Listar ficheiros mais antigos

No diretório atual podemos pesquisar ficheiros criados há mais de 30 dias.

$ find . -maxdepth 1 -type f -mtime +30

Também podemos apagar os ficheiros listados

$ find . -maxdepth 1 -type f -mtime +30 -print | xargs /bin/rm -f
$ find . -maxdepth 1 -type f -mtime +30 -print0 | xargs -0 /bin/rm -f

Ou se quisermos listar os ficheiros com detalhes

$ find . -maxdepth 1 -type f -mtime +120 -print0 | xargs -0 ls -lh

Limpar SPAM do Maildir

Basicamente não conseguia aceder a algumas pastas numa conta de email a partir de qualquer cliente.

Uma vez que o formato utilizado era Maildir pude aceder diretamente às pastas da conta e remover as mensagens manualmente.

grep -l -r 'SPAM' cur | xargs rm

Para contar o numero de ficheiros dentro da pasta basta utilizar o comando

ls -1 | wc -l

Parse apache vhosts file

So, I wanted to parse the apache config file so I could get the ServerName and the DocumentRoot of each VirtualHost.

awk '/^<VirtualHost*/,/^<\/VirtualHost>/{if(/^<\/VirtualHost>/)p=1;if(/ServerName|DocumentRoot|## User/)out = out (out?OFS:"") (/User/?$3:$2)}p{print out;p=0;out=""}' vhosts.conf

The command will output the info in the format:

ServerName DocumentRoot

or opposite depending on the order in which they appear on the VirtualHost

 

Note: You should exclude those VirtualHosts which are only redirects

Change sendmail queue

To actually change it, modify the /etc/sysconfig/sendmail file. It’ll look something like this:

DAEMON=yes
QUEUE=1h

Change the QUEUE unit to suit your preferences.

QUEUE=5m

Forcing queue send on individual email message

You can flush the message with:

sendmail -qIyourqueueID -oTnow

The “I” flag to the -q flag specifies which queue ID to use. The -oTnow flag sets the queue timeout to “now”. Note sendmail will still try to deliver the message once when you do this.

Vulnerable service: Netbios

Go into your firewall file /etc/sysconfig/iptables.

If you use Active Directory and want to enable that function ONLY in Samba use.

-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT

Don’t be scared of the syntax. I’m not going to cover firewalls but understand the basics.

-s (ip address) limits to the Class C ip addresses of your installation. Of course you need to modify to your own network and this makes is far more secure than giving the entire world access to your network.

--state NEW [basically means a new rule.]

-p [the port you want to open up which is either tcp or udp. I’ve done the hard work for you so you don’t have to figure out which type to open up]

dport 445 [This is the port number. Again for AD we use port 445.

Now, if your Samba setup demands the old netbios calls:

-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT

Be sure to watch out for case issues and don’t make a mistake on tcp or udp otherwise samba won’t function properly. This has to be right — as I’ve found out myself with a couple of typos!

Now restart the firewall. There are two ways of restarting a service on CentOS

  1. service iptables restart
  2. /etc/init.d/iptables restart

Either one works. You can also just restart the server if you want to as well.

note: You can use Redhat’s system tool for editing the firewall, but it is not recommend. It won’t add the -s parameter and will open up all the samba ports 137 – 139 and 445 which is not a recommended scenario.

SOURCE: https://wiki.centos.org/HowTos/SetUpSamba

Instalar módulos PECL/PEAR PHP no CentOS

The default RHEL 5.2 installation does not come with xdebug as part of any of the php RPMs. A quick look around the Net also provided no real RPM candidates that I could use on this system so I had to fall back to using the package management tools (pecl and pear) provided by php.

$ sudo pecl install xdebug
downloading xdebug-2.0.3.tgz ...
Starting to download xdebug-2.0.3.tgz (286,325 bytes)
...........................................................done: 286,325 bytes
66 source files, building
running: phpize
Configuring for:
PHP Api Version:         20041225
Zend Module Api No:      20060613
Zend Extension Api No:   220060519
/usr/bin/phpize: /tmp/pear/download/xdebug-2.0.3/build/shtool: /bin/sh: bad interpreter: Permission denied
Cannot find autoconf. Please check your autoconf installation and the $PHP_AUTOCONF
environment variable is set correctly and then rerun this script.

ERROR: `phpize' failed

Yep, loving it already!

Why on earth am I not able to invoke /bin/sh (as can be seen by the ‘/bin/sh: bad interpreter: Permission denied’ error above)? Let’s see if root can actually run the shell interpreter:

$ sudo /bin/sh
sh-3.2# exit

OK, everything looks good. Why is it breaking when we’re trying to run the interpreter from /tmp/pear/download/xdebug-2.0.3/build/shtool?

Back to basics

Perhaps this has something to do with where we’re trying to run it from and the user we’re doing the installation as (root) seems to be capable of running the interpreter but not from the shtool script for some reason.

$ ls -ld /tmp/
drwxrwxrwt 17 root root 4096 Jun 18 07:41 /tmp/

Obviously _not_ a permissions issue.

$ grep tmp /etc/fstab
/dev/sda2     /tmp    ext3    defaults,nosuid,nodev,noexec    1 2

Ah, there you are! /tmp is mounted with a ‘noexec’ flag so that’s what’s causing the execution to fail when we try to install xdebug via pecl. No problem, I’ll just set pecl to use /var/tmp instead … oh, wait, on RHEL systems /var/tmp is just a symlink to /tmp.

*sigh*

Hand me half a brick

Time to work around the issue. Let’s go find those directories pear expects to be somehow related to /tmp or /var/tmp:

$ pear config-show | grep tmp
PEAR Installer download        download_dir     /tmp/pear/download
PEAR Installer temp directory  temp_dir         /var/tmp
$ pear config-set download_dir /root/tmp/pear/download
$ pear config-set temp_dir /root/tmp

I updated these to temporarily point elsewhere:

$ pecl config-show | grep tmp
PEAR Installer download        download_dir     /root/tmp/pear/download
PEAR Installer temp directory  temp_dir         /root/tmp

$ sudo mkdir -p /root/tmp/pear/download

Source: http://blog.ntrippy.net/2008/06/installing-peclpear-php-modules-on-rhel.html

Atualizar ICU para o php-intl no CentOS

I chose to install the latest version for CentOS 5 available on http://site.icu-project.org.

make sure we have the developer packages needed for procedure

# yum -y install php-devel php-pear

download and unpackage tar which code for relevant ICU lib version

# mkdir src
# cd src/
# wget http://download.icu-project.org/files/icu4c/58.1/icu4c-58_1-src.tgz
# tar zxf icu4c-58_1-src.tgz

build and install the library into /opt/icu4c-58_1

# cd icu/source/
# ./configure --prefix /opt/icu4c-58_1 && make && make install

build and install the php-intl version
enter /opt/icu4c-58_1 at prompt for ICU library location

# pecl install intl
# ldconfig

add an ini file wity contents: extension=intl.so

# vi /etc/php.d/intl.ini

you can now check to see if it’s loaded

# php -i | grep intl

restart the apache web server and you’re good to go

# service httpd restart

Yum install/update errors “cpio: rename”

Occasionally, RPMs will set the xattr immutable flag on important libraries as a safety mechanism to try to prevent core OS breakage. Unfortunately, this will cause package upgrade failures with vague error messages. Eg.:

[root@archive ~]# yum update -y nss
Loaded plugins: fastestmirror, priorities, security, upgrade-helper
Loading mirror speeds from cached hostfile
 * epel: mirrors.sdm.noao.edu
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package nss.i386 0:3.13.6-3.el5_9 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package       Arch           Version                   Repository         Size
================================================================================
Updating:
 nss           i386           3.13.6-3.el5_9            updates           1.1 M

Transaction Summary
================================================================================
Install       0 Package(s)
Upgrade       1 Package(s)

Total download size: 1.1 M
Downloading Packages:
nss-3.13.6-3.el5_9.i386.rpm                              | 1.1 MB     00:00     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : nss                                                      1/2 
Error unpacking rpm package nss-3.13.6-3.el5_9.i386
error: unpacking of archive failed on file /usr/lib/libfreebl3.so: cpio: rename

Failed:
  nss.i386 0:3.13.6-3.el5_9                                                     

Complete!

RPM uses cpio as it’s archive format, which is why we’re seeing a cpio error when trying to replace the file /usr/lib/libfreebl3.so.
Lets investigate that file.

[root@archive ~]# ls -la /usr/lib/libfreebl3.so
-rwxr-xr-x 1 root root 240612 Apr  8  2007 /usr/lib/libfreebl3.so
[root@archive ~]# lsattr /usr/lib/libfreebl3.so
----i-------- /usr/lib/libfreebl3.so

The “immutable” flag has been set which means that file can not be modified or unlinked reguardless of it’s standard POSIX permissions. We need to remove that flag in order for the package upgrade to complete.

[root@archive ~]# chattr -i /usr/lib/libfreebl3.so
[root@archive ~]# lsattr /usr/lib/libfreebl3.so
------------- /usr/lib/libfreebl3.so

Now we can try to update the nss package again…

[root@archive ~]# yum update -y nss
Loaded plugins: fastestmirror, priorities, security, upgrade-helper
Loading mirror speeds from cached hostfile
 * epel: mirrors.sdm.noao.edu
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package nss.i386 0:3.13.6-3.el5_9 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package       Arch           Version                   Repository         Size
================================================================================
Updating:
 nss           i386           3.13.6-3.el5_9            updates           1.1 M

Transaction Summary
================================================================================
Install       0 Package(s)
Upgrade       1 Package(s)

Total download size: 1.1 M
Downloading Packages:
nss-3.13.6-3.el5_9.i386.rpm                              | 1.1 MB     00:00     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : nss                                                      1/2 
Error unpacking rpm package nss-3.13.6-3.el5_9.i386
error: unpacking of archive failed on file /usr/lib/libsoftokn3.so: cpio: rename

Failed:
  nss.i386 0:3.13.6-3.el5_9                                                     

Complete!

Looks like we found another file with xattrs set…

[root@archive ~]# ls -la /usr/lib/libsoftokn3.so
-rwxr-xr-x 1 root root 348040 Apr  8  2007 /usr/lib/libsoftokn3.so
[root@archive ~]# lsattr /usr/lib/libsoftokn3.so
----i-------- /usr/lib/libsoftokn3.so
[root@archive ~]# chattr -i /usr/lib/libsoftokn3.so
[root@archive ~]# lsattr /usr/lib/libsoftokn3.so
------------- /usr/lib/libsoftokn3.so

Let try that update yet again…

[root@archive ~]# yum update -y nss
Loaded plugins: fastestmirror, priorities, security, upgrade-helper
Loading mirror speeds from cached hostfile
 * epel: mirrors.sdm.noao.edu
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package nss.i386 0:3.13.6-3.el5_9 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package       Arch           Version                   Repository         Size
================================================================================
Updating:
 nss           i386           3.13.6-3.el5_9            updates           1.1 M

Transaction Summary
================================================================================
Install       0 Package(s)
Upgrade       1 Package(s)

Total download size: 1.1 M
Downloading Packages:
nss-3.13.6-3.el5_9.i386.rpm                              | 1.1 MB     00:00     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : nss                                                      1/2 
/sbin/ldconfig: /usr/lib/libsoftokn3.so is not a symbolic link

/sbin/ldconfig: /usr/lib/libfreebl3.so is not a symbolic link

  Cleanup        : nss                                                      2/2 

Updated:
  nss.i386 0:3.13.6-3.el5_9                                                     

Complete!

Source: https://joshua.hoblitt.com/rtfm/2013/05/dealing_with_rpm_cpio_rename_package_installupdate_errors/

Instalar PHP 5.5 no CentOS 5

Verificar se existem pacotes instalados:

# yum list installed | grep php

Se existirem pacotes então é necessário removê-los:

# yum remove php php-cli php-common php-gd php-ldap php-mbstring php-mcrypt php-mysql php-pdo

Instalar o repositório webtatic

# rpm -Uvh http://mirror.webtatic.com/yum/el5/latest.rpm

Podemos então verificar quais os pacotes disponíveis:

# yum --enablerepo=webtatic list available | grep php55w

A seguir, instalamos os pacotes do PHP 5.5

# yum --enablerepo=webtatic install php55w php55w-cli php55w-common php55w-gd php55w-ldap php55w-mbstring php55w-mcrypt php55w-mysql php55w-pdo php55w-soap php55w-intl php55w-opcache

Nota: No meu caso, já tinha o repositório instalado anteriormente e não deixava instalar os pacotes do PHP 5.5 porque as chaves do repositório não eram válidas. Foi necessário atualizar as chaves:

# rpm --import http://repo.webtatic.com/yum/RPM-GPG-KEY-webtatic-andy

PHP já deve estar na versão 5.5. Podemos verificar com o comando:

# php -v
PHP 5.5.38 (cli) (built: Jul 21 2016 13:42:32)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend Technologies

Finalmente, reiniciamos o Apache:

# service httpd restart