A script to diff files/directories on two different servers

Ok,  short one today. This is a straightforward script that simplifies comparing directories on different servers. There is no magic in it, it just rsyncs the directories to a local temp directory and runs diff against them (then deletes the directory afterwards). Mainly intended for config files, I wouldn’t recommend trying to diff gigabytes of binaries with it.

 

Continue reading

Convert configuration files to ansible templates

I’ve been playing around with ansible a lot lately, and I noticed that while changing stuff from “installed and configured manually” to “installed and configured by ansible” I was running into quite a few configuration files that needed to be manually turned into templates. It can be quite tedious to replace values in a configuration file with placeholders and put all those placeholders in a .yml file with default values. Automating this is something I would have typically done in perl, but since I wanted to learn more about using regex in bash I decided to have a go at it in bash using regex and ${BASH_REMATCH} The script takes a configuration […]

Continue reading

How to prevent changes to a tag via svn hook

A colleague of mine recently asked if it was possible to keep people from committing changes to tags in subversion. I thought “Hey, that should be easy to do via the pre-commit hook. I bet someone already made one that I can just test and use“. Either my google-fu failed me or the request wasn’t as common as I had anticipated, because surprisingly I couldn’t find any hooks that truly accomplish blocking changes to a tag (probably right after I post this someone will say “hey, why didn’t you look $here, it is exactly what you wanted“). I found people looking for such a feature, and I found a hook […]

Continue reading

Playing around with DD-WRT

I’m currently playing around with my two WL-330GE Access points from asus (see an older posting). Since that posting I was a bit creative using the existing ethernet cabling and ports in the apartment to be able to retire the WiFi bridge without having any cable going through the apartment. So I decided to use the two access points for something more useful. I’m playing around with dd-wrt to build configurations to use them as WiFi probes (for an IDS), or as Rouge Access Points (for demonstration purposes and to test wireless IDS solutions).  I might compile my own dd-wrt version for the rouge version, there are a few things I miss to build […]

Continue reading

How to get Teamspeak 3 running on a current Linux

Teamspeak is know for lagging a bit behind with development. The last few days I have been upgrading my servers to current distributions, today the Voice servers were on the list to get Debian 6 / Ubuntu 11.04. And again I ran into problems with Teamspeak, turns out they won’t work with libmysqlclient 16 libraries and require the good old 15 version (which isn’t available out-of-the-box in the latest Debian and Ubuntu release). So anybody running into the same problem (do a ldd libts3db_mysql.so to check), can hop on over to http://packages.debian.org/lenny/libmysqlclient15off and download the package for your architecture and install it with dpkg -i

Continue reading

captcha cracking

This is a pretty old posting from 2009 I just recently discovered in my “drafts” directory. Nowadays there are probably easier and more elegant ways of defeating a captcha, but for old times sake, here is my simple approach. ———————– Eclectic and Marko were so kind as to “provide” me a captcha to play around with. Took me a few days of poking around and googling but in the end it was easier than I had thought. As long as there aren’t and logic errors in the code (e.g. bad or no session handling) you probably won’t get around some kind of OCR. As OCR software I decided to use […]

Continue reading

Wireless bridge & dd-wrt

I recently bought the WL-330gE_M from Asus. It is a pair of access points pre-configured to bridge 2 LAN networks via wireless, all you have to do is take them out of the box and plug them in, straightforward and simple, no configuration needed. They are intended to enable hooking up devices to the internet that don’t have wireless and without pulling cables through the house (e.g. dvd player, TV, cable box, …). The package arrived last week and it was a matter of minutes plugging the devices in and having everything working.  Everything worked without any setup, took me longer to get them out of the box than to […]

Continue reading

back online

The hard drive crash threw me offline a few days due to strange problems with software raids, Xen and acpi. Turns out that using the latest Xen kernel from debian testing branch on a software raid only works of you don’t set “acpi=off” as a kernel parameter. If acpi is turned off, the script “scripts/local-top/mdadm” in the initrd can’t find the devices needed to mount the software raid … causing the whole boot process to come to a grinding halt. If I find some time I’ll do some more tests, untill then my server will be running with acpi turned on btw. the hard disk replacement was easy. after the […]

Continue reading

Serverdown

Server was down for the last 6 hours due to me updating a few stuff that really really didn’t work out too well (grub, xen and kernel at the same time). I gave up and afer a few hours of work managed to revert back to the old configuration so I can recieve mail again till I figure out what went wrong. Server may be down tomorrow a bit too while I try to figure out what exactly broke and try to at least get grub and xen updated.

Continue reading

self0wned

Doh, I was just writing a bash script to calculate the current network traffic and write it to syslog. nothing special. I’m posting this from my laptop because I was forced to reboot my main PC after accidently writing a fork bomb. I wanted to recursively call myself and detatch the process so I could use the script as a deamon without worring about it if I logout. AFTER starting the script, I noticed a flaw in my “if” startement to make sure I don’t DOS myself. By the time I got around to “hmm, maybe I should check the pid of that child and kill it so it doesn’t […]

Continue reading

Free vServer during beta phase

I just stumbled accross this website: https://ssl.euserv.de/produkte/vserver/betatest.php where you can order a vServer for free during the beta phase. The beta phase is planned to last till the end of 2009. For more details, have a look at the link (there are a few thing not allowed to use the server for, mainly high traffic and illegal stuff). An order key is required, just have a look at the tags of this posting …. one of them is a bit “strange” 😉

Continue reading

Moving Exim/Spamassassin/Cyrus -> Debian config

I’ve been putting off moving my mail system to the new server for a few weeks now since the old system was configured from scratch using the original config files and not the debian style config files. The differences in the Exim config are extreme. Debian splits the one large config file into lots of smaller files. This is great if: you never worked with exim before, you aren’t trying to migrate an existing configuration that is in one large file, and you don’t have all kinds of custom stuff like imap, spamassassin, greylisting mixed in. Yeah, not me. Even though I find the “one large file” a whole lot […]

Continue reading

vmware is odd

I installed the final release of vmware server 2.0 on a server today. Not much has changed since the RC version I had been using. I found some quick fixes and tips in this blog: http://digital.blogsite.org/index.php/2008/10/04/review-vmware-sever-2 The authorization.xml problem was a REAL pain, so I was grateful to find a fix for that. And the tip about the VI Client laying around on the server was priceless (duh, the least they could have done could have been a link in the webinterface). Using the client to access the vmware host is finally not painful anymore. The webinterface is still Ok if I’m not at a computer of mine, or am […]

Continue reading

save the forest (or something like that …)

I can’t be the only person who finds it bothersome burning a cd just to install linux. What a waste (it’s not like you use the cd all to often afterwards, except as a coaster). So here are the quick and dirty instructions for making a debian linux install usb stick (adjust /dev/sdb accordingly, failure to do so can pretty must kill any data on a harddisk): wget ftp://ftp2.de.debian.org/debian/dists/etch/main/installer-i386/current/images/hd-media/boot.img.gz wget http://cdimage.debian.org/debian-cd/4.0_r5/i386/iso-cd/debian-40r5-i386-netinst.iso zcat boot.img.gz > /dev/sdb mount /dev/sdb /mnt cp debian-40r5-i386-netinst.iso /mnt umount /mnt

Continue reading

Basic Server Hardening

Ok, here is a list of a few programs I’d advise anyone to use who is running a server on the internet (or thinking of doing so). aide or tripwire (they can check and report if files on your system get changed, configurable levels). If you use tripwire, don’t forget a “tripwire –check -I” after you do any updates. logcheck will check your system logs, and report anything out of the ordinary (“ordinary” is defined by a list of ‘normal’ rules, and anything you add) tiger goes farther than logcheck, it actively checks your system and reports anything strange (files not belonging to packages, users or groups that got added, […]

Continue reading

Bash Scripting

I’ve been doing a bit of bash scripting lately. Anyone who is interrested in bash scripting should also have a look at the “bash support” vim script http://www.vim.org/scripts/script.php?script_id=365. A fair amount of the addons are aimed at a gui usage (like gvim), but even if you are a console user like me, it adds enough features to be worth while. After using it for a few days you get addicted to the neat features, scripting in a vim without it is like typing with your nose. It’s not impossible, but you aren’t having much fun either.

Continue reading

MSI Wind U100

I bought myself a laptop this week.  To be more precise I bought a MSI Wind U100 “Luxury” version in white with 2GB Ram. It arrived today, and I have been spending most of the afternoon setting up Windows. I must say, I’m positively surprised about how good it works and the default setup. It came with 3 partitions, the first (about 3GB) is a rescue system, the second (about 50GB) has windows installed, and the rest (100GB) was an empty partition. I reduced the last partition to 50GB and will be installing Linux in the other half later on (Dual-Boot). It seems most of the community is only interested […]

Continue reading

Hackit Server downtime

Sorry for the downtime, wasn’t planned. It was late last night when I set up the knock daemon, I somehow managed to accidently copy and past my terminal which resulted in about a quarter of my /etc/init.d/* scripts getting broken. Unfortunatly I didn’t notice it right away. I did notice it when I rebooted the server (kernel change) and lot’s of daemons didn’t come up (oh unimportant stuff like SSH 🙁 ) Well, that’s what backups are for.

Continue reading

knock daemon with INPUT chain set to default ACCEPT

I know there are plenty of pages floating around the Internet about knock daemons that open ports in a firewall after a predefined series of ports are “knocked”. For some reason ALL the pages I found assumed that a) you want the filter in your INPUT chain, and that the INPUT chain defaulted to DROP or REJECT. In my case, I’m defiantly not going to have a iptables firewall with a default that drops packets. Every few weeks I try out some new software and can’t be bothered with adjusting my firewall every time. All I need it to do is keep pesky people off my ssh, that’s all. So […]

Continue reading

Hackit Contest

Ok, the contest is ready. I’ll start off with the information everybody has been waiting for: IP: 80.190.250.213 There is a webserver running with a brief description of the target and rules of the contest http://80.190.250.213/ The webserver is actually part of the contest since people are supposed to deface this page. To make it a bit more interresting, the ssh sessions are recorded with script and saved here for everyone to see (e.g. “less -r filename”). Rules and Target of the contest: As stated above, deface this page. To achieve this goal, everything is allowed. Do what you need/want to achieve the goal. Unfortunatly we will still need a […]

Continue reading