Shell code samples (BASH)

cc: Command not found

If you try to make or install a program and you receive an error like this:

1
make[2]: cc: Command not found

Then that means you don’t have a C+ compiler installed!

If you are using centOS or other yum based distro, type:

1
yum install gcc-c++

That will install the needed RPMs for you.

Clearing spamassassin BAYES filter tokens

I recently had a problem where my Spamassassin install started thinking that a lot of spam messages were really ham (non-spam). Since these were getting BAYES_00 scores of -2.5 they were almost all getting through my spam filter. These particular messages all were regarding STOCK quotes and were pretty obviously spam just by looking at the text of the messages. Somehow my Spamassassin install thought that they were not spam because the messages were being passed as ham by the Bayesian filter. Since they kept getting past, the bayesian filter kept learning them as HAM.

In order to break this vicious cycle, you just need to clear out the bayesian tokens. It’s very easy to do. As root user, type:

1
sa-learn --clear

This starts you fresh. By default, Spamassassin won’t use the bayes filter until it has 200 spam and ham messages, so until you get to that level it will continue to learn based the other Spamassassin detection settings.

Ideally, I would have sa-learn train using these spam messages. But since I use Outlook, and there is no “easy” way to have it interface with sa-learn, I find it easier to clean out the bayes tokens every once in a while. SpamAssassin Coach is a plugin for outlook which should connect to your spamd server and “learn” a message as ham or spam. But in practice, it did not work for me. It looks like the project has a lot of potential.

For more information on how Bayesian filtering works, check out this wikipedia article.

Printing to a shared printer from DOS

If you or your client is using an old-DOS based program to do work (for example, Wordperfect for DOS) – and you need to print to a printer which is shared on the network, you first need to map the printer to an LPT port. You do this by using the following command in a dos prompt (Start -> Run -> cmd):

1
net use lpt3 \\SERVER_NAME\PRINTER_NAME

You can then set up your dos program to print to lpt3 and it will be sent to that printer. To print right from the command line, you could use the following syntax:

1
copy c:\test.txt lpt3

Send your cell phone SMS system alert messages.

SMSSend is a program used to send SMS messages over the network via command line in linux. It is licensed unto the GNU General License.

I recently aimed to integrate this into Zabbix remote monitoring software. I had a hell of a time finding the software because its original page, here, has some sort of apache configuration error and does not load. Thankfully, I found the source files needed on a mirror. For the sake of anyone else looking for this file, you can download it locally here:

http://systembash.com/source/smssend-3.5.tar.gz
http://systembash.com/source/skyutils-2.9.tar.gz

You will need to install that particular version of skyutils first, before compiling smssend.

Also, since the site is down, you can not grab the versions of the .sms that you need for certain providers. However, I used google cache to grab the one for clickatell and re-formatted the file to look right. Since it was not so obvious how to do this, I will paste clickatell.sms for you:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
## SkySMS provider file - http://www.clickatell.com
## # Version 0.1
# by Steve Herrell
# Error codes :
# 1 -> General failure

NbParams 6
%Login : Your Login
%Password Hidden : Your Password
%ApiID Hidden : Your API ID
%Sender : The API Name
%Tel : Where it's going to
%Message Size=160 Convert : Your message

GetURL https://api.clickatell.com/http/sendmsg
Params from=\%Sender%&user=\%Login%&password=\%Password%&api_id=\%ApiID%&to=\%Tel%&text=\%Message%
Search ID:
PrintMsg message sent
Else
ErrorMsg 1 error sending message
GO

You then use this file (you can place in /usr/local/share/smssend/ which is the default location of the rest of the scripts) and then call this file using this syntax:

1
smssend clickatell.sms <Username> <Password> <API_ID> <API NAME> <Your Cell Phone Number> "Hello World"

If all goes well, you now have a text message that says “hello world”.

Note: Some of you, like me, may think that using your phones email address is a better (free) way to send alerts. You may be right. But my opinion is that adding e-mail into the mix adds an extra layer of uncertainty in actually receiving the message. I have had messages delayed for days that were sent via e-mail. Sending via SMS should be a more direct way to receive your urgent alerts.

Note 2: Don’t forget that you need to have internet connectivity to send SMS messages this way. The only way to have your server send an SMS message while being offline is by having a GSM Modem attached to it. Zabbix can talk directly with this modem to send your page.

PowerDNS flexible, fast DNS Server

I’ve recently been testing/installing PowerDNS for a web hosting provider. Man am I impressed. You have a number of options to choose for a backend to PowerDNS, my choice is the mysql (gmysql) backend. The DNS server basically relies on a MySQL server to store all of the data. Why is this so great you ask? You can then replicate this SQL data to a number of other DNS servers, across the datacenter or across the country.

The one feature I had a hard time implementing was the “supermaster” or “superslave” feature. This allows another server to be the “supermaster” server, thus allowing zone transfers (axfr) from this other server. I had to dig for this info so I hope someone else finds it helpful.

You need to add an entry into the “supermasters” table (this goes for the mysql and pgsql backends):

1
insert into supermasters ("10.0.0.11","ns1.yourserver.com","internal");

From then on, notifies from this supermaster IP including the ns record “ns1.yourserver.com” will
will lead to the provisioning of a slave domain under the account “internal” or other account of your choosing.

Once you have powerDNS set up, try using PowerAdmin for a GUI frontend to PowerDNS. It works great and gives you a nice interface to work with (no more editing those ugly named conf files!)

C++ Compiler

I you are trying to compile software on a new system, and you get this error:

1
2
3
checking how to run the C++ preprocessor... /lib/cpp
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
See `config.log' for more details.

Then you need to install the gcc-c++ compiler:

1
2
3
# yum install gcc-c++
or
# sudo apt-get install gcc-c++

Installing gpp or gcc themselves is not enough.

Block brute force password attempts via SSH

If you are a system administrator of a linux system, you may find the following log entries familiar:

1
2
3
4
5
Sep 15 02:00:30 sol sshd[16364]: Failed password for invalid user test from ::ffff: 61.167.x.x port 53382 ssh2
Sep 15 02:00:30 sol sshd[16365]: Failed password for invalid user test from ::ffff: 61.167.x.x port 53394 ssh2
Sep 15 02:00:30 sol sshd[16366]: Failed password for invalid user test from ::ffff:61.167.x.x port 53396 ssh2
Sep 15 02:00:28 sol sshd[16366]: Invalid user test from ::ffff: 61.167.x.x
Sep 15 02:00:28 sol sshd[16370]: Invalid user test from ::ffff:61.167.x.x

Many, many times over. These are caused by an brute force attack from the remote host. Most likely this is another compromised machine, checking your machine for easy to guess username and password combinations. It could be someone manually trying to run a password cracking program on your ssh server too. In either case, the remote system really has no business touching your machine. This situation needs an automated solution to block this IP from even getting to your machine. Doing this real-time is essential as well.

Enter the Free APF + BFD scripts from R-fx Networks. These programs work in conjunction with one another to monitor for brute password attempts on your system, then ban the attacking host.

First install the APF (Advanced Policy Firewall) script [Download]

Then install the BFD (Brude Force Detection) script [Download]

When it finds a host that has tried and failed to log in too many times, or has tried too many users who don’t exist on your system, it blocks them in your firewall and e-mails you a message:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
The remote system 61.167.x.x was found to have exceeded acceptable login
failures on somehost.com; there was 63 events to the service sshd. As such the
attacking host has been banned from further accessing this system. For the integrity
of your host you should investigate this event as soon as possible.

Executed ban command:
/etc/apf/apf -d 61.167.x.x {bfd.sshd}

The following are event logs from 61.167.x.x on service sshd (all time stamps are GMT -0400):

Sep 15 02:00:27 sol sshd[16364]: Invalid user test from ::ffff:61.167.x.x
Sep 15 02:00:27 sol sshd[16365]: Invalid user test from ::ffff: 61.167.x.x
Sep 15 02:00:28 sol sshd[16366]: Invalid user test from ::ffff: 61.167.x.x
Sep 15 02:00:28 sol sshd[16370]: Invalid user test from ::ffff:61.167.x.x
Sep 15 02:00:30 sol sshd[16364]: Failed password for invalid user test from ::ffff: 61.167.x.x port 53382 ssh2
Sep 15 02:00:30 sol sshd[16365]: Failed password for invalid user test from ::ffff: 61.167.x.x port 53394 ssh2
Sep 15 02:00:30 sol sshd[16366]: Failed password for invalid user test from ::ffff:61.167.x.x port 53396 ssh2
Sep 15 02:00:31 sol sshd[16370]: Failed password for invalid user test from ::ffff:61.167.x.x port 53412 ssh2
Sep 15 02:00:31 sol sshd[16372]: Invalid user test from ::ffff:61.167.x.x
Sep 15 02:00:32 sol sshd[16373]: Invalid user test from ::ffff: 61.167.x.x

In my experience it works great and is a very easy to install!