Wednesday, March 17, 2010

RIP Denman Tire

I began working for Denman Rubber Manufacturing in March 1975. I came in as a lab technician, then moved to Timekeeper.

In 1976, I began to work on an associate degree with one of those computer thingies. We had a Burroughs medium system at Kent Trumbull, but the big thing was the keypunch stations. Most folks had IBM 036, where you had to do three keys at once to do a left or right parenthesis. We had a few 039s. One key for a parenthesis - COBOL heaven! And it was COBOL, of course. That, FORTRAN, and Assembler.

Meanwhile, Denman had just been informed that IBM would no longer maintain their unit record equipment. Mostly because there was no way to make the dates go past 1979. So they knew they needed someone to set up a computer system. I was the only person they knew who knew what one looked like.

I made the Correct Technical Decision, and picked a Data General mini. I have a bad habit of making the C T D. I've owned a Betamax, and spent a decade with OS/2.

I wrote apps. In COBOL, of course - what else in 1979? Accounts Payable and Receivable, General Ledger, Order Entry, Inventory, ERP. Our payroll processor went out of business - our CFO spent a year trying to get a certain payroll company that begins with an A and ends with a DP to get our payroll on line. Didn't work. I wrote a payroll system in three months.

I changed operating systems. I started off with ICOS, the Interactive COBOL Operating System. Threaded p-code! Then to RDOS; to AOS; to AOS/VS; to dg/ux. I wrote articles for the Data General User's Group magazine. I talked about the Y2K problem in my second article - in 1986. I became president of the group in 1994; I saw it go away.

I made the decision to, for once in my life, go with the popular choice: Red Hat. For once, the popular choice was the Correct Technical Decision; I'm a RHCE running RHEL5.4 on all of our systems.

I got a BA from Hiram, a MS from Kent, an RHCT and a RHCE. I raised a son who also has a BA from Hiram, an RHCT, and an RHCE.

I've had a good career. Denman has been as good a place to work for as I could have ever asked.

Yesterday, they filed for a Chapter 7 liquidation.

I'll be OK - I already have a new job. But I've got friends that I've known for more than 30 years that are in serious trouble. Where does a tire builder with a 10th grade education go to get $27 an hour?

I'm running off at the fingers now, and will go to bed.

Thursday, March 11, 2010

Setting up IMAP and SquirrelMail

I’ve always been a POP3 guy, but my circumstances are about to change – more of that in a later post.  But I’ve always known the advantages that IMAP bring to the party – keeping the message on a central server for multiple location access and archiving – and if I had to set up a new email system, I wanted to use IMAP.

SquirrelMail – the most popular Linux web email interface – runs exclusively IMAP, rather than POP3, so that would become a necessity anyway.

IMAP installation was trivial – yum install cyrus-imapd. That’s it. It adds the cyrus user, writes out a .conf file.  Just remember to set a password for cyrus.   Only gotcha I found was that the
/etc/logrotate.d/cyrus-imapd contains a /var/log/auth.log entry. If you already have one elsewhere, logrotate will fail with a duplicate file error.

Sendmail wasn’t much harder.

MAILER(local)dnl
MAILER(cyrus)dnl
define(`confLOCAL_MAILER',`cyrus')dnl
LOCAL_RULE_0
R$=N            $: $#local $: $1
R$=N < @ $=w . >        $: $#local $: $1
Rbb + $+ < @ $=w . >        $#cyrusbb $: $1

and remember that the separators before the $: above are tabs, not spaces.  Then


m4 sendmail.mc > sendmail.cf, and restart sendmail.

Start up /etc/init.d/cyrus-imapd and saslauthd, and make sure both are configured to come up when you reboot.

/etc/init.d/cyrus-imapd start
chkconfig cyrus-imapd on
/etc/init.d/saslauthd start

Next, set up a sasl password for cyrus and any users by issuing this command as root:

/usr/local/sbin/saslpasswd cyrus
/usr/local/sbin/saslpasswd tim

imtest tests your connection:

[root@kyushu init.d]# su cyrus
bash-3.2$ imtest -m login -p imap localhost
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS] kyushu.denmantire.com Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-7.el5_4.3 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {8}
S: + go ahead
C:
S: L01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] User logged in
Authenticated.
Security strength factor: 0
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.

and set up your users:

bash-3.2$ cyradm localhost
IMAP Password:
localhost.localdomain> cm user.tim
quit


And that's it! I did a quick test by setting up an IMAP email account in Outlook - worked great. Next week, I'll set up SquirrelMail.

Thursday, March 4, 2010

New Spamhaus block list

Spamhaus has just announced a new block list, the Domain Block List, here:
http://www.spamhaus.org/news.lasso?article=655

This is a great concept - it's designed to foil 'Snowshoe' spammers.  Those are the folks who use a wide array of addresses to spam from, thus spreading out the spam load over hundreds or thousands of addresses - the same way a snowshoe spreads your weight out over the snow.  It's very difficult to block, because they're constantly registering/spamming from/losing addresses.

But the spam payload is usually linked to a domain, and that's what the DBL is designed to block.  The DBL is not an IP blocklist - it lists actual domains; it's not a normal RBL list.  For this reason, you'll need SpamAssassin 3.31.

Now, the bad news - 3.31 isn't out yet.  The minute it releases, I'll start testing this.

Spamhaus is the most solid, reliable set of blocklists out there, with an extremely low false positive rate.  I can't wait to try this out.

Thursday, February 25, 2010

bash vs. -bash

Spent the last two days running around in circles, trying to figure out why this stupid script wouldn't work.  It's one line, and I was testing it from the command line.  Worked fine in a script:

root@dg scripts]# cat foo
#!/bin/bash
ERR="Error from $(basename $0)";echo $ERR
[root@dg scripts]# foo
Error from foo
Failed miserably by itself:

[root@dg scripts]# ERR="Error from $(basename $0)";echo $ERR
basename: invalid option -- b
Try `basename --help' for more information.
Error from

The good folks at Linuxquestions.org were a big help.  Seems that if the file is executed, it'll behave as you think it should:

[root@tolstoy scripts]# cat foo
#! /bin/bash
  echo $0

[root@tolstoy scripts]# foo
/usr/local/scripts/foo

but if it's ever sourced - as your shell might be, after passing through /etc/profile, ~.bash_profile, etc.:

[root@tolstoy scripts]# . foo
-bash

In fact:

[root@tolstoy scripts]# echo $0
-bash

so my basename $0 became basename -bash, and it failed because it didn't know what the -b option is.

Wednesday, February 24, 2010

Cfengine 2 to 3 conversion tool

I've been using Cfengine 2 for a number of years now, and it's a great configuration tool.  They've recently put out version 3, and the changes are... extensive.  As in, Java vs. C++ extensive.

I'm very tentatively trying to move over to 3.  Yesterday, they put a big help up on their website:



Now on line at our Technical Corner is a conversion sampler, that
enables you to perform a limited conversion of portions of configuration
from Cfengine 2 to Cfengine 3. To convert larger samples more
completely, you can arrange professional services with Cfengine AS/Inc.

https://cfengine.com/inside/config_convert
--
Mark Burgess

Wednesday, February 17, 2010

Stupid bash tricks: when is a null string not a null string?

I've done this more than once, and it still seems to me there ought to be an error.

The 'test' command says:

      -n STRING
              the length of STRING is nonzero

       STRING equivalent to -n STRING

       -z STRING
              the length of STRING is zero

 So something like this should work:

$ /home/tim>TEST=""
$ /home/tim>if test -z $TEST; then echo "null"; else echo "not null";fi
null

and it does.   But this should not work:

$ /home/tim>if test -n $TEST; then echo "not null"; else echo "null";fi  
not null

Hang on.  It can't be both!  Let's check out the length:

$ /home/tim>expr length $TEST
expr: syntax error

Huh?  How about feeding it a real string:

$ /home/tim>expr length "" 
0

Here's the problem.   Absent quotes around the $TEST, expr sees this as a command missing a parameter.  So this works just fine:

$ /home/tim>expr length "$TEST"
0

as does this:

$ /home/tim>if test -n "$TEST"; then echo "not null"; else echo "null";fi
null

So sometimes putting quotes around a string variable does make a difference...

Tuesday, February 16, 2010

bad interpreter: Permission denied

So I'm doing the Symantec live update installation on the servers, and they all work - except one.  The only one I really care about, our main server.

It goes about halfway through the install script, and then dies:

[root@dg tmp]# /opt/Symantec/symantec_antivirus/sav liveupdate -u
Command failed: Problem with LiveUpdate.
Check that java directory is in PATH
Unable to perform update 

Crud.

The log's pretty good, though, and it showed which file it failed on:

16-Feb-10 10:24:58 AM Making /tmp/1266333784179/1266333839866/navuphub.dis executable ...
16-Feb-10 10:24:58 AM Running /tmp/1266333784179/1266333839866/navuphub.dis ...
16-Feb-10 10:24:58 AM Error running /tmp/1266333784179/1266333839866/navuphub.dis with reason: java.io.IOException: java.io.IOException: Permission denied. 

Huh?  Permission denied?  I'm running as root! I trace the file down in /tmp, and try to execute it.  The top line says

#!/bin/sh
like it should, so there shouldn't be any problem:

[root@dg 1266333839866]# ./navuphub.dis
-bash: ./navuphub.dis: /bin/sh: bad interpreter: Permission denied

Uh-oh.  So I try executing /bin/sh - it works.  I unlink and link back to it - it's a symbolic link to bash in RHEL.  It still works.  Now I'm getting nervous.

I copy that little .dis file over to ~, and... the file executes.

I slap myself upside the head.  I do a mount -l, and sure enough:

/dev/hda5 on /tmp type ext3 (rw,nodev,noexec) [/tmp]

In a fit of paranoia a few years ago, I made /tmp unable to execute programs.  That's what that 'noexec' parameter in /etc/fstab does - no programs, no scripts. A remount of temp fixed it.