One of our client's masqueraded IP was banned several times as the source of spam. The problem was how to check a lot of smtp traffic going through the gateway from the local networks.
One method of investigation was to check what's going through the router. Because of relatively complex infrastructure we choosed to monitor the smpt connections and also traffic itself. On the gateway we checked for suspicious messagess via content filter.
As we were unsure about the source of spam, we had to catch all the mail traffic which was then passed to the filter. But how to assemble whole smtp message on gateway? The tool called Wireshark (tshark) was very handy in this case.
for i in {0..4};
do
echo eth${i}
nohup tshark -i eth${i} -d tcp.port==25,smtp -f "port 25" -w /var/smtp/eth${i} -a filesize:9048576 &
done
The example above stores all the smtp (header+body) traffic to file. The file is named after the interface the traffic goes through.
[ add comment ] ( 7 views ) | [ 0 trackbacks ] | permalink
Following example will show you the actual size/usage in blocks for every directory in your active directory and it also sorts it out by size (in blocks).
# du -ks ./* | sort -n
1 ./inet
1 ./news
1 ./nfs
1 ./nis
1 ./opt
1 ./preserve
2 ./mail
3 ./vx
4 ./ld
4 ./statmon
...
53920 ./log
75183 ./ldap
245626 ./sadm
3336619 ./mps
[ add comment ] ( 5 views ) | [ 0 trackbacks ] | permalink
Author of the soundtrack for Invasion of the Body Snatchers, psychiatrist and jazz piano player. I accidentally found video from 1983 Berlin Jazz Fest where Zentlin was performing his Quiet Now song. Enjoy.
[ add comment ] ( 5 views ) | [ 0 trackbacks ] | permalink
Need to cipher data on your hard disk? You can use well-known open-source solution - TrueCrypt. Unfortunately, you can't use TrueCrypt to protect your boot disk (to encrypt OS itself).
Of cource - Microsoft offers BitLocker in Vindows Vista Enterprise/Ultimate, but this is the most expensive Vista flavour. Plus, Vista still requires to create a new non-encrypted partition on your boot disk for kernel with crypto-support loading.
You can use fx. PGP Whole Disk Encryption (which seems to be widely used solution). But then you have to pay price which almost equals the price of Windows XP system.
While browsing the net I've found free (but not open-source) alternative to encrypt my boot disk. The software is available for Windows and Linux. The CompuSec's software uses 256-bit AES algorithm.
[ add comment ] ( 5 views ) | [ 0 trackbacks ] | permalink
[ add comment ] ( 5 views ) | [ 0 trackbacks ] | permalink
# psrinfo -v
Status of virtual processor 0 as of: 12/28/2007 09:41:56
on-line since 12/14/2007 13:04:10.
The sparcv9 processor operates at 1062 MHz,
and has a sparcv9 floating point processor.
Status of virtual processor 1 as of: 12/28/2007 09:41:56
on-line since 12/14/2007 13:04:10.
The sparcv9 processor operates at 1062 MHz,
and has a sparcv9 floating point processor.
Status of virtual processor 2 as of: 12/28/2007 09:41:56
on-line since 12/14/2007 13:04:10.
The sparcv9 processor operates at 1062 MHz,
and has a sparcv9 floating point processor.
Status of virtual processor 3 as of: 12/28/2007 09:41:56
on-line since 12/14/2007 13:03:45.
The sparcv9 processor operates at 1062 MHz,
and has a sparcv9 floating point processor.
[ add comment ] ( 5 views ) | [ 0 trackbacks ] | permalink
Sparc with 64bit Solaris version
# isainfo -v
64-bit sparcv9 applications
vis2 vis
32-bit sparc applications
vis2 vis v8plus div32 mul32
Intel with 32bit version
# isainfo -v
32-bit i386 applications
sse sse2 sse fxsr mmx cmov sep cx8 tsc fpu
[ add comment ] ( 5 views ) | [ 0 trackbacks ] | permalink
Setup commands
scinstall
install primary or next cluster node
clsetup
menu driven re-configuration utility
cluster
interactive command shell for cluster management
cluster status
status for all cluster components
cluster list-cmds
lists available commands
Quorum device commands
clq status
quorum votes summary, quorum votes by node/device status
clq list
list all the quorum elements (devices/hosts)
clq show
cluster nodes (with reservation keys) and quorum device/s path/s
SCSI commands and devices
/usr/cluster/lib/sc/scsi -c inkeys -d /dev/did/rdsk/device
shows reservation keys (all possible/available keys for device)
/usr/cluster/lib/sc/scsi -c inresv -d /dev/did/rdsk/device
shows active reservation (server accessing quorum device)
cldev
Administer Sun Cluster device instances
cldevice status
status of disk devices
Server node commands
clnode list
list servers in cluster
clnode show-rev
cluster software version
clnode status
shows status of the clustered servers (Online/Offline)
Heart-beat links
clintr
HB endpoint status
scstat -W
Cluster Transport Paths
Cluster resource commands
clrs status
(rs as for for resource) resource status
clrs show -v resouirce-name
shows values of all resource attributes for given resource-name (as Type/Group/Class)
clrs show -p NetIflist resource-name
shows NetIflist resource attribute value
clrs set -p netiflist=primary@1,primary@3,primary@4 resource-name
set attrinute value(s)
Resource group commands
clrg status
(rg as for resource group) resource group status
clrg manage resource-group
put resource group under cluster management
clrg online resource-group
bring it online
clrg add-node -n hostnameX resource-group
allow service/resource-group to migrate/failover even to hostnameX
clrg switch -n hostnameX resource-group
fail-over resource group to hostnameX
Resource types
clrt list
(rc as for resource types: SUNW.SharedAddress, SUNW.LogicalHostname ...) prints registered SUNW resource types
Checksum
/usr/cluster/lib/sc/ccradm -i infrastructure
compute new checksum after changing cluster config in /etc/cluster/ccr/infrastructure file
[ add comment ] ( 7 views ) | [ 0 trackbacks ] | permalink
[ add comment ] ( 6 views ) | [ 0 trackbacks ] | permalink
Decrease a huge amount of spam hitting your Postfix mail server is pretty easy. Prevent your server to accept mail from invalid domains and reject sites which are already on the spam-lists. Following piece of blurb with some additional option-steroids will help you keep the wires clean(er). Paste it to the bottom of your /etc/postfix/main.cf .
# SPAM control
smtpd_recipient_restrictions = permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
If your Postfix is acting as a mail-forwarding gateway for another mail server (fx. for your internal Exchange server), you can add line "reject_unverified_recipient," to the config.
Postfix then tries to send a blank message (just init mail conection) to the destination and tests, if the destination server will accept mail address specified in message header. If the destination doesn't complain about non_existent recipient, the real message is accepted by Postfix and then forwarded. Postfix doesn't have to waste resources trying to send messages back to spammer. Of course, this solution will slow a bit your incoming mail traffic.
# SPAM control
smtpd_recipient_restrictions = permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_unverified_recipient,
permit
[ add comment ] ( 4 views ) | [ 0 trackbacks ] | permalink