Tak Boleh Switch User

Tadi Mus menggelabah, kata machine yg dia tengah access tu tak boleh switch user dari root -> postgres. Aku buat dari tempat dia tak boleh, buat dari tempat aku pun tak boleh. Erghhh, kacau-bilau betul dunia nie.....

[root@ccas ~]# su - postgres
could not open session

Hmm, tak pernah pulak aku jumpa masalah yg memberi error message camtu sekali.

Ke salah user postgres nie, so aku try su - ke user lain.
[root@ccas ~]# useradd kambing
[root@ccas ~]# passwd kambing
Changing password for user kambing.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@ccas ~]# su - kambing
could not open session

Huh, tak boleh jugak. Tapi at least aku tau ini bukan masalah user postgres. Baca /var/log/messages takde memberi hint yang berguna pulak :(

Setelah googling, somebody mention pasal home permission. Aku tengok ok je. Entah macam mana datang intuition untuk tengok permission /etc/passwd.
[root@ccas etc]# ls -l passwd
-rw------- 1 root root 2632 Jan 20 15:16 passwd

Uik, semacam jek. So aku try compare dgn machine aku.
[root@kuli ~]# ls -l /etc/passwd
-rw-r--r-- 1 root root 1715 Dec 17 13:18 /etc/passwd

Heh, apa kes lain nie. Maka mulakan hikmat chmod.....
[root@ccas etc]# chmod +r /etc/passwd
[root@ccas etc]# su - postgres
-bash-3.00$ w

Yada, done!

Moral:
Back to basic, kesilapan bodoh boleh berlaku pada manusia yang tak sempurna.

Mesti Tonton: Firewall Movie

Firewall Movie
http://firewallmovie.warnerbros.com/

Computer security specialist Jack Stanfield (HARRISON FORD) works for the Seattle-based Landrock Pacific Bank. A trusted top-ranking executive, he has built his career and reputation on designing the most effective anti-theft computer systems in the industry, protecting the bank’s financial holdings from the constant threat of increasingly sophisticated internet hackers with his complex network of tracers, access codes and firewalls.

Jack’s position affords a comfortable life for him, his architect wife Beth (VIRGINIA MADSEN) and their two young children – a standard of living that includes a beautiful home in a residential community just outside the city.

But there’s a vulnerability in Jack’s system that he has not accounted for: himself. It’s a vulnerability that one very ruthless and resourceful thief is poised to exploit.

Bill Cox (PAUL BETTANY) has been studying Jack and his family for many months; monitoring their online activity, listening to their calls and learning their daily routines with an arsenal of digital and video recorders and parabolic microphones that tap into the most personal of information. He knows the names of their children’s friends, their medical histories, and the I.D. code for the security station that guards their neighborhood. Having spent the better part of a year methodically infiltrating every aspect of Jack’s identity, Cox is now ready to make good on his investment.

Leading a tight team of mercenary accomplices, he seizes control of the Stanfield house, making Beth and the kids terrified hostages in their own home and Jack his unwilling pawn in a scheme to steal $100 million from the Landrock Pacific Bank.

With every possible escape route shrewdly anticipated and blocked by Cox, every potential ally out of reach and the lives of his wife and children at stake, Jack is forced to find a breach in his own formidable security system to siphon funds into his captor’s offshore account – incriminating himself in the process and eradicating any electronic evidence that Cox ever existed.

Under constant surveillance, he has only hours to accomplish the risky transactions while desperately hunting for a loophole in the thief’s own impenetrable wall of subterfuge and false identities to save his family and beat Cox at his own game.

Hmm, agak-agak firewall apa yg digunakan? iptables, ipchains, ipfw, pf, Checkpoint, Astaro, Cisco PIX, Smartguard, atau lain-lain kah.....
Kalau bawak isteri/girlfriend (yang langsung takde minat dgn dunia IT) layan cerita nie agak-agak diorg boleh terima ke, hehe.

Fedora Directory Server on RHEL 4

Yezza, berjaya install (w/o configuration) Fedora Directory Server (FDS) on RHEL 4 :)

Modus Operandi
------------------
Download Fedora Directory Server 1.0.1 utk RHEL 4:
http://directory.fedora.redhat.com/download/fedora-ds-1.0.1-1.RHEL4.i386.opt.rpm

Install:
[root@kuli ~]# rpm -ivh fedora-ds-1.0.1-1.RHEL4.i386.opt.rpm

Dapat mesej cam kat bawah,
Install finished. Please run /opt/fedora-ds/setup/setup to set up the servers.

Run Setup:
[root@kuli ~]# /opt/fedora-ds/setup/setup

Jawab ler beberapa soalan.....Last sekali dapat mesej,
You can now use the console. Here is the command to use to start the console:
cd /opt/fedora-ds
./startconsole -u admin -a http://kuli.magnifix.com.my:9391/

Run console:
[root@kuli fedora-ds]# ./startconsole -u admin -a http://kuli.magnifix.com.my:9391/
./startconsole: Your JAVA_HOME environment variable is not set. Please set it appropriately.

Aiseh, ada error pasal Java pulak, kenalah set kan path.
[root@kuli fedora-ds]# export JAVA_HOME=/usr/lib/jvm/jre-ibm/
[root@kuli fedora-ds]# ./startconsole -u admin -a http://kuli.magnifix.com.my:9391/ Jan 11, 2006 4:41:42 PM java.util.prefs.FileSystemPreferences$2 run INFO: Created user preferences directory.

Done!









Komen
--------
Java-based console nie betul-betul makan bnyk resource. Sebab itulah 256MB is the recommended minimum while 1024MB is recommended for best performance on large production system.
[irwan@kuli ~]$ ps aux | grep java.bin
root 21365 3.8 29.4 119308 56244 pts/3 Sl+ 18:54 0:10 /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2/jre/bin/java.bin -ms8m -mx64m -cp .:./base.jar:./mcc10_en.jar:./jss3.jar:./ldapjdk.jar:./mcc10.jar:./nmclf10_en.jar:./nmclf10.jar -Djava.library.path=../lib -Djava.util.prefs.systemRoot=. -Djava.util.prefs.userRoot=. com.netscape.management.client.console.Console -u admin -a http://kuli.magnifix.com.my:9391/

Perhatikan yang memory usage adalah sebanyak 29.4MB.

Wish List
-----------
A web-based console ;)

Mengelirukan HTTPD Version

Objektif: Mengelirukan versi HTTPD
OS: RHEL 4 (ES)
httpd version: 2.0.52-19 (pakej rasmi dari Red Hat)

Sebelum
[root@kuli i386]# curl -I http://localhost HTTP/1.1 200 OK
Date: Thu, 05 Jan 2006 08:07:36 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 20 Dec 2005 08:47:40 GMT
ETag: "114a6e-bc-b85aa300"
Accept-Ranges: bytes
Content-Length: 188
Connection: close
Content-Type: text/html; charset=UTF-8

Selepas
[root@kuli i386]# curl -I http://localhost
HTTP/1.1 200 OK
Date: Thu, 05 Jan 2006 08:47:17 GMT
Server: Magnifix_HTTP_Server/Release 1.0.0 (IRIX 6.5)
Last-Modified: Tue, 20 Dec 2005 08:47:40 GMT
ETag: "114a6e-bc-b85aa300"
Accept-Ranges: bytes
Content-Length: 188
Connection: close
Content-Type: text/html; charset=UTF-8

Modus Operandi
Download httpd-2.0.52-19.ent.src.rpm dari RHN

Install file tadi
rpm -ivh httpd-2.0.52-19.ent.src.rpm

Edit file /usr/src/redhat/SPECS/httpd.spec.
Tukar baris %define vstring Red Hat kepada %define vstring IRIX 6.5

Extract tarball
[root@kuli SOURCES]# pwd
/usr/src/redhat/SOURCES
[root@kuli SOURCES]# tar xzvf httpd-2.0.52.tar.gz

Edit file /usr/src/redhat/SOURCES/httpd-2.0.52/include/ap_release.h supaya menjadi:
----------8<----------
#define AP_SERVER_BASEVENDOR "Apache Software Foundation"
/* #define AP_SERVER_BASEPRODUCT "Apache"
#define AP_SERVER_MAJORVERSION "2"
#define AP_SERVER_MINORVERSION "0"
#define AP_SERVER_PATCHLEVEL "52" */
#define AP_SERVER_BASEPRODUCT "Magnifix_HTTP_Server"
#define AP_SERVER_MAJORVERSION "Release 1"
#define AP_SERVER_MINORVERSION "0"
#define AP_SERVER_PATCHLEVEL "0"
#define AP_SERVER_MINORREVISION AP_SERVER_MAJORVERSION "." AP_SERVER_MINORVERSION
#define AP_SERVER_BASEREVISION AP_SERVER_MINORREVISION "." AP_SERVER_PATCHLEVEL
#define AP_SERVER_BASEVERSION AP_SERVER_BASEPRODUCT "/" AP_SERVER_BASEREVISION
#define AP_SERVER_VERSION AP_SERVER_BASEVERSION
----------8<----------

Backup tarball asal & regenerate tarball daripada folder httpd-2.0.52
[root@kuli SOURCES]# pwd
/usr/src/redhat/SOURCES
[root@kuli SOURCES]# mv httpd-2.0.52.tar.gz httpd-2.0.52.tar.gz.bak
[root@kuli SOURCES]# tar czvf httpd-2.0.52.tar.gz httpd-2.0.52/

Compile source dengan utiliti rpmbuild
[root@kuli SPECS]# pwd
/usr/src/redhat/SPECS
[root@kuli SPECS]# rpmbuild -bb --clean /usr/src/redhat/SPECS/httpd.spec

Akan terciptalah beberapa file di dalam folder /usr/src/redhat/RPMS/i386/
[root@kuli i386]# ls
httpd-2.0.52-19.ent.i386.rpm httpd-devel-2.0.52-19.ent.i386.rpm httpd-suexec-2.0.52-19.ent.i386.rpm
httpd-debuginfo-2.0.52-19.ent.i386.rpm httpd-manual-2.0.52-19.ent.i386.rpm mod_ssl-2.0.52-19.ent.i386.rpm

Done! Sekarang bolehlah install apa-apa pakej yang patut :)

PenjejakNeraka is now known as ipvsadm

Hmm, kepada mereka yang mengenali PenjejakNeraka di IRC, dimaklumkan bahawa nick tersebut telah didropkan. Aku sekarang menggunakan nick ipvsadm :) Asas/sebab utama pertukaran tersebut adalah kerana ada yang kurang senang dengan nick lama aku tu, hehe. Antara sebab sekunder adalah; tahun baru, nick baru :)

Ada yang salah anggap seolah-olah:

• aku ingin ke neraka
• aku guna nick terebut konon nak dianggap ganas dgn nama "neraka"
• aku nie orang jahat

Actually aku cuma guna nick tu kerana kagum dengan watak Penjejak Neraka dalam komik Pendekar Laut - tak lebih dari tu. Jadi, utk kesenangan & kebahagiaan semua pihak, eloklah aku tukar nick tu. Aku pun tak salahkan mereka yang memaki hamun aku atas penggunaan nick PenjejakNeraka kerana aku tahu mereka jahil dengan niat sebenar :) Aku pun tak nafikan yang nick PenjejakNeraka nie agak keras bunyinya, hehe.

Selamat tinggal PenjejakNeraka, selamat datang ipvsadm :)