Renewing “Let’s Encrypt” SSL certificates

Let’s Encrypt provides free DV SSL certificates for everyone and is now in the open beta phase. I’m not going to go into the details of which of the clients are best, since that depends entirely on your use case (I use acme-tiny and a rule in varnish to intercept all calls to /.well-known/acme-challenge/). Since the certificates are only valid for 90 days, I often see people suggesting to just renew them via cronjob every 2 months. I find this to be really awful advice, if that renewal fails for any reasons (network problems, local problems, problems with let’s encrypt) the next renewal is a month after the certificate expired. It is also […]

Continue reading

Native tcp/udp sockets in bash cheatsheet

Bash has a nifty feature to open tcp and udp connections and read/write data to that connection. The Advanced Bash Scripting Guide and the bash man page offers some information and examples, and google has some odd examples, but all in all there isn’t much variety of information on the internet on the topic. This feature is enabled in Bash at compile time with the flag –enable-net-redirections It works by assigning a connection to a file descriptor with exec. Protocol must be udp or tcp, hostname must be either an IP or a FQDN. Use any free file-descriptor (3 or higher usually).

Use &- to close the connection instead of leaving it in the CLOSE_WAIT status. […]

Continue reading

Virtualbox to 4.2.12 problems with Ubuntu

After updating Virtualbox to 4.2.12 and updating the guest additions on my Ubuntu 12.10 the guest suddenly started having problems with the graphics driver (X.org wouldn’t start correctly, only starts in “rescue” mode). I did a bit of googling, and it seems other users are also affected (mainly 12.04 and 12.10 Ubuntu), and it seems to affect people who upgraded from virtualbox guest addditions 4.2.10 -> 4.2.12 Here the quick and dirty workaround to the problem: download the 4.2.10 guest additions and use them.

Will need to reboot or make sure the new modules are loaded and restart X afterwards.

Continue reading

Script to start minion in tmux

Minion is a security project from Mozilla (link). It provides a user-friendly web interface to various security scanner tools. There is a webcast demonstrating the software (link). The software requires a few services to run, and since I like having one script take care of starting everything with the right parameters, I threw together a simple shell script that sets up a tmux session with the services started in windows with the names of the services.

Continue reading

How to break down CIDR subnets in Bash

I was playing around with subnets in bash recently and needed an elegant/easy way to split up a subnet into smaller subnets. First I used 2 functions I found on stackoverflow.com to convert an IP addresse to and from an integer. After that it was just a bit of math in bash to split up any networks too big. Any network larger than $maxSubnet gets split up. Here the useful code:

Output of script:

 

Continue reading

How to get the intersecting area of two polygons in MySQL

I was playing around with spatial features of MySQL this weekend and stumbled into a problem where I was looking for the area of two rectangles that overlap.  MySQL provides a function to check if they overlap, but no function to extract the region that overlaps. I’ve never written a stored routine in MySQL before, so I decided it would be a good exercise to try making one. As you can see the function is pretty straightforward and it assumes you are working with rectangles, but other than that it does what it is supposed to. You pass the function 2 polygons (e.g. Intersection(a.poly,b.poly)), and it returns the intersecting area […]

Continue reading

Updated OSSEC Web UI 0.3 files for OSSEC 2.6

OSSEC is an open source HIDS (Host-based Intrusion Detection System), and a pretty darn good one too. It also has a simple web front-end to view what’s going on, search through alerts and stuff like that  (called OSSEC Web UI, I’ll just call it “WUI” here). Unfortunately the code is a bit outdated (the last official update was from 2008 as far as I can tell) and it doesn’t support newer features of OSSEC like polling data from a database. Something I’d like to tackle if I find the time 😉 The latest version of OSSEC is 2.6, and due to some small changes to the format of the logs WUI no […]

Continue reading

Playing around with Exim, Spamassassin, DKIM and SPF

I was playing around with my mail server today and decided to have a look at DKIM and SPF. Jump to the bottom for some useful links. You will have to be able to change TXT entries for your domain/subdomains to do any of this. Sending a mail to check-auth@verifier.port25.com will generate an auto-reply with the result of your mail servers settings. I also noticed that Exim wasn’t listening to the IPv6 interface and promptly fixed that, and have received my first mail via IPv6. Some spamassassin scores for your local/user settings:

SPF: Syntax: http://www.openspf.org/SPF_Record_Syntax Tools & Information: http://www.openspf.org/ Wizard: http://www.spfwizard.net/ DKIM: Exim walkthrough: http://mikepultz.com/2010/02/using-dkim-in-exim/ Domain specific settings: http://www.debian-administration.org/users/lee/weblog/41 Tools: http://dkimcore.org/tools/ Wizard: https://www.port25.com/dkim-wizard/

Continue reading

New Server (with IPv6)

I got a new server and I finished moving everything to the new hardware this week. If you notice anything behaving strange just drop me a note. I also set up IPv6 on all my VMs so will be playing around with that a bit. It’s a shame that hardly any providers give customers IPv6 addresses, migrating from IPv4 to IPv6 will take forever if none of the users can use them (and in the meantime IPv4 addresses are getting more and more expensive for me). The new server is from hetzner since I have been very satisfied with them in the past. Impressive hardware features for low prices and (what […]

Continue reading

How to build an efficient GeoIP SQL table

This here is a very handy little script I threw together to generate a geoip.sql table for quickly determining which country a IP is from. I already hear you saying “Just convert the IP to an INT and use BETWEEN, how hard can it be”. And you are right, that works. And it may even be your easiest solution, but it just isn’t fast. And if you are planning on hammering the table with thousands of queries you are going to end up looking for something fast. A while back I found a very interesting posting at www.jcole.us that described how to use Spacial Indexes together with MySQL’s GIS to speed up […]

Continue reading

How to add file versions/history to iFolder

I’ve been using iFolder for about a month now and am pretty satisfied with the performance and features, but there is one feature I dearly miss: having access to older versions of a file.  To work around this problem I simply created a SVN repository for every iFolder user.  This allows the users to “check in” files whenever they want to save a specific version of a file, they can tell SVN to ignore directories that they don’t need or want in the SVN system. And you can easily browse through the history of a file, pulling up versions from specific dates, or seeing what changed when in the file (obviously […]

Continue reading

How to install ruby 1.9.2 on Ubuntu 10.04

The current LTS version of Ubuntu is 10.04 and the most current version of ruby it ships with is 1.9.1. Unfurtunately 1.9.1 wasn’t that great of a release and anyone using the 1.9 branch really should use the stable 1.9.2. After doing a bit of researching I found some information on how the best approach to get ruby installed is. Downloading the source, compiling it and registering the installed version with the package manager. The following little bash script takes care of installing ruby 1.9.2 on a ubuntu or debian based system (or any other version if you change the $Version variable in the script). The script just consolidates information […]

Continue reading

Using iFolder as an open source Dropbox alternative

I’ve had a few posting here in my blog over the years about trying to keep data synced over various computers. Nowadays it has gotten easier since it seems everyone is chruning out their own online storage. Classics like Dropbox or SugarSync, and then we have the big companies  Google, Microsoft and Ubuntu trying their luck. Basically they all provide you with 2-5Gb free storage, and more space and features for more money. But they all have one downside, whether encrypted or not, you are leaving your own files to the mercy of an external company. There is not really any voodoo in the whole system, basically you just have […]

Continue reading

How to get Teamspeak 3 running on a current Linux

Teamspeak is know for lagging a bit behind with development. The last few days I have been upgrading my servers to current distributions, today the Voice servers were on the list to get Debian 6 / Ubuntu 11.04. And again I ran into problems with Teamspeak, turns out they won’t work with libmysqlclient 16 libraries and require the good old 15 version (which isn’t available out-of-the-box in the latest Debian and Ubuntu release). So anybody running into the same problem (do a ldd libts3db_mysql.so to check), can hop on over to http://packages.debian.org/lenny/libmysqlclient15off and download the package for your architecture and install it with dpkg -i

Continue reading

What plugins is that website running?

While having a look at nikito yesterday I stumbled accross cms-explorer. It’s an interesting little program that checks the themes/modules/plugins installed in common CMS systems (Drupal, WordPress, Joomla! and Mambo), with automatic exploration for Drupal and WordPress. It also has some nice bonus features like providing a list of known issues for plugins found by accessing the OSVDB.org database. Example output:

Running it against my own webspace revealed a possible SQL injection I was unaware of. *) Fixed that, will probably replace that plugin completely this week, anything that has stuff so obviously bad in it is generally not all too sane. *) I normally look at plugins before […]

Continue reading

Disemvoweling

Talk about weird words … ok, according to Wikipedia disemvoweling is the term for replacing or removing vowels from words. Commonly used as a tool for moderating.  I’m pretty sure everyone has run across  certain disemvoweled  words on the internet like f*ck or sh*t. Anyway I went and made a pure html/javascript page that does just that, removes any vowels from an inputted text. The usefullness can certainly be argued, it was more for me to brush up on my javascript and css skills. http://www.dopefish.de/projects/disemvoweling/

Continue reading

Virtualbox update

Anyone running Ubuntu as a Virtualbox guest is advised to update to Virtualbox 4.0.6 (+ the extensions) that was released today.  Don’t forget to recompile the guest additions after upgrading to 4.0.6. Besides the usual stuff in the changelog, the update fixes a problem with screen resolution in Ubuntu 11.04. Since the Ubuntu update is just around the corner updating Virtualbox beforehand will prevent a bit of hassle.

Continue reading

captcha cracking

This is a pretty old posting from 2009 I just recently discovered in my “drafts” directory. Nowadays there are probably easier and more elegant ways of defeating a captcha, but for old times sake, here is my simple approach. ———————– Eclectic and Marko were so kind as to “provide” me a captcha to play around with. Took me a few days of poking around and googling but in the end it was easier than I had thought. As long as there aren’t and logic errors in the code (e.g. bad or no session handling) you probably won’t get around some kind of OCR. As OCR software I decided to use […]

Continue reading

Wireless bridge & dd-wrt

I recently bought the WL-330gE_M from Asus. It is a pair of access points pre-configured to bridge 2 LAN networks via wireless, all you have to do is take them out of the box and plug them in, straightforward and simple, no configuration needed. They are intended to enable hooking up devices to the internet that don’t have wireless and without pulling cables through the house (e.g. dvd player, TV, cable box, …). The package arrived last week and it was a matter of minutes plugging the devices in and having everything working.  Everything worked without any setup, took me longer to get them out of the box than to […]

Continue reading

WordPress & code formatting

I’ve been using the WordPress plugin “developer formatter” for years and it worked pretty good … for a while. Unfortunately it stopped being developed sometime in 2008, which was OK since it did everything I wanted and worked fine. Unfortunately months later I noticed that the plugin broke the visual editor for new posting in my SVN version of WordPress, and unsusprisingly when the WordPress changes wenn to a live version it broke my editor there. But I liked the plugin so much, that I just started using the html editor to make postings here (and have been doing so for over a year). It works, but it isn’t the […]

Continue reading