≡ Menu

emails

Wow.. a completely ignorant teacher. This clearly demonstrate problem faced by GNU/Linux in class room.

A teacher (from Austin, TX) came to students and confiscated the Linux Live CDs. Next, she wrote an angry email to HeliOS's project founder, Ken Starks:

After confiscating the disks I called a confrence with the student and that is how I came to discover you and your organization. Mr. Starks, I am sure you strongly believe in what you are doing but I cannot either support your efforts or allow them to happen in my classroom. At this point, I am not sure what you are doing is legal. No software is free and spreading that misconception is harmful. These children look up to adults for guidance and discipline. I will research this as time allows and I want to assure you, if you are doing anything illegal, I will pursue charges as the law allows. Mr. Starks, I along with many others tried Linux during college and I assure you, the claims you make are grossly over-stated and hinge on falsehoods. I admire your attempts in getting computers in the hands of disadvantaged people but putting linux on these machines is holding our kids back.

This is a world where Windows runs on virtually every computer and putting on a carnival show for an operating system is not helping these children at all. I am sure if you contacted Microsoft, they would be more than happy to supply you with copies of an older verison of Windows and that way, your computers would actually be of service to those receiving them

Read on ken's reply: Linux - Stop holding our kids back

Perhaps, some one need to educate the teacher and point out that Linux is being used by governments, private & public corporations, and millions of embedded home appliances are powered by Linux.

Update - Dec., 12 2008: This matter is now closed and the student did get back Linux CDs after the class.

Updated for accuracy!

Security Alert: BIND9 DNS Cache Poisoning Bug

An unpatched security hole in BIND 9 package could be used by attackers to poison your DNS cache. Attacker to take control of all hosted domains and can can lead to misdirected web traffic and email rerouting.

This update changes Debian's BIND 9 packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult.

Details

  • Package : bind9
  • Vulnerability : DNS cache poisoning
  • Problem type : remote
  • Debian-specific: no
  • CVE Id(s) : CVE-2008-1447
  • CERT advisory : VU#800113

How do I fix BIND9 bug under Debian Linux?

Install the BIND 9 upgrade, using following commands, enter:
# apt-get update
# apt-get install bind9

Sample output:

Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
  libdns22 libisc11 libisccc0 libisccfg1
Suggested packages:
  bind9-doc
The following packages will be upgraded:
  bind9 libdns22 libisc11 libisccc0 libisccfg1
5 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
Need to get 1267kB of archives.
After unpacking 4096B disk space will be freed.
Do you want to continue [Y/n]? y
Get:1 http://security.debian.org stable/updates/main bind9 1:9.3.4-2etch3 [319kB]
Get:2 http://security.debian.org stable/updates/main libisc11 1:9.3.4-2etch3 [188kB]
Get:3 http://security.debian.org stable/updates/main libisccc0 1:9.3.4-2etch3 [96.7kB]
Get:4 http://security.debian.org stable/updates/main libisccfg1 1:9.3.4-2etch3 [111kB]
Get:5 http://security.debian.org stable/updates/main libdns22 1:9.3.4-2etch3 [552kB]
Fetched 1267kB in 1s (724kB/s)
Reading changelogs... Done
(Reading database ... 27244 files and directories currently installed.)
Preparing to replace bind9 1:9.3.4-2etch1 (using .../bind9_1%3a9.3.4-2etch3_amd64.deb) ...
Stopping domain name service...: bind.
Unpacking replacement bind9 ...
Preparing to replace libisc11 1:9.3.4-2etch1 (using .../libisc11_1%3a9.3.4-2etch3_amd64.deb) ...
Unpacking replacement libisc11 ...
Preparing to replace libisccc0 1:9.3.4-2etch1 (using .../libisccc0_1%3a9.3.4-2etch3_amd64.deb) ...
Unpacking replacement libisccc0 ...
Preparing to replace libisccfg1 1:9.3.4-2etch1 (using .../libisccfg1_1%3a9.3.4-2etch3_amd64.deb) ...
Unpacking replacement libisccfg1 ...
Preparing to replace libdns22 1:9.3.4-2etch1 (using .../libdns22_1%3a9.3.4-2etch3_amd64.deb) ...
Unpacking replacement libdns22 ...
Setting up libisc11 (9.3.4-2etch3) ...
Setting up libdns22 (9.3.4-2etch3) ...
Setting up libisccc0 (9.3.4-2etch3) ...
Setting up libisccfg1 (9.3.4-2etch3) ...
Setting up bind9 (9.3.4-2etch3) ...
Configuration file `/etc/bind/db.root'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** db.root (Y/I/N/O/D/Z) [default=N] ? y
Installing new version of config file /etc/bind/db.root ...
Starting domain name service...: bind.

Also, verify that source port randomization is active. Check that the /var/log/daemon.log file does not contain messages of the following form:

 named[6106]: /etc/bind/named.conf.options:28: using specific
    query-source port suppresses port randomization and can be insecure.

If you see message replace replace the port numbers contained within them with "*" sign (e.g.,
replace "port 53" with "port *") in /etc/bind/named.conf.option file.

How do I fix this issue under Red Hat Linux / RHEL ?

Simply type the command, enter:
# yum update

RIP: BIND 8 under Debian 4.x

Debian team also posted BIND 8 deprecation notice. From the announcement:

The BIND 8 legacy code base could not be updated to include the recommended countermeasure (source port randomization, see DSA-1603-1 for details). There are two ways to deal with this situation:

1. Upgrade to BIND 9 (or another implementation with source port randomization). The documentation included with BIND 9 contains a migration guide.

2. Configure the BIND 8 resolver to forward queries to a BIND 9 resolver. Provided that the network between both resolvers is trusted, this protects the BIND 8 resolver from cache poisoning attacks (to the same degree that the BIND 9 resolver is protected).

This problem does not apply to BIND 8 when used exclusively as an authoritative DNS server. It is theoretically possible to safely use BIND 8 in this way, but updating to BIND 9 is strongly recommended.
BIND 8 (that is, the bind package) will be removed from the etch distribution in a future point release.

This is a classic problem. One of our FAQ is about cron job. I received lots of email with a question:

How do I run my script on 3rd Monday or 4th Friday only?

Cron does not offer this kind of facility i.e. you cannot run a script on the Nth weekday of the month.

However with one shell liner you can force to run a script on a given day:

Consider following date command, it will print day:
$ date +%a
Output:

Thu

You can compare output with weekday name using bash test [exrp ] syntax and the control operators && (AND list), you can write:
$ [ $(date '+%a') == 'Thu' ] && echo 'Today is Thu, run a command' || echo 'Noop'

First echo command get exectued only on Thursday. Now all you have to do is write a cron job to execute on first Monday:
# crontab -e
Now append code as follows:
# Run a script called myscript.sh on First Monday at 11:30:
30 11 1-7 * Mon [ "$(date '+%a')" == "Mon" ] && /path/to/myscript.sh

Hope this small tip will save your day. Please do share some of your favorite bash / shell scripting hacks in the comments. I will highlight some of the best in next shell scripting post.

See also:

Perl script to monitor disk space and send an email

Here is a quick question by one of our regular reader :

How to write a perl script that can monitor my disk space under UNIX or Linux and send me an email alert?

There is a nice perl system routine called Perl df or Filesys::DiskSpace. This routine displays information on a file system such as its type, the amount of disk space occupied, the total disk space and the number of inodes etc.

Task: Install Filesys::DiskSpace

First you need to install this perl module using apt-get or from cpan (Comprehensive Perl Archive Network).
$ sudo apt-get install libfilesys-diskspace-perl

Perl script code to monitor disk space

Now write a perl script called df.pl:
$ vi df.pl
Append following code:

#!/usr/bin/perl
use strict;
use warnings;
use Filesys::DiskSpace;
 
# file system /home or /dev/sda5
my $dir = "/home";
 
# get data for /home fs
my ($fs_type, $fs_desc, $used, $avail, $fused, $favail) = df $dir;
 
# calculate free space in %
my $df_free = (($avail) / ($avail+$used)) * 100.0;
 
# display message
my $out = sprintf("Disk space on $dir == %0.2f\n",$df_free);
print $out;
 

Save and close the file. Run this script as follows:
$ chmod +x df.pl
$ ./df.pl

Output:

Disk space on /home == 75.35

So /home has 75.35% free disk space. Next logical step is to compare this number to limit so that you can send an email if only 10% free disk space is left on /home file system. Here is the code with

#!/usr/bin/perl
use strict;
use warnings;
use Filesys::DiskSpace;
 
my $dir = "/home";
 
# warning level 10%
my $warning_level=10;
 
my ($fs_type, $fs_desc, $used, $avail, $fused, $favail) = df $dir;
my $df_free = (($avail) / ($avail+$used)) * 100.0;
 
# compare free disk space with warning level 
if ($df_free < $warning_level) {
my $out = sprintf("Send an Email - Disk space on $dir => %0.2f%% (WARNING Low Disk Space)\n",$df_free);
print $out;
}
else
{
my $out = sprintf("Disk space on $dir => %0.2f%% (OK)\n",$df_free);
print $out;
}

Run script as follows:
$ ./df.pl
Output:

Send an Email - Disk space on /home => 3.99% (WARNING Low Disk Space)

Here is final code that send an email alert ( download):

#!/usr/bin/perl
# Available under BSD License. See url for more info:
# http://www.cyberciti.biz/tips/howto-write-perl-script-to-monitor-disk-space.html
use strict;
use warnings;
use Filesys::DiskSpace;
 
# file system to monitor
my $dir = "/home";
 
# warning level
my $warning_level=10;
 
# email setup
my $to='admin@yourdomain.com';
my $from='webmaster@YOURDOMAIN.COM';
my $subject='Low Disk Space';
 
# get df
my ($fs_type, $fs_desc, $used, $avail, $fused, $favail) = df $dir;
 
# calculate 
my $df_free = (($avail) / ($avail+$used)) * 100.0;
 
# compare 
if ($df_free < $warning_level) {
my $out = sprintf("WARNING Low Disk Space on $dir : %0.2f%% ()\n",$df_free);
 
# send email using UNIX/Linux sendmail
open(MAIL, "|/usr/sbin/sendmail -t");
 
## Mail Header
print MAIL "To: $to\\n";
print MAIL "From: $from\\n";
print MAIL "Subject: $subject\\n";
 
## Mail Body
print MAIL $out;
 
close(MAIL);
}
 

You can run this script as a cron job:
@hourly /path/to/df.pl

Recommended readings

=> Read man page of this module by typing following command:
$ man filesys::diskspace

=> CPAN filesys::diskspace webpage

=> Sending mail with Perl mail script and How do I send html email from Perl?

=> Shell script to monitor or watch the disk space

Postfix configure anti spam with blacklist

Postfix is free and powerful MTA. You can easily configure Postfix to block spam. You need to add
following directives to /etc/postfix/main.cf file:

=> disable_vrfy_command = yes : Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses.

=> smtpd_delay_reject = yes : It allows Postfix to log recipient address information when rejecting a client name/address or sender address, so that it is possible to find out whose mail is being rejected.

=> smtpd_helo_requi
red = yes
: Require that a remote SMTP client introduces itself at the beginning of an SMTP session with the HELO or EHLO command. Many spam bot ignores HELO/EHLO command and you save yourself from spam. Following lines further restrictions on HELO command:
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname, Reject email if remote hostname is not in fully-qualified domain form. Usually bots sending email don't have FQDN names.
reject_invalid_hostname, Reject all bots sending email from computers connected via DSL/ADSL computers. They don't have valid internet hostname.
permit

You can put the following access restrictions that the Postfix SMTP server applies in the context of the RCPT TO command.
=> smtpd_recipient_restrictions =
reject_invalid_hostname, - Reject email if it not valid hostname
reject_non_fqdn_hostname, - Reject email if it not valid FQDN
reject_non_fqdn_sender, - Reject the request when the MAIL FROM address is not in fully-qualified domain form. For example email send from xyz or abc is rejected.
reject_non_fqdn_recipient, - Reject the request when the RCPT TO address is not in fully-qualified domain form
reject_unknown_sender_domain, - Reject email, if sender domain does not exists
reject_unknown_recipient_domain, Reject email, if recipient domain does not exists
permit_mynetworks,
reject_rbl_client list.dsbl.org, Configure spam black lists
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit

Open /etc/postfix/main.cf file :
# vi /etc/postfix/main.cf
Set/modify configuration as follows

disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
     reject_non_fqdn_hostname,
     reject_invalid_hostname,
     permit
smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   permit_mynetworks,
   reject_rbl_client list.dsbl.org,
   reject_rbl_client sbl.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
   permit
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

Also force (highlighted using red color) Postfix to limit incoming or receiving email rate to avoid spam.

Save and close the file. Restart postfix:
# /etc/init.d/postfix restart

Watch out maillog file. Now you should see lots of spam email blocked by above configuration directive:
# tail -f /var/log/maillog
Output:

Jan  9 06:07:22 server postfix/smtpd[10308]: NOQUEUE: reject: RCPT from 183-12-81.ip.adsl.hu[81.183.12.81]: 554 Service unavailable; Client host [81.183.12.81] blocked using dul.dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?81.183.12.81; from= to= proto=ESMTP helo=<183-12-230.ip.adsl.hu>
Jan  9 06:07:23 server postfix/smtpd[10308]: lost connection after RCPT from 183-12-81.ip.adsl.hu[81.183.12.81]
Jan  9 06:07:23 server postfix/smtpd[10308]: disconnect from 183-12-81.ip.adsl.hu[81.183.12.81]
Jan  9 06:10:43 server postfix/anvil[10310]: statistics: max connection rate 1/60s for (smtp:81.183.12.81) at Jan  9 06:07:17
Jan  9 06:10:43 server postfix/anvil[10310]: statistics: max connection count 1 for (smtp:81.183.12.81) at Jan  9 06:07:17
Jan  9 06:10:43 server postfix/anvil[10310]: statistics: max cache size 1 at Jan  9 06:07:17
Jan  9 06:16:58 server postfix/smtpd[10358]: warning: 81.92.197.249: address not listed for hostname unassigned.or.unconfigured.reverse.nfsi-telecom.net
Jan  9 06:16:58 server postfix/smtpd[10358]: connect from unknown[81.92.197.249]
Jan  9 06:17:00 server postfix/smtpd[10358]: NOQUEUE: reject: RCPT from unknown[81.92.197.249]: 550 : Recipient address rejected: User unknown in virtual alias table; from=<> to= proto=ESMTP helo=
Jan  9 06:17:00 server postfix/smtpd[10358]: disconnect from unknown[81.92.197.249]

Next time I will write about simple procmail and spamassassin combination to filter out spam :)