Feeds:
Posts
Comments

Archive for the ‘Uncategorized’ Category

Post more blog articles

Make more music

Have more fun 🙂

Advertisements

Read Full Post »

New Cert

linux Expert

Read Full Post »

Image

I will cut right to the chase …
If you get the following pop up on your computer, then its probably too late. I have had 3 seperate client offices affected by this virus. The first time I paid the ransom to decrypt my files. The 2nd and 3rd time I was prepared and had backups running with rsnapshot so I was able to go back several hours to before the infection encrypted my whole server. The user who initially had the infection lost all files on the desktop and my documents since those are not backed up.

Here are some useful links on the subject

Bleeping Computer has a lot of good info: <<<<LINK>>>>

Blocking executables in %AppData% (this is where the virus runs from): <<<<LINK>>>>

I used secpol.msc on a windows XP workstation to determine what needed to be blocked. I then went into the registry and exported the following keys so that I could use a login script to apply the keys to other workstations on the network.

####Reg file contents (import into registry windows XP #####

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{58dca1de-6e21-4b21-8010-0481e042ef55}]
“LastModified”=hex(b):e6,37,e8,fb,4c,c4,ce,01
“Description”=”dont allow executables from AppData”
“SaferFlags”=dword:00000000
“ItemData”=hex(2):25,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,25,00,5c,00,\
2a,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dd6f32b9-d45e-4f13-bda8-dc4276b0c763}]
“LastModified”=hex(b):86,17,44,f8,4c,c4,ce,01
“Description”=”dont allow executable from subpath in AppData”
“SaferFlags”=dword:00000000
“ItemData”=hex(2):25,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,25,00,5c,00,\
2a,00,5c,00,2a,00,2e,00,65,00,78,00,65,00,00,00

Read Full Post »

#!/bin/bash
# Zimbra Backup Script
# Daniel W. Martin, 5 Dec 2008
# Original scripts:
#  http://wiki.zimbra.com/wiki/Open_Source_Edition_Backup_Procedure

touch /opt/backup/backup_$(date +%a).log

# Outputs the time the backup started, for log/tracking purposes

echo “Time backup started = $(date +%a) $(date +%T)” > /opt/backup/backup_$(date +%a).log
before=”$(date +%s)”

# Live sync before stopping Zimbra to minimize sync time with the services down
# Comment out the following line if you want to try single cold-sync only
# amended smc 3-28-13 zimbra 8 pre allocates 85GB to ldap dbase excluding folder from now on

rsync -avHK –exclude “/opt/zimbra/data/ldap” –delete /opt/zimbra/ /opt/backup/zimbra

# Including –delete option gets rid of files in the dest folder that don’t exist at the src
# this prevents logfile/extraneous bloat from building up overtime.
# Now we need to shut down Zimbra to rsync any files that were/are locked
# whilst backing up when the server was up and running.

before2=”$(date +%s)”

# Stop Zimbra Services

su – zimbra -c”/opt/zimbra/bin/zmcontrol stop”
sleep 15

# Kill any orphaned Zimbra processes

ORPHANED=`ps -u zimbra -o “pid=”` && kill -9 $ORPHANED

# Only enable the following command if you need all Zimbra user owned
# processes to be killed before syncing
# ps auxww | awk ‘{print $1” “$2}’ | grep zimbra | kill -9 `awk ‘{print $2}’`
# Sync to backup directory
# amended smc 3-28-13 zimbra 8 pre allocates 85GB to ldap dbase excluding folder from now on
# amended smc 3-28-13 using ldap util to backup ldap database correctly

su – zimbra -c “/opt/zimbra/libexec/zmslapcat -c /opt/backup/ldap”
su – zimbra “/opt/zimbra/libexec/zmslapcat -c /opt/backup/ldap”
rsync -avHK –exclude “/opt/zimbra/data/ldap” –delete /opt/zimbra/ /opt/backup/zimbra

# Restart Zimbra Services

su – zimbra -c “/opt/zimbra/bin/zmcontrol start”

# Calculates and outputs amount of time the server was down for

after=”$(date +%s)”
elapsed=”$(expr $after – $before2)”
hours=$(($elapsed / 3600))
elapsed=$(($elapsed – $hours * 3600))
minutes=$(($elapsed / 60))
seconds=$(($elapsed – $minutes * 60))
echo “”Server was down for: “$hours hours $minutes minutes $seconds seconds”” >> /opt/backup/backup_$(date +%a).log

# Create a txt file in the backup directory that’ll contains the current Zimbra
# server version. Handy for knowing what version of Zimbra a backup can be restored to.
# su – zimbra -c “zmcontrol -v > /backup/zimbra/conf/zimbra_version.txt”
# or examine your /opt/zimbra/.install_history
# Display Zimbra services status

echo “Displaying Zimbra services status…” >> /opt/backup/backup_$(date +%a).log
su – zimbra -c “/opt/zimbra/bin/zmcontrol status” >> /opt/backup/backup_$(date +%a).log

# Create archive of backed-up directory for offsite transfer

cd /opt/backup/zimbra
umask 0177
tar -zcvf /opt/backup/mail.backup_$(date +%a).tgz -C /opt/backup/zimbra/ /opt/backup/ldap .

# Transfer file to backup server

echo “Trasfer mail.backup_date.tgz to backup server@zimbra_backup.com:/opt/backup” >> /opt/backup/backup_$(date +%a).log
scp /opt/backup/mail.backup_$(date +%a).tgz root@zimbra_backup.com:/opt/backup >> /opt/backup/backup_$(date +%a).log
/bin/rm -rf /opt/backup/mail.backup_$(date +%a).tgz >> /opt/backup/backup_$(date +%a).log

# Outputs the time the backup finished

echo “Time backup finished = $(date +%T)” >> /opt/backup/backup_$(date +%a).log

# Calculates and outputs total time taken

after=”$(date +%s)”
elapsed=”$(expr $after – $before)”
hours=$(($elapsed / 3600))
elapsed=$(($elapsed – $hours * 3600))
minutes=$(($elapsed / 60))
seconds=$(($elapsed – $minutes * 60))
echo “Time taken: “$hours hours $minutes minutes $seconds seconds”” >> /opt/backup/backup_$(date +%a).log
echo “disk information:” >> /opt/backup/backup_$(date +%a).log
df -h >> /opt/backup/backup_$(date +%a).log
(echo “Subject: Backup Log $(date +%a)”;echo;/bin/cat /opt/backup/backup_$(date +%a).log) | /opt/zimbra/postfix/sbin/sendmail -F admin@zimbra.com -t sanga.c@zimbra.com

 

Read Full Post »

Alfresco updates

Added Wiki, data lists, calendar, discussions, blog and links to the ITM site. More to come

Read Full Post »

When setting up fetchmail to poll from servers with SSL security, you may recieve the follwing error flooding your logs

Mar 7 11:55:10 cs fetchmail[id#]: Server certificate verification error: unable to
verify the first certificate

This is caused from the servers cert missing in the local certificate store. below is 1 method for correcting this issue.

1. Install required packages (centos)

yum install openssl openssl-devel openssl-perl

2. Get certificate from mail server

openssl s_client -connect mail.it-mgt.com:995 -showcerts

3. copy everything from “—–BEGIN CERTIFICATE—–” to “—–END CERTIFICATE—–” to a file called mail.it-mgt.com.pem and save it in /usr/loca/etc/fetchmail/certs

4. look for the “issuer=’ line to find where the certificate was issued from. Go to the issuers website and obtain the “Base-64 encoded x.509” cert and save that to a file in the same location with extension .pem

5. run the follwoing command to hash the certs for use.

c_rehash /usr/local/etc/fetchmail/certs

6. In /etc/fetchmailrc At the end of each user line that polls the server whose cert we just added tot he local store add the following:

sslcertck sslcertpath /usr/local/etc/fetchmail/certs

I dont think you need the part about sslcertpath if you put the certs in yout default ssl certificate store.

Read Full Post »

HOWTO:
Making a bootable USB drive from ISO image OS

Read Full Post »

Older Posts »