problem accessing the webpage, errors will be logged in the log file specified below by default. You can have the error log somewhere else on the system by changing the ErrorLog value.

ErrorLog /var/apache2/logs/error_log

A web server can tell browser clients the language that is used for webpages on the server when one is not listed specifically on webpages residing on the server. With the default configuration, the DefaultLanguage value is commented out, i.e. there is a "#" at the beginning of the line.

#DefaultLanguage

If you know all of the pages on your web server will be in one language, you can change this line. E.g., to indicate that all pages on the server are in English, I could change the DefaultLanguage line to the one below.

DefaultLanguage en

When you start Apache, it records its process identification number, aka Pid, in a specified location. The location is controlled by the value of PidFile. Make sure the directory exists. If you use the default value of /var/run/apache2/httpd.pid, you will need to create the /var/run/apache2 directory.

PidFile /var/run/apache2/httpd.pid

I use /var/run/httpd.pid, instead, since the /var/run directory already exists and is used to store other pid files and I don't see a need to have a separate directory under it just for Apache's httpd.pid file, so I have the following line in httpd.conf.

PidFile /var/run/httpd.pid

You will also need to remove the "#" from the beginning of the following line, so that it is no longer commented out.

#LockFile /var/apache2/logs/accept.lock

Otherwise, Apache may not start and you may see lines like the following in error_log

[Tue Feb 07 17:57:40 2006] [emerg] (2)No such file or directory: Couldn't create accept lock

If you want to have multiple websites residing on your web server with each pointing to a different set of documents, then you need to set the VirtualHost configuration parameters. E.g., you might wish to have www.example.com and www.someother.com accessible on the same web server. To have such virtual hosts, first remove the comment from the line below.

#NameVirtualHost *:80

Then copy the "VirtualHost example" section below that line and make whatever chanes you desire. You don't need to specify a unique ErrorLog and CustomLog, but I would normally recommend having separate log files for each website hosted on the server, rather than having all log entries go into an access and error log shared by all sites hosted on the server. An example VirtualHost section is shown below.

<VirtualHost example.com>
ServerName example.com
ServerAlias www.example.com example.com
ServerAdmin webmaster@example.com
DocumentRoot /home/jsmith/www
ErrorLog /home/jsmith/www/logs/example-error_log
CustomLog /home/jsmith/www/logs/example-access_log common
</VirtualHost>


You can have aliases for a particular website by specifying names after ServerAlias. E.g. in the example above, someone could put either http://www.example.com or http://example.com in his browser and be taken to the same website.

Be sure the directores where the log files will be stored have been created before you start the Apache web server. And the DocumentRoot directory should exist also.

Once you have finished editing the /etc/apache2/httpd.conf file, you can start the Apache web server with the command below. Be sure you are logged in as root before issuing the command.

# /usr/apache2/bin/apachectl start

If you made a mistake in the httpd.conf file or want to modify the file for another reason, you can edit it and then restart Apache with the following command.

# /usr/apache2/bin/apachectl restart

Note: if you use the apachectl command to start Apache, it won't restart automatically when you reboot the system, unless you have enabled it as a service or have a script on the system that starts Apache which gets executed at system startup. To enable Apache to run as a service and have it restart when the system reboots, use the command svcadm enable apache (See Using the svc and svcadm Commands ).

Where do you look if Apache won't start? Look in the default error_log file. For instance, if you left the value of ErrorLog for the primary site in /var/apache2/logs, check the error_log file there.

For instance, when I first tried starting Apache it wasn't starting. I looked in the error_log file and saw the following.

[Tue Feb 07 17:38:15 2006] [error] httpd: could not log pid to file /var/run/apache2/httpd.pid

I realized the /var/run/apache2 directory didn't exist and changed the PidFile value in httpd.conf to be /var/run/httpd.pid, instead. When I then tried starting Apache again, as before I didn't get any error message on the terminal indicating it had failed to start, but it wasn't running. I looked in the error_log again. This time I didn't see any additional entries for the above error message, but did see the one below.

[Tue Feb 07 17:57:40 2006] [emerg] (2)No such file or directory: Couldn't create accept lock

So I looked through httpd.conf for any references to "lock". I found #LockFile /var/apache2/logs/accept.lock. I removed the "#" at the beginning of the line and attempted to restart Apache. It then started successfully.

Some additional problems you might encounter

Perhaps you get Apache running successfully, but then attempt to access a website on the server and get the following error message.

Check the permissions on the directory that contains the root of the website. Suppose that the website is housed under /home/jsmith/www. If you see permissions like the following, then the permissions are the cause of the problem.

# ls -ld /home/jsmith/www
drwxr-xr-- 4 jsmith staff 512 Feb 7 18:24 /home/jsmith/www

In this case you would need to change the permissions on the www directory from 754 to 755 so that everyone has execute permission for the directory. And not only do you have to change it for the www directory, but for the directory above it as well, i.e. the user's home directory.

# chmod 755 /home/jsmith
# chmod 755 /home/jsmith/www

[/os/unix/solaris] permanent link

Verizon Tech Support Phone Numbers

If you need technical support from Verizon for dial-up access, DSL service, or ISDN support, you can use the telephone numbers below:

Company	Number	Description
Verizon	1-800-567-6789	Dial-up Access/ISDN (24 hours-a-day, 7 days-a-week)
	1-800-567-6789	Consumer DSL (Dynamic IP)
	1-888-649-9500	Business DSL (Static IP)

[/network/Internet/ISP] permanent link

Foxconn 661M03-G-6L Motherboard Memory

If you have a motherboard with a BIOS ID string of 10/28/2004-SiS-661-6A7I4FK9C-00, then you have a Foxconn 661M03-G-6L motherboard. The Foxconn 661M03-G-6L Motherboard has two 184-pin DIMM slots. You can use PC 3200, PC 2700, or PC 2100 memory in the slots. The motherboard manual states that it supports 128 MB, 256 MB, or 512 MB modules for a maximum capacity of 2 GB, but if it only supports upt to 512 MB per slot, then the maximum memory you can support is 1 GB.

[ More Info ]

[/pc/hardware/motherboard] permanent link

SORBS Blocking Hotmail.Com and MSN.Com Email

I had reports from two users who were informed by inviduals using hotmail.com and msn.com addresses that mail was being rejected when sent to the users. The senders were not able to provide me with the reason for the email being rejected. When I used my own hotmail.com test account, I discovered that was because Hotmail hides that informaton from the Hotmail account holder by default, but Hotmail's settings can be changed to reveal the reason a message is rejected.

When I used my own test account, I found that email from hotmail.com and msn.com accounts was being rejected because the hotmail.com email servers are on a SORBS blocklist.

I resolved the problem by adding the relevant hotmail.com and msn.com email addresses to sendmail's /etc/mail/access file.

[ More Info ]

[/network/email/spam/blocklists] permanent link

Yahoo and AOL Postage Charge

Yahoo and AOL will provide email senders the capability to bypass spam filters on the Yahoo and AOL email servers, if the sender pays a postage fee that would range from 1/4 of a cent to one cent per email address. AOL and Yahoo will use the services of a company called Goodmail Systems to provide the postage-based email service.

By providing the capability to bypass spam filters on their servers, if the sender pays a fee for each email sent, the two companies will be providing mass mailers the capability to ensure that their email reaches recipients rather than perhaps being identified as spam and automatically discarded. The email senders using the service must pledge to send email ony to those who have agreed to receive it. In return they will be able to bypass spam filters and their messages will arrive in recipients' inboxes with a seal indicating that the mesages are legitimate.

References:

1. Yahoo, AOL to Charge Some E-Mail Senders
   By Dan Goodin AP Technology Writer
   ABCNews.com
   Date: February 6, 2006

[/network/email/spam] permanent link

Logical Disk Manager Not Responding

I removed an external 120 GB USB disk drive from a Windows Server 2003 for Small Business Server (SBS) system. The drive in the external USB 2.0 enclosure was full and I replaced it with a new 200 GB drive I just purchased. I plugged the USB external drive enclosure back into the server. I then tried to create a partition on the drive. But when I chose Manage Computer and then selected Disk Management, I got the message below:

Logical Disk Manager

The service did not respond to the start or control request in a timely fashion.

When I tried diskpart from the command line, I got the message The disk management services could not complete the operation.

When I checked the Services on the system, I saw the following:

Name	Description	Status	Startup Type
Logical Disk Manager	Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic
Logical Disk Manager Administrative Service	Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.	Stopped	Manual
Virtual Disk Service	Provides software volume and hardware volume management service.	Stopped	Manual

All of the above service states appear to be normal

The last entry I saw in the System Event Log is shown below:

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date:		2/5/2006
Time:		7:00:18 PM
User:		N/A
Computer:	S
Description:
The Logical Disk Manager Administrative Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion. 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I also saw the following entry appearing several times during the period I was trying to set up the new drive:

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date:		2/5/2006
Time:		7:13:02 PM
User:		N/A
Computer:	S
Description:
The Virtual Disk Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion. 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I stopped and started the Logical Disk Manager service, but still got the same results.

The system does not have Service Pack 1 installed. I see a lot of diskpart related fixes listed for Service Pack 1 at Windows Server 2003 Service Pack 1 as well as references to fixes for Logical Disk Manager problems.

I rebooted the system and the problem no longer existed afterwards.

References:

1. You receive an error message when you use the Diskpart.exe command-line tool to perform storage management on a Windows Server 2003-based computer
   Only4Gurus
   Date: August 20, 2004
2. You receive an error message when you use the Diskpart.exe command-line tool to perform storage management on a Windows Server 2003-based computer
   Microsoft Help and Support
   Date: August 20, 2004
3. Windows Server 2003 Service Pack 1 list of updates
   Microsoft Help and Support
   Date: February 3, 2006

[/os/windows/server2003] permanent link

Adding a Domain Account to the Power Users Group

To add a domain account to the "Power Users" group on a Windows XP system, take the following steps:

1. Click on "Start".
2. Click on "Control Panel".
3. Click on "Performance and Maintenance". If you don't see it, then you are in Windows XP's "classic" view and you can skip to the next step.
4. Click on "Administrative Tools".
5. Double-click on "Computer Management".
6. Click on "Local Users and Groups" in the "Computer Management" window.
7. Double-click on "Groups".
8. Double-clik on the "Power Users" group in the right pane of the window.
9. Click on the "Add" button.
10. In the "Enter object names to select" field, put in the domain account name. E.g. if the domain was "example" and the user name was "Beth", you would put in "example\beth".
11. Click on "Check Names" to verify the name you entered.
12. Then click on "OK", if it was accepted. A "name not found" window will open if it wasn't accepted.
13. Click on "OK" to close the "Power Users Properties" window, which should now show the name you added.

[/os/windows/domain] permanent link

Get ARP Table

I needed to be able to get the ARP table from Cisco devices, so I created get_arp, a Perl script which will query a router, switch, etc. via SNMP and obtain the ARP table from the device. There are two mandatory arguments for the script, the hostname or IP address for the device and the read-only community string for the device. If given only those two arguments, the script will produce output similar to what is shown below:

% ./get_arp 192.168.220.76 tViSoN1a
ARP table for 192.168.220.76 on Wed Feb  1 22:21:38 2006

192.168.220.65 = 0:30:f2:ec:17:fc
192.168.220.66 = 0:30:f2:ec:8b:fc
192.168.220.67 = 0:30:f2:ec:17:ff
192.168.220.68 = 0:30:f2:ec:8b:ff
192.168.220.69 = 0:90:b1:81:e9:0
192.168.220.70 = 0:60:3e:7e:c7:40
192.168.220.75 = 0:9:b7:7d:e6:0
192.168.220.76 = 0:60:3e:7e:1e:a0
192.168.220.77 = 0:f:f7:5b:b:0
192.168.220.78 = 0:f:f7:5d:64:f0

An optional argument "--nomac" will cause the script to only display the IP addresses in the ARP table, not the MAC addresses associated with the IP addresses as shown below:

% ./get_arp --nomac 192.168.220.76 tViSoN1a
ARP table for 192.168.220.76 on Wed Feb  1 22:21:49 2006

192.168.220.65
192.168.220.66
192.168.220.67
192.168.220.68
192.168.220.69
192.168.220.70
192.168.220.75
192.168.220.76
192.168.220.77
192.168.220.78

To use the script, download the script and use chmod 744 to make the script executable by the owner. Modify the first line, if Perl is located somewhere else on your system, which you can determine by the command which perl. The script relies on the snmpwalk utility, which is available from http://www.net-snmp.org/. You can determine if it is available on your system already by issuing the command which snmpwalk.

[/network/snmp] permanent link