Racker Hacker

I found myself pretty darned frustrated when my arrow keys didn’t work in iTerm in vi/vim or other ncurses-based applications. However, give this a shot in an iTerm if you find yourself in the same predicament:

export TERM=linux

Then open something in vi/vim or run an ncurses application. It should let your arrow keys work normally now. To make the setting stick, just do this:

echo "TERM=linux" >> ~/.profile

If you receive the following error, your PIX does not have a key set up for use with SSH:

Type help or '?' for a list of available commands.
pix>
Cannot select private key

Regenerating the key can be done by executing the following:

conf t
ca zeroize rsa
ca generate rsa key 1024
ca save all
write mem
reload

Installing snort from ports on FreeBSD is pretty straightforward, but there are some ‘gotchas’ that you need to be aware of. Here’s a step by step:

Compile snort form the ports tree:
# portinstall snort
-- OR --
# make -C /usr/ports/security/snort install all

You will be asked about which support you want to add to snort, so be sure to choose MySQL (unless you’re not going to use MySQL). When the build is complete, you’ll need oinkmaster as well to update your snort rules:
# portinstall oinkmaster
-- OR --
# make -C /usr/ports/security/oinkmaster install all

Oinkmaster needs a snort download code/hash to be able to get your rules for you. Go to http://snort.org and register for an account. You’ll be given a hash (looks SHA-1-ish) at the bottom of your main account page. Copy /usr/local/etc/oinkmaster.conf.sample to /usr/local/etc/oinkmaster.conf:
# cp /usr/local/etc/oinkmaster.conf.sample /usr/local/etc/oinkmaster.conf

Replace <oinkcode> with the hash you received from snort.org in /usr/local/etc/oinkmaster.conf and uncomment the line:
# Example for Snort-current ("current" means cvs snapshots).
url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-CURRENT.tar.gz

Now that oinkmaster is set up, you can update your snort rules using this command:
# oinkmaster -o /usr/local/etc/snort/rules/
Loading /usr/local/etc/oinkmaster.conf
Downloading file from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-CURRENT.tar.gz... done.
Archive successfully downloaded, unpacking... done.
Setting up rules structures... done.
Processing downloaded rules... disabled 0, enabled 0, modified 0, total=9942
Setting up rules structures... done.
Comparing new files to the old ones... done.
Updating local rules files... done.

Create the snort database and user:
# mysql -u root -ppassword
mysql> CREATE DATABASE `snort`;
mysql> GRANT ALL PRIVILEGES ON snort.* TO 'snort'@'localhost' IDENTIFIED BY 'snortpassword';

There’s a script that is pre-packaged with snort to set up the tables for you:
# mysql -u snort -psnortpassword snort < /usr/local/share/examples/snort/create_mysql

Now it’s time to make changes in the snort.conf:
# nano -w /usr/local/etc/snort/snort.conf

Uncomment and configure these lines:
# config detection: search-method lowmem
# output alert_syslog: LOG_AUTH LOG_ALERT
# output database: log, mysql, user=root password=test dbname=db host=localhost

Uncomment all of the include $RULE_PATH/*.rules lines except for this one:
# include $RULE_PATH/local.rules [comment this line out]

Now, enable snort in the /etc/rc.conf and start it up:
# echo "snort_enable=\"YES\"" >> /etc/rc.conf
# /usr/local/etc/rc.d/snort start
Starting snort.

If you run tail /var/log/messages, you should get some output like this:
snort[12558]: Initializing daemon mode
kernel: fxp0: promiscuous mode enabled
snort[12559]: PID path stat checked out ok, PID path set to /var/run/
snort[12559]: Writing PID “12559″ to file “/var/run//snort_fxp0.pid”
snort[12559]: Daemon initialized, signaled parent pid: 12558
snort[12558]: Daemon parent exiting
snort[12559]: Snort initialization completed successfully (pid=12559)

If you see an error like this, don’t worry, nothing’s wrong:
snort[12559]: Not Using PCAP_FRAMES

To test snort, run a ping against your server from an outside source, and you should see something in your syslog like this:
snort[12559]: [1:368:6] ICMP PING BSDtype [Classification: Misc activity] [Priority: 3]: {ICMP} xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx
snort[12559]: [1:366:7] ICMP PING *NIX [Classification: Misc activity] [Priority: 3]: {ICMP} xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx
snort[12559]: [1:384:5] ICMP PING [Classification: Misc activity] [Priority: 3]: {ICMP} xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx

Installing BASE is pretty simple. You’ll need the adodb port plus the BASE tarball from SourceForge:
# portinstall adodb
-- OR --
# make -C /usr/ports/databases/adodb install clean

After you expand the tarball, go to your BASE install’s URL in a browser. It will ask for the path to adodb, which is /usr/local/share/adodb. Provide the snort database information on the third screen and then just finish out the wizard. You will then be all set!

Installing mysql on FreeBSD from ports is one of the oddest installations I’ve ever completed. Here’s the step by step:

Get it compiled:
# portinstall mysql50-server
-- OR --
# make -C /usr/ports/databases/mysql50-server install clean

Once it’s installed, copy my-small.cnf, my-medium.cnf or my-huge.cnf to /usr/local/etc/my.cnf:
# cp /usr/local/share/mysql/my-small.cnf /usr/local/etc/my.cnf

Enable mysql in the rc.conf:
# echo "mysql_enable=\"YES\"" >> /etc/rc.conf

Install the authentication tables:
# mysql_install_db

Last, change the ownership on MySQL’s data directory:
# chown -R mysql:mysql /var/db/mysql

If you miss the last step, you’ll get something ugly like this:
mysqld started
[ERROR] /usr/local/libexec/mysqld: Can’t find file: ‘./mysql/host.frm’ (errno: 13)
[ERROR] /usr/local/libexec/mysqld: Can’t find file: ‘./mysql/host.frm’ (errno: 13)
[ERROR] Fatal error: Can’t open and lock privilege tables: Can’t find file: ‘./mysql/host.frm’ (errno: 13)
mysqld ended

If Redhat, CentOS, Fedora, or any other similar OS provides the following error:
# ifup eth1
Device eth1 has different MAC address than expected, ignoring.

Check that someone didn’t put an IP in as a hardware address:
DEVICE=eth1
HWADDR=10.240.11.100
NETMASK=255.255.224.0
ONBOOT=yes
TYPE=Ethernet

If they did, then fix it with the correct configuration directive:
DEVICE=eth1
IPADDR=10.240.11.100
NETMASK=255.255.224.0
ONBOOT=yes
TYPE=Ethernet

Normally, Postfix will reject e-mail sent to non-existent users if a catchall isn’t present for the specific domain that is receiving mail. However, you can make a super catchall to catch any and all e-mail that Postfix receives for the domains in its mydestination list:

Add the following to /etc/postfix/main.cf:
luser_relay = root
local_recipient_maps =

Then reload the Postfix configuration:
# postfix reload

For more information:
http://www.postfix.org/rewrite.html#luser_relay

If up2date throws some horrible Python errors and rpm says “rpmdb: Lock table is out of available locker entries”, you can restore your system to normality with the following:

The errors:
rpmdb: Lock table is out of available locker entries
error: db4 error(22) from db->close: Invalid argument
error: cannot open Packages index using db3 - Cannot allocate memory (12)
error: cannot open Packages database in /var/lib/rpm

Make a backup of /var/lib/rpm in case you break something:
tar cvzf rpmdb-backup.tar.gz /var/lib/rpm

Remove the Berkeley databases that rpm uses:
rm /var/lib/rpm/__db.00*

Make rpm rebuild the databases from scratch (may take a short while):
rpm --rebuilddb

Now, check rpm to make sure everything is okay:
rpm -qa | sort

Why does this happen?
When rpm accesses the Berkeley database files, it makes temporary locker entries within the tables while it searches for data. If you control-c your rpm processes often, this issue will occur much sooner because the locks are never cleared.

If you have an open_basedir restriction that is causing issues with a domain, you can remove the restriction easily. First, put the following text in /home/httpd/vhosts/[domain]/conf/vhost.conf:

<Directory /home/httpd/vhosts/[domain]/httpdocs>
php_admin_value open_basedir none
</Directory>

If there was already a vhost.conf in the directory, then just reload Apache. Otherwise, run the magic wand:

/usr/local/psa/admin/bin/websrvmng -av

Then reload Apache:

/etc/init.d/httpd reload

When Plesk is installed, the default certificate for the Plesk interface itself is a self-signed certificate that is generated during the installation. This can be easily changed within the Server options page.

If your SSL certificate is installed at the domain level:
Click Domains > domain.com > Certificates > certificate name. Copy the CSR, key and CA certificates to a text application temporarily, and then click Server > Certificates. Once you’re there, click Add Certificate and paste in the CSR, key and CA certificate. You will need to select a new name for the certificate that is different from the one you use at the domain level. Once you’re done inserting that information, click OK and follow the instructions below.

If your SSL certificate is installed at the server level
Click Server > Certificates. Click the checkbox next to the certificate which needs to be installed as the default, then click Setup just above the certificate listing. Plesk will install the certificate and reload itself (which generally takes 5-15 seconds). Depending on your browser, you may need to log out of Plesk and log back in to see the new certificate.

When everything is complete, verify that the correct certificate is used when you access the Plesk interface, and also be sure that the intermediate certificates are installed correctly as well.

To enable submission access on port 587 in sendmail, add the following to the sendmail.mc:

DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl

Rebuild the sendmail.cf file and restart sendmail.