Category Archives: Other

Fix OpenSSL bug – my way

Fix OpenSSL bug – my way

On 04/11/2014 06:02 PM, Marinko Tarlać via PayPal wrote:
> PayPal <https://www.paypal.com/us>
>
> Hello OpenSSL Software Foundation,
>
> This email confirms that you have received a donation of $xxxxx USD from
> Marinko Tarlać(mtarlac@xxxxx <mailto:mtarlac@xxxxx>). ...
 
We received your donation of US$xxxxx. Thank you for your support of
the OpenSSL project!
 
-Steve M.
 
-- Steve Marquess OpenSSL Software Foundation

Heart Bleed Bug – OpenSSL – part 2

I maintain more than 30 servers and several of them was affected with Heartbleed bug. CentOS released update for OpenSSL package(s) so there are no excuses not to update (yum update openssl, … ).

In the meantime, there are hundreds of sysadmins which still didn’t do anything to protect their servers and clients (https://gist.github.com/dberkholz/10169691).

Testing REMOVED.com for example:

boky@bojler ~/Downloads $ ./test.py REMOVED.com
Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0302, length = 58
 ... received message: type = 22, ver = 0302, length = 4837
 ... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
 ... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
  0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C  .@....SC[...r...
  0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90  .+..H...9.......
  0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0  .w.3....f.....".
  0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00  !.9.8.........5.
  0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0  ................
  0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00  ............3.2.
  0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00  ....E.D...../...
  0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00  A...............
  0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01  ................
  0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00  ..I...........4.
  00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00  2...............
  00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00  ................
  00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00  ................
  00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 67 3A 20 67  ....#.......g: g
  00e0: 7A 69 70 2C 20 64 65 66 6C 61 74 65 0D 0A 52 65  zip, deflate..Re
  00f0: 66 65 72 65 72 3A 20 68 74 74 70 73 3A 2F 2F 77  ferer: https://w
  0100: 77 77 2E 74 6F 73 68 69 62 61 2E 63 6F 6D 2F 74  ww.REMOVED.com/t
  0110: 69 63 2F 70 72 6F 64 75 63 74 2F 76 32 30 30 30  ic/product/v2000
  0120: 2D 73 65 72 69 65 73 2D 73 6D 61 6C 6C 2D 70 6C  -series-small-pl
  0130: 63 73 0D 0A 43 6F 6F 6B 69 65 3A 20 4A 53 45 53  cs..Cookie: JSES
  0140: 53 49 4F 4E 49 44 3D 44 39 37 36 34 38 30 32 30  SIONID=D97648020
  0150: 41 45 36 32 31 46 45 41 31 44 38 45 30 37 33 42  AE621FEA1D8E073B
  0160: 42 38 31 44 44 32 36 2E 74 61 3B 20 63 69 74 72  B81DD26.ta; citr
  0170: 69 78 5F 6E 73 5F 69 64 3D 62 35 53 33 58 6A 6B  ix_ns_id=b5S3Xjk
  0180: 4A 49 59 4B 53 31 6E 42 2F 31 45 73 4B 6C 58 46  JIYKS1nB/1EsKlXF
  0190: 6D 70 71 45 41 30 30 30 0D 0A 43 6F 6E 6E 65 63  mpqEA000..Connec
  01a0: 74 69 6F 6E 3A 20 6B 65 65 70 2D 61 6C 69 76 65  tion: keep-alive
  01b0: 0D 0A 49 66 2D 4D 6F 64 69 66 69 65 64 2D 53 69  ..If-Modified-Si
  01c0: 6E 63 65 3A 20 54 75 65 2C 20 30 35 20 4E 6F 76  nce: Tue, 05 Nov
  01d0: 20 32 30 31 33 20 31 34 3A 32 30 3A 33 34 20 47   2013 14:20:34 G
  01e0: 4D 54 0D 0A 0D 0A 69 65 1F 0E 88 65 6C 48 9C E1  MT....ie...elH..
  01f0: 7C 8F FD AC 1C 93 A1 A8 7E 9F 00 00 00 00 00 00  |.......~.......
  0200: 0D 0A 49 66 2D 4E 6F 6E 65 2D 4D 61 74 63 68 3A  ..If-None-Match:
  0210: 20 22 31 61 66 38 36 31 2D 37 34 2D 34 64 66 32   "1af861-74-4df2
  0220: 32 34 31 34 38 39 33 30 30 22 0D 0A 0D 0A 4E 1A  241489300"....N.
....
  3fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
WARNING: server returned more data than it should - server is vulnerable!

For security reasons, real domain which I tested is replaced with “REMOVED”

Some hosts from the list I posted above are already patched (which is good)

boky@bojler ~/Downloads $ ./test.py zoho.com
Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0302, length = 66
 ... received message: type = 22, ver = 0302, length = 2399
 ... received message: type = 22, ver = 0302, length = 331
 ... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
Unexpected EOF receiving record header - server closed connection
No heartbeat response received, server likely not vulnerable

Throwing rocks to OpenSSL developers is not the good idea. Donating money for paid developers is much better option…

Reboot

Q. How do I reboot my Linux system?

To reboot your Linux server, you can use commands “reboot” or “shutdown -r now”. For Debian based distros, you must use sudo (in case you’re not logged in as root).
Also, reboot process can be “snoozed” for X minutes with “shutdown -r +X” where X is number of minutes before the reboot happens.

Q. Can I solve problem with simple reboot?
Mostly NO !
In normal working conditions, Linux doesn’t require reboot and rebooting without detailed inspection probably won’t help. The right step to fix something is to check logs, inspect traffic to and from server, check firewall, ping this, traceroute, etc etc.

Rebooting without particularly reason is so Windows.

Teamviewer on Linux

I suppose you have a couple of clients who believes in Teamviewer only. Teamviewer on Linux works fine but after you install it, you’ll be supprised that the proces is always running in the background (it is build to respawn) which is ok if you’re the client who needs help. The first thing which average sys admin will do is to shut down teamviewer.

To stop teamviewer you can use:

teamviewer --daemon stop

You’ll see

initctl stop teamviewerd
teamviewerd stop/waiting

To disable teamviewer on system startup you can use:

teamviewer --daemon disable

More info about the deamon you can find with:

boss init.d # teamviewer --help
 
 TeamViewer                      8.0.20931 
 
 teamviewer                      start TeamViewer user interface (if not running) 
 
 teamviewer --help               print this help screen 
 teamviewer --version            print version information 
 teamviewer --info               print version, status, id 
 teamviewer --passwd [PASSWD]    set a password (useful when installing remote (ssh) 
 teamviewer --ziplog             create a zip containing all teamviewer logs (useful when contacting support) 
 
 teamviewer --daemon status      show current status of the TeamViewer daemon 
 teamviewer --daemon start       start		TeamViewer daemon 
 teamviewer --daemon stop        stop		TeamViewer daemon 
 teamviewer --daemon restart     stop/start	TeamViewer daemon 
 teamviewer --daemon disable     disable	TeamViewer daemon - don't start daemon on system startup 
 teamviewer --daemon enable      enable		TeamViewer daemon - start daemon on system startup (default)

Find and delete files

Few months ago, I had a problem after mail server migration. The old mail server decided to die and I had to replace the complete server. I read my logs carefully (on daily basis) and I noticed that hard disk will die so I prepared the complete backup before the damn thing decided to go to the hell.
The old server had the same software like the new one but Dovecot 2.x comes with disabled quota function.
Unfortunately I forget to check this which causes that after 2-3 days I run into problems with more than 15 000 email accounts. Deleted mails was not deducted from used quota and almost all mailboxes was marked as 100% used :(. The solution was to delete all maildirsize files inside mailboxes and let the Postfix to recreate this file as soon as the next email arrives.

As any other problem on Linux, this one also can be solved in one command 🙂

find . -type f -name "maildirsize" -exec rm -fv {} \;

Zen coding in Aptana

Zen Coding is a set of plug-ins for text editors that allow for high-speed coding and editing in HTML, XML, XSL, and other structured code formats.

To install ZC plugin,

  • click Help -> Install new software
  • in the “work with” field, type this repo address: http://zen-coding.ru/eclipse/updates/
  • Press “Add…”, give it a name and press OK.

Zen coding should appear on the software list, under “uncategorised”.

You can install it as you’d install any other plugin.

Tested & confirmed to be working with:

Aptana 3.x

Thunderbird 15 problems

As you probably already know, few days Mozilla released Thunderbird 15 which introduces this and that, security updates, bla bla… Well I made a mistake and upgraded from version 14 to 15.

Here are the most annoying problems I noticed so far:

  • crash when try to forward some emails (emails received from PayPal for example)
  • opening mails with large txt attachment takes to much time
  • hangs when select multiple emails (where some emails contains large txt attachment (5MB for example))
  • problems with Google pop3 account
  • good old ClassicReloaded theme is not compatible with Thunderbird 15

 Edit:

Temp. fix for multiple messages select problem would be to set mail.operate_on_msgs_in_collapsed_threads var to false.