Occasionally I see packet captures which have been saved as Raw IP, which can really mess up many of the tools developed to deal with pcap. Anything based on libnids, including the Perl module I maintain, cannot deal with it and will produce no (or bizarre) results. Wireshark displays these captures just fine, with “Raw packet data – no link information available” just above the IP layer.

There are many situations where packet capture will lack the ethernet header for a good reason, but if you simply want to run it through other tools that deal only with IP and above then adding a fake header is a viable choice.

Fortunately, adding a “fake” ethernet header to these pcap files using tcprewrite (part of the tcpreplay suite) is simple:

Overriding the output data layer type is essential, as is providing the ethernet MAC addresses of the two endpoints. That’s all there is to it.

tcprewrite is available as part of the Debian package tcpreplay.

It is sometimes useful to limit the running time of a process, either to stop it from using up all resources or to make sure nightly cron jobs don’t continue into working hours.

I needed this for rsync, to let a remote backup server slowly catch up if large amounts of data were added to the live server during the day. A useful post on the rsync mailing list discusses an rsync patch but also the timeout command.

After installing (the Debian package is simply timeout) it is as easy as running with the number of seconds to run for:

It is also possible to specify the signal which will be sent to a program, which is useful if you do not want to simply send SIGKILL. I used SIGHUP in the hope that rsync would have a chance to exit gracefully:

A full list of signals and their numeric values can be found in man 1 kill.

A wrapper script is also available from Johannes Buchner.

Recently I have installed and configured dspam on my mailserver. It seems to work nicely but needs occasional training. I wanted to integrate this with Thunderbird so that users could automatically train dspam from their mail client.
Read the rest of this entry »

Tired of seeing repeated attempts to login to a Linux server you run?  There are a number of options, all with their own benefits and disadvantages.  The easiest way is to move the port that the SSH server runs on, perhaps to 2222 instead of 22.  However. this can be annoying behind some firewalls and means that you need to specify the port each time you SSH to a host.  This post looks at denyhosts, a viable alternative.
Read the rest of this entry »

Extended ACLs on Linux can be incredibly useful.  Permissions can actually be more secure whilst allowing a number of users or daemons access to a file, no longer are unwieldy groups necessary to allow reading or writing.  But for some reason, I noticed that these extended ACLs disappeared when a file was edited in vim. Read the rest of this entry »