Category Archives: Unix

Updating My 6.3 release box

Use src for many times make me get surprised when using freebsd-update for fix is very easy. Simple though.

mail# freebsd-update fetch
Looking up update.FreeBSD.org mirrors… 1 mirrors found.
Fetching metadata signature for 6.3-RELEASE from update1.FreeBSD.org… done.
Fetching metadata index… done.
Fetching 2 metadata patches.. done.
Applying metadata patches… done.
Inspecting system… done.
Preparing to download files… done.
Fetching 9 patches….. done.
Applying patches… done.

The following files will be updated as part of updating to 6.3-RELEASE-p2:
/lib/libpthread.so.2
/usr/lib/libpthread.a
/usr/lib/libssh.a
/usr/lib/libssh.so.3
/usr/sbin/sshd
/usr/src/crypto/openssh/channels.c
/usr/src/lib/libpthread/sys/lock.c
/usr/src/lib/libpthread/thread/thr_kern.c
/usr/src/sys/conf/newvers.sh

mail# freebsd-update install
Installing updates… done.
mail#

Cool!

OpenSSH X11-forwarding privilege escalation

Just update the box with this issue :

FreeBSD-SA-08:05.openssh                                    Security Advisory
                                                          The FreeBSD Project

Topic:          OpenSSH X11-forwarding privilege escalation

Category:       contrib
Module:         openssh
Announced:      2008-04-17
Credits:        Timo Juhani Lindfors
Affects:        All supported versions of FreeBSD
Corrected:      2008-04-16 23:58:33 UTC (RELENG_7, 7.0-STABLE)
                2008-04-16 23:58:52 UTC (RELENG_7_0, 7.0-RELEASE-p1)
                2008-04-16 23:59:35 UTC (RELENG_6, 6.3-STABLE)
                2008-04-16 23:59:48 UTC (RELENG_6_3, 6.3-RELEASE-p2)
                2008-04-17 00:00:04 UTC (RELENG_6_2, 6.2-RELEASE-p12)
                2008-04-17 00:00:28 UTC (RELENG_6_1, 6.1-RELEASE-p24)
                2008-04-17 00:00:41 UTC (RELENG_5, 5.5-STABLE)
                2008-04-17 00:00:54 UTC (RELENG_5_5, 5.5-RELEASE-p20)
CVE Name:       CVE-2008-1483

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

Just use freebsd-update start by :
freebsd-update fetch
freebsd-update install

Patch set :-)

Downgrade FreeBSD ports

I used to use FreeBSD ports in all related server job. I don’t remember what ports that might behave strangely in my  mail server until I remember last portupgrade job. I upgrade dovecot to latest version. I think if I downgrade dovecot ports I’ll get my stable mail server back :-)

Here’s my steps to downgrade dovecot ports : ( similar way applicable to other FreeBSD ports)

1. Find out installed dovecot version :

mail2# pkg_info | grep dovecot

dovecot-1.0.13_1 Secure and compact IMAP and POP3 servers

2. Install portdowngrade (use ports) and execute portdowngrade after rehash.

I took freebsdanoncvs@anoncvs.FreeBSD.org as cvs server from here :

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/anoncvs.html

mail2# portdowngrade dovecot -s freebsdanoncvs@anoncvs.FreeBSD.org:/home/ncvs

portdowngrade 0.6 by Heiner Eichmann
Please note, that nothing is changed in the ports tree
unless it is explicitly permitted in step 6!
Continue reading

Reset Cacti Password, step by step

My other staff  ask me password for username admin. Yes, its administrator level in cacti.

After hardy trying to remember I gave up, I decide to reset it to other value but how?

I try to find out using database approach :

Here’s my steps :

1. Checking for cacti location and see db setting.

monitor# pwd

/usr/local/share/cacti/include

see setting dbnya.

monitor# cat db-settings.php

<?php
/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "cacti";

$database_port = "3306";
?>

2. Enter database with information taken from db-settings.php information.

monitor# mysql -ucacti -p

Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8343
Server version: 5.0.45 FreeBSD port: mysql-server-5.0.45_1

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql>

mysql> use cacti;

Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> select * from auth_user;

ERROR 1146 (42S02): Table ‘cacti.auth_user’ doesn’t exist

Ups, my bad :-)

mysql> select * from user_auth;

+—-+———-+————-———————+——-+—————+————–——–+———–+———–+————–+—————-+————+—————+————–+———–—+————————+
| id | username | password                         | realm | full_name     | must_change_password | show_tree | show_list | show_preview | graph_settings | login_opts | policy_graphs | policy_trees | policy_hosts | policy_graph_templates |
+—-+———-+————-———————+——-+—————+————–——–+———–+———–+————–+—————-+————+—————+————–+———–—+————————+
|  1 | admin    | 7a40008b8368b684bec2286db1b073e2 |     0 | Administrator |                      | on        | on        | on           | on             |          1 |             1 |            1 |            1 |                      1 |
|  3 | monitor  | 719daab8833968dc805a345c58545ea6 |     0 | monitoring    |                      | on        | on        | on           | on             |          3 |             1 |            1 |            1 |                      1 |
|  7 | crash    | ac43724f16e9241d990427ab7c8f4228 |     0 | Nsun T        |                      | on        | on        | on           | on             |          3 |             1 |            1 |            1 |                      1 |
+—-+———-+————-———————+——-+—————+————–——–+———–+———–+————–+—————-+————+—————+————–+———–—+————————+
3 rows in set (0.00 sec)

mysql>exit

3. Generate new password with md5 utility.

monitor# md5 -s mypassword

MD5 ("mypassword") = 34819d7beeabb9260a5c854bc85b3e44

4. Update database value with new created password string.

monitor# mysql -ucacti -p

Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8344
Server version: 5.0.45 FreeBSD port: mysql-server-5.0.45_1

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql>

mysql> update auth_user set password=’34819d7beeabb9260a5c854bc85b3e44′ where username=’admin’

done :-)

Problem with file(1) and maia mailguard solved

I just install new FreeBSD server using 7.0 release.

In this stage I found file(1) problem not detected by maia mailguard properly.

mail# /var/amavisd/maia/scripts/configtest.pl

Application/Module      Version   Status
========================================================================
Perl                 :    5.8.8 : OK
file(1)              :      N/A : NOT INSTALLED (required by Maia Mailguard)
Archive::Tar         :     1.38 : OK
Archive::Zip         :     1.23 : OK

Trying to find out if file already installed.

mail# file -v

file-4.23
magic file from /usr/share/misc/magic

mail# ls -l /usr/local/bin | grep file

-r-xr-xr-x  1 root  wheel    11372 Apr  9 09:24 file
-r-xr-xr-x  1 root  wheel     5344 Apr  1 13:58 pamfile
lrwxr-xr-x  1 root  wheel        7 Apr  1 13:58 pnmfile -> pamfile

mail# whereis file
file: /usr/bin/file /usr/share/man/man1/file.1.gz /usr/src/usr.bin/file

Seem that file reading from /usr/local/bin

Making symlink

mail# ln -s /usr/bin/file /usr/local/bin/file

mail# /var/amavisd/maia/scripts/configtest.pl

Application/Module      Version   Status
========================================================================
Perl                 :    5.8.8 : OK
file(1)              :      N/A : NOT INSTALLED (required by Maia Mailguard)

Hehehehe, still not work. Trying to move file in /usr/bin

mail# mv /usr/bin/file /usr/bin/file_old

mail# cd /usr/ports/sysutils/file

mail# file -v

file-4.21
magic file from /usr/local/share/file/magic

Detect file installed from ports.

Trying again to detect.

mail# /var/amavisd/maia/scripts/configtest.pl

Application/Module      Version   Status
========================================================================
Perl                 :    5.8.8 : OK
file(1)              :     4.21 : OK
Archive::Tar         :     1.38 : OK

It works now, continue now 😉