New Zealand Linux

We have some users who own servers who dont want to fork out for automated systems like Plesk or Virtualmin, but don’t really want to deal with adding domains and email addresses all the time (and sometimes get lost)

I decided today after one such user emailed us to add another 3 domains and bunch of email addresses to write something simple to help him out, and thought I would share them with you.

I put the following in a plain text file in /root/adddomain.sh

#!/bin/bash
if [ ! $1 ];then
        echo "Usage: $0 domainname.com"
        exit 0
fi
 
echo Adding the virtualhost to apache
cat >/tmp/httpd.tmp < < EOF
 
<VirtualHost *:80>
DocumentRoot /var/www/CHANGEME/html
ServerName CHANGEME
ServerAlias www.CHANGEME
<directory "/var/www/CHANGEME">
allow from all
Options +Indexes
</directory>
 
 
EOF
cat /tmp/httpd.tmp | sed s/CHANGEME/$1/g >> /etc/httpd/conf/httpd.conf
 
echo Making the directory at /var/www/$1
mkdir -p /var/www/$1/html
 
echo reloading apache
/etc/init.d/httpd reload
 
echo Adding domain to mail
echo $1 /etc/postfix/virtual_domain # this was his postfix virtual domain name list

Then run

chmod +x adddomain.sh

Now I can add domains like this very easily

[root@hostname ~]# ./adddomain.sh
Usage: ./adddomain.sh domainname.com
[root@hostname ~]# ./adddomain.sh domain.co.nz
Adding the virtualhost to apache
Making the directory at /var/www/domain.co.nz
reloading apache
Reloading httpd:                                           [  OK  ]
Adding domain to mail
[root@hostname ~]#

Please note: do not add the ‘www’ part onto the domain name. That is done in the script itself where required.

Since he had set up virtual hosting in postfix, i then created another text file at /root/addmailuser.sh – this was so he could add email addresses easily and quickly. The contents were

#!/bin/bash
 
if [ ! $2 ]; then
        echo "Usage: $0 [username|destination] emailaddress"
        exit 0
fi
 
if [ -z $(echo $1 | grep @) ];then
        echo Looks like a username to me, adding the user
        adduser -s /sbin/nologin $1
        passwd $1
else
        echo Looks like a redirect off site, adding it as such
fi
 
echo Adding the email address
echo $2  $1 >> /etc/postfix/virtual
 
echo Running postmap
postmap /etc/postfix/virtual
 
echo Reloading postfix
/etc/init.d/postfix restart

Again i run the chmod on it

chmod +x addmailuser.sh

This is how I can use it

[root@hostname ~]# ./addmailuser.sh
Usage: ./addmailuser.sh [username|destination] emailaddress 
[root@hostname ~]# ./addmailuser.sh julie.domain julie@domain.co.nz
Looks like a username to me, adding the user
Changing password for user julie.domain.
New UNIX password:
BAD PASSWORD: it is too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
Adding the email address
Running postmap
Reloading postfix
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]
[root@hostname ~]#

Or I can use it to create an off site alias

[root@hostname ~]# ./addmailuser.sh james.someguy@gmail.com james@domain.co.nz
Looks like a redirect offsite, adding it as such
Adding the email address
Running postmap
Reloading postfix
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]
[root@hostname ~]#

These were designed/written for Centos/RedHat based systems, let me know if you want it for Debian/Ubuntu based ones. Also, strictly speaking, things don’t need to be restarted, but it doesn’t hurt and is a good way of testing things work ok.
There is no error checking in either of these scripts, feel free to contribute patches/fixes

Occasionally you just want a bit of piece of mind about your server or Linux install. You may suspect there is somebody who has hacked your computer or even something changed by a package install that shouldnt have been.

Heres a couple of ideas on how to do a quick ‘health’ check on he md5sum of binary packages.

Debian based people should install dlocate and use that

apt-get install dlocate
dlocate -md5check openssh-server

To force a fail try something like this

mv /usr/share/man/man5/sshd_config.5.gz /usr/share/man/man5/sshd_config.5.gz-old
echo Boo > /usr/share/man/man5/sshd_config.5.gz
dlocate -md5check openssh-server

For Redhat/Centos etc based servers you can use yum

 rpm -qvV openssh

Again you can force a fail by changing a file

mv /usr/share/doc/openssh-4.3p2/CREDITS /usr/share/doc/openssh-4.3p2/CREDITS-old
echo Boo >/usr/share/doc/openssh-4.3p2/CREDITS
rpm -qvV openssh

For less verbosity just drop the lower case v (so its rpm -qV )

Found at : http://www.jethrocarr.com/index.php?cms=blog:20090718

A new 0-day attack on the Linux kernel has just been released by Brad Spengler called the “Chedder Bay Exploit” which exploits a flaw in the Linux 2.6.30+ kernel.

This exploit is interesting, in that the code doesn’t look particularly broken, but when compiled the compiler optimisations causes the compiled code to have a security hole.

For more technical details on this exploit and further news, check the LWN.net article or use the CVE reference CVE-2009-1897.

From my quick review of the exploit, it appears the attack uses Pulseaudio to bypass Selinux security if it is enabled and then performs an attack against the /dev/net/tun device, allowing a standard user to gain root access.

Not having pulseaudio or the tun kernel module loaded should prevent this exploit from working, although I have not yet had sufficient time to test this since I received the alert announcement around 3am NZ time.

The exploit affects the 2.6.30+ kernel releases and also some of the test kernel 2.6.18 kernel releases by Redhat.

However, all production kernel releases for RHEL/CentOS do not appear to be vulnerable since the change that introduced the security exploit had not been backported yet.

In my tests on CentOS 5.3 with kernel 2.6.18-128.1.16.el5xen on i386/xen, I was unable to trigger the exploit.