Selective root shells

December 6th, 2009 admin No comments

On my work systems, the root account can be accessed by three system administrators, including myself. I like zsh (for interactive use) and bash for scripting. The other admins do not share my interest in zsh. So, I place a small piece of code such as the following in root@<host>:~/.bashrc

if [ $( /usr/bin/who am i | /bin/awk '{print $1}' ) = "kevin" ]; then
    [[ ! -L ~/.zshrc ]] && /bin/ln -s ~kevin/.zshrc ~/.zshrc
    exec /usr/local/bin/zsh -l
fi

Then, in root@<host>:~/.zlogout, I add the following:

if [ $( /usr/bin/who am i | /bin/awk '{print $1}' ) = "kevin" ]; then
    [[ -L ~/.zshrc ]] && {
        echo "removing .zshrc"
        /bin/rm -f ~/.zshrc
    }
fi

This enables me to enjoy zsh, without upsetting anyone else. I have root-specific code in my .zshrc to tailor the environment to my liking. It has the added benefit of not affecting console logins (unless I log in as myself from the console, and then su - to root).

Cheers,
Kevin

Categories: Shells Tags:

Getting Started with Solaris Containers

November 9th, 2009 admin No comments

Migrated my Getting Started with Solaris Containers article over from the old zazzybob.com site.

Cheers,

Kevin

Categories: Solaris, Zones Tags:

SecCheck

November 9th, 2009 admin No comments

I’ve migrated the SecCheck security auditing tool for Solaris 10 over to the new zazzybob.com site. You can view the Project page here.

Cheers,

Kevin

Categories: Security, Solaris Tags:

Find a users working directory

November 8th, 2009 admin No comments

First, perform a w or a who to find out which pseudo-terminal the user is using: 

# w | grep "oracle"
oracle   pts/12       Fri 3pm 3days                -bash

Now, we can find out the PID of the shell they’re using: 

# ps -ef | grep '[p]ts/12'
  oracle 11918 11916   0   May 18 pts/12      0:00 -bash

Finally, use the pwdx command to find the pwd of the process: 

# pwdx 11918
11918:  /var/opt/oracle

Cheers,
Kevin

Categories: Solaris Tags:

Null delimit find output

November 8th, 2009 admin No comments

If you are attempting to pipe the output of find to another command
such as xargs, and your files have quotes, spaces, or other “nonstandard”
characters in them, you can null terminate (rather than newline terminate) your
find output with -print0. You can then use the -0 option
to xargs to read the NUL delimeted output.

For example, I had a bunch of 1252 byte files in a directory with spaces in their
filenames. So…

# find . -size 1252c -print0 | xargs -0 rm

Too easy!

Cheers,
Kevin

Categories: GNU Tools, One Liners Tags:

Excluding entries from logwatch reports

November 5th, 2009 admin No comments

I use logwatch on all of my RHEL/CentOS hosts to mail daily digests of important log activity for eyeballing.

However, on my mail server, I run freshclam from cron, and this appears to confuse the clam-update logwatch script plugin. So, this leaves the question – how do you disable a specific plugin?

First, you can list the available script plugins:

# ls /usr/share/logwatch/scripts/services

In my case, the plugin I wanted to disable was clam-update (the script name will match the appropriate headed block within your logwatch output).

To disable, I added the following to /etc/logwatch/conf/logwatch.conf

1
2

# Added 05/11/2009 - KW
Service = "-clam-update"

Once done, re-run logwatch. You should see the offending log block removed from your email.

# /etc/cron.daily/0logwatch

Cheers,
Kevin

Categories: CentOS/RHEL, Logwatch Tags:

Updating a file on all zones at the same time

November 3rd, 2009 admin No comments

I recently modified /etc/resolv.conf on all of my global zones after building new nameservers. I wanted a quick way to copy this updated configuration to all child zones. A simple one-liner does the trick on each global zone (assuming all your zones are in the /var/zones zonepath):

# zoneadm list | grep -v global | while read zone; do cp -p /etc/resolv.conf /var/zones/${zone}/root/etc; done

Cheers,
Kevin

Categories: One Liners Tags:

Checking an HTTPS webserver

November 3rd, 2009 admin No comments

It’s easy to telnet to port 80 on a “standard” non-SSL webserver, and issue a GET / in order to verify that the webserver is responding correctly. But how to do it over SSL? Just use the s_client command via the openssl tool

# openssl s_client -connect www.example.com:443

You’ll see details of the certificate chain displayed (as well as any errors), and you can then issue your GET / to test the webservers operation.

You can also use this tool to test other SSL-enabled services (such as IMAPS/POP3S).

Cheers,
Kevin

Categories: Apache, One Liners Tags:

Removing Bounces From the Mail Queue

November 3rd, 2009 admin No comments

The following simple one liner will do the trick:

# mailq | grep MAILER-DAEMON | awk '{print $1}' | sed 's/\*//' | postsuper -d -

Cheers,
Kevin

Categories: One Liners, Postfix Tags:

Generate hashed passwords

November 3rd, 2009 admin No comments

Another OpenSSL related tip.

If you’ve ever wanted to generate a hashed password suitable for inclusion in the /etc/shadow file (for example, during post-install procedures such as sysidcfg), you can use the openssl passwd command

$ openssl passwd
Password:
Verifying - Password:
HaShEdPaSsCoMeSoUt

Cheers,
Kevin

Categories: One Liners, Security Tags: