Random thoughts and technical bits
So your setting up a mail relay or mail agent and your want to strip off the hostname or subdomain before the message gets to the internet: for example your relay gets it as root@max.blog.jgriffiths.org but you want it to look like root@jgriffiths.org well this is really simple with postfix. Just load up your main.cf and add the following line
masquerade_domains = jgriffiths.org
This will strip off everything after jgriffiths.org. You can add additional domain by placing spaces between hosts.
Just like most sysadmins I have to deal with developers who want to zip off a quick email after their application finishes processing, sounds good right? Yes it is… but the internet is not a happy place and spam is around every corner. I avoid getting tagged as spam your systems email should really be sent via an internal relay. The internal relay should be registered with an MX entry in DNS to get the clear from all SPAM applicances and filtering. As such I want to use iptables to stop outgoing smtp requests unless they go to my central relay (123.123.123.123)
-A OUTPUT -p tcp -d 123.123.123.123 --dport 25 -m state --state NEW -j ACCEPT
-A OUTPUT -p tcp –dport 25 -m state —state NEW -j DROP
Works great… if you use a local mail programs you might want to add this line first
-A OUTPUT -p tcp -d 127.0.0.1 –dport 25 -m state –state NEW -j ACCEPT
Well here goes another Oracle 11gR2 note for you all out there. Let me just say Oracle’s documentation either does not exist or is so buried it’s impossible to find on this topic with 11gR2.
As always I want to lock down the system as much as possible which requires iptables. Early in the process I gave up any chance of locking down communication between nodes and interconnects and focused on internal connections. Like always any client needs to be able to talk to port 1521 TCP but GNS + 11Gr2 adds some new ports:
As may be aware GNS provides it’s own VIP equiped DNS server for it’s delegated subdomain. So it’s critical that you open up DNS to your DNS systems. So you need to open up 53 udp
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
You might want to add a source port and lock it to your dns systems.
Otherwise it should work (providing your open up iptables between nodes)
From time to time is really helps to be able to manually test smtp via good old telnet. Every smtp command is provided via text commands. Here is a simple connections:
telnet smtp.host.com 25
Send a hello command with your domain name
ehlo mail.myserver.com 250-linuxmonkey.localdomain 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
Sender address
MAIL FROM: mail@domain.ext
Destination address
RCPT TO: mail@otherdomain.ext
Input your message:
DATA SUBJECT: MY SUBJECT MESSAGE STUFFF .
And you have sent a message.
Passing command line arguments to shell scripts allow you to re-use a lot of scripts. In shell scripts the command you execute is always the reserved variable of $0 each additional command is seperated by spaces. So for example if you typed:
./max_it special cheese now
$0 = max_it
$1 = special
$2 = cheese
$3 = now
$n is the number of arguments passed on the command line starting with 0
When providing command line arguments it is best to providing some sanity checking:
if [ $n -nq 1 ]
then
echo "Usage : $0 IP_address
exit
fi
I love nagios it’s the perfect way to monitor linux. Monitoring command can be written in almost any language: nagios expects a exit code and a exit string and it works. I write most of my plugins in bash shell. Here is a generic plugin template:
#!/bin/bash
# Sanity check
if [ $# -ne 2 ]; then
echo "Usage: $0 commandline1 commandline2"
exit
fi
COMMAND=`command_here`
E_SUCCESS="0"
E_WARNING="1"
E_CRITICAL="2"
E_UNKNOWN="3"
if grep -q "succeeded!" <<< $COMMAND; then
echo "OK - $1 $2 working"
exit ${E_SUCCESS}
else
echo "CRITICAL - $1 $2 not working"
exit ${E_CRITICAL}
fi
About once a year I have to delete a history of old recorded shows on my Myth box so I can record the show again. You can do this via the frontend but I prefer to hack it out of the database. All this information is stored in the oldrecorded table inside your myth database. Before you start deleting make sure you have the correct information by using select statements (for example Stargate Atlantis)
SELECT * FROM oldrecorded WHERE title = ‘Stargate Atlantis’
You can also use wildcards to help locate the title:
SELECT * FROM oldrecorded WHERE title LIKE ‘Stargate%’
Once you are sure your select statement has narrowed down to an exact need then you can delete it
DELETE FROM oldrecorded WHERE title = ‘Stargate Atlantis’
And that’s it 🙂
I am constantly having to check firewall rules for sevices I have not yet setup. In this post I will reference the client (Source address) and server (Destination address).
Server:
Open a tcp port with netcat so for example to open port 80 tcp I would use:
nc -l 80
Client:
Check the tcp port with telnet so to connect to port 80:
telnet destination_ip 80
To open a udp (destination)listener on port 80 you would use the following command:
nc -lu 80
To Connect to your destination udp on port 80 use the following command from your source:
nc -zu destination_ip 80
Netcat (nc) can also be used for a lot of other purposes. It can also be used as a very fast basic port scanner:
To scan a range of UDP ports 80-4000
nc -zu destination_ip 80-4000In order to get more information, you can add v, for more verbose, add another v
nc -vvzu destination_ip 80-4000To scan a range of TCP ports 80-4000
nc -z destination_ip 80-4000
WMA to MP3
I created this script to go through all *.wma files in a directory and convert them to mp3 files and then delete the wma files. I works great for my mp3 play that does not support wma. It takes the wma files and converts them to wav then converts them to mp3. It uses mplayer and lame to do the work.
#!/bin/bash #Rip with Mplayer / encode with LAME for i in *.wma ; do mplayer -ao pcm -vc dummy "$i" && lame --preset 128 audiodump.wav -o \ "`basename "$i" .wma`.mp3"; done; rm -f audiodump.wav #Delete audiodump.wav rm audiodump.wav