zazzybob.com

Selective root shells

admin — Sun, 06 Dec 2009 10:02:23 +0000

On my work systems, the root account can be accessed by three system administrators, including myself. I like zsh (for interactive use) and bash for scripting. The other admins do not share my interest in zsh. So, I place a small piece of code such as the following in root@:~/.bashrc

if [ $( /usr/bin/who am i | /bin/awk '{print $1}' ) = "kevin" ]; then
    [[ ! -L ~/.zshrc ]] && /bin/ln -s ~kevin/.zshrc ~/.zshrc
    exec /usr/local/bin/zsh -l
fi

Then, in root@:~/.zlogout, I add the following:

if [ $( /usr/bin/who am i | /bin/awk '{print $1}' ) = "kevin" ]; then
    [[ -L ~/.zshrc ]] && {
        echo "removing .zshrc"
        /bin/rm -f ~/.zshrc
    }
fi

This enables me to enjoy zsh, without upsetting anyone else. I have root-specific code in my .zshrc to tailor the environment to my liking. It has the added benefit of not affecting console logins (unless I log in as myself from the console, and then su - to root).

Cheers,
Kevin

Getting Started with Solaris Containers

admin — Mon, 09 Nov 2009 00:31:16 +0000

Migrated my Getting Started with Solaris Containers article over from the old zazzybob.com site.

Cheers,

Kevin

SecCheck

admin — Mon, 09 Nov 2009 00:19:41 +0000

I’ve migrated the SecCheck security auditing tool for Solaris 10 over to the new zazzybob.com site. You can view the Project page here.

Cheers,

Kevin

Find a users working directory

admin — Sun, 08 Nov 2009 04:41:37 +0000

First, perform a w or a who to find out which pseudo-terminal the user is using:

# w | grep "oracle"
oracle   pts/12       Fri 3pm 3days                -bash

Now, we can find out the PID of the shell they’re using:

# ps -ef | grep '[p]ts/12'
  oracle 11918 11916   0   May 18 pts/12      0:00 -bash

Finally, use the pwdx command to find the pwd of the process:

# pwdx 11918
11918:  /var/opt/oracle

Cheers,
Kevin

Null delimit find output

admin — Sun, 08 Nov 2009 04:34:31 +0000

If you are attempting to pipe the output of find to another command
such as xargs, and your files have quotes, spaces, or other “nonstandard”
characters in them, you can null terminate (rather than newline terminate) your
find output with -print0. You can then use the -0 option
to xargs to read the NUL delimeted output.

For example, I had a bunch of 1252 byte files in a directory with spaces in their
filenames. So…

# find . -size 1252c -print0 | xargs -0 rm

Too easy!

Cheers,
Kevin

Excluding entries from logwatch reports

admin — Wed, 04 Nov 2009 22:18:00 +0000

I use logwatch on all of my RHEL/CentOS hosts to mail daily digests of important log activity for eyeballing.

However, on my mail server, I run freshclam from cron, and this appears to confuse the clam-update logwatch script plugin. So, this leaves the question – how do you disable a specific plugin?

First, you can list the available script plugins:

# ls /usr/share/logwatch/scripts/services

In my case, the plugin I wanted to disable was clam-update (the script name will match the appropriate headed block within your logwatch output).

To disable, I added the following to /etc/logwatch/conf/logwatch.conf

1 2	# Added 05/11/2009 - KW Service = "-clam-update"

Once done, re-run logwatch. You should see the offending log block removed from your email.

# /etc/cron.daily/0logwatch

Cheers,
Kevin

Updating a file on all zones at the same time

admin — Tue, 03 Nov 2009 06:11:07 +0000

I recently modified /etc/resolv.conf on all of my global zones after building new nameservers. I wanted a quick way to copy this updated configuration to all child zones. A simple one-liner does the trick on each global zone (assuming all your zones are in the /var/zones zonepath):

# zoneadm list | grep -v global | while read zone; do cp -p /etc/resolv.conf /var/zones/${zone}/root/etc; done

Cheers,
Kevin

Checking an HTTPS webserver

admin — Tue, 03 Nov 2009 06:10:14 +0000

It’s easy to telnet to port 80 on a “standard” non-SSL webserver, and issue a GET / in order to verify that the webserver is responding correctly. But how to do it over SSL? Just use the s_client command via the openssl tool

# openssl s_client -connect www.example.com:443

You’ll see details of the certificate chain displayed (as well as any errors), and you can then issue your GET / to test the webservers operation.

You can also use this tool to test other SSL-enabled services (such as IMAPS/POP3S).

Cheers,
Kevin

Removing Bounces From the Mail Queue

admin — Tue, 03 Nov 2009 06:08:33 +0000

The following simple one liner will do the trick:

# mailq | grep MAILER-DAEMON | awk '{print $1}' | sed 's/\*//' | postsuper -d -

Cheers,
Kevin

Generate hashed passwords

admin — Tue, 03 Nov 2009 06:07:54 +0000

Another OpenSSL related tip.

If you’ve ever wanted to generate a hashed password suitable for inclusion in the /etc/shadow file (for example, during post-install procedures such as sysidcfg), you can use the openssl passwd command

$ openssl passwd
Password:
Verifying - Password:
HaShEdPaSsCoMeSoUt

Cheers,
Kevin