≡ Menu


Debian Linux Security Update: Cacti packages fix regression

Cacti is an open source, web-based graphing tool designed as a frontend to RRDtool's data storage and graphing functionality. Cacti allows a user to poll services at predetermined intervals and graph the resulting data. It is generally used to graph time-series data like CPU load and bandwidth use. A common usage is to query network switch or router interfaces via SNMP to monitor network traffic.

It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.

Since the previous security update, the cacti package could no longer be rebuilt from the source package. This update corrects that problem. Note that this problem does not affect regular use of the provided binary packages (.deb).

=> Package : cacti
=> Vulnerability : insufficient input sanitising
=> Problem type : remote
=> Debian-specific: no
=> CVE Id(s) : CVE-2008-0783 CVE-2008-0785

How do I fix Cacti packages fix regression issues?

Simply type the following two commands as root user:
# apt-get update
# apt-get upgrade

Mac ZFS Source Code Released

ZFS has amazing feature set and now it is ported to Mac

ZFS file system developed by Sun for its UNIX operating system. ZFS presents a pooled storage model that completely eliminates the concept of volumes and the associated problems of partitions, provisioning, wasted bandwidth and stranded storage. Thousands of filesystems can draw from a common storage pool, each one consuming only as much space as it actually needs. The combined I/O bandwidth of all devices in the pool is available to all filesystems at all times.

Apple has ported ZFS from Open Solaris to the Mac OS X platform. You can download ZFS beta version here (via ./).

Linux Fibre Channel over Ethernet implementation code released

Intel has just released source code for Fibre Channel over Ethernet (FCoE). It provides some Fibre Channel protocol processing as well as the encapsulation of FC frames within Ethernet packets. FCoE will allow systems with an Ethernet adapter and a Fibre Channel Forwarder to login to a Fibre Channel fabric (the FCF is a "gateway" that bridges the LAN and the SAN). That fabric login was previously reserved exclusively for Fibre Channel HBAs. This technology reduces complexity in the data center by aiding network convergence. It is targeted for 10Gps Ethernet NICs but will work on any Ethernet NIC supporting pause frames. Intel will provide a Fibre Channel protocol processing module as well as an Ethernet based transport module. The Open-FC module acts as a LLD for SCSI and the Open-FCoE transport uses net_device to send and receive packets.

This is good news. I think one can compare bandwidth and throughput for copper and fiber Ethernet. If you are going to use copper you need to stay within 15m of the switch. This solution will try to bring down cost. One can connect to 8-10 server to central database server with 10G and there could be few more applications.

=> Open FCoE project home page

Measure Network Performance: Find Bandwidth, Jitter, Datagram Loss With Iperf

Typically, your user sends network throughput problems reports as they see problem with their applications such as:

[a] FTP Transfer

[b] NFS Performance

[c] HTTP / SMTP / POP3 etc

As a sys admin you should able confirm the throughput problem. iperf is the tool you are looking to find out:

a) Network throughput problem

b) Packet loss problem

c) Datagram loss

d) Delay jitter

From the man page:

iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of various parameters and UDP characteristics.

iperf works on client / server model. You need to install iperf on both client computer and server computer to measure network performance between two nodes.

[click to continue…]

Howto shape or restrict bandwidth under Linux / UNIX / BSD

There is a program called trickle. It is a portable lightweight userspace bandwidth shaper. It can run in collaborative mode (together with trickled) or in stand alone mode.
[click to continue…]

Remove or Delete all emails message from a POP3 server

My ISP provided me 5 free email ID, each with 1 GB size. However, one of the POP3 account has been spammed with over 2500+ spam messages. Getting those entire messages will not just waste my time but bandwidth too.

Sample shell script to delete all emails from POP3 server

So here is small shell script I wrote to get rid of all the messages on your POP server.

[ $# -eq 0 ] && exit 1 || :
sleep 2
echo USER $username
sleep 1
echo PASS $password
sleep 2
for (( j = 1 ; j <= $MAX_MESS; j++ ))
echo DELE $j
sleep 1
echo QUIT

Script usage:

First setup your POP3 username and password. Run this script as follows:
$ ./clean.pop3 2500 | telnet pop3.myisp.com 110

Trying 61.142.1xx.xxx...
Connected to pop3.myisp.com.akadns.net.
Escape character is '^]'.
+OK hello from popgate(2.34.1)
+OK password required.
+OK maildrop ready, 2501 messages (40690358 octets) (40690358 2147483648)
+OK message 1 marked deleted
+OK message 2 marked deleted
+OK message 3 marked deleted


  • 2500: Total number of POP3 messages to remove
  • telnet pop3.myisp.com 110: Telnet to ISP pop3 server and delete all emails from a POP3 server

If you are on dial-up internet connection this script is handy. If you prefer there is PHP version too .