destr0yr's aslyum

Exchange 2003: HTTP_500 when running ActiveSync on iPAQ

Mon, 29 May 2006 10:20:40 -0700

Apparently when upgrading Exchange 2003 to Service Pack 2, your devices may no longer synchronize with ActiveSync as you would expect. Searching through the EventLog directed me to the following Microsoft Knowledge Base Article: http://support.microsoft.com/default.aspx?scid=kb;en-us;817379. Method 2 corrected the issue.

cPanel: postmaster, abuse server-wide

Sun, 14 May 2006 23:26:33 -0700

This is actually quite simple, just follow Chirpy's recommendation from the cPanel forums.

1. Create a file called /etc/myaliases with:

Code:

postmaster: root
abuse: root

2. In the WHM > Exim Configuration Editor scroll down to the section "DIRECTORS CONFIGURATION" and in the first textbox of that section put:

Code:

mysystem_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${lookup{$local_part}lsearch{/etc/myaliases}}
  file_transport = address_file
  pipe_transport = address_pipe
  retry_use_local_part

You'll then have a server-wide postmaster and abuse address that won't be interefered with by users having :fail: Default Addresses.

You know you work with computer nerds when...

Mon, 01 May 2006 15:34:02 -0700

So I come into work today to be greated with an email with the subject "Auction!!!". In the body exists a URL and one-liner that says, "Everybody get your bids in. Anything goes!".

Here's a screenshot of the website for your enjoyment (MS Painted for security purposes). Also, I've colour coordinated the bidders with my l33t MS-Paint 5k!||z...uhh, anyways, everything was going well until the eventual winning bidder played the ultimate trump card: a red swingline stapler.

Here's the Auction Ended email body: I am please to announce the winner of today's auction.

The slightly used nail clippers go to XXXXXX. His bid of a red Swingline was irresistible.

I will release the slightly used nail clippers to XXXXXX as soon as he can make his way out of his office in the basement to deliver the stapler to me.

If you don't know the significance of said stapler, please remove your propeller beanie and toss yourself in the local kiln *.

* - DO NOT actually toss yourself into the local kiln. This would be bad. kthnx.

Kernel: 2.6.16 breaks iptables

Fri, 21 Apr 2006 10:51:14 -0700

The other day I noticed, much to my chagrin, a plethora of invalid user attempts against my SSH server.

For example:

Apr 19 15:30:46 slaxor sshd[13306]: Invalid user station from 161.111.100.200
Apr 19 15:30:47 slaxor sshd[13311]: Invalid user play from 161.111.100.200
Apr 19 15:30:49 slaxor sshd[13316]: Invalid user open from 161.111.100.200
Apr 19 15:30:51 slaxor sshd[13321]: Invalid user dulap from 161.111.100.200
Apr 19 15:30:52 slaxor sshd[13326]: Invalid user if from 161.111.100.200
Apr 19 15:30:54 slaxor sshd[13331]: Invalid user uk from 161.111.100.200
Apr 19 15:30:56 slaxor sshd[13336]: Invalid user us from 161.111.100.200
Apr 19 15:30:57 slaxor sshd[13341]: Invalid user alinus from 161.111.100.200
Apr 19 15:30:59 slaxor sshd[13346]: Invalid user rumeno from 161.111.100.200
Apr 19 15:31:01 slaxor sshd[13351]: Invalid user it from 161.111.100.200

I figured I'd check my iptables rules and noticed that something was amuck:

# iptables -nL
 FATAL: Module ip_tables not found. 
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?) 
 Perhaps iptables or your kernel needs to be upgraded.

A trip over the the Gentoo Forums returned the following post: http://forums.gentoo.org/viewtopic-t-449843-highlight-iptables+gentoosources.html. Edit your /usr/src/linux/.config and replace the current settings with the following:

# Networking options
#
# CONFIG_NETDEBUG is not set
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
CONFIG_UNIX=y
CONFIG_XFRM=y
# CONFIG_XFRM_USER is not set
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_FIB_HASH=y
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
CONFIG_NET_IPGRE=y
# CONFIG_NET_IPGRE_BROADCAST is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_ARPD is not set
# CONFIG_SYN_COOKIES is not set
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
CONFIG_INET_TUNNEL=y
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_TCP_CONG_ADVANCED is not set
CONFIG_TCP_CONG_BIC=y

#
# IP: Virtual Server Configuration
#
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set

#
# Core Netfilter Configuration
#
# CONFIG_NETFILTER_NETLINK is not set
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_DCCP=m
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
CONFIG_NETFILTER_XT_MATCH_REALM=m
CONFIG_NETFILTER_XT_MATCH_SCTP=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m

#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=m
# CONFIG_IP_NF_CT_ACCT is not set
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_EVENTS=y
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_PPTP is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_MATCH_HASHLIMIT=m
CONFIG_IP_NF_MATCH_POLICY=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m

MySQL: Data truncated for column 'Password' at row

Mon, 10 Apr 2006 14:48:17 -0700

A client had an error which I had not seen. Seems that MySQL had some issues and was truncating the password hash which basically killed the users account. The solution, in this case, was to upgrade from MySQL 4.1.15 to 4.1.18 (the bug was resolved in 4.1.16), run mysql with --skip-grant-tables and finally run /usr/bin/mysql_fix_privilege_tables.

Here's what you may see if you encounter this error:

mysql> use `mysql`;
mysql> show columns from `user` like 'Password';
+----------+-------------+------+-----+---------+-------+
| Field    | Type        | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+-------+
| Password | char(16)    |      |     |         |       |
+----------+-------------+------+-----+---------+-------+
1 row in set (0.00 sec)

This was peculiar as another user at the bug listed above had varchar(16) for the Type on the Password field. After running mysql_fix_privilege_tables, it displayed varchar(41).

mysql> update user set password=password('bar') where user='foo';
Query OK, 1 row affected, 1 warning (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 1

mysql> show warnings;
+---------+------+-----------------------------------------------+
| Level   | Code | Message                                       |
+---------+------+-----------------------------------------------+
| Warning | 1265 | Data truncated for column 'Password' at row 5 |
+---------+------+-----------------------------------------------+

mysql> select user, password from user where user='foo';
+------+------------------+
| user | password         |
+------+------------------+
| foo  | *E8D46CE25265E54 |
+------+------------------+

A little more clarification as to what was done to fix this.

Stop MySQL
Upgrade MySQL to 4.1.18, 5.0.16 or better
Run mysqld_safe &
Run /usr/bin/mysql_fix_privilege_tables
Jump into mysql, simply running mysql should work.
Reset your users password with:

mysql> use mysql;

mysql> update user set password=password('bar') where user='foo';

If this completes properly, you should receive zero (0) warnings. If you do see a warning, type SHOW WARNINGS; and Google it ;)
Exit mysql and restart it either with service mysqld restart or /etc/init.d/mysql restart

Linux: Single mode password required

Fri, 07 Apr 2006 13:55:06 -0700

Occasionally when booting a secured server in single mode, you are prompted to enter the root password or press Control+D to boot into normal mode. This is an issue if the reason you boot into single mode was to reset the root password. One way to get around this is instead of simply typing "single", try "init=/bin/bash single" on the kernel line.

More info can be found here: http://linuxpronews.com/2004/0211.html

Windows 2003: Security Templates for GPOs

Fri, 07 Apr 2006 12:13:05 -0700

The big bad error in my Event Log:

 Event Type: Warning
 Event Source: SceCli
 Event Category: None
 Event ID: 1202
 Date: 4/7/2006
 Time: 11:49:35 AM
 User: N/A
 Computer: AD01
 Description:
 Security policies were propagated with warning. 0xd : The data is invalid.
 
 Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
 
 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Searching for "troubleshooting 1202 events" at the Microsoft Knowledge base, along with "the data is invalid" returns one valid article for Windows 2000 - I am using 2003. Anyways, Google found the answer over at http://forums.asp.net/727214/ShowPost.aspx.

From the article above, and I quote: "To solve this problem I deleted WH-Domain controller GPO, updated DomainControllerV1.inf security template by replacing string 'HKEY_LOCAL_MACHINE' with 'MACHINE', and recreate WH-Domain controller GPO using updated template."

DNS: TXT SPF record with CNAME (with BIND)

Thu, 06 Apr 2006 08:55:20 -0700

openspf.org may recommend adding a record such as:

mail.domain.tld. IN TXT "v=spf1 a -all"

Upon adding the TXT record, you may receive the following errors when running a named-checkzone (our through your control panel, such as WHM/cPanel):

# named-checkzone domain.tld /var/named/domain.tld.db
 dns_master_load: /var/named/domain.tld.db:30: mail.domain.tld: CNAME and other data
 zone domain.tld/IN: loading master file /var/named/domain.tlddb: CNAME and other data

The issue is that you cannot mix CNAME (look in your zone file, mail.domain.tld. will be a CNAME) with other records for a name as this is a DNS restriction. The solution is to change mail.domain.tld to an A record (from the CNAME) and disaster should be averted.

Gentoo: Re-caching dependency info (mtimes differ)

Thu, 06 Apr 2006 08:32:09 -0700

After doing an emerge -e world on my system, I restarted and noticed a ton of messages stating, "Re-caching dependency info (mtimes differ)...".

For example:

/etc/init.d/hdparm restart
* Re-caching dependency info (mtimes differ)...
* Re-caching dependency info (mtimes differ)...
* Re-caching dependency info (mtimes differ)...
* Re-caching dependency info (mtimes differ)...
* Re-caching dependency info (mtimes differ)...

The following solution from the Gentoo Forums worked for me:

touch /etc/init.d/*; /sbin/depscan.sh --update

Fedora/RedHat: "rpm" locks up

Wed, 22 Mar 2006 10:02:07 -0800

The the longest time I've always wondered why the hell one of the systems at work would continuously lockup on the RPM command. It was really a pain in the ass as their was a cronjob that would run the following command daily without ever completing, leaving an infinate number of processes open that just sat there:

rpm -qa --qf '%{name}-%{version}-%{release}.%{arch}.rpmn' 2>&1
| sort > /var/log/rpmpkgs

The fix, which Google helped me find, is here: http://voidmain.is-a-geek.net/redhat/fedora_1_rpm_lockup_bug_workaround.html

/me brings out the l33t c0py/p4$t3 5k!||z
Let us begin:

$ su -
(enter root's password)
# killall -9 rpm
# rm /var/lib/rpm/__*

That is two underscore "_" characters before the "*" in the above command. You should be prompted if you want to delete the following files:

/var/lib/rpm/__db.001
/var/lib/rpm/__db.002
/var/lib/rpm/__db.003

Answer "y" to each of those files. Now you should be able to again install/remove packages with the "rpm" command. Try and install or remove the same package that caused it to hang up and you will likely find that it now works.

Further Reading:
Specific problem in Bugzilla
Red Hat Bugzilla