Posted on

procmailrc3

~$ cat .procmailrc
INCLUDERC=/mnt/vacation/me/rc.vacation

:0 Whc: msgid.lock
| formail -D 16384 msgid.cache

:0
* (To|cc|from|Delivered-To|CC|From):.*[email protected]
{
:0c:
[email protected]
:0
Maildir/.enquiry/
}
Maildir/.enquiry/

BLACKLISTED = `formail -xFrom -xSender -xReply-To -xReturn-Path -xReceived | \
egrep -i -f ~/black.lst`

:0
* ! BLACKLISTED ?? ^^^^
Maildir/.Spam/

:0
* ? formail -c -xFrom -xSender -xReply-To -xReturn-Path -xReceived | \
sed “s/[[:space:]]for .*$//g” | egrep -is -f ~/white.lst
Maildir/

:0 H
* ^X-Spam-Status: Yes
{
:0c:
[email protected]
:0
Maildir/.Spam/
}
Maildir/.Spam/

:0 H
* ^X-Spam-Flag: YES
Maildir/.Spam/

SENDERIP = `formail -c -XReceived | grep “by some.where.out.there” | grep -v “from some.where.out.there” | \
sed “s/^Received: from .*\[\([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\)\].*by some.where.out.there.*$/\1/”`

:0
* ! SENDERIP ?? ^^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*^^
{
SENDERIP =
}

:0
* ! SENDERIP ?? ^^^^
{
SENDER_REVERSED = `expr “$SENDERIP” | \
sed “s/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\4.\3.\2.\1/”`

KNOWNOFFENDER = `host “$SENDER_REVERSED”.sbl-xbl.spamhaus.org | \
sed “s/^.*\(127\.0\.0\.[0-9]*\)$/\1/”`

:0
* KNOWNOFFENDER ?? ^^127.0.0.[0-9]*^^
Maildir/.Spam/
}

:0
* ! SENDERIP ?? ^^^^
{
SENDER_DYNAMIC = `host “$SENDER_REVERSED”.dul.dnsbl.sorbs.net | \
sed “s/^.*\(127\.0\.0\.[0-9]*\)$/\1/”`

:0
* ! SENDER_DYNAMIC ?? ^^127.0.0.[0-9]*^^
{
SENDER_DYNAMIC =
}
}

:0
* ^Return-path.*@\/[-a-zA-Z0-9_.]*
{
RETURN_PATH_HOST = $MATCH
}

:0
* ! SENDER_DYNAMIC ?? ^^^^
{
RESOLVED = `host -a “$RETURN_PATH_HOST” | grep “$SENDERIP”`

:0:
* RESOLVED ?? ^^^^
Maildir/.Junk/
}

:0
* ^Return-path.*([^.]yahoo\.|@aol\.co|compuserve|@mail\.com|lycos|excite\.com|@usa\.net|hotmail|msn\.com)

{
:0
* RETURN_PATH_HOST ?? ^^msn.com^^
{
RETURN_PATH_HOST=”(msn.com|hotmail.com)”
}

:0
* $ ! Received.*[^=][ ]*${RETURN_PATH_HOST}
Maildir/.Junk/
}

:0 # forward if security
* ^Subject:.*[EDM].*
Maildir/.Spam

:0 B
* my-name-yay
{
:0c:
[email protected]
:0
Maildir/
}
Maildir/

:0 HB
* (Password expiring in|Please change your password|If you see negative days)
Maildir/.Password/

:0 HB
* ^From.*(announcement|webmaster)@some.where.out.there
* Alanine|Cysteine|Glycine|Histidine
{
:0c:
| (formail -r -A”X-Loop: [email protected]” -I”From: [email protected]” -I”To: [email protected]”; cat help.txt ) | $SENDMAIL -t
:0
Maildir/
}

:0 # forward if security
* ^Subject:.*[IT Security Advisory].*
* !From.*[email protected]
{
:0c:
! [email protected],[email protected]
:0
Maildir/.outthere
}

# All other mail goes into the main inbox.
:0
{
:0c:
[email protected]
:0
Maildir/
}
Maildir/

Posted on

passwordchanger

just saying

for the user-who-can-change-passwords-so-as-to-disable-them…

the file

[email protected]:/etc/ldap/slapd.d/cn=config# pwd
/etc/ldap/slapd.d/cn=config
[email protected]:/etc/ldap/slapd.d/cn=config# cat olcDatabase\={1}hdb.ldif

the bits that matter i think

olcAccess: {0}to attrs=userPassword,shadowLastChange by dn=”cn=admin,dc=some
,dc=where,dc=out,dc=there,dc=wooo” write by self write by anonymous auth by no
ne
olcAccess: {1}to dn.base=”” by read
olcAccess: {2}to by dn=”cn=admin,dc=some,dc=where,dc=out,dc=there,dc=wooo” wr
ite by read
olcAccess: {3}to attrs=userPassword,shadowLastChange by self read

but i’m not sure about the syntax. i think this might let “tester” do it?

olcAccess: {0}to attrs=userPassword,shadowLastChange by dn=”cn=admin,dc=some
,dc=where,dc=out,dc=there,dc=wooo” write by dn=”cn=tester,ou=people,dc=some
,dc=where,dc=out,dc=there,dc=wooo” write by self write by anonymous auth by * no
ne

Posted on

the problem

haiz
this is the problem

# rpm -Uvh /cluster/apps/x86_64/packages/torque-6.1.2/libtorque-devel-6.1.2-1.mga7.i586.rpm
warning: /cluster/apps/x86_64/packages/torque-6.1.2/libtorque-devel-6.1.2-1.mga7.i586.rpm: Header V4 RSA/SHA256 Signature, key ID 80420f66: NOKEY
error: Failed dependencies:
devel(libgcc_s) is needed by libtorque-devel-6.1.2-1.mga7.i586
devel(libstdc++) is needed by libtorque-devel-6.1.2-1.mga7.i586
libstdc++.so.6 is needed by libtorque-devel-6.1.2-1.mga7.i586
libstdc++.so.6(CXXABI_1.3) is needed by libtorque-devel-6.1.2-1.mga7.i586
libtorque.so.2 is needed by libtorque-devel-6.1.2-1.mga7.i586
libtorque2 = 6.1.2-1.mga7 is needed by libtorque-devel-6.1.2-1.mga7.i586

Posted on

artifact repo?

From the features, GrailBag stores files along with key:value pairs as metadata (not surprising), has a command line client to list/modify/upload/download/delete the artifacts, and has a Python module for doing the same from a more sophisticated script.
Additionally there is an interpreter of a simple language that describes directory tree where artifacts will be deployed (which artifacts to download, how to name the files, what directories and symlinks to create). This way you can write a cron script that deploys whatever you have in the repository, e.g. in a cold-standby server scenario (two servers having the same configuration, but one shut down and only powered on when the first one fails; on the first run of the cron task, the spare server downloads all the missing files, including whatever got stored while the server was shut down).
https://github.com/dozzie/grailbag

Posted on

on ssh

this combo allows only 1 ip to root access with key…

in authorized_keys
from=”123.234.345.567” ssh-rsa AAAAmypubkeyverylong== [email protected]

in sshd_config
PermitRootLogin without-password

this allows sftp only..no shell access for root. we can jolly combine this with
PermitRootLogin without-password
for scripted file transfers and the like.

[email protected]:~$ ssh [email protected]
Enter passphrase for key ‘/home/lz/.ssh/id_rsa’:
[email protected]’s password:
This service allows sftp connections only.
Connection to 234.345.456.567 closed.

in sshd_config

Match User root
ForceCommand internal-sftp

Posted on

nice

#!/bin/sh
ps -s $1 -o pid | xargs ionice -c 2 -n 0 -p

@hourly for u in $(tail -n +30 /etc/passwd | grep bash | cut -d”:” -f 1) ; do renice -10 -u $u ; done

Posted on

zfs

  1. replace dying hdd with spare
  2. detach the dying hdd
  3. cfgadm -c unconfigure c2::dsk/c2t1d0
    cfgadm -c configure c2::dsk/c2t1d

Start the receiver first. This listens on port 9090, has a 1GB buffer,

and uses 128kb chunks (same as zfs):

mbuffer -s 128k -m 1G -I 9090 | zfs receive data/filesystem

Now we send the data, also sending it through mbuffer:

zfs send -i data/[email protected] data/[email protected] | mbuffer -s
128k -m 1G -O 10.0.0.1:9090

zfs send tank/[email protected] | zfs recv spool/ds01
host1# zfs send -i tank/[email protected] tank/[email protected]p2 | ssh host2 zfs recv newtank/dana

zfs send tank/[email protected] > /bkups/gozer.083006

zfs receive tank/[email protected] < /bkups/gozer.083006

zfs rename tank/gozer tank/gozer.old

zfs rename tank/gozer2 tank/gozer

Posted on

a swapfile

fallocate -l 24G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
and then in fstab
/swapfile none swap sw 0 0

Posted on

every minute top

#!/bin/bash
EXECUTE_ON_AVERAGE="1" # if cpu load average for last 60 secs is 
                         # greater or equal to this value, execute script
                         # change it to whatever you want :-)

while true; do
#  if [ $(echo "$(uptime | cut -d " " -f 13 | cut -d "," -f 1) >= $EXECUTE_ON_AVERAGE" | bc) = 1 ]; then
#    /usr/bin/sysdig -G 60 -W 2880 -w /root/dump.scap
if [ $(echo "$(uptime | cut -d " " -f 13 | cut -d "," -f 1) >= $EXECUTE_ON_AVERAGE" | bc) = 1 ]; then
    (/usr/bin/nvidia-smi >> /root/memlog.txt) && (/usr/bin/free -mt >> /root/memlog.txti)
  else
#    killall -9 sysdig
  killall -9 sysdig.sh
#  sleep 60
  fi
#  sleep 60
  killall -9 sysdig.sh
done