Yegor's blog

Small blog about system administration.

2 month free VPS server! Get it now!

Easily deploy an SSD cloud server on @DigitalOcean in 55 seconds. Sign up using my link and receive $10 in credit: https://t.co/yiQkvCw2Im

No comments :

Post a Comment

Exim Remove All messages From the Mail Queue

To print a list of the messages in the queue, enter:


# exim -bp

To remove a message from the queue, enter:

# exim -Mrm {message-id}

To remove all messages from the queue, enter:

# exim -bp | exiqgrep -i | xargs exim -Mrm

To rebuild the queue, enter:

# cd /var/spool
# mv exim exim.old

# mkdir -p exim/input
# mkdir -p exim/msglog
# mkdir -p exim/db
# chown -R mail:mail exim
# service exim restart

No comments :

Post a Comment

Parse POST body request into nginx variable

There is a form input module you can use to parse POST body into a variable:

https://github.com/calio/form-input-nginx-module

Installation
        Get the nginx source code from nginx.net ( http://nginx.net/ ).
        Get the ngx_devel_kit source code from (http://github.com/simpl/ngx_devel_kit)
        Unpack the source code and build nginx with this module.

        $ wget 'http://nginx.org/download/nginx-1.7.4.tar.gz'
        $ tar -xzvf nginx-1.7.4.tar.gz
        $ cd nginx-1.7.4/

        $ git-clone http://github.com/simpl/ngx_devel_kit.git
        $ git-clone http://github.com/calio/form-input-nginx-module.git

        $ ./configure --add-module=/somepath/form-input-nginx-module --add-module=/somepath/ngx_devel_kit
        $ make -j2
        $ make install

Usage
        set_form_input $variable;
        set_form_input $variable argument;

        set_form_input_multi $variable;
        set_form_input_multi $variable argument;

    example:

        #nginx.conf

        location /foo {
            # ensure client_max_body_size == client_body_buffer_size
            client_max_body_size 100k;
            client_body_buffer_size 100k;

            set_form_input $data;    # read "data" field into $data
            set_form_input $foo foo; # read "foo" field into $foo
        }

        location /bar {
            # ensure client_max_body_size == client_body_buffer_size
            client_max_body_size 1m;
            client_body_buffer_size 1m;

            set_form_input_multi $data; # read all "data" field into $data
            set_form_input_multi $foo data; # read all "data" field into $foo

            array_join ' ' $data; # now $data is an string
            array_join ' ' $foo;  # now $foo is an string
        }

No comments :

Post a Comment

HOWTO: flush or clear varnish cache

If you are new to Varnish, here is what Wikipedia says about ti:
Varnish is an HTTP accelerator designed for content-heavy dynamic web sites. In contrast to other HTTP accelerators, such as Squid, which began life as a client-side cache, or Apache, which is primarily an origin server, Varnish was designed from the ground up as an HTTP accelerator.
You can also read Varnish Cache homepage.
Well today I want to show you how to purge all the cache without the need to restart the daemon.
varnishadm -T 127.0.0.1:6082 url.purge .
That will flush the cache.

No comments :

Post a Comment

Remotely Exploitable 'Bash Shell' Vulnerability Affects Apple Mac OS X (exploit CVE-2014-6271 and CVE-2014-7169)

Given the fact that Bash 3.2 (the version shipped by OSX) is vulnerable to the remote execution exploit CVE-2014-6271 and CVE-2014-7169.

You can determine if you are vulnerable to the original problem in CVE-2014-6271 by executing this test:
$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello
The above output is an example of a non-vulnerable bash version. If you see the word vulnerable in the output of that command your bash is vulnerable and you should update. 
An official patch has not yet been released but a work-in-progress patch is visible on the mailing list. Note that I (@alblue) have tested this patch and the version of Bash still appears vulnerable.
You can obtain and recompile Bash as follows, providing that you have Xcode installed:
$ mkdir bash-fix
$ cd bash-fix
$ curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -
$ cd bash-92/bash-3.2
$ curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0    
$ cd ..
$ xcodebuild
$ sudo cp /bin/bash /bin/bash.old
$ sudo cp /bin/sh /bin/sh.old
$ build/Release/bash --version # GNU bash, version 3.2.52(1)-release
$ build/Release/sh --version   # GNU bash, version 3.2.52(1)-release
$ sudo cp build/Release/bash /bin
$ sudo cp build/Release/sh /bin
After this, the Bash version should be v3.2.52:
$ bash --version
GNU bash, version 3.2.52(1)-release (x86_64-apple-darwin13)
Copyright (C) 2007 Free Software Foundation, Inc.
For security, and after testing, I recommend that you chmod -x the old versions to ensure they aren't re-used, or move them to a backup site.
$ sudo chmod a-x /bin/bash.old /bin/sh.old

No comments :

Post a Comment

Encrypting your home directory on Debian Wheezy

First install the required package ecryptfs-utils
sudo apt-get install ecryptfs-utils
Then you need to load the ecryptfs kernel module, either reboot or run
sudo modprobe ecryptfs
The user whose home directory you want to encrypt must NOT be logged in, so log of the user and run the following as root. (You should not login as root in X, use a tty console ctrl + alt + F1)
You can check if the user is logged in with this command “ps -fu <username>”.
Run as root:
ecryptfs-migrate-home -u <username>
When this is done the user must login before rebooting the computer.
If the user can access the files in the users home directory you can remove the backup folder in /home/<username>.<random characters>
The user should also run this command to get the random encryption key and store it in a secure location (outside the encrypted home directory and not on the same machine) in case a recovery is needed.
ecryptfs-unwrap-passphrase
OBS! This only encrypts your home folder, your files may still be swapped to the swap partition where they will be unencrypted.
So to encrypt the swap we first need to install the package cryptsetup which contains the tool cryptdisks, then we run this command:
sudo apt-get install cryptsetup sudo ecryptfs-setup-swap
Note: Encrypting the swap makes you unable hibernate your computer, but you can still suspend to RAM.

No comments :

Post a Comment