June 2012 – Tikejhya: Ashish Nepal

Unauthenticated email is not accepted from this domain

On 28th June 2012

Unauthenticated email is not accepted from this domain

from=ashishnepal@domain.com,addr=any@googlehosted.com: 550 5.7.1 Unauthenticated email is not accepted from this domain. v234s7598891wib

The cause of the problem is that:

Google rejects all mail from the @domain.com domain unless they are able to verify DKIM signature.

Solution :
Add your domain.com outbound mail servers’ IP addresses under “Inbound Gateway” in the domain settings for @googlehosted.com in Google Apps.

This way you could bypass the DKIM signature authentication (or google will simply accept even if its thats not accepted.)

+18

0

Adding a file or directory to an existing archive

By admin

On 18th June 2012

In BASH

Adding a file or directory to an existing archive

# tar rvf archive_name.tar newfile

Adding directory to an existing archive

# tar rvf archive_name.tar newdir/

Note: Tar file cannot be archieved.

$ tar rvfz archive_name.tgz newfile
Output: tar: Cannot update compressed archives

+20

0

Windows “Kill Process”

By admin

On 18th June 2012

In Windows

Windows “Kill Process”

taskkill /F /IM thunderbird.exe

+17

0

Checking SSL certificate expiry

By admin

On 15th June 2012

In SSL

How to view the expiry date of an ssl certificate on crt file

openssl x509 -noout -in wildcard.ashishnepal.com.crt -dates

notBefore=Aug 21 16:43:10 2011 GMT
notAfter=Aug 21 16:43:10 2014 GMT

How to view the expiry date of an ssl certificate on domain

openssl s_client -connect kb.ashishenpal.com:443 | openssl x509 -text

[You would see this section before public key Fingreprint]
Validity
Not Before: Jan 29 00:00:00 2010 GMT
Not After : Jan 28 23:59:59 2014 GMT

I came across Very nice script provided by Matty, which is available at http://prefetch.net/code/ssl-cert-check
and http://prefetch.net/articles/checkcertificate.html this script does exactly what you would be looking for.

SSL Checker

Using this script you could get verity of options where simply you can create a list of domain inside a file and read file . Here ssl_spy.sh is this ssl_checker script, ssl_check.txt is the file which contains all those domain i want to check and wheel@tikejhya.com is my email address where i want to get notified, -f is option for file read and -q is quite -x is time if less than 60 it will notify me in given email.

/bin/bash /home/tikejhya/bin/ssl_spy.sh -a -f /home/tikejhya/bin/ssl_check.txt -q -x 60 -e wheel@tikejhya.com

+11

0

Vi comment out block

By admin

On 15th June 2012

In Vi

Vi comment out block / VI comment multiple lines

Go to the line and hit

1) m{CHAR} or m{a}
and
2) put e mark in m{CHAR} in the end of the line

When you have marked a with start of line and e with end of line
type
3) :’a,’e s/^/# /

You can also use line numbers,
1 to $ ($ is the last line)
solitary % for everyline
. or blank for the current line.
To illustrate the “blank”, these two commands do the same thing:

:,$ s/^/# /
:.,$ s/^/# /

+13

0

Recompiling SSH (New version) Centos 5.x 6.0

By admin

On 15th June 2012

In SSH

Recompiling SSHD in Centos. Using the same bind directory
I have shown little sample here with openssh 6.0p1 on centos 5.6 (tested).

Problems faced and solution :

root@ashishnepal ssh]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: /etc/ssh/sshd_config line 22: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 23: Unsupported option GSSAPICleanupCredentials
/etc/ssh/sshd_config line 25: Unsupported option UsePAM
[ OK ]

SCRIPT

#!/bin/bash

yum -y install libgssapi pam-devel

SOURCEDWN="http://www.mirrorservice.org/sites/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.0p1.tar.gz"
SOURCELOCATION=/usr/local/src
CONFIGLOCATION=/etc/ssh/
FILE=openssh-6.0p1.tar.gz

cd $SOURCELOCATION && wget $SOURCEDWN && tar -zxvf $SOURCELOCATION/$FILE ;
echo `mkdir $CONFIGLOCATION/old ;
mv $CONFIGLOCATION/ssh* $CONFIGLOCATION/moduli $CONFIGLOCATION/old/serv` ;
cd /usr/local/src/openssh-6.0p1 &&
./configure --sysconfdir=/etc/ssh --bindir=/usr/bin/ --sbindir=/usr/sbin --with-pam --with-kerberos5 && make && make install;
cd /etc/ssh/;
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak && cat /etc/ssh/old/sshd_config | grep -v "^#" >> /etc/ssh/sshd_config;
echo `ssh -V`;
service sshd restart

Problem: However, script includes the below given problem if you skim through.

./configure --sysconfdir=/etc/ssh --bindir=/usr/bin/ --sbindir=/usr/sbin
make
make install

[root@ashishnepal ssh]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd: /etc/ssh/sshd_config line 22: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 23: Unsupported option GSSAPICleanupCredentials
/etc/ssh/sshd_config line 25: Unsupported option UsePAM
                                                           [  OK  ]

if you need UsePAM yes and GSSAPIAuthentication Yes you should also config with pam and kerberos5 as given above.
inorder to make it usable you might need “yum install libgssapi pam-devel”

Solution: After installing libgssapi and pam-devel

./configure --sysconfdir=/etc/ssh --bindir=/usr/bin/ --sbindir=/usr/sbin --with-pam --with-kerberos5

+17

0

track SSH traffic (bandwidth usage)

By admin

On 2nd June 2012

In IPtables, Linux, Monitoring Tool, Security

track SSH traffic (bandwidth usage)

I would use iptables owner module (perhaps together with other quota/reporting modules).
iptables -A OUTPUT -p tcp –dport 22 -m owner –uid someuser -j ACCEPT

iptables -vL

+20

0