Mr cron, send me an email

April 11, 2011 at 16:23 · Filed under gnu, linux, sysadmin

I wrote this post to continue with the sysadmining series asked by Ardian.

Sometimes I need cron scripts to email me the result of something and configuring sendmail or postfix to do that seems a little like killing a mosquito with a bazooka (it works, but it’s not very efficient).

So, what I do is use msmtp.

msmtp is very easy to use and configure. Just write a config file for it (.msmtprc in your $HOME) and make it point to the GMail smtp server.
Something like this works:

defaults
tls on
tls_starttls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt

account default
host smtp.gmail.com
port 587
auth on
user user_name@gmail.com
password H3Re_Goes_Y0ur_p@ssword

Then you $ chmod 600 ~/.msmtprc

And that’s pretty much it. Then to send an email what you do is pipe the mail to msmtp with the address of the person you want to email.

Something like this:

echo -e "Subject:test\nTo:foo@bar.com\nhello world" | msmtp foo@bar.com

That command would send an email to foo@bar.com with the subject “test” and the body “hello world”
The “Subject” and “To” fields are optional, but it’s nice to include them. The \n are new lines.

You can also make a text file and cat it and redirect the output with pipes.
More information for the email could be included, like the text encoding used, etc, but for the stuff I need to email, a subject and a body is usually more than enough.

Disclaimer: I don’t like using GMail (the default interface has a JavaScript trap, I don’t trust Google with my personal data, etc), but GMail (through Google Apps) is the mail server of choice at work. Using msmtp doesn’t mean you HAVE TO use GMail. I only put it as an example because it’s what we use at work. As a matter of fact, you’re better off NOT using GMail at all and using some other email provider that doesn’t spy on you and that respects your freedom.

Leave a Comment

Some semi-serious sysadmin scholastic statements

April 11, 2011 at 16:19 · Filed under gnu, linux, sysadmin

Asked by my friend Ardian, I’m writing these tips for sysadmin-wannabes hoping that it will be useful.

Securing SSH

SSH is one of the best friends of any sysadmin (because everybody knows that sysadmins don’t have real friends). Because SSH is one of our true few friends, we need to make sure that it stays our friend and to do that we have to defend it.
Here are some ways to achieve that:

Security through obscurity

It is a general consensus that securing something through obscurity is not a good idea. Security through obscurity is not real security, but sometimes it helps stop annoying script kiddies. You can’t make your whole security scheme rely on people not knowing your secret, particularly when the secret is easily discovered.
I’m talking here about moving your SSH port to something different than 22 (which is the default port). It’s very easy to find out which ports are open in a server (you just need to use nmap), but there are people who don’t know that and have automated scripts constantly trying to gain access through that port. Usually higher ports is a good idea.
Just don’t rely on this as your only means of securing SSH.

Hello, Mr. John Doe

Don’t let users with very common usernames have SSH access. Particularly, don’t let root have SSH access. Other usernames that shouldn’t be allowed are admin, superadmin, backup, cron, etc. Automated attempts to gain access use dictionaries of common users, so it’s better if we don’t give them a chance to guess what users we have in the system.

Stop knocking at my door!

If we receive many failed login attempts from the same IP, then that person probably isn’t someone with a valid password. There are many ways to tell that person to get off: IPTables rules, fail2ban, denyhosts, etc. Some people may even prefer their own solutions, but having these available, that’s probably not necessary.
The idea is that if a user keeps trying to gain access to our server, we can lock them out for a certain period of time.

Leo@Vinci

Sometimes we have users that connect always from the same host. The host can then be specified in the sshd configuration file so that user can’t connect from anywhere else. In that way, we close the door to yet another possible intruder trying to spoof our user from some other location.

Password? What password?

Relying on passwords might not be a great idea because passwords can be weak (although that can be solved with PAM magic, which I may talk about at a different time). Generating SSH keys and disabling password authentication is usually a good idea. SSH keys are unique (unless you use certain versions of Debian…).

Leave a Comment

lemon.py

September 23, 2010 at 19:01 · Filed under free, gnu, python ·Tagged

I told people at work (yes, I have a job now, more about that later… or maybe not) that I could make lemon pie. They know I’m all about free software, so they asked me if it was GPL lemon pie. I published this in our intranet (some of it is in Spanish, but even if you don’t speak a word of Spanish you can tell what’s going on):

#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''How to make a yummy lemmon pie'''

###
#
# lemon.py is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation, either version 3 of the License,
# or (at your option) any later version.
#
# lemon.py is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see 
# or write to the Free Software Foundation, Inc., 59 Temple Place,
# Suite 330, Boston, MA  02111-1307  U.S.A.
#
###

INGREDIENTES_MASA = {'harina':'250g', 'azúcar':'125g', 'manteca':'75g', \
'huevos':1, 'yema':1, 'esencia de vainilla':'un chorro'}
MASA = []

for ingrediente in INGREDIENTES_MASA:
    MASA.append(ingrediente) # la masa queda húmeda.
    #cook(MASA, '20 minutos', 'horno medio')


INGREDIENTES_RELLENO = {'agua':'1 taza', 'maizena':'¼ taza', \
'jugo de limón':'½ taza', 'ralladura de limón':'de 1 limón', 'yemas':3, \
'manteca':'50g'}

RELLENO = []
RELLENO_DESPUES = []

for ingrediente in INGREDIENTES_RELLENO:
    if ingrediente != 'yemas' and ingrediente != 'manteca':
        RELLENO.append(ingrediente)
    else:
        RELLENO_DESPUES.append(ingrediente)
    #estado_relleno = cook(RELLENO, 'hasta que se espese y hierva', \
    #'fuego lento') # hay que revolver constantemente
    #if estado_relleno == 'cooked':
    #    for ingrediente in RELLENO_DESPUES:
    #        RELLENO.append(ingrediente) # continuar revolviendo 2 minutos más


INGREDIENTES_MERENGUE = {'claras':4, 'azúcar':'8 cucharadas'}
MERENGUE = []

for ingrediente in INGREDIENTES_MERENGUE:
    MERENGUE.append(ingrediente)
    #whisk(MERENGUE) # hasta que se formen piquitos

LEMON_PIE = MASA + RELLENO + MERENGUE
#cook(LEMON_PIE, 'hasta que se dore el merengue')

Comments (5)

The UTUTO XS Lemote project begins!

October 9, 2009 at 02:25 · Filed under distros, free, gnu, lignux, linux, ututo ·Tagged , ,

This is a quick translation I made of the article that appeared in Ututo’s site: http://www.ututo.org/web/modules/news/news.php?ID_news=368
Thanks to ethana2 for proofreading it.

Some time ago we started toying with the idea of porting our operating system to the new Lemote Yeelong
This computer is characterized by having a completely free hardware design and by not needing any nonfree software components to work.

Unlike other computers we know, it doesn’t use a processor made by the most known companies.
The Lemote company uses a processor developed completely in China, named Loongson. It has a MIPS architecture.

In UTUTO XS, we have had a tradition of development and advocacy of free software for more than 6 years. As the UTUTO project, we thought it would be important to support this hardware starting with version 2010. This would help the spreading of free software and also it would be another choice of operating system for the Lemote computers.

Richard Stallman talked to us about the possibility of getting some Lemote computers as a donation for this project and he put us in contact with the Lemote company in China.

A couple of days later Lemote sent us the Yeelong computers and thanked us for our intention of porting our operating system.

This initiative has the support of institutions that advocate free software and free knowledge.

Among them we can mention:

— Dr. Richard Stallman (father of the free software movement).
— Lemote (Jiangsu Lemote Tech. Co. Ltd, China)
— Free Software Foundation (US)
— Solar (Software Libre Argentina)
— Fundación Instituto de Innovación para el Bienestar Ciudadano (Spain)
— Misol (Misiones Software Libre, Argentina)
— Hipatia (Free Knowledge)
— Asociación de Software Libre de Ecuador (ASLE)
— Fundación Red Especial España

This initiative is the beginning of the project that we internally codenamed “UTUTO XS Lemote”.
The idea is to have an XS system for these computers along with the corresponding updated package repository, just like with the versions for other processors

We think this is an important opportunity to learn and to face the challenge of creating a complete and functional system that would have the user at the core.

Here [0] you can see some pictures of the computers that we’ve got and also how we started the creation of the boot loader of the operating system and the compilation of a basic user system. For the time being we only have a text command line.

We thank all the people who support this project and we will keep you informed with the news on the development of “UTUTO XS Lemote”.

[0] http://erp.ututo.org/album/index.php?album=ututoxs%2FYeelong

Comments (3)

Getting rid of the annoying pcspeaker sound

August 26, 2009 at 07:43 · Filed under Uncategorized

If you, like me, hate the annoying beep of the pc speaker, then you can get rid of it by doing:

# rmmod pcspkr

The problem with that is that you need to do it every time you restart, so here’s how you can get rid of it forever:

# vim /etc/modprobe.d/blacklist

And add a line that says:

blacklist pcspkr

Ok, there you go. Short post today, but hopefully useful.

Comments (1)

Free software conference in Prishtina

August 24, 2009 at 19:50 · Filed under Uncategorized

I have been meaning to write this blog post for a long time, but for some reason or another it always ended up as a draft. First of all, for those of you who still don’t know, I came to Kosovo for a free software conference [0] that will take place on August 29th and 30th at the University of Prishtina. I was invited to speak about two different topics which are translation with free software and basic Python. If you are in the area (or you are rich and feel like spending money on plane tickets) then I’d be really glad if you could join us here in Kosovo. Now, I came to Kosovo some time in advance to get to know the place and to help organize the conference. During my stay here I’ve had a great time visiting places like Mirushe [1]. People here are very nice and I was pleasantly surprised when the locals at Gjakova even helped me carry my bags when I got at the bus station and then took me to a place where I could phone my friend Heroid (who’s letting me stay at his house and I really thank him for that). To top it all, these nice gentlemen that carried my bags even paid for the phone call I made. Also, and I think this is something that I need to point out, Kosovar girls are extremely beautiful 😉 Nobody is as beautiful as my loving girlfriend fiancée wife!!! :D. So, this has been a great trip so far and, after all my US / Buenos Aires winters, I really welcome this European summer sun. You should also come to the free software conference in Prishtina; it’s definitely worth it.
[0] http://kosovasoftwarefreedom.org
[1] http://picasaweb.google.com/arianit/PrizrenMirushe

Comments (1)

TontoFlog

July 13, 2009 at 23:15 · Filed under agpl, creative commons, free, service

Photo blogs were (or are, who knows how long fads last) very popular in my country. They were so popular that photo blog users formed some kind of urban tribe and they gathered in a local shopping mall to do… nothing. I guess they took pictures… One thing’s for sure, they had very dubious fashion tastes. So my friend Marcolandia decided it was about time there was a free software solution for these poor and tormented souls: this article is not about floggers (short for photo blogger) but about this new GNU AGPLv3 photo blogging software.

I’m definitely not a flogger, but I had to try my friend’s software and I have to say that it’s really impressive. I could post a screenshot of my photoblog in my new photoblog, but I’m not up for recursion today. You can visit my photoblog or you can download the software and try it out: TontoFlog. (It will soon be uploaded as a savannah project)

It’s only in Spanish for now, but I’ll work on a translation as soon as Marcolandia puts the strings all together so TontoFlog stays modular.

Comments (3)

0c:00.0 Network controller: Broadcom Corporation BCM4311 802.11b/g WLAN (rev 01) take two:

July 4, 2009 at 00:02 · Filed under broadcom, free, gNewSense, gnu, linux ·Tagged , , ,

My Broadcom WiFi card is finally working with free software in gNewSense so I decided to make a post to explain how to make that happen for your card as well.

First you need to check your Broadcom WiFi card model: the OpenFWWF site says that 4306, 4311(rev1), 4318 and 4320 are tested and that they work. Not having one of those models is not a reason to try it, though.

Now, you need to install git-core, curl, bison and flex if they are not installed. Get b43-tools (http://git.bu3sch.de/git/b43-tools.git)and compile it.
After that’s done compiling (it should take 2 seconds or so), you need to download the firmware. Lastest firmware as of today is 5.2.
Extract the tar.gz and just “make”. When that’s done compiling (it also takes very little time) you’ll have 3 .fw files in your openfwwf directory. Those 3 files need to be copied to /lib/firmware/b43-open/ .

Then you need to install Linux-libre v2.6.30. A neatly packaged image can be found at my friend Ali Gündüz‘s Freedom Shoppe.

After that you need to pass an option to the b43 module. You do that by adding a line that says “options b43 qos=0” (without quotes) to the /etc/modprobe.d/options file. I also added b43 to /etc/modules but that might not be necessary.

Here’s a step by step copypastable list of all the commands for you (you may need to change the version number of the firmware or the kernel, depending on when you read this post; also make sure that WordPress is not using formatted quotation marks):

cd
sudo apt-get install git-core curl bison flex
git clone git://git.bu3sch.de/b43-tools.git
cd b43-tools/assembler
make
sudo make install
cd
wget http://www.ing.unibs.it/openfwwf/firmware/openfwwf-5.2.tar.gz
tar zxvf openfwwf-5.2.tar.gz
cd openfwwf-5.2
make
sudo mkdir /lib/firmware/b43-open
sudo cp *.fw /lib/firmware/b43-open/
cd
wget http://aligunduz.org/gNewSense/freedomshoppe/linux-image-2.6.30-libre-fshoppe1_i386.deb
sudo dpkg -i linux-image-2.6.30-libre-fshoppe1_i386.deb
sudo -i
echo “options b43 qos=0 nohwcrypt=1” >> /etc/modprobe.d/options
echo “b43” >> /etc/modules
logout

I restarted and booted with the 2.6.30 kernel and my card was working. dmesg confirmed that I was using the free firmware:

[ 8460.884239] b43-phy0: Loading OpenSource firmware version 410.31754 (Hardware crypto not supported)

I would’ve liked it to say “free software”, just like I would’ve liked the firmware to be called free and not open, but that’s extra.

Enjoy your WiFi with freedom!

EDIT: I updated the openfwwf version to 5.2
EDIT2: updated the git repo for b43-tools

Comments (11)

Watch out, it’s an update

May 4, 2009 at 15:37 · Filed under free, gnu, lignux, linux

No, I’m not going to explain how to make qemupuppy run. If you need help to make qemupuppy work look for it in the interwebz. I’m also not going to recommend qemupuppy either since it is not a Free OS. If you want a Free OS that runs from a prendrive try FUSBi.

Since my last post a lot of things have changed: I have lost most of my patience (probably all of it) and I decided I won’t be publishing any more tutorials that can be found somewhere else on the web. I also migrated to a 100% free GNU distro: gNewSense (but I am, of course, using KDE). Before gNewSense I was using Debian Lenny, but gave up on it when I discovered that some people were making Debian go against its own DFSG. I’m happy to say that not all the people wanted that, but apparently the ones trying to use the Social Contract and the DFSG as toilet paper (yet again) were the majority.

Now, why did I decide to break the silence and come up with an update after all this time?

I’m sure that by now you can tell this is going be a [long] rant. So… here be tigers:

<rant>

I want to talk about peer pressure. I have seen a lot of people getting bent by peer pressure to use nonfree software and that makes me angry at the peer preassurers and the peer pressurees but mostly at the latter, because it’s their mental weakness which makes peer pressure so effective with them. I have seen people installing Adobe Flash because they have been told that they __have__to__ watch this or that flash video which refuses to work with swfdec; instead of being strong and not letting their will be broken, they go against their ideals because some people tell them they are stupid and freetarded. Flash video is a horrible format and unless we fight it back it will continue being massively used. People are not aware that their conformism regarding this format doesn’t allow them to see the big picture, that unless someone breaks this vicious circle things are never going to change.

The same thing can be said about Sun’s Java (as opposed to IcedTea), AIM/Windows Live Messenger, Google, Launchpad or Linux (yes, the vanilla Linux kernel is non free, I’m sorry to tell you). Unless more people take action against this, we will only see an increase in the usage of nonfree apps/services.

Comments (1)

0c:00.0 Network controller: Broadcom Corporation BCM94311MCG wlan mini-PCI (rev 01) for GNU/Linux

April 25, 2008 at 23:42 · Filed under broadcom, hardy, kubuntu, linux, ubuntu, upgrade ·Tagged , , , ,

EDIT2: There’s another post for a working explanation to make a broadcom card work with free software.

EDIT: The method I had explained in this post made use of nonfree firmware. Thanks to Broadcom’s lack of cooperation this wifi card can’t be used nowadays with a Free Software OS.
I’m a Free Software advocate so I decided this post had no place in my blog. If you hate freedom you can ask Scroogle how to make this card work, but the best thing to do would be to complain to Broadcom and refrain from buying from them ever again.

Comments (1)

Older Posts »