Tuesday, January 17, 2012

Restricting webserver access

Solution for restricting webserver access from the internet, but clients from local net
can work normal. Adding this to the .htaccess file from apache:


order deny,allow
allow from 10.10.10.10
allow from 10.10.10.11
deny from all
Satisfy Any
AuthName "Please login"
AuthType Basic
AuthUserFile /var/passwordfile
Require user username


This solution guarant access from clients with the ip ..10 and ..11 and
all other clients become a prompt for login.
In this way, i add all local clients to the list, and access with port-forwarding the server.
All other must know username and password.

Debian startup scripts

There are three interestings places for starting programms automaticaly.
First place is the
/etc/rc.local
This script runs at every start of the computer. Here i store things that should run
only when booting like mounting samba shares (other place for mounting is the fttab).

Secound place is the
/home/user/.profile
This script runs on a login shell, when you first login on a (virtual) terminal.
If you start a terminal from gnome, it won't run.

Third place is the
/home/user/.bashrc
This file runs every bash you start. Running a terminal from gnome or kde will
execute this file too.


For completition i show the last script
/home/user/.bash_logout
This scripts run, when leaving a loginshell. At debian default it only clears the screen
for privacy when logging out.


Of course there are more places for starting programmes, but i hope this short overview is helpfull.

Friday, January 6, 2012

Mail after ssh login

Very secure, i run this short script and after each ssh login i get a email to an privat email-account, who was logged in from which ip-address.
If the server would be hacked, the mails goes out so quickly, that the person who breaks in has no chance to stop it.
Even if he removed every sign of his break in, the mails is out!

echo 'Login on' `hostname` `date` `who` | mail -s "Login on `hostname` `who | awk '{print $5}'`" my@email.org

I added the line to my .bashrc file.

Thursday, January 5, 2012

Change a database field to md5 hash

Change all entrys of a fild in a database table to md5 hash,
this sql string works fine:
UPDATE tablename SET fieldname = MD5(fieldname)

Useful for a table with adresses, where the password should be converted.

Asterisk crashes after out of memory

My asterisk server crashes after severeal days with a out of memory problem.
For some day it works fine, then without a cause the server crashes.

Till now i have no idea why. Before the system halted, the oom killer starts to free memory,
but it dont work correctly.

Here a part of the log:

Dec 30 14:59:48 iptam kernel: 12195 pages shared
Dec 30 14:59:48 iptam kernel: 0 pages swap cached
Dec 30 14:59:48 iptam kernel: 2 pages dirty
Dec 30 14:59:48 iptam kernel: 0 pages writeback
Dec 30 14:59:48 iptam kernel: 2204 pages mapped
Dec 30 14:59:48 iptam kernel: 216133 pages slab
Dec 30 14:59:48 iptam kernel: 143 pages pagetables
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 7330 (apache2) score 876 or a child
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 7330 (apache2) score 876 or a child
Dec 30 14:59:48 iptam kernel: Killed process 7330 (apache2)
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 7332 (apache2) score 876 or a child
Dec 30 14:59:48 iptam kernel: Killed process 7332 (apache2)
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 7076 (qmgr) score 303 or a child
Dec 30 14:59:48 iptam kernel: Killed process 7076 (qmgr)
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 7191 (ntpd) score 251 or a child
Dec 30 14:59:48 iptam kernel: Killed process 7191 (ntpd)
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 7080 (smbd) score 89 or a child
Dec 30 14:59:48 iptam kernel: Killed process 7086 (smbd)
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 7314 (faxgetty) score 76 or a child
Dec 30 14:59:48 iptam kernel: Killed process 7314 (faxgetty)
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 7315 (faxgetty) score 75 or a child
Dec 30 14:59:48 iptam kernel: Killed process 7315 (faxgetty)
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 7316 (faxgetty) score 75 or a child
Dec 30 14:59:48 iptam kernel: Killed process 7316 (faxgetty)
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 7317 (faxgetty) score 75 or a child
Dec 30 14:59:48 iptam kernel: Killed process 7317 (faxgetty)
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 6993 (faxq) score 74 or a child
Dec 30 14:59:48 iptam kernel: Killed process 6993 (faxq)
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 3554 (smbd) score 73 or a child
Dec 30 14:59:48 iptam kernel: Killed process 3554 (smbd)
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 6995 (hfaxd) score 68 or a child
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 6995 (hfaxd) score 68 or a child
Dec 30 14:59:48 iptam kernel: Killed process 6995 (hfaxd)
Dec 30 14:59:48 iptam kernel: Out of memory: kill process 7282 (apache2) score 54 or a child
Dec 30 14:59:48 iptam kernel: Killed process 7282 (apache2)
Dec 30 14:59:48 iptam kernel: hfcmulti_rx: CRC-error
Dec 30 14:59:48 iptam smbd[7080]: Unable to open printcap file /etc/printcap for read!
Dec 30 14:59:48 iptam smbd[7080]: [2011/12/30 14:59:48, 0] printing/pcap.c:pcap_cache_reload(159)
Dec 30 14:59:48 iptam smbd[7080]: Unable to open printcap file /etc/printcap for read!
Dec 30 14:59:49 iptam FaxGetty[31739]: OPEN /dev/ttyIAX03 HylaFAX (tm) Version 4.3.1
Dec 30 14:59:49 iptam FaxGetty[31738]: OPEN /dev/ttyIAX02 HylaFAX (tm) Version 4.3.1
Dec 30 14:59:49 iptam FaxGetty[31737]: OPEN /dev/ttyIAX01 HylaFAX (tm) Version 4.3.1
Dec 30 14:59:49 iptam FaxGetty[31736]: OPEN /dev/ttyIAX00 HylaFAX (tm) Version 4.3.1
Dec 30 14:59:58 iptam FaxGetty[31739]: MODEM WWW.SOFT-SWITCH.ORG spandsp/
Dec 30 14:59:58 iptam FaxGetty[31736]: MODEM WWW.SOFT-SWITCH.ORG spandsp/
Dec 30 14:59:58 iptam FaxGetty[31738]: MODEM WWW.SOFT-SWITCH.ORG spandsp/
Dec 30 14:59:58 iptam FaxGetty[31737]: MODEM WWW.SOFT-SWITCH.ORG spandsp/
Dec 30 15:00:19 iptam kernel: hfcmulti_rx: CRC-error
Dec 30 15:01:12 iptam kernel: hfcmulti_rx: CRC-error
Dec 30 15:01:22 iptam kernel: hfcmulti_rx: CRC-error
Dec 30 15:03:41 iptam smbd[9372]: [2011/12/30 15:03:41, 0] printing/pcap.c:pcap_cache_reload(159)
Dec 30 15:03:41 iptam smbd[9372]: Unable to open printcap file /etc/printcap for read!
Dec 30 15:03:41 iptam smbd[9372]: [2011/12/30 15:03:41, 0] printing/pcap.c:pcap_cache_reload(159)
Dec 30 15:03:41 iptam smbd[9372]: Unable to open printcap file /etc/printcap for read!
Dec 30 15:05:24 iptam kernel: hfcmulti_rx: CRC-error
Jan 1 15:09:49 iptam syslogd 1.4.1#18: restart.

Creating own repository

I am interested in creating an own repository.

On the web-server i need in the simplest way 3 files:

Packages.gz
Release
Release.gpg

Create a directory, and store the .deb file there.
Then i run apt-ftparchive:
apt-ftparchive packages . > Packages

and compress it with gzip:
gzip -9 Packages

Then creating release file with:
apt-ftparchive release . > Release

Now i sign the Release file with gpg:
gpg -u mail@domain.com --output Release.gpg -ba Release

The three files i store at a webserver and now i can add this line to:
deb http://yourserver.de ./


German tutorial is here: http://bit.ly/ACUJR5