Archive

Archive for the ‘Applications’ Category

Stupid OS X tricks – Photoshop effects

September 8th, 2010

This is just because I’ve had to deal with this multiple times, and I don’t want to forget.

OS X system integrated with Active Directory.  The local admin account has no problems with Photoshop Elements 6.  Non-admin users, like the AD accounts, find all the effects and filters are missing in Photoshop Elements 6.

The fix?  Go to /Library/Application Support/Adobe/Photoshop Elements/6.0/Locale and change the permissions on the en_US folder to grant Read & Write permissions to everyone.  Be sure to “Apply to enclosed items….”

Open Photoshop, and the effects should appear.

Applications, Operating Systems

How Not To Expose Root in Sendmail

May 23rd, 2009

Quick note:

When you do domain masquerading with sendmail, root is exempted from that by default.  No big deal unless the host name of your system is not actually registered in DNS.  I have a couple VMs that don’t need outside access or DNS registrations, but I’d like to receive their cron output cleanly.

This is a rather easy fix.  In most sendmail .mc files you will find the DOMAIN(generic) statement.  This refers to loading the generic.m4 file which includes a default statement to expose root without masquerading — EXPOSED_USER(`root’).  Copy the generic.m4 to mycustom.m4 and remove the EXPOSED_USER line.  Go to your .mc file and change the DOMAIN(generic) to DOMAIN(mycustom) and rebuild your sendmail.cf file.

Applications

Snort Reports

March 25th, 2008

I have been queueing up the last couple of Richard Bejtlich’s Snort Reports in my blog reader, so I decided to hunt up and notate the link for the list of Snort Reports.

Snort

Deploying Adobe Reader 8 Whitepaper

March 25th, 2008

There is a good whitepaper over at Adobe about Deploying Adobe Reader 8 that goes into details about unpacking and deploying the Adobe Reader via automated methods, including GPO assignment.

Applications

VMWare Server, MythTV, and Kubuntu

September 2nd, 2007

Having recently acquired a Windows Vista PC for my own personal learning, I find that my Windows XP box is now irrelevant. It is a Dell Optiplex GX 280 (about 2 years old) that I would like to use as a MythTV back-end server and a VMWare Server host. To facilitate this, I picked up a 500GB Western Digital SATA drive. My intention is to install Kubuntu 7 Feisty Fawn, setup an LVM partition to carve out storage for video and VM images, install VMWare Server, and install MythTV.

The first step to getting the base OS up and running is to simply boot the Kubuntu live CD and then kick off the installer. I pretty much ran the defaults except for the disk setup. I setup a 50GB / partition with ext3 and a 2GB swap. I left the other ~450GB unpartitioned to hold an LVM volume later.

After the first reboot I noticed the video wasn’t optimum – 1024×768 from an ATI Radeon X300. I followed this wiki entry to get it running right.

Next on the docket would be LVM. First I need to install LVM:

  • sudo apt-get install lvm2

Also, I would like to have XFS support for use where I store video files.

  • sudo apt-get install xfsprogs

With LVM support installed, I used the article Learning Linux LVM, Part 2 to help go through the following:

  • sudo sfdisk -l turned up this:

Disk /dev/sda: 60801 cylinders, 255 heads, 63 sectors/track
Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0

Device Boot Start End #cyls #blocks Id System
/dev/sda1 0+ 6078 6079- 48829536 83 Linux
/dev/sda2 6079 6327 249 2000092+ 82 Linux swap / Solaris
/dev/sda3 6328 60800 54473 437554372+ 8e Linux LVM

That looks right. I’ve got a 50GB / partition on sda1, a 2GB swap on sda2, and the rest in sda3 set as LVM type. Let’s get using it.

  • sudo su
  • pvcreate /dev/sda3
  • vgcreate -s 32M main /dev/sda3
  • lvcreate -L150G -nvm main
  • lvcreate -L250G -nvideo main
  • mkreiserfs /dev/main/vm
  • mkfs.xfs /dev/main/video
  • mkdir /vm
  • mkdir /video
  • mount /dev/main/vm /vm
  • mount /dev/main/video /video

Next, add the two new partitions to the /etc/fstab file to mount at startup. A reboot confirms that all is well with the new partitions.

Next, we move on to getting VMWare Server installed and running on this box. During this portion, I used How To Install VMware Server On Unbuntu 7.04 (Feisty Fawn) as a good reference to getting this done.

First, we do some prep:

  • sudo aptitude install linux-headers-`uname -r` build-essential
  • sudo aptitude install xinetd

Then grab the current VMWare Server tar ball. (This was done with VMware-server-1.0.3-44356.tar.gz.) Also, grab this patch file vmware-any-any-update109.tar.gz.

  • cd /usr/src
  • tar -xzf VMware-server-1.0.3-44356.tar.gz
  • cd vmware-server-distrib/
  • ./vmware-install.pl
  • Accept the defaults until the prompt to run vmware-config.pl to which you answer no
  • tar -xzf vmware-any-any-update109.tar.gz
  • cd vmware-any-any-update109
  • ./runme.pl
  • Let it run the vmware-config.pl script
  • Accept the EULA and the defaults unless you want an override.
  • For example, this install I answered No to NAT networking as I just want a bridged connection.
  • I changed the directory for keeping virtual machine files from /var/lib/vmware/Virtual Machines to just /vm to use the LVM volume
  • Enter a serial number for VMWare Server
  • Verify the script successfully starts the services
  • Launch the VMWare Server Console via the vmware command

At this point, the system should be ready to create new virtual machines, but that’s a topic for another post.

Next, we will tackle installing MythTV on this system. I have previously setup a freestanding MythTV box to test it out. That system was an old spare PC when I started, but it did run successfully for a year and a half as my home DVR. Eventually it gave out, and now I would like to setup a replacement for it. This time I intend to setup this system as a MythTV backend system to do the recording and then setup another system as a front-end for viewing.

As a guide in this process I used this page from the Ubuntu Community Documentation.

This system has a Hauppauge PVR-250 tuner card in it, and it looks to be correctly loaded by default.

As the documentation page I’m referencing points out, we only need one package for this configuration — mythtv.

  • sudo su
  • apt-get install mythtv
  • vi /etc/mysql/my.cnf
    • comment out the bind-address 127.0.0.1 line
    • :wq
  • /etc/init.d/mysql restart
  • exit (to drop out of root context)
  • mythtv-setup
  • Click Yes to be added to the mythtv group
  • Enter password for sudo
  • Click Yes to restart your session
  • Login again
  • mythtv-setup
  • Click Yes
  • Enter password for sudo
  • Choose English
  • General
    • Set IP address of local system
    • Set directory to hold recordings to /video
    • Increase max simultaneous jobs to 2
    • Enable auto-commercial flagging jobs when the recording starts
  • Capture Cards
    • New capture card
    • Card type: MPEG-2 encoder card (for my PVR-250)
  • Video Sources
    • New video source
    • Source name: Bright House Cable
    • Enter username and password for zap2it labs account
  • Input Connections
    • Setup Tuner1 for CableTV
  • Channel Editor
    • No changes
  • Exit mythtv-setup
  • Click Yes to run mythfilldatabase
  • mythfrontend

That’s it. At this point, the system is up and running Kubuntu 7, VMWare Server, and MythTV. Stay tuned for more posts about putting this platform to use.

Kubuntu, Linux, MythTV, VMWare

Obscurity is Not Security

March 22nd, 2007

A common technique when building web applications is to hide menus based on the user logged in. While it is obscure, it certainly is not secure. Each script must have access control built in. I prefer to delineate roles and map users to them. When a page is requested by the web server, check the logged in user name against the map. Don’t forget about your include files. Scripts that are included by others should have access control as well.

Obscurity is actually a good thing; the less info an attacker has the better. It just can’t be considered security.

Applications

Kismet on Gentoo

January 30th, 2007

I got my laptop running with monitor mode support for my Intel 3945 under Gentoo. Now, I’d like to look into Kismet. Here’s how it went down:

  • emerge kismet
  • Edit /etc/kismet.conf
    • suiduser=xxxxxx
    • source=ipw3945,eth1,kismet
    • gps=false
  • Start kismet and it looks to run

Right now I don’t have any other wireless clients up and running, so I’ll have to wait till tomorrow to actually watch some running traffic. This looks like a good start so far though.

Gentoo, Kismet, Wifi

Signing an IIS 5.0 Certificate Request with OpenSSL

January 30th, 2007

Evidently there is a difference in regards to certificates between IIS 6.0 and IIS 5.0. I have previously used madboa’s SSL HOWTO to generate, sign and export PEM certificates to the PFX format that IIS expects. However, today, I tried using the same procedure with an older Windows 2000/ IIS 5.0 server and repeatedly got the same “import password is incorrect or the certificate has expired” message.

After some searching and learning that few people have had success with IIS 5.0, I came across a post from dejavu.mu.nu detailing exactly how to create a certificate that would work with IIS 5.0.

Loving the fact that I can push something Open Source onto a Windows platform!

IIS, OpenSSL

Secure your DNS

January 28th, 2007

Just noticed this posting at ISC about DNS issues. It has two good links at the bottom to the NIST doc on implementing secure DNS and a secure BIND template.

I really need to review existing DNS infrastructure for an exact picture of where we are.

Also take note of DNS for Rocket Scientists and this PDF from CERT (even though its a few years old now).

DNS

MIMEDefang on FreeBSD – Part 2

January 21st, 2007
Comments Off

OK, back at it again. Got sendmail and mimedefang installed.

Notes:

  • Gotta copy /usr/local/etc/rc.d/mimedefang.sh-dist to /usr/local/etc/rc.d/mimedefang.sh
  • Generate a new sendmail.cf
    • Go to /etc/mail
    • Issue a ‘make’
    • Edit hostname.mc file

divert(-1)
#
# The best documentation for this .mc file is:
# /usr/share/sendmail/cf/README or
# /usr/src/contrib/sendmail/cf/README
#

divert(0)
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.2.2 2006/08/23 03:31:00 gshapiro Exp $’)
OSTYPE(freebsd6)
DOMAIN(generic)

define(`confCW_FILE’, `-o /etc/mail/local-host-names’)
define(`confBIND_OPTS’, `WorkAroundBrokenAAAA’)
define(`confNO_RCPT_ACTION’, `add-to-undisclosed’)
define(`confPRIVACY_FLAGS’, `authwarnings,noexpn,novrfy’)

define(`confMAX_HEADERS_LENGTH’, `32768′)dnl
define(`confBAD_RCPT_THROTTLE’, `3′)dnl
define(`confMAX_RCPTS_PER_MESSAGE’, ’50′)dnl
define(`confTRUSTED_USER’, `mailnull’)dnl
define(`confMAX_MESSAGE_SIZE’, 204800000)dnl
dnl TIMEOUT settings – Bat book 24.9.109
define(`confTO_INITIAL’, `2m’)dnl
define(`confTO_CONNECT’, `2m’)dnl
define(`confTO_ICONNECT’, `30s’)dnl
define(`confTO_HELO’, `2m’)dnl
define(`confTO_MAIL’, `5m’)dnl
define(`confTO_RCPT’, `15m’)dnl
define(`confTO_DATAINIT’, `2m’)dnl
define(`confTO_DATABLOCK’, `5m’)dnl
define(`confTO_DATAFINAL’, `30m’)dnl
define(`confTO_RSET’, `5m’)dnl
define(`confTO_QUIT’, `2m’)dnl
define(`confTO_MISC’, `2m’)dnl
define(`confTO_COMMAND’, `5m’)dnl
define(`MILTER’, `1′)dnl
define(`confMILTER_LOG_LEVEL’, `9′)dnl

FEATURE(access_db, `hash -o -T /etc/mail/access’)
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable’)
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable’)

FEATURE(`redirect’)dnl
FEATURE(`use_cw_file’)dnl
FEATURE(`always_add_domain’)dnl
FEATURE(`smrsh’, `/usr/sbin/smrsh’)dnl
MAIL_FILTER(`mimedefang’, `S=local:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=C:15m;S:4m;R:4m;E:10m’)dnl
define(`confINPUT_MAIL_FILTERS’, `mimedefang’)dnl

DAEMON_OPTIONS(`Name=IPv4, Family=inet’)

MAILER(local)
MAILER(smtp)

FreeBSD, MIMEDefang