Monthly Archives: October 2013

dig spf and domainkeys txt records

Posted on by
Reply 
# dig txt fordodone.com @4.2.2.2

;; ANSWER SECTION:
fordodone.com.             900     IN      TXT     "v=spf1 mx -all"
fordodone.com.             900     IN      TXT     "spf2.0/mfrom mx"

# dig txt mx._domainkey.fordodone.com

;; ANSWER SECTION:
mx._domainkey.fordodone.com. 3472 IN    TXT     "p=MIGfMA0GCSqGSIb3DQEBAJFHEBCY5DCBiQKBgQC1zZ4Mc7HiXNM0Cu3GZxwcI9vs4nIIcAIlzefnB9MbXrmQJF0m75BsKj8xer23oS7apleInob0RjneHbi+bwvEAa/NN7AjxTxla42dLoXOM+1B0Wf6taG3Vma/FS3bOdqWKo1J4hP8masXJ+PdkMy+LWqSp66fvJtG9U6/eQ4sJwIDAQAB\;"

get actual size of sparse file

Posted on by
Reply

You can see the actual size of a sparse file vs. the apparent size.

# ls -l /var/log/lastlog
-rw-rw-r-- 1 root utmp 684182572 Oct 24 16:56 /var/log/lastlog
# du --apparent-size /var/log/lastlog
668148  /var/log/lastlog
# du -h /var/log/lastlog 
48K     /var/log/lastlog
# ls -ls /var/log/lastlog 
48 -rw-rw-r-- 1 root utmp 684182572 Oct 24 16:56 /var/log/lastlog

convert log time seconds to readable date

Posted on by
Reply 
[1122633.028643] end_request: I/O error, dev sdc, sector 0

When looking in logs, like dmesg, error messages are preceded by a number that represents the uptime on the server in seconds at the time of the error. So this I/O error happened 1122633 seconds after the machine booted. This means nothing to us. In order to see when the error happened, you need to convert the seconds of uptime into a readable date.

First get the date/time at which the server booted using who -b and convert to seconds. Then add the seconds of uptime from the error message, and then convert back to a human readable date:

# date --date="@$(echo $(date --date="`who -b | awk '{print $3" "$4}'`" +%s)+1122633|bc)"
# Tue Oct 22 00:03:33 PDT 2013

So this error happened shortly after midnight. Very interesting…

Vyatta create and update IP based ban lists from Spamhaus

Posted on by
2

You can use Spamhaus, or a number of other lists in a Vyatta firewall configuration. In this case we create a network group called ‘blocked’ from the Spamhaus blacklists. Then this network group can be used in firewalls to drop traffic. Use cron to update the list every day, or once a week.

#!/bin/bash
# FILE: /usr/local/sbin/updateBanList.sh
# AUTHOR: ForDoDone fordodone@fordodone.com
# DATE: 2013-10-01
# NOTES: Script to update IP ban list.  Run from cron, and integrate into firewall
# 

# variables
VERBOSE=0
DROPURL='http://www.spamhaus.org/drop/drop.txt'
EDROPURL='http://www.spamhaus.org/drop/edrop.txt'

# simple logger function
logger(){
  if [ "$VERBOSE" == "1" ]
  then
    echo "$@"
  fi
}

# set verbose flag if given
if [ "$1" == "-v" ]
then
VERBOSE=1;
fi

# create or truncate tmp file
>/tmp/block

# get drop file
wget -q $DROPURL -O - | grep ^[0-9] | sed -e 's/;.*//' >> /tmp/block
if [ $? -ne 0 ]
then
  logger "error getting drop file"
  logger "exiting..."
exit
fi

# get edrop file
wget -q "$EDROPURL" -O - | grep ^[0-9] | sed -e 's/;.*//' >> /tmp/block
if [ $? -ne 0 ]
then
  logger "error getting edrop file"
  logger "exiting..."
exit
fi
logger "received `wc -l /tmp/block | awk '{print $1}'` networks to block..."

logger "starting vyatta cmd wrapper"
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper begin

# remove existing list, in case a network has been removed"
logger "deleting existing blocked network group"
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper delete firewall group network-group blocked

# add each network to the block list
logger "building new blocked network group"
logger "this might take a while..."
for i in `cat /tmp/block`;
do
  /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set firewall group network-group blocked network $i
done;

# now commit the changes
logger "committing changes"
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper commit

logger "ending vyatta cmd wrapper"
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper end

# clean up
rm -rf /tmp/block >/dev/null 2>&1