May 13th, 2020 Admin
squid.conf
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
# Choose the port you want. Below we set it to default 3128.
http_port 3128
Then on the command line add your user:
htpasswd -c /etc/squid3/passwords username_you_like
and restart squid
service squid3 restart
service squid3 restart
Posted in Linux | No Comments »
May 13th, 2020 Admin
Smart recipes
I use the following handy recipe to forward puzzles that any friend sends to me, while I keep a copy of it myself. That is, I have to perform two tasks at the same time. Here’s how you can go about it:
# forward puzzles to a friend
#and also keep a copy
:0
* ^Subject:.*(puzzle)
{
:0 c
! myfriend@buddy.com
:0
puzzle
}
Here we use a nested block (enclosed in braces) instead of an action line. This block allows us to put multiple recipes within it, which are used only if the parent recipe is true.
In both the recipes in the block, we don’t have any condition statements. In the first action, the c
flag is used to copy the message. Typically, a message will only run through the first recipe that is true. That is, if we don’t use the c
flag, we can’t run the mail through the second recipe. The bang (!) before the email address indicates we want to forward the mail. The second recipe in the block delivers the mail to the puzzle directory.
Posted in Linux | Comments Off on Procmail recipe – smart recipes
July 27th, 2015 Admin
These iptables rules will limit the exposure to brute force and dictionary attacks on port 22 SSH.
iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 2 -j DROP
iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP
# And remember to save the new set of iptables:
/usr/libexec/iptables/iptables.init save
service iptables save
Posted in Linux | Comments Off on Rate limit ssh port 22 access
May 16th, 2012 Admin
Export
mysqldump -u username -p database_name > dbname.sql
Import
mysql -p -u username database_name < dbname.sql
Replace username with the database username
Replace database_name with the name of the database
Condition of the above working is, that you are logged into the Linux server (by ssh or console) that runs the MySQL database and that you have the password relevant to the database user.
Posted in Linux | Comments Off on MySQL command line import/export
January 10th, 2012 Admin
Sending an auto reply while on vacation
PATH=/bin:/usr/bin:/software/common/bin
MAILDIR=$HOME/mailroom #you’d better make sure it exists
LOGFILE=$MAILDIR/procmail.log #recommended
# Vacation work-alike (3/6/98) Accurso
#
# This is an annotated and slightly modified version of the
# vacation work-alike example given in “man procmailex”.
# The use of ^TO is the significant modification.
# See also “man procmailrc”.
#
# First we must decide whether to send an auto reply.
# All the egrep conditions (* lines) must be satisfied.
# If so, headers (h) of the current message are fed to
# formail which checks the vacation.cache to find out
# if the sender has already received an auto reply.
# We will lock vacation.lock while processing this
# recipe to avoid clashes when updating the cache.
#
# This recipe waits (W) for a return from formail.
# Without the (c) procmail would stop processing
# after completing this recipe because it is
# a delivery recipe, it delivers headers to formail.
#
# The conditions ^TO and ^FROM_DAEMON are more than
# meet the eye.
#
# ^TOzz1demo is satisfied if zz1demo
# appears in any recipient header To: Cc: Bc:.
# This avoids sending auto replies to messages that
# were addressed to an alias or maillist, but not
# explicitly to zz1demo.
#
# !^FROM_DAEMON makes sure we do not auto reply to
# messages from any of a wide variety of daemons.
#
# “!^X-Loop: zz1demo@ieng9.ucsd.edu” avoids replying
# to our own auto reply, notice below that this X-Loop
# header is inserted into the auto replies we send out.
SHELL=/bin/sh # for other shells, this might need adjustment
:0 Whc: vacation.lock
* ^TOzz1demo
* !^FROM_DAEMON
* !^X-Loop: zz1demo@ieng9.ucsd.edu
| formail -rD 8192 vacation.cache
# Due to (e) recipe below is executed if the preceding one
# returns an error status. In this case it is not really
# and error, it is just the signal from formail to go
# ahead with the auto reply. Notice that if in the
# preceding recipe the egrep conditions are not met
# and that causes the formail cache check to be
# skipped, procmail is [somehow] clever enough to skip
# this recipe.
#
# The headers (h) of the current message are fed to the
# formail in this recipe in order to construct the
# headers for the auto reply.
#
# The (c) in this recipe causes the whole
# current message to be processed after this recipe.
# Typically that means it will be processed with no
# further recipies and that is how you get a copy in your
# mailbox. There is no need for a lock while executing
# this recipe so none is used.
:0 ehc # if the name was not in the cache
| (formail -rA”Precedence: junk” \
-A”X-Loop: zz1demo@ieng9.ucsd.edu” ; \
echo “I received your mail, but I will be away”; \
echo “from the office until Monday Dec 15th.”; \
echo ” “;\
echo “If this is an urgent matter, please call my office XXX-XXXX “;\
echo ” “;\
cat $HOME/.sig \
) | $SENDMAIL -oi -t
Automatically discarding or returning unwanted mail
Return to sender with “reject” notice (not for spam!)
# This procmailrc will automatically reject and bounce mail from
# certain addresses. NOTE: DO NOT USE THIS FOR SPAM! Only use it for
# folks that you know have a valid return address.
#
# This file can be dropped into your home directory as ‘.procmailrc’, or
# inserted into your existing ‘.procmailrc’, with or without the
# comments.
# -zz1sn 2/18/98
#
# The :0 is the start of a rule. Note, blank lines in a rule are NOT
# happy. Don’t insert any blank lines between the :0 and the line with
# $SENDMAIL, or the rule won’t work. Also, don’t put any comments
# within the rule, either.
#
# The *^From:.*example.*nuisance
# line indicates the string you want to match. If the From
# header in the e-mails you want to match looks something like
# From: Block Head <llarry@ancientgames.com>
# you can use a rule like: *^From:.*llarry.*ancientgames
# or perhaps something like *^From:.*Block Head
# (Remember, case is important – capitals are different from lowercase!)
#
# You want to be as specific as possible, but general enough to
# catch the person’s e-mails. The ‘*^From: bit ensures that the
# rule only matches on the ‘From:’ header, and the ‘.*’ sequence
# is a wildcard (match 0 or more occurrences of any character).
#
# Replace ‘example.*nuisance’ with your expression; otherwise, this
# rule won’t do a thing.
#
# If you want to reject mail from more than one source you can
# repeat the whole rule (from the :0 line to the SENDMAIL line)
# as many times as necessary in your .procmailrc file. Put
# a blank line between rules.
#
# This rule bounces the mail. First, it pipes through a series of
# commands that generate a new e-mail. ‘formail’ takes the old e-mail
# and generates a response; we replace the ‘From:’ line with
# ‘devnull@ucsd.edu’ (which silently discards all mail) to prevent
# mail loops caused by ricocheting bounces.
#
# We then pipe the result through $SENDMAIL -oi -t, which tells
# sendmail to ignore dots as end-of-file markers, and to grab the
# sender/recipient info from the message body.
#
# Note syntax; anything that should be in the message needs to go in
# an ‘echo’ statement inside the parentheses. It should be
# double-quoted, and should not contain funny characters (*, $, etc.).
# The ‘ \’ (space-backslash) needs to be at the end of each line
# except the last to indicate that technically the entire rule belongs
# on one line.
#
:0
*^From:.*example.*nuisance
|( formail -rI”From: Responses will be automatically discarded <devnull@ucsd.edu>”; \
echo “Your mail has been administratively rejected.”; \
echo “It was NOT received.” \
) | $SENDMAIL -oi -t
Discard/block e-mail messages (without return to sender)
# This procmailrc will automatically reject and discard mail from
# certain addresses.
#
# This file can be dropped into your home directory as ‘.procmailrc’, or
# inserted into your existing ‘.procmailrc’, with or without the
# comments.
# -zz1sn 3/09/98
#
# The :0 is the start of a rule. Note, blank lines in a rule are NOT
# happy. Don’t insert any blank lines between the :0 and the line with
# $SENDMAIL, or the rule won’t work. Also, don’t put any comments
# within the rule, either.
#
# The *^From:.*example.*nuisance
# line indicates the string you want to match. If the From
# header in the e-mails you want to match looks something like
# From: Block Head <llarry@ancientgames.com>
# you can use a rule like: *^From:.*llarry.*ancientgames
# or perhaps something like *^From:.*Block Head
# (Remember, case is important – capitals are different from lowercase!)
#
# You want to be as specific as possible, but general enough to
# catch the person’s e-mails. The ‘*^From: bit ensures that the
# rule only matches on the ‘From:’ header, and the ‘.*’ sequence
# is a wildcard (match 0 or more occurrences of any character).
#
# Replace ‘example.*nuisance’ with your expression; otherwise, this
# rule won’t do a thing.
#
# This rule silently discards all mail containing the matched From:
# address. If you want to discard mail from more than one address,
# duplicate the entire 3-line rule, from :0 to /dev/null (changing the
# wildcard expression appropriately)
#
#
:0
*^From:.*example.*nuisance
/dev/null
Posted in Linux | Comments Off on ProcmailRC recipes
November 18th, 2011 Admin
By far the simplest way to transfer/copy/move instanaces between AWS regions is to use the Ylastic interface.
It is US$20 and when you transfer there are costs for traffic and a temporary control instance (which you also will have with the method below). However Ylastic makes this a 5 minute understand and setup process. And it works even for Windows instances.
Preparation:
In AWS web console
- Stop instance to move to another region
- Make snapshop (you can restart your original instance and put it back in production)
- Make new volume of snapshot
- Start another instance
- Attach the volume from the snapshot to the newly started instance
- (on the temp instance in the source region) Mount the volume to the instance
- Start an instance in the target region
- Create a volume of the same size as your source volume in the target region in the same availability zone as your target instance.
- Attach the just create volume to the target instance
- (on the target instance) Format the attached volume with the same file system as the source instance.
- (on the target instance) Mount the target instance
- (on the target instance) make sure you can access the temp instance in the source region via SSH – disable any keys and change ssh_config in the temp instance in the source region etc, if you have to.
- (on the target instance) Copy files from the temp instance the source to the mounted volume on the target with rsync:
rsync -PHAXaz -e ssh ec2-107-22-76-156.compute-1.amazonaws.com:/mnt/sdf1/ /mnt/sdf1
- (on the target instance) Unmount the volume
- Detach the volume
- make a snapshot
- make an image
- start the instance. DOESNOT WORK. Don’t know why.
Posted in Linux | Comments Off on Amazon AWS EC2 – Move instance to other region
August 20th, 2011 Admin
Install dd_rescue (not ddrescue – although that might also work)
copying everything to a file:
dd_rescue /dev/hda1 target-file.img
Mounting the file:
losetup /dev/loop0 target-file.img
mount /dev/loop0 /home/you/dir
or
mount -o loop target-file.img /home/you/dir
Posted in Linux | Comments Off on Recover information from a disk otherwise unreadable or unmountable
August 20th, 2011 Admin
Installing s3fs on CentOS 5.6
Assumptions:
- rpmforge yum repo installed
- centos up-to-date – yum -y update
Installation:
- yum -y install python
- yum -y install fuse
- yum -y install libfuse
- yum -y install python-hashlib
- wget ftp://rpmfind.net/linux/epel/5/i386/fuse-python-0.2.1-1.el5.i386.rpm
- rpm -ivh fuse-python-0.2.1-1.el5.i386.rpm
- yum -y install fuse-s3fs
Then you will need to do:
- Make your access details available to the program:
(there are a multitude of ways to do that. This is just one shot for this session. You could also include them in your environment)
export AWS_ACCESS_KEY_ID=<your amazon access key id>
export AWS_SECRET_ACCESS_KEY=<your amazon secret access key>
- Create a bucket:
/usr/bin/s3fs -C -c bucketnameofyourchoice
- Format bucket to be used with this program:
/usr/bin/s3fs -C -f bucketnameofyourchoice
- Mount the bucket to a convenient place:
/usr/bin/s3fs -o bucket=bucketnameofyourchoice /mnt/s3/
Then Amazon S3 behaves as if it is part of your file system and you can copy to and from and rsync to and from it. Ideal for backup.
Posted in Linux | Comments Off on Installing s3fs on CentOS 5.6
December 8th, 2010 Admin
Download fuse & ntfs-3g.
Use Yum:
Prompt>yum install -y fuse ntfs-3g
Mount the partition:
[root@server1~]# mount.ntfs-3g /dev/sda9 /mnt/temp
This assumes /dev/sda9 is the NTFS partition and /mnt/temp is the place to mount it to.
Posted in Linux | Comments Off on Make CENTOS mount NTFS
January 14th, 2010 Admin
No, not in the current stable release. But there are workarounds, eg using your firewall to redirect incoming traffic to a given port.
# Example IPTABLES, REDIRECT INCOMING CONNECTION ON PORT 9292 TO DEFAULT POP3 PORT
iptables -t nat -A PREROUTING -p tcp -m tcp –dport 9292 -j REDIRECT –to-port 110
Posted in Linux | Comments Off on Is it possible to have Dovecot imap/pop daemons listening on multiple ports?