ramblings of a sysadmin. | stuff i learned on the job. | Page 2

finding files with specific permissions.

in may, we did a plesk migration from an older server to a newer one. it was relatively smooth, but for some reason, a lot of image permissions were not kept intact (instead being read+write only by the owner, but not the user or group).
i am beginning to learn how useful the find command is. this code snippet below enabled me to find all of the jpg images on my server that were chmodded 600 … and made them appropriately readable.
# find /home/httpd/vhosts -name ‘*.jpg’ -perm 600
but wait, you can execute commands on these results too!
# find /hme/httpd/vhosts/ -name ‘*.jpg’ -perm 600 -exec chmod 644 {} \;
good stuff!

iptables port redirection (smtp servers).

this is a quick tutorial on tables port redirection.
we have a few clients whose outgoing port 25 is blocked by their ISP due to vulnerabilities and exploits that cause this port to send out considerable amounts of spam.
this is never an obstacle for someone who hosts on a linux server with iptables, because you simply can forward traffic from port 25 to another port (e.g. 26, as in the example below):
# iptables -t nat -I PREROUTING -p tcp –dport 26 -j REDIRECT –to-ports 25
easy, isn’t it?
of course, if 26 is blocked, you can substitute another open port — but 25 must remain the same, as 25 is the standard smtp (outgoing email) port.
for someone who needs to utilize these settings, s/he would be required to go to outlook or whatever email application is being used and change the smtp port from standard 25 to 26 (in outlook, this can be done by going to tools > email accounts > view or change existing email accounts > select the questionable email account > change > more settings > advanced tab > change 25 to 26).
then, try to send out the email. it should no longer be sitting in the user’s outbox.
to verify that the change was made on the linux side, simply run:
# iptables -t nat –list
the output should show something like this:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp — anywhere anywhere tcp dpt:26 redir ports 25

confirmed — it is working!
make sure to save your changes so that the rules are maintained between reboots:
# /sbin/iptables-save

nobodycheck.sh

i found another free useful tool today: nobodycheck.sh.
the file can be accessed right over here.
this tool will search for malicious files on your server and email you in the event that such files are found. right now, it’s intended to be used by cpanel users, although the application for plesk and other web administrator consoles are in development from what i have heard.
there are never too many security tools that you can install on your linux server, as each can do something different and may catch something that another does not.

a bash script to delete files older than 7 days.

i would like to share this nifty little script, courtesy of a forum post on linuxquestions.org, one of the most authoritative websites on linux genius and learning.

#!/bin/bash
find /directoryname -type f -mtime +7 -exec rm {} \;

this script will find all the files that are older than 7 days (as indicated by mtime +7 in the /directoryname folder (note: it is advisable to use an absolute path here) and execute the rm command, which will delete (or “remove”) the files.

disabling spamassassin in plesk for individual mailboxes.

today, i got a complaint from a user who didn’t like spam headers in his email. since spamassassin is the only spam-filtering addon installed on our servers, i knew that the best solution would be to disable spamassassin altogether for this particular email address.
the Plesk GUI, unfortunately, doesn’t make that easy. fortunately, with versions of plesk 7.5.3 and up, you can do it on the command-line as such:
# /usr/local/psa/bin/spamassassin.sh –update email@domain.com -status false
this completely disables the spamassassin addon for this email address and eliminates all spam headers. while that is not what people nowadays want, it’s exactly what this guy wanted, and it works.

checking for exploits on a server: my first bash script.

well, this script was inspired by another script, but i’ve modified this to send email results and do a few other things, so i’m quite proud of the accomplishment.
the script (exploitcheck.sh) appears below. you can copy and paste this code snippet to a file with an .sh extension.
click here for the code.
this is a good shell script for use with linux environments where apache or the www user stores a lot of files in the typical directories (e.g. /tmp, /dev/shm, etc. it checks to see if anything abnormal is there and sends you the results when executed.
i’ve put this in my /etc/cron.daily to make sure that it runs on a regular basis.
make sure to change the variables and chmod 755 exploitcheck.sh when you store it on your server.

automated SQL database backups.

i found another awesome little tool today.
AutoMySQLBackup allows you to back up all of your databases on the fly. it’s fully customizable (you can select only to back up certain databases, or just use “all” to backup all databases) and you can get email results or the entire backup emailed to you via attachment.
this little utility makes me very happy. i’ve seen so many backup tools but nothing has been as usable and as versatile as this.

bcc using outlook 2003.

this is a little off-color here, given that the target audience of my blog is intended to be the linux-interested crowd, but this is something i really didn’t know, so i figured this would be the perfect place to notate it.
outlook generally only displays the To and CC fields. what about if you need to send emails using BCC (blind carbon copy)? well, then you can simply press Ctrl+Shift+B to get the screen that displays the BCC field. then, type your addresses there.
that was easy.

backing up and restoring databases using phpMyAdmin.

i’m very much a command-line-interface kind of girl, but not everyone has shell access. hopefully, they do have phpMyAdmin, one of the most essential tools for managing your database.
the tutorial below gives you an idea of how to perform a database backup and restore using phpMyAdmin.
database backup.
1. open your phpMyAdmin webpage. hopefully, you have a link to it somewhere in your website’s control panel.
2. click on the database name on the left-hand navigational bar (generally in black text, with a number in parentheses indicating the number of tables in the database)
3. click on Export on the top of the screen.
5. check the option next to Save as File
4. hit the Go button.
5. download the *.sql file.
you can open this file in Notepad or any text editor and see the database schema with all of its contents intact.
database restore.
1. open your phpMyAdmin page.
2. click the database name on the left-hand navigational bar.
3. assuming you’re replacing the current database, you first need to drop all of the tables, so make sure to check all of the tables (the checkbox is immediately to the left of the Table column)
4. in the With selected: drop down box, choose Drop
5. now that you’ve emptied out your database, click on SQL on the top bar.
6. click the Browse button and locate the *.sql file that you created in your backup.
7. click Go.
you’ve now restored your database.
if you wanted to create an entirely new database with the same schema, simply open the *.sql file you created in your backup, and on the 7th line or so, you will see Database: `db_name`. just replace this with the new database name you wish to create.

viewing and editing mail queues.

while i’m excited about getting mail to work on my linux box after such a long time, i think it’s appropriate to address some useful applications to view mail queues (and edit them whenever necessary).
first, let’s look at this in sendmail.
you can use one of the two commands below which essentially do the same thing:
# /usr/sbin/sendmail -bp
/var/spool/mqueue is empty
Total requests: 0

or
# mailq
/var/spool/mqueue is empty
Total requests: 0

if you have numerous messages in your queue and you want to empty them out, simply:
# cd /var/spool/mqueue
# rm

now, to do the same on qmail, you will need to get an application called qmHandle. once you install this, you can view the number of messages in the queue by typing:
# qmHandle -s
Messages in local queue: 0
Messages in remote queue: 47

if you want more detailed information, including messageid, from, to, and subject lines:
# qmHandle -l
you can delete items with problematic subject lines as such:
# qmHandle -S’failure notice’
or
# qmHandle -Sailure
will work just as well (and will delete all emails that include the text string “ailure” in the subject).
you can also view the subject/from/to of emails in the queue by typing:
fgrep Subject /var/qmail/queue/mess/*/*
or
fgrep From /var/qmail/queue/mess/*/*
this command is far more useful — it will search each email for any text in the email, whether body, subject, recipient, or sender.
any offensive emails in the queue? you now know where to go.
# fgrep Testing /var/qmail/queue/mess/*/*
/var/qmail/queue/mess/12/28952688:Testing,
# rm /var/qmail/queue/mess/12/28952688

finally, you can attempt to send all emails in the queue by using the command below:
# qmHandle -a
if the emails cannot be sent at any time for whatever reason, they will remain in the queue.