MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
November
Sun Mon Tue Wed Thu Fri Sat
           
           
2014
Months
Nov


Sat, Nov 29, 2014 2:02 pm

Creating a Windows 8 System Repair Disc

For any Microsoft Windows system, you should ensure that you have a Microsoft Windows Repair Disc to aid in recovering from problems before you experience some problem on the system that makes the system unbootable. A Windows Repair Disc is a bootable disc that can be created inside Microsoft Windows which will contain a number of repair tools that will allow you to recover from some types of problems that can make a system unbootable from the hard drive. Steps to create a repair disc in Windows 8 are posted here.

[/os/windows/win8] permanent link

Wed, Nov 26, 2014 11:28 pm

Logging on a Verizon MI424WR-GEN2 Router

The Actiontec MI424WR-GEN2 router/firewall provided by Verizon to business clients has a system log that is viewable by logging into the router and also supports sending logging information to a syslog server. The steps to view the log and/or set the device to send information regarding connections through the firewall can be found here.

[/network/routers/actiontec/MI424WR] permanent link

Wed, Nov 26, 2014 8:49 pm

Opening a file in Chrome

If you need to open a file on your hard drive in Google's Chrome browser, you can use the keyboard shortcut Ctrl-O, i.e., by hitting the Ctrl and O keys simultaneously. Or, if you want to open a file on drive C: on a Microsoft Windows system, you can put C:\ in the browser's address bar. The address will change to file:///C:/, i.e., the word "file" followed by a colon and 3 forward slashes and then the drive letter specified, colon, and forward slash, which conforms to the standard file URI scheme for accessing file-based URLs. You can then navigate to the file you wish to open in the browser. Or, if you know the full path, you can put it in the address bar, e.g., c:\users\jdoe\documents\index.html.

[/network/web/browser/chrome] permanent link

Wed, Nov 26, 2014 6:58 pm

Turning McAfee Total Protection Real-time protection off

Sometimes you may wish to temporarily disable the antivirus software on a system in order to scan the system with other antivirus/antispyware software. If you are using McAfee Total Protection as the antivirus software on a system, instructions for turning off its real-time scanning feature are listed here.

[/security/antivirus/mcafee] permanent link

Tue, Nov 25, 2014 10:35 pm

Checking on process memory consumption on a Windows system

Sometimes when checking on excessive memory usage on a Microsoft Windows system with the Task Manager I see that many instances of a particular process may be listed. I wanted a way from a command prompt to total the amount of memory consumed by processes with a particular name, e.g. chrome.exe, so I created a showmemusage.bat batch file to allow me to specify a particular process name and then have the script add the memory usage for all processes with that name.

[ More Info ]

[/os/windows/commands/batch] permanent link

Sun, Nov 23, 2014 11:20 pm

Copssh 5.0.1

If I will need to remotely troubleshoot a system, I like to have the system functioning as an SSH server, so that I have a means to log into the system over an encrypted connection to a command line interface. Microsoft Windows sysems don't come with SSH server software from Microsoft, but there are third-party applications that allow you to set up a Microsoft Windows system as an SSH server. By using an SSH connection to obtain a Windows command prompt, I can log into the system for troubleshooting while the user continues to work on the system without interfering with the user's work. One software package that I've found that works well for that purpose is Copssh (Gygwin + OPenSSH).

[ More Info ]

[/reviews/software/windows/network/ssh] permanent link

Sat, Nov 22, 2014 11:46 pm

Appending a date to a filename in batch files

I wanted to append today's date to a file name for a file processed by a batch job on Microsoft Windows systems, specifically a Small Business Server (SBS) 2003 system and Windows 7 and 8 systems. You can obtain the current date using the date /t command (the /t option prevents the command from prompting for a change to the date) or by using echo %date% to display the contents of the date environment variable. However, both of those display the date in the form DDD mm/dd/yyyy, where DDD is the day of the week represented by a 3-character abbrviation, e.g., "Sat", mm is a two-digit representation of the month, e.g., "11" for November, dd is the day and yyyy is the year, on the Windows systems I support.
C:\>date /t
Sat 11/22/2014

C:\>echo %date%
Sat 11/22/2014

You can reformat the representation of the date that is stored in the %date% environment variable, however. I wanted the date in the form yyyymmdd, so that I could stick that at the end of filenames to represent the rotation date for a log file. You can use a command like the one below where a variable, YYYYMMDD is set to hold the reformatted date (the variable name can be anything you like, e.g., mydate, etc., but that name reminds me of the format I'm using for the date.

C:\>set YYYYMMDD=%DATE:~10,4%%DATE:~4,2%%DATE:~7,2%

C:\>echo %YYYYMMDD%
20141122

The substring arguments to extract the elements of the date string are in the format %variable:~startposition,numberofchars%, so if the "S" in Saturday in the string "Sat 11/22/2014" is at position 0, the 10th character is the "2" of 2014 and I want 4 characters, i.e., "2014", so %DATE:10,4% will give me those characters. Or you can also think of the first number as the numer of characters to be skipped, i.e., %variable:~num_chars_to_skip,numberofchars%. I can then append %DATE:~4,2% to get "11" for the month followed by %DATE:~7,2% to extract the day, i.e., "22" if the date is November 22, 2014 represented in the %DATE% variable as "Sat 11/22/2014".

References:

  1. How to append a date in batch files
    Posted: May 14, 2009
    stackoverflow
  2. Extracting a Substring from a String under Microsoft Windows
    MoonPoint Support

[/os/windows/commands] permanent link

Sat, Nov 22, 2014 10:00 pm

Items detected by a ClamWin Scan on 2014-11-22

In continuance of an effort to ensure that all malware has been removed from a Windows 7 Professional system, I scanned the system with ClamWin Free Antivirus today. It identified 12 suspect items, but I'm not sure any of those contributed to excessive memory usage I saw at times on the system yesterday from explorer.exe consuming more than 1/2 the 6 GB of memory on the system for prolonged periods.

[ More Info ]

[/security/malware] permanent link

Sat, Nov 22, 2014 12:25 pm

Determing the location of a Microsoft Windows DNS log file from a command prompt

If you need to determine the location of the log file for a Microsoft Windows server functioning as a DNS server from the command line, you can do so through a reg query command.
C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
    LogFilePath    REG_SZ    d:\logs\dns\dns.log

You can reduce the output displayed to just the line containing the log file location by piping the output of the reg query command into the find command.

C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath | find "LogFilePath"
    LogFilePath    REG_SZ    d:\logs\dns\dns.log

If you wish to see just the log file location and not the other information returned by the reg query command, you can use a FOR /F loop command such as the following:

C:\>for /f "tokens=3" %g in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') do @echo %g 
d:\logs\dns\dns.log

C:\>

The FOR /F loop breaks up a line of output from the command that is being processed into items, called "tokens" that are separated by space on the lines of output from the command. In this case, I'm only interested in the third token on the line of output, which is the location of the DNS log file. The output that is being processed is the result of piping the output of the reg query command into the find command. Since the pipe symbol, i.e., the vertical bar character |, has a special meaning for the Windows operating system, you need to place an "escape character", which for Windows is the caret symbol, ^, immediately before it. You also need to put the at symbol, @, before the echo command to avoid seeing the echo command itself as output.

If you wish to use a batch file to execute the commands to find the log file location, you need to replace the %g with %%g as shown below.

@echo off
FOR /F "tokens=3" %%G IN ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') DO echo %%G

The registry key and the value to be queried can also be placed in environment variables that can be modified, if you wish to query other registry keys, instead of the one for the DNS log file location, so that it is easier to see what needs to be changed for such other queries.

@echo off

REM Name: queryreg.bat
REM Version: 1.0
REM Created: November 22, 2014
REM Last Modified: November 22, 2014
REM
REM Description: Displays just the value of a registry key from a
REM "reg query regkey /v regvalue" command omitting the additional
REM information that is output by the command

set regkey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"
set regvalue="LogFilePath"

FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO echo %%G

Download: queryreg.bat

[/network/dns/windows/logging] permanent link

Fri, Nov 21, 2014 11:09 pm

Windows DNS Log Analyser

If you've turned on logging for the DNS service provided on Microsoft Windows servers, a useful tool for analyzing the contents of the log file is Windows DNS Log Analyser, which is a small (about 1.44 MB), free program that understands the Microsoft Windows DNS server log file format which will present the information to you in a more easily analyzed format.

[ More Info ]

[/network/dns/windows] permanent link

Thu, Nov 20, 2014 11:17 pm

Enabling DNS Logging on a Microsoft Windows SBS 2003 Sever

DNS logging can be useful when trying to monitor what systems an infected system is trying to contact. The DNS log will show you what DNS queries were sent by the system to the DNS server to look up IP addresses for host names.

[ More Info ]

[/network/dns/windows] permanent link

Tue, Nov 18, 2014 10:51 pm

Checking and changing the Windows Firewall settings on a Windows system

The advfirewall command can be used from a command prompt to check and modify the settings for the Microsoft Windows Firewall software on a Windows Vista, 7, 8, or Server 2008 system.

[ More Info ]

[/os/windows/software/security/firewall] permanent link

Mon, Nov 17, 2014 9:57 pm

COPSSH permission denied message

When I tried connecting from PuTTY on a Windows 8 system to a Windows 7 system running Copssh, a free OpenSSH-based SSH server package for Microsoft Windows systems, I received the message "Disconnected: No supported authentication methods available (server sent: keyboard-interactive)", which appeared in a "PuTTY Fatal Error" window. When I tried connecting using OpenSSH on a SBS 2003 system, I received the message "Permission denied (keyboard-interactive)." I received the same message using the ssh client on a Mac OS X system.

I opened the Copssh control panel on the system and clicked on the Users tab. I had been trying to login with a domain account, but found that the activated users list showed only two local accounts on the system, but no domain accounts. When I clicked on the Add button to add a new user, I found that for the "Domain" setting, the only option I could choose was the local system, since its name appeared, but there was no other value to select in the drop-down list. When I tried using one of the listed accounts for the user name and password, I was able to successfully log in by SSH.

[/os/windows/network/ssh/copssh] permanent link

Sun, Nov 16, 2014 11:28 pm

Malware Detected by Malwarebytes Anti-Malware 2014-11-16

A user who has been experiencing performance problems with her system recently reported it was running particularly slowly on Friday, November 14. I checked the system this weekend. Malwarebytes Anti-Malware detected some files associated with malware, but I'm not certain all problems associated with the system are resolved yet. One of the files, jm78.dll, it reported as associated with malware may have come from a no longer existing website in Russia, but I'm not certain of that, either and don't have time for futher investigation of the system tonight.

[ More Info ]

[/security/malware] permanent link

Sat, Nov 15, 2014 10:43 pm

Finding the proxy setting for Firefox from a command line

If Firefox on a Microsoft Windows system is configured to use a proxy server, you can find the proxy server settings in prefs.js in the account's Firefox profile directory. Searching the file for "network.proxy" will provide the settings.

[ More Info ]

[/network/web/browser/firefox] permanent link

Fri, Nov 14, 2014 10:51 pm

Checking Installed Updates with WinUpdatesList (WUL)

WinUpdatesList (WUL) from NirSoft is a free program that can show you the list of intalled updates on a Microsoft Windows system. It was written by Nir Sofer.

You don't need to go through an install process to use the program, though an installer is available for download from the developer's website. If you don't want to go through an installation process, simply download the zip file containing the executable program from the developer's website and unzip the contents of the zip file. Within the zip file are 3 files:

wul.exe43 KB
wul.chm15 KB
readme.txt9 KB

Note: File sizes are for version 1.32, which is the current version.

The wul.chm file is a Compiled HTML Help file.

When you run wul.exe by double-clicking on it, you will see a list of installed Windows updates, aka "patches". On Microsoft Window 98, ME, 2000, and Windows XP you will see a list of files associated with the patch in the lower pane of the WUL window. On Microsoft Windows 8, 7, Vista, and 2008 systems there is no information on files installed by the update in the lower pane.

WinUpdatesList (WUL)

By default, the list of installed updates is ordered by name, but you can click on the column headers to sort by other criteria. E.g., you can click on the column header Installation Date to sort by date the patch was installed.

You can right-click on an entry in the upper pane of the window and choose "Properties" to see more details as shown in the example below, for the installed patch.

WinUpdatesList (WUL)

The utility can also be run from the command line with the following options:

Command-Line Options

/stext <Filename> Save windows updates list into a regular text file.
/stab <Filename> Save windows updates list into a tab-delimited text file.
/scomma <Filename> Save windows updates list into a comma-delimited text file.
/stabular <Filename> Save windows updates list into a tabular text file.
/shtml <Filename> Save windows updates list into HTML file.
/sverhtml <Filename> Save windows updates list into HTML file. (vertical)
/sxml <Filename> Save windows updates list into XML file.
/another <Windows Folder> connect to another instance of operating system on the same computer (Windows 2000/XP only). You can combine this option with one of the save options in order to save the Windows updates list of another operating system.

Examples:
wul.exe /shtml c:\temp\1.html /another d:\winnt
wul.exe /another f:\winnt

/remote <Computer Name> Connect to remote Windows 2000/XP operating system. You can combine this option with one of the save options in order to save the Windows updates list of a remote computer.

Examples:
wul.exe /shtml c:\temp\1.html /remote \\comp01
wul.exe /another /remote \\192.168.0.101

[/os/windows/software/utilities/nirsoft] permanent link

Thu, Nov 13, 2014 10:41 pm

Determining the version of Flash installed on a system

You can determine the version of Flash installed on a system by visiting BrowserSPY.dk, which can provide a variety of information for your system, and running its Flash test. You can determine what version is the most current by visiting the Adobe Flash Player web page. As of November 13, 2014, the current version is 15.0.0.223. Note: browserspy.dk will display commas in place of the periods when it reports the version, i.e., 15,0,0,223

[/network/web/browser] permanent link

Thu, Nov 13, 2014 10:38 pm

Determining Java version on a Windows 7 system

To determine the version of Java installed on a Windows 7 system, take the following steps, which should also work on other versions of Windows, though you may need to look for "Programs" rather than "All Programs" for the first method, depending on your version of Windows.

Method 1

  1. Click on the Windows Start button, normally at the lower left-hand corner of the screen.
  2. Select All Programs. Scroll down until you see the Java group, then select it and "Configure Java" within it. You will then see a Java Control Panel window appear.

    Java Control Panel

  3. Click on the About button in the Java Control Panel window. An About Java window will appear telling you the version of Java that is installed on the system.

    About Java

Method 2

Obtain a command prompt by clicking on the Windows Start button then typing cmd and hitting return. At the command prompt type java -version and hit return.

C:\>java -version
java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
Java HotSpot(TM) Client VM (build 25.25-b02, mixed mode, sharing)

The version information displayed above is "1.8.0_25". The first method displayed "Version 8 Update 25" for the same version. The number after the underscore in the output from the command line, i.e. "25", is the build number for that version. A version can have many build numbers before the developer increments the version number.

You can determine what version of Java is the latest or download the latest version from www.java.com.

[/software/java] permanent link

Wed, Nov 12, 2014 9:58 pm

Call to undefined function mysql_connect()

I finally resolved problems with access to MySQL databases on a CentOS 7 server from the command line yesterday - see MySQL service not running on CentOS 7 system - but when I visited web pages on the server that rely upon PHP code to access MySQL databases on the server, I was seeing blank pages, though other PHP web pages that didn't have any database access were displaying properly. When I checked the Apache error log for a website where the PHP code should have displayed data from a database, I saw "PHP Fatal error: Call to undefined function mysql_connect()" associated with attempts to load the web page containing the PHP code that connected to the MySQL database.

I verified that the php-mysql package was installed with rpm -qi php-mysql.

# rpm -qi php-mysql
Name        : php-mysql
Version     : 5.4.16
Release     : 23.el7_0.3
Architecture: x86_64
Install Date: Tue 11 Nov 2014 08:26:15 PM EST
Group       : Development/Languages
Size        : 237259
License     : PHP
Signature   : RSA/SHA256, Fri 31 Oct 2014 10:24:56 AM EDT, Key ID 24c6a8a7f4a80eb5
Source RPM  : php-5.4.16-23.el7_0.3.src.rpm
Build Date  : Fri 31 Oct 2014 09:07:27 AM EDT
Build Host  : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.php.net/
Summary     : A module for PHP applications that use MySQL databases
Description :
The php-mysql package contains a dynamic shared object that will add
MySQL database support to PHP. MySQL is an object-relational database
management system. PHP is an HTML-embeddable scripting language. If
you need MySQL support for PHP applications, you will need to install
this package and the php package.

I created a PHP test page with the following code:

<html>
<head>
<title>PHP Test</title>
</head>

<body>

<h2>A test page</h2>

<?php echo "<p>Hello world</p>"; ?>

<?php phpinfo(); ?>

</body>
</html>

"Hello world" was displayed by the PHP echo command and the information from the phpinfo function was also displayed. I searched through the results displayed for references to "MySQL" and found mysql and mysqli sections, including the following:

mysql

MySQL Supportenabled
Active Persistent Links 0
Active Links 0
Client API version 5.5.37-MariaDB
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_INCLUDE -I/usr/include/mysql
MYSQL_LIBS -L/usr/lib64/mysql -lmysqlclient

Since it appeared that PHP support for MySQL was present, I restarted Apache with apachectl restart, though I didn't expect that to resolve the problem. But when I refreshed the web page afterwards, the information from the MySQL database was displayed. Apparently, I should have restarted Apache after I ran the systemctl start mariadb.service to start the MariaDB database service yesterday. MariaDB is a fork of MySQL.

References:

  1. Fatal error: Call to undefined function mysql_connect()
    Date: May 16, 2012
    stackoverflow
  2. Resolving a Fatal error: Call to undefined function mysql_connect() in RedHat
    By: Shailesh N. Humbad
    Created: October 18, 2004
    Last Modified: July 24, 2011
    Somacon
    Articles on web development, software, and hardware

[/software/database/mysql] permanent link

Tue, Nov 11, 2014 11:06 pm

MySQL service not running on CentOS 7 system

When I issued the mysql command on a CentOS 7 system, I received the error message below:

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111)

It took me awhile to figure out that since I was using MariaDB, a fork of MySQL, that I needed to enter the following 3 commands to enable, run, and secure the MariaDB service.

systemctl start mariadb.service
systemctl enable mariadb.service
mysql_secure_installation

[ More Info ]

[/software/database/mysql] permanent link

Tue, Nov 11, 2014 5:26 pm

Checking the creation and modified times for files with python

If I want to display each line in a file with a python script and at the end of the output print the number of lines in the file, I can use the python code below:
filename = raw_input("Enter file name: ")
with open(filename) as input_file:
    for i, line in enumerate(input_file):
        print line,
print "{0} line(s) printed".format(i+1)

The script will prompt me for the name of the file to be checked and will loop through that file displaying each line from it, printing the total number of lines at the end of the file.

The comma after the print line statement prevents a newline from being printed, so each file name will be printed immediately below the preceding one without a blank line between them. If the comma was not there, a blank line would be printed between each line containing a file name.

The {0} references the first positional argument in the format statement, which in the case above refers to "i+1". The .format(value) at the end of the line tells python how to format the output. So the count of the number of lines in the file, which will be i plus 1, will be printed after the for loop completes.

If each line in the file is a directory path and file name, e.g.,:

./security/vulnerabilities/windows/wmf-vulnerability-exploited.php
./security/vulnerabilities/windows/kb908519_embedded-web-font.php
./security/antivirus/avast/avast-ie9/index.php
./network/Internet/domains/domain-reputation-check.php

then I can use import os.path, time to import modules that that will will allow me to obtain the time stamps for the files.

import os.path, time

filename = raw_input("Enter file name: ")
with open(filename) as input_file:
    for i, line in enumerate(input_file):
        print line,
        line = line.rstrip('\r\n')
        print "last modified: %s" % time.ctime(os.path.getmtime(line)),
        print "created: %s" % time.ctime(os.path.getctime(line))
print "{0} line(s) printed".format(i+1)

Since the input file was created on a Linux system each line ends with a newline character, which is represented by "\n". So I have to strip off the trailing newline at the end of each file name in the input file with the rstrip function. If the input file was created on a Windows system, I would have to strip off a carriage return, which is represented by "\r". By using rstrip('\r\n'), any carriage return or newline characters will be stripped from the end of each line in the input file, so the script will work on Mac OS, Mac OS X, Microsoft Windows, or Unix/Linux systems.

I see output such as the following when I run the python script:

$ python checkfile.py
Enter file name: checkfiles2_php.txt
./security/vulnerabilities/windows/wmf-vulnerability-exploited.php
last modified: Mon Jan  9 15:45:00 2006 created: Tue Oct 14 10:21:03 2014
./security/vulnerabilities/windows/kb908519_embedded-web-font.php
last modified: Wed Jan 11 23:42:00 2006 created: Tue Oct 14 10:21:03 2014
./security/antivirus/avast/avast-ie9/index.php
last modified: Sat Aug 11 17:22:14 2012 created: Tue Oct 14 10:21:05 2014
./network/Internet/domains/domain-reputation-check.php
last modified: Sun Oct  6 13:30:27 2013 created: Tue Oct 14 10:21:12 2014

The creation times displayed above are the time I copied files from an old drive to a new drive.

References:

  1. python looping through input file
    Date: July 30, 2013
    stackoverflow
  2. Python trailing comma after print executes next instruction
    Date: October 24, 2010
    stackoverflow
  3. 6.1. string — Common string operations
    Python 3.4.2 documentation
  4. Python string formatting: % vs. .format
    Date: February 22, 2011
    stackoverflow
  5. How can I remove (chomp) a newline in Python?
    Date: November 8, 2008
    stackoverflow
  6. How to get file creation & modification date/times in Python?
    Date: October 25, 2008
    stackoverflow

[/languages/python] permanent link

Tue, Nov 11, 2014 5:15 pm

Finding a particular string in files

On a Linux/Unix or Mac OS X system, you can use the find and grep commands to search for a specific text string in files. E.g., if you wished to search all files with a ".php" file extension for the occurrence of the word "noindex", you could use the following command:

find . -name "*.php" -exec grep "noindex" {} /dev/null \;

Since "*" has a special meaning for the shell, you will need to include it within quotes or precede it with the backslash escape character as shown below:

$ find . -type f -name \*.php -exec grep -l "noindex" {} \;

If I wished to search all files, not just those ending with ".php", I can use a command similar to the following one.

find . -type f -exec grep "noindex" {} \;

The -type f instructs find to only check regular files and not other objects such as directory names.

If I want to send the results to an output file, I could just append a >outputfile_name to the end of the line, but that will also produce output indicating that the output file itself is being checked.

$ find . -type f -exec grep "noindex" {} \; >checkfiles.txt
grep: input file ‘./checkfiles.txt’ is also the output

To avoid that issue, you can use the --exclude argument.

$ find . -type f -exec grep -l --exclude checkfiles.txt "noindex" {} \; >checkfiles.txt

I can also use just the grep command, as shown belown:

$ grep -rwl . -e "noindex" --include=\*.php

The -r option tells grep to search recursively; the "." is indicating that the search should be started in the current directory. The -w indicates that I want exact word matches, e.g., " noindex ", not "nonindex" or "noindexes". The -l option indicates that I don't want to see the lines on which the word occurs, just the file names for those files in which it is found. The -e option provides the pattern that grep should search on and the --include option tells grep which files it should search within.

       -r, --recursive
              Read  all  files  under  each  directory, recursively, following
              symbolic links only if they are on the command  line.   This  is
              equivalent to the -d recurse option.

       -w, --word-regexp
              Select  only  those  lines  containing  matches  that form whole
              words.  The test is that the matching substring must  either  be
              at  the  beginning  of  the  line,  or  preceded  by  a non-word
              constituent character.  Similarly, it must be either at the  end
              of  the  line  or  followed by a non-word constituent character.
              Word-constituent  characters  are  letters,  digits,   and   the
              underscore.

       -l, --files-with-matches
              Suppress  normal  output;  instead  print the name of each input
              file from which output would normally have  been  printed.   The
              scanning  will  stop  on  the  first match.  (-l is specified by
              POSIX.)

      -e PATTERN, --regexp=PATTERN
              Use  PATTERN  as  the  pattern.   This  can  be  used to specify
              multiple search patterns, or to protect a pattern beginning with
              a hyphen (-).  (-e is specified by POSIX.)

       --include=GLOB
              Search only files whose base name matches GLOB  (using  wildcard
              matching as described under --exclude).

References:

  1. Finding a String with a Recursive Grep
    Date: March 10, 2007
    MoonPoint Support
  2. How can I use grep to show just filenames (no in-line matches) on linux?
    Date: July 9, 2011
    stackoverflow

[/os/unix/commands] permanent link

Mon, Nov 10, 2014 10:51 pm

Checking Microsoft Windows 7 firewall status from a command prompt

I enabled the Microsoft Windows Firewall on a Windows 7 system from the Control Panel by selecting System and Security and then Firewall After enabling the Windows firewall, I checked on the firewall status from a command line with netsh firewall show state . Though the netsh firewall command, which I've used since Microsoft Windows XP was released, is deprecated in Windows 7, it can still be used to obtain information on the status and configuration of the Microsoft Windows Firewall from the command line.
C:\>netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile                           = Domain
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = Windows Firewall
Remote admin mode                 = Disable

Ports currently open on all network interfaces:
Port   Protocol  Version  Program
-------------------------------------------------------------------
22     TCP       Any      (null)
1900   UDP       Any      (null)
2869   TCP       Any      (null)

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

I checked on what applications had the three listed ports open with netsh firewall show portopening.

C:\>netsh firewall show portopening

Port configuration for Domain profile:
Port   Protocol  Mode    Traffic direction     Name
-------------------------------------------------------------------
22     TCP       Enable  Inbound               Copssh
1900   UDP       Enable  Inbound               Windows Live Communications Platf
orm (SSDP)
2869   TCP       Enable  Inbound               Windows Live Communications Platf
orm (UPnP)

Port configuration for Standard profile:
Port   Protocol  Mode    Traffic direction     Name
-------------------------------------------------------------------
22     TCP       Enable  Inbound               Copssh
1900   UDP       Enable  Inbound               Windows Live Communications Platf
orm (SSDP)
2869   TCP       Enable  Inbound               Windows Live Communications Platf
orm (UPnP)

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

I also checked to see what programs were allowed by firewall rules.

C:\>netsh firewall show allowedprogram

Allowed programs configuration for Domain profile:
Mode     Traffic direction    Name / Program
-------------------------------------------------------------------
Enable   Inbound              McAfee Shared Service Host / C:\Program Files\Comm
on Files\McAfee\Platform\McSvcHost\McSvHost.exe
Enable   Inbound              LifeTray.exe / C:\Program Files (x86)\Microsoft Li
feCam\LifeTray.exe
Enable   Inbound              LifeExp.exe / C:\Program Files (x86)\Microsoft Lif
eCam\LifeExp.exe
Enable   Inbound              LifeEnC2.exe / C:\Program Files (x86)\Microsoft Li
feCam\LifeEnC2.exe
Enable   Inbound              LifeCam.exe / C:\Program Files (x86)\Microsoft Lif
eCam\LifeCam.exe
Disable  Inbound              Internet Explorer / C:\program files (x86)\interne
t explorer\iexplore.exe
Enable   Inbound              Dropbox / C:\Users\JSmith.mayfield\AppData\Roaming
\Dropbox\bin\Dropbox.exe

Allowed programs configuration for Standard profile:
Mode     Traffic direction    Name / Program
-------------------------------------------------------------------

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

Since I need to be able to ping the system from other systems on the LAN for troubleshooting, I verified that ICMP echo requests and replies were not going to be blocked by the firewall.

C:\>netsh firewall show icmpsetting

ICMP configuration for Domain profile:
Mode     Type  Description
-------------------------------------------------------------------
Enable   2     Allow outbound packet too big
Enable   8     Allow inbound echo request

ICMP configuration for Standard profile:
Mode     Type  Description
-------------------------------------------------------------------
Enable   2     Allow outbound packet too big

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

I saw that "allow inbound echo request" was enabled and I was able to ping the system from the domain controller.

References:

  1. Obtaining Information About the Windows XP Firewall from the Command Line
    Date: March 1, 2006
    MoonPoint Support

[/security/firewalls/windows] permanent link

Sun, Nov 09, 2014 5:21 pm

Monitoring Failed SSH Logins to a CentOS System

If you have ssh enabled on a system that is accessible to the Internet, it is probable that malicious individuals will try to gain access to the system by brute force login attempts. I.e., since a Linux, Unix, or OS X system is likely to have a root account, an attacker may use "root" as the userid and then attempt to login with commonly used passwords. There are sites on the Internet that provide lists of passwords commonly used and an attacker can easily use a dictionary attack where he tries every word in a dictionary as a possible password. Attackers can use dictionaries for multiple languages, lists of sports teams, name dictionaries, e.g., dictionaries of names parents might check to aid in selecting a name for a baby, etc. So a root or another administrator account should have a strong password. If it doesn't, the system will likely be cracked by an attacker eventually.

Attackers also routinely use name dictionaries to break into systems with any accounts that have weak passwords. E.g., an attacker may use a name dictionary to pick names to use as the userid. Let's say the first name in the name dictionary is Aaron. The attacker might then use a word dictionary to try every word in the English language, or some other language, as a possible password for an account with the userid of aaron. If an aaron account doesn't exist on the system or has a strong password, once the attacker has gone through every word in the word dictionary or whatever other password list he is using, he will then go onto the next name in his name dictionary, e.g., perhaps Abe. The attacker will proceed in this manner until he finds an account with a weak password he can compromise or exhausts all possible combinations of names for accounts and words to use for possible passwords. Of course it would take a human an inordinate amount of time to type all such possible userid and password combinations, but an attacker will let a program make such guesses for him. He merely needs to start the program and let it run. His program may be able to check many thousands of userid and password combinations in minutes.

If the system isn't monitored for such brute-force password attempts, an attacker can run unchecked for days. Even if he can't get in, he will be using bandwidth to/from the system under attack as well as CPU cycles, etc., so may slow down access to the system for legitimate users. I've seen periods where a system has been under attack from 5 such attackers in different countries at once.

On CentOS Linux, you can check the /var/log/secure log to find instances of such attacks.

# grep 'Failed password' /var/log/secure | tail -5
Oct 28 09:47:43 frostdragon sshd[32246]: Failed password for root from 123.125.219.130 port 11859 ssh2
Oct 28 09:47:47 frostdragon sshd[32249]: Failed password for root from 123.125.219.130 port 13894 ssh2
Oct 28 09:47:52 frostdragon sshd[32253]: Failed password for root from 123.125.219.130 port 15886 ssh2
Oct 28 09:47:56 frostdragon sshd[32256]: Failed password for root from 123.125.219.130 port 17740 ssh2
Oct 28 09:48:01 frostdragon sshd[32259]: Failed password for root from 123.125.219.130 port 19477 ssh2

You can see the number of failed ssh login attempts from various login addresses with the command grep 'Failed password' /var/log/secure | grep sshd | awk '{print $11}' | sort | uniq -c - the IP address from which the failed login attempt was made is the 11th item on the line.

If you pipe the output of the awk command into sort, you can sort the output by IP address; uniq -c will then provide you the count of failed SSH login attempts from particular IP addresses.

# grep 'Failed password' /var/log/secure | grep sshd | awk '{print $11}' | sort | uniq -c
      1 101.227.71.40
    409 117.27.158.71
      2 117.27.158.91
     84 122.225.109.104
    315 122.225.109.108
    232 122.225.109.118
    321 122.225.109.197
    247 122.225.109.212
    115 122.225.109.217
    458 122.225.97.103
    309 122.225.97.108
     96 122.225.97.110
    377 122.225.97.117
    478 122.225.97.120
    121 122.225.97.83
     63 122.225.97.84
     81 122.225.97.88
     36 122.225.97.98
    382 123.125.219.130

I can see from the above output from that command that there were 382 failed ssh login attempts from the 123.125.219.130 address at the time I ran the command.

From a search on that IP address at the American Registry for Internet Numbers (ARIN), I found the address was part of a block of addresses managed by the Asia Pacific Network Information Centre (APNIC) . A whois search on the APNIC site showed the IP address is part of a large block of addresses, 123.112.0.0 - 123.127.255.255, allocated to an organization in Beijing, China. I often see attacks from IP addresses allocated to entities in China.

You can manually block further attempts to compromise a system in this manner using a route reject command or through the firewall software on the system. The default firewall software for CentOS 7 is FirewallD. You can configure it through a Graphical User Interface (GUI), which can be opened using the command firewall-config or through a command line interface at a shell prompt by using the command firewall-cmd. I blocked the IP address from any access to the system using the command below, though by the time I blocked it, the login attempts had ceased:

# firewall-cmd --add-rich-rule="rule family='ipv4' source address='123.125.219.130' reject"
success

The block can be viewed through the graphical interface for FirewallD by running firewall-config. E.g., in this case under "Rich Rules" for the public zone, I can see the blocked IP when starting the application after issuing the firewall-cmd command.

FirewallD blocked IP

The command above will put in place a firewall rule that will apply to the default firewall zone, but will only remain until the firewall service is restarted, e.g., with a system reboot. To put in place a permanent block, I could have used the commands below. Instituting a permanent change requires a restart of the firewall service, though.

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='123.125.219.130' reject"
systemctl restart firewalld.service

To have a block apply to a specific firewall zone, e.g., the public zone, I could use the commands below.

firewall-cmd --permanent --zone='public' --add-rich-rule="rule family='ipv4' source address='123.125.219.130' reject"
systemctl restart firewalld.service

The output of the grep command run against /var/log/secure displayed above was sorted by IP address; if you, instead, would like to sort the output by count of failed login attempts you can pipe the output of the commands above into sort again adding the -n argument to sort by the number that appears first on each line.

# grep 'Failed password' /var/log/secure | grep sshd | awk '{print $11}' | sort | uniq -c | sort -n
      1 176.222.201.154
      1 85.132.71.83
      1 91.220.131.33
      1 a
      1 pi
      1 ubnt
      2 client
      4 ubuntu
      4 usuario
     27 git
     48 122.225.97.117
     64 221.228.205.196
     71 61.174.51.223
     78 admin
    129 122.225.97.79
    191 122.225.109.198
    237 122.225.97.116
    268 117.27.158.88
    306 113.200.188.55
    336 117.27.158.89

I can see from the above output that the greatest number of failed SSH login attempts made on the day I ran the command, which was November 9, 2014, were made from 117.27.158.89. Checking the APNIC site again, I see that IP address is also assigned to an entity in China.

If you want to reverse the sorting order, so that the largest number appears first, simply add the -r argument to the last sort command.

# grep 'Failed password' /var/log/secure | grep sshd | awk '{print $11}' | sort | uniq -c | sort -nr
    336 117.27.158.89
    306 113.200.188.55
    268 117.27.158.88
    237 122.225.97.116
    191 122.225.109.198
    129 122.225.97.79
     78 admin
     71 61.174.51.223
     64 221.228.205.196
     48 122.225.97.117
     27 git
      4 usuario
      4 ubuntu
      2 client
      1 ubnt
      1 pi
      1 a
      1 91.220.131.33
      1 85.132.71.83
      1 176.222.201.154

In the above output, some of the failed entries are associated with userids the attacker attempted to use to login. E.g., for the case of the usuario one, I can see that the illegitimate login attempts where that name was used for the userid orginated from the 221.228.205.196 IP address. There is no account on the system with that userid. The IP address is also assigned to an entity in China.

# grep usuario /var/log/secure
Nov  9 10:53:01 localhost sshd[23516]: Invalid user usuario from 221.228.205.196
Nov  9 10:53:01 localhost sshd[23516]: input_userauth_request: invalid user usuario [preauth]
Nov  9 10:53:03 localhost sshd[23516]: Failed password for invalid user usuario from 221.228.205.196 port 52710 ssh2
Nov  9 10:53:04 localhost sshd[23568]: Invalid user usuario from 221.228.205.196
Nov  9 10:53:04 localhost sshd[23568]: input_userauth_request: invalid user usuario [preauth]
Nov  9 10:53:06 localhost sshd[23568]: Failed password for invalid user usuario from 221.228.205.196 port 53534 ssh2
Nov  9 10:53:07 localhost sshd[23654]: Invalid user usuario from 221.228.205.196
Nov  9 10:53:07 localhost sshd[23654]: input_userauth_request: invalid user usuario [preauth]
Nov  9 10:53:10 localhost sshd[23654]: Failed password for invalid user usuario from 221.228.205.196 port 55193 ssh2
Nov  9 10:53:12 localhost sshd[23657]: Invalid user usuario from 221.228.205.196
Nov  9 10:53:12 localhost sshd[23657]: input_userauth_request: invalid user usuario [preauth]
Nov  9 10:53:14 localhost sshd[23657]: Failed password for invalid user usuario from 221.228.205.196 port 56072 ssh2

To count just by IP address so that the login failurers for particular usernames don't appear in the output, I can put another grep command, one that will filter the output of the prior grep command so any lines of output from it are eliminated if they contain "invalid user", before the awk command.

# grep 'Failed password' /var/log/secure | grep sshd | grep -v "invalid user" | awk '{print $11}' | sort | uniq -c | sort -n
      1 176.222.201.154
      1 85.132.71.83
      1 91.220.131.33
     48 122.225.97.117
     64 221.228.205.196
     71 61.174.51.223
    129 122.225.97.79
    191 122.225.109.198
    237 122.225.97.116
    268 117.27.158.88
    306 113.200.188.55
    336 117.27.158.89

If you wish to see what userids are being used most frequently for the failed login attempts, the string of commands entered above need to be modified to search for the userids used in failed login attempts. The above commands don't show the most commonly used userid, which is root, since almost all Unix/Linux systems will have a root account.

For failed login attempts the lines that appear in the output are slightly different depending upon whether the userid used exists on the system. E.g., if the account doesn't exist on the system, as in the case for client and git below, the lines appear as follows:

Nov  9 10:34:14 localhost sshd[21745]: Failed password for invalid user client f
rom 91.220.131.33 port 60223 ssh2
Nov  9 10:52:00 localhost sshd[23204]: Failed password for invalid user git from
 221.228.205.196 port 60513 ssh2

If the account does exist, e.g., the root account, then the lines have the following format:

Nov  9 04:58:50 localhost sshd[21319]: Failed password for root from 122.225.97.
79 port 7951 ssh2

The sed command can be used to strip out the "invalid user" from lines to make the format of those lines containing "invalid user" the same as for those for valid userids on the system. You can then use the awk command to display the contents of the 9th entry on the line, which is the userid used.

# grep "sshd.*: Failed password for" /var/log/secure | sed 's/invalid user //' | awk '{print $9}' | sort | uniq -c | sort -n
      1 a
      1 operator
      1 pi
      1 ubnt
      2 client
      4 ubuntu
      4 usuario
     27 git
     78 admin
   1844 root

The output from a check of the /var/log/secure file shows that the most common user name used in attempts to log into the system by attackers is root.

References:

  1. Firewalld - Block an IP Address
    By: up2long
    Date: February 26, 2014
    Fedoraforum.org

[/network/ssh] permanent link

Sun, Nov 09, 2014 5:04 pm

No JavaScript Support in Firefox

When visiting a web page with the Firefox 33.0 browser, I received a message indicating that JavaScript was disabled. When I attempted to view a spreadsheet I had in Google Docs I couldn't see any of my sheets. When I went to the JavaScript test page at BrowserSPY.dk, it indicated that there was no JavaScript support in the browser. I don't know how I inadvertently disabled JavaScript support in Firefox, but to re-enable it, you can put about:config in the Firefox address bar where you would normally put the address of a page you wanted to visit. When you hit Enter you will see a warning message "This might void your warranty! Changing these advanced settings can be harmful to the stability, security, and performance of this application. You should only continue if you are sure of what you are doing." You will need to click on the "I'll be careful, I promise!" button to continue so that you can enable JavaScript again.

In the list of preference options that appear, scroll down until you see javascript.enabled.

Preference NameStatusTypeValue
javascript.enableduser setbooleanfalse

You will need to double-click on the javascript.enabled line to change the value from "false" to "true" to enable javascript support. You can disable javascript support by double-clicking on the line to toggle the status to false, if it is set to true and you wish to disable it.

Once you have reenabled JavaScript, you should be able to successfully display webpages that rely upon it.

[/network/web/browser/firefox] permanent link

Sun, Nov 09, 2014 10:54 am

Determining when Apache was last restarted

If you need to determine the time that an Apache web server was last restarted, you can look for the word "resuming" in the Apache error log file. On a CentOS Linux system, you can use the command grep resuming /var/log/httpd/error_log.

# grep resuming /var/log/httpd/error_log
[Sun Nov 09 03:29:02.631763 2014] [mpm_prefork:notice] [pid 20663] AH00163: Apac
he/2.4.6 (CentOS) configured -- resuming normal operations

[/network/web/server/apache] permanent link

Fri, Nov 07, 2014 10:40 pm

Installing YAML Perl module

YAML, which is a recursive acronym for ""YAML Ain't Markup Language", is a human-readable data serialization format that incorporates concepts from programming languages such as C, Perl, and Python. To install the YAML Perl module type perl -e shell -MCPAN at a shell prompt and then at the cpan prompt, type install YAML.
# perl -e shell -MCPAN
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.9800)
Enter 'h' for help.

cpan[1]> install YAML

Once it is installed you can view documentation on it by issuing the command perldoc YAML. If you just want to see if it is installed, you can issue that command. If it is, you will see the documentation. If it isn't installed, you will see a message "No documentation found" followed by the module name.

You can also use the -l argument to perldoc, which will report the location of the Plain Old documentation, abbreviated pod, file for the module, if one is present or also report "No documentation found", if the module can't be found. Be sure to capitalize "YAML" or you will see the "No documentation found" message.

# perldoc -l yaml
No documentation found for "yaml".
# perldoc -l YAML
/usr/local/share/perl5/YAML.pod

[/languages/perl] permanent link

Thu, Nov 06, 2014 10:26 pm

Copying the crontab file from a backup

On a CentOS Linux system, I needed to copy the crontab file for the root account from a backup disk. The crontab files are stored in /var/spool/cron, so I needed the /var/spool/cron/root for the root account. Since I didn't want to include every line from the old crontab file, I edited the old one and copied its contents. I then used crontab -e while logged into the root account to create a new crontab file. I pasted the contents of the old file into the new one. When I tried saving the file, I got the message below:
# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
"/tmp/crontab.wpnAYC":3: bad minute
errors in crontab file, can't install.
Do you want to retry the same edit?

I had also seen "bad day-of-week", instead of "bad minute" when editing the file previously. I typed "y" to retry and then realized the source of the problem, which I thought at first from the error message was some error in the first five entries on the line that specify when a cron job should run. Instead, the problem was because when I copied and pasted the contents of the old file into the new file, entries that had wrapped around to a new line on the screen were now on two lines whereas before they were only on one line. E.g., for the output above, line 3, which was the one referenced for "bad minute" was really the continuation of line 2, but it was now, because of my copy and paste operation, on line 3 with no time specified, but instead the end part of the command line. I edited those lines where that had occurred, so though they wrapped around on the screen each entry was one continuous line. I was then able to save the file successfully and then view the crontab file with crontab -l Since I had SELinux enabled on the system, I checked the security context for the cron file and saw the following.

# ls -Z /var/spool/cron/root
-rw-------. root root unconfined_u:object_r:user_cron_spool_t:s0 /var/spool/cron/root

References:

  1. Cron
    Wikipedia, The Free Encyclopedia
  2. Cron and Crontab usage and examples
    Date: May 4, 2014
    Pantz.org Technical Reference Site
  3. How to Backup Crontabs of All Users on CentOS, RHEL, Ubuntu & Dabian
    By: Rahul Kumar
    Date: April 2, 2014
    TecAdmin.net

[/os/unix/linux/centos] permanent link

Wed, Nov 05, 2014 10:38 pm

You don't have permission to access / on this server error

After adding a virtual host section for a website to Apache's httpd.conf file on a Linux system, I restarted Apache and tried viewing the website with a browser. Instead of seeing the home page for the site, I saw:

Forbidden

You don't have permission to access / on this server.

When I looked in the error log for the site, I saw the following:

[Wed Nov 05 21:27:30.519520 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to / denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path
[Wed Nov 05 21:27:31.179045 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to /favicon.ico denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path

Checking the public_html directory and the directories beneath it, I saw that owner, group, and world all had "execute" access, i.e., the capability to search through the directories.

$ ls -ld public_html
drwxrwxr-x. 14 jdoe jdoe 4096 Nov  5 21:04 public_html

But, checking the user's home directory I found there was no access to it except for the owner. When I changed that access to grant search access to other accounts in the same group and all accounts, then the website became visible.

$ chmod ga+x /home/jdoe
$ ls -ld /home/jdoe
drwx--x--x. 13 jdoe jdoe 4096 Nov  5 21:17 /home/jdoe

You can check the permissions on a directory and the directories above it up to the root directory with just one command using the namei -m command in the form namei -m /path_to_directory/dirname. E.g.:

$ namei -m /home/jdoe/public_html
f: /home/jdoe/public_html
 drwxr-xr-x /
 drwxr-xr-x home
 drwx--x--x jdoe
 drwxrwxr-x public_html

[/network/web/server/apache] permanent link

Wed, Nov 05, 2014 8:15 am

Denying interactive logins for an account

On a Linux system, you can change the designated shell for an account to "nologin" to prevent user's from interactive logons. For instance, if an account is only used for email, then you might wish to block the user from logging in and obtaining a shell prompt, so that should anyone else obtain the password for the account the person whould not be able to do anything other than send and receive email for the account. If the user's account was jasmith, you could use the command below:
# usermod --shell /sbin/nologin jasmith

[/os/unix/linux/sysmgmt] permanent link

Tue, Nov 04, 2014 11:57 pm

Dovecot logon_trusted_networks

A user reported that she was no longer able to download her email after receiving a new system. She uses Outlook, which was reporting the following error:

Task 'jasmith@example.com - Receiving' reported error (0x800CCC92) : 'Your e-mail server rejected your login. Verify your user name and password for this account in Account Settings. The server responded: -ERR [AUTH] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.'

At first I thought the tech who upgraded the system had made some change to Outlook on the system, but I eventually realized that the email server using dovecot for POP3 email access was denying access, because the system had a new IP address. The user was using POP3, port 110, for downloading email and I had previously added the old IP address to the login_trusted_networks line in /etc/dovecot/dovecot.conf file on the email server. By adding an IP address or IP address range to that line, you can configure dovecot to allow users to login using an unencrypted userid and password, i.e., plaintext authentication, from the specified IP address or range of addresses. The relevant section in dovecot.conf is shown below:

# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
login_trusted_networks = 192.168.0.0/24 192.168.1.0/24 172.45.55.82

In the case above, the server will accept plaintext passwords from any system in the 192.168.0.0/24 address range, i.e., 192.168.0.0 to 192.168.0.255, the 192.168.1.0/24 address range, and from the specific IP address 172.45.55.82, which was the user's IP address. After updating her IP address in the file, I restarted dovecot with service dovecot restart.

The system uses sendmail for sending email and I also had to update /etc/mail/access to include her IP address, since the change to the dovecot configuration file allowed her to download her email, but sendmail would still not except any email sent from her computer, since relaying was permitted from her old email address, but not her new one. I added her IP address and a comment line to the /etc/mail/access file.

# J. A. Smith
172.45.55.82                           RELAY

I then used makemap hash to generate an updated /etc/mail/access.db file.

# makemap hash /etc/mail/access </etc/mail/access

She was then able to send as well as receive email; I didn't need to restart sendmail.

[/network/email/dovecot] permanent link

Mon, Nov 03, 2014 9:12 pm

Adding another SMTP Server to Thunderbird

To add another SMTP server for outgoing email in Thunderbird 24.6.0 on a Microsoft Windows systems, take the following steps:
  1. Hit Alt-T to bring up the Tools menu.
  2. Select Account Settings.
  3. An Account Settings window will open showing you all of the email accounts you have set up. Scroll down to the bottom of the list of accounts where you will see Outgoing Server (SMTP), which you should select by clicking on it.
  4. You will then see an Add button that you can click on to add an additional SMTP server for outgoing email.
  5. Complete the fields for the SMTP server, including "Description", "Server Name" and "Port", which will likely be 25 or 587. If you need to authenticate with the server when sending email, select the appropriate authentication method and provide a user name, if needed.

    Add SMTP Server to Thunderbird

  6. Click on the OK button.
  7. If you wish any of the email accounts you have set up in Thunderbird to use that SMTP server, select an account you wish to have use that outgoing email server by right-clicking on it, e.g. jdoe@example.com, and picking Settings. For the "Outoging Server (SMTP)" value, which you will see with the email address selected, i.e., don't click on "Server Settings" or any other option below the address, select the new server and click on OK.

References:

  1. Multiple SMTP servers - Thunderbird
    mozilaZine

[/network/email/clients/thunderbird] permanent link

Sun, Nov 02, 2014 1:09 pm

CGI.pm missing from CentOS system

When I tried accessing a website on a CentOS 7 server that I had recently set up as a web server using Apache, when I attempted to view the site, which I transferred from a CentOS 5 system, I saw the following error message in my browser.

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at webmaster@example.com to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Checking the httpd error log, I saw the following entries for the problem:

[Sun Nov 02 11:31:21.399775 2014] [cgi:error] [pid 18794] [client 94.228.34.209:55416] AH01215: Can't locate CGI.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /home/jdoe/public_html/blog/blosxom line 92.
[Sun Nov 02 11:31:21.399911 2014] [cgi:error] [pid 18794] [client 94.228.34.209:55416] AH01215: BEGIN failed--compilation aborted at /home/jdoe/public_html/blog/blosxom line 92.
[Sun Nov 02 11:31:21.401265 2014] [cgi:error] [pid 18794] [client 94.228.34.209:55416] End of script output before headers: blosxom

When I searched the system for CGI.pm, I found it was not present.

# find / -name CGI.pm -print 2>/dev/null
#

The file was present on a backup from the CentOS 5 system at /usr/lib/perl5/5.8.8/CGI.pm.

Since it wasn't installed, I tried installing it.

# perl -e shell -MCPAN
Can't locate CPAN.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .).
BEGIN failed--compilation aborted.

But that failed because CPAN.pm wasn't installed, either.

# find /usr/lib/perl5 -name CPAN.pm -print 2>/dev/null
# whereis CPAN.pm
CPAN:[root@frostdragon conf]# locate CPAN.pm
#

So I installed the perl-CPAN package with yum.

# yum install perl-CPAN

After the installation, I checked on the package and the location of CPAN.pm.

# rpm -qi perl-CPAN
Name        : perl-CPAN
Epoch       : 0
Version     : 1.9800
Release     : 283.el7
Architecture: noarch
Install Date: Sun 02 Nov 2014 12:02:15 PM EST
Group       : Development/Languages
Size        : 762403
License     : GPL+ or Artistic
Signature   : RSA/SHA256, Fri 04 Jul 2014 12:15:45 AM EDT, Key ID 24c6a8a7f4a80eb5
Source RPM  : perl-5.16.3-283.el7.src.rpm
Build Date  : Tue 17 Jun 2014 01:42:20 PM EDT
Build Host  : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.perl.org/
Summary     : Query, download and build perl modules from CPAN sites
Description :
Query, download and build perl modules from CPAN sites.
# whereis CPAN.pm
CPAN: /usr/share/man/man3/CPAN.3pm.gz
#

I was then able to install CGI.pm.

#  perl -e shell -MCPAN

CPAN.pm requires configuration, but most of it can be done automatically.
If you answer 'no' below, you will enter an interactive dialog for each
configuration option instead.

Would you like to configure as much as possible automatically? [yes] yes

 <install_help>

Warning: You do not have write permission for Perl library directories.

To install modules, you need to configure a local Perl library directory or
escalate your privileges.  CPAN can help you by bootstrapping the local::lib
module or by configuring itself to use 'sudo' (if available).  You may also
resolve this problem manually if you need to customize your setup.

What approach do you want?  (Choose 'local::lib', 'sudo' or 'manual')
 [local::lib] sudo

Autoconfigured everything but 'urllist'.

Now you need to choose your CPAN mirror sites.  You can let me
pick mirrors for you, you can select them from a list or you
can enter them by hand.

Would you like me to automatically choose some CPAN mirror
sites for you? (This means connecting to the Internet) [yes] yes
Trying to fetch a mirror list from the Internet
Fetching with LWP:
http://www.perl.org/CPAN/MIRRORED.BY

Looking for CPAN mirrors near you (please be patient)
........................... done!

New urllist
  http://cpan-du.viaverio.com/
  http://mirror.cogentco.com/pub/CPAN/
  http://httpupdate25.cpanel.net/CPAN/

Autoconfiguration complete.

commit: wrote '/root/.cpan/CPAN/MyConfig.pm'

You can re-run configuration any time with 'o conf init' in the CPAN shell
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.9800)
Enter 'h' for help.

cpan[1]>

At the cpan[1] prompt, I entered install CGI. Note: You need to use uppercase letters, not "cgi"

After the installation completed, I typed "exit" at the CPAN prompt. I was then able to reload the page in the browser without getting the "Internal Server" error; I did not have to restart Apache.

References:

  1. Perl CGI:Can't locate CGI.pm
    Date: June 5, 2005
    LinuxQuestions.org
  2. perl CPAN not installed by default
    Date: February 4, 2012
    DirectAdmin

[/languages/perl] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo