Hugin c’est de la bombe
January 31st, 2010Le bug de l’an 2010
January 10th, 2010Après le bug de l’an 2000….
Y2K10 Rule Bug - Update Your Rules Now!
2010-01-01:
Versions of the FH_DATE_PAST_20XX rule released with versions of Apache SpamAssassin 3.2.0 thru 3.2.5 will trigger on most mail with a Date header that includes the year 2010 or later. The rule will add a score of up to 3.6 towards the spam classification of all email. You should take corrective action immediately; there are two easy ways to correct the problem:
* If your system is configured to use sa-update run sa-update now. An update is available that will correct the rule. No further action is necessary (other than restarting spamd or any service that uses SpamAssassin directly).
* Add "score FH_DATE_PAST_20XX 0" without the quotes to the end of your local.cf file to disable the rule.
If you require help updating your rules to correct this issue you are encouraged to ask for assistance on the Apache SpamAssassin Users' list. Users' mailing list info is here.
On behalf of the Apache SpamAssassin project I apologize for this error and the grief it may have caused you.
Regards,
Daryl C. W. O'Shea
VP, Apache SpamAssassin
SMARTd & Le raid …. c’est bien ;)
September 13th, 2009En consultant mes mails je m’aperçois qu’un de mes disques est HS:
The following warning/error was logged by the smartd daemon:
Device: /dev/sdd, 5 Offline uncorrectable sectors
For details see host's SYSLOG (default: /var/log/syslog).
You can also use the smartctl utility for further investigation.
No additional email messages about this problem will be sent.
La machine continue de tourner, comme si rien ne s’était passé.
Restera à changer ce disque 
Comment augmenter la taille d’un array raid
September 11th, 2009Un array raid soft trop petit.
On, on change les disques un à un apres les avoir partitionné, on reconstruit le raid…et la taille des partitions n’a pas bougé.
C’est tout à fait normal. Il faut agrandir le device md, puis le filesystem.
Supprimons la bitmap de l’array:
# mdadm --grow /dev/md2 --bitmap none
# df -h
Sys. de fich. Tail. Occ. Disp. %Occ. Monté sur
/dev/md1 452G 257G 173G 60% /
tmpfs 3,9G 0 3,9G 0% /lib/init/rw
udev 10M 228K 9,8M 3% /dev
tmpfs 3,9G 0 3,9G 0% /dev/shm
/dev/md0 192M 79M 103M 44% /boot
/dev/md2 805G 516G 290G 65% /backup
# mdadm --grow /dev/md2 --size=max
# mdadm --wait /dev/md2
# mdadm --grow /dev/md2 --bitmap=internal
buckrogers:~# xfs_growfs /backup/
meta-data=/dev/md2 isize=256 agcount=32, agsize=6589168 blks
= sectsz=4096 attr=0
data = bsize=4096 blocks=210853056, imaxpct=25
= sunit=16 swidth=48 blks
naming =version 2 bsize=4096 ascii-ci=0
log =internal bsize=4096 blocks=32768, version=2
= sectsz=4096 sunit=1 blks, lazy-count=0
realtime =none extsz=196608 blocks=0, rtextents=0
data blocks changed from 210853056 to 428941440
# df -h
Sys. de fich. Tail. Occ. Disp. %Occ. Monté sur
/dev/md1 452G 257G 173G 60% /
tmpfs 3,9G 0 3,9G 0% /lib/init/rw
udev 10M 228K 9,8M 3% /dev
tmpfs 3,9G 0 3,9G 0% /dev/shm
/dev/md0 192M 79M 103M 44% /boot
/dev/md2 1,6T 517G 1,1T 32% /backup
Et voilà
Ah completel…. et le BGP
September 3rd, 2009Ma nouvelle fibre Completel (bah oui, c’est pas si cher…) a été installée aujourd’hui, apres pas mal de péripeties (amiante, autorisations administratives, …).
Vient la conf du routeur.
Le NOC Completel envoie au technicien sur site une conf Cisco. Malheureusement… la conf n’est pas bonne (interfaces shutdown, …). Bref, le client (moi) rectifie la conf. Le peer est enfin accessible depuis le routeur.
Le routeur n’est par contre pas accessible depuis une liaison internet quelconque.
Appel au support, oui, la plage n’est pas routée sur notre réseau mais ça n’est pas grave, vous allez faire du BGP.
Hmmmmm, ok, soit, je vais faire du BGP, mais si la plage d’interco n’est pas routée sur le réseau de l’opérateur ….
Encor un bel exemple d’incompétence de Completel….
Petit pincement au coeur
August 4th, 2009Je trouve ça dommage de déménager un bureau où se trouve une machine qui est up depuis tout ce temps …
17:05:58 up 1132 days, 5:30, 2 users, load average: 0,02, 0,09, 0,04
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
Gagner un peu d’autonomie sur son iPhone
August 4th, 2009Le temps passant, l’autonomie de mon iPhone diminuant à vue d’oeil, j’ai
parcouru le système de fichiers à la recherche de la config WiFi afin
d’empecher un scan constant des réseaux appris par le passé (hotels,
lieux publics…).
La manip pour lui faire ‘oublier’ les réseaux est simple:
Se connecter en ssh sur son iPhone:
supprimer (déplacer dans un premier temps) les fichiers suivants:
$ /Library/Preferences/SystemConfiguration/
- com.apple.network.identification.plist
- com.apple.wifi.plist
La consommation de la batterie semble être moindre après quelques
heures.
Bilan dans quelques jours…
Une distrib qui a l’air sympa
July 21st, 2009Quelques photos du répartiteur FT de la tour montparnasse
July 21st, 2009
Détection des spams par prise d’empreinte des paquets TCP
May 6th, 2009Après la panoplie amavis, bogofilter, spamassassin….. p0f
p0f permet de déterminer (avec une assez bonne précision) l’OS d’une machine distante et ce de manière passive (pas à la manière de NMAP).
Comment lancer p0f pour analyser les paquets à destination du port 25 et ne faisant pas partie du lan/vpn/…. ?
p0ffilter=”( not src 127.0.0.1 and not src net 192.168.0.0/16″
for oneip in `/sbin/ifconfig 2>/dev/null | grep -v 127.0.0.1 | grep ‘inet adr’ | sed -e ’s/.*adr://’ -e ’s/ .*//’`; do
p0ffilter=”$p0ffilter and not src host $oneip”
donep0ffilter=”$p0ffilter ) and tcp dst port 25″
killall p0f
killall p0f-analyzernohup /usr/sbin/p0f -i any -l “$p0ffilter” 2>&1 | nohup /usr/sbin/p0f-analyzer 2345 >/dev/null &
Ce script (assez sale il est vrai) permet de lancer p0f.
Une fois p0f lancé il est possible d’interroger p0f-analyzer en UDP sur le port 2345
Il faut ensuite modifier /etc/amavis/conf.d/50-user
on ajoutera:
$os_fingerprint_method = ‘p0f:127.0.0.1:2345′;
on relance ensuite amavis (/etc/init.d/amavisd restart)
Il faut ensuite créer /etc/spamassassin/p0f.cf contenant:
header P0F_WIN311 X-p0f-OS =~ /^Windows 3.11/
score P0F_WIN311 3.0
describe P0F_WIN311 Client is running Windows 3.11header P0F_WIN95 X-p0f-OS =~ /^Windows 95/
score P0F_WIN95 3.0
describe P0F_WIN95 Client is running Windows 95header P0F_WIN98 X-p0f-OS =~ /^Windows 98/
score P0F_WIN98 3.0
describe P0F_WIN98 Client is running Windows 98header P0F_WINME X-p0f-OS =~ /^Windows ME/
score P0F_WINME 3.0
describe P0F_WINME Client is running Windows MEheader P0F_WINNT X-p0f-OS =~ /^Windows NT/
score P0F_WINNT 0.5
describe P0F_WINNT Client is running Windows NTheader P0F_WIN2K X-p0f-OS =~ /^Windows 2000(?!.*XP)/
score P0F_WIN2K 1.5
describe P0F_WIN2K Client is running Windows 2000header P0F_WINXP X-p0f-OS =~ /^Windows XP(?!.*2000)/
score P0F_WINXP 2.5
describe P0F_WINXP Client is running Windows XPheader P0F_WINXP2K X-p0f-OS =~ /^Windows (XP.+2000|2000.+XP)/
score P0F_WINXP2K 1.5
describe P0F_WINXP2K Client is running Windows 2000 or XPheader P0F_WIN2K3 X-p0f-OS =~ /^Windows 2003/
score P0F_WIN2K3 0.2
describe P0F_WIN2K3 Client is running Windows 2003header P0F_WINNET X-p0f-OS =~ /^Windows \.NET/
score P0F_WINNET 0.2
describe P0F_WINNET Client is running Windows .NET Enterprise Serverheader P0F_WINCE X-p0f-OS =~ /^Windows CE/
score P0F_WINCE 0.1
describe P0F_WINCE Client is running Windows CEheader P0F_WINVISTA X-p0f-OS =~ /^Windows Vista/
score P0F_WINVISTA 2.5
describe P0F_WINVISTA Client is running Windows Vistaheader P0F_MACOS X-p0f-OS =~ /^MacOS/
score P0F_MACOS 0.1
describe P0F_MACOS Client is running Mac OSheader P0F_FREEBSD X-p0f-OS =~ /^FreeBSD/
score P0F_FREEBSD -0.1
describe P0F_FREEBSD Client is running FreeBSDheader P0F_OPENBSD X-p0f-OS =~ /^OpenBSD/
score P0F_OPENBSD -1.0
describe P0F_OPENBSD Client is running OpenBSDheader P0F_NETBSD X-p0f-OS =~ /^NetBSD/
score P0F_NETBSD -1.0
describe P0F_NETBSD Client is running NetBSDheader P0F_SOLARIS X-p0f-OS =~ /^Solaris/
score P0F_SOLARIS -1.0
describe P0F_SOLARIS Client is running Solarisheader P0F_HPUX X-p0f-OS =~ /^HP-UX/
score P0F_HPUX -1.0
describe P0F_HPUX Client is running HP-UXheader P0F_TRU64 X-p0f-OS =~ /^Tru64/
score P0F_TRU64 -1.0
describe P0F_TRU64 Client is running Tru64header P0F_AIX X-p0f-OS =~ /^AIX/
score P0F_AIX -1.0
describe P0F_AIX Client is running AIXheader P0F_LINUX X-p0f-OS =~ /^Linux/
score P0F_LINUX -0.5
describe P0F_LINUX Client is running Linuxheader P0F_SUNOS X-p0f-OS =~ /^SunOS/
score P0F_SUNOS -1.0
describe P0F_SUNOS Client is running SunOSheader P0F_IRIX X-p0f-OS =~ /^IRIX/
score P0F_IRIX -1.0
describe P0F_IRIX Client is running IRIXheader P0F_OPENVMS X-p0f-OS =~ /^OpenVMS/
score P0F_OPENVMS -1.0
describe P0F_OPENVMS Client is running OpenVMSheader P0F_RISCOS X-p0f-OS =~ /^RISC OS/
score P0F_RISCOS -1.0
describe P0F_RISCOS Client is running RISC OSheader P0F_BSD X-p0f-OS =~ /^BSD/
score P0F_BSD -1.0
describe P0F_BSD Client is running BSD/OSheader P0F_NEWTON X-p0f-OS =~ /^NewtonOS/
score P0F_NEWTON 0.1
describe P0F_NEWTON Client is running NewtonOSheader P0F_NEXT X-p0f-OS =~ /^NeXTSTEP/
score P0F_NEXT -1.0
describe P0F_NEXT Client is running NeXTSTEPheader P0F_BEOS X-p0f-OS =~ /^BeOS/
score P0F_BEOS -1.0
describe P0F_BEOS Client is running BeOSheader P0F_OS400 X-p0f-OS =~ /^OS\/400/
score P0F_OS400 -1.0
describe P0F_OS400 Client is running OS/400header P0F_ULTRIX X-p0f-OS =~ /^ULTRIX/
score P0F_ULTRIX -1.0
describe P0F_ULTRIX Client is running ULTRIXheader P0F_QNX X-p0f-OS =~ /^QNX/
score P0F_QNX -1.0
describe P0F_QNX Client is running QNXheader P0F_NETWARE X-p0f-OS =~ /^Novell NetWare/
score P0F_NETWARE 2.0
describe P0F_NETWARE Client is running NetWareheader P0F_INTRANETWARE X-p0f-OS =~ /^Novell IntranetWare/
score P0F_INTRANETWARE 2.0
describe P0F_INTRANETWARE Client is running IntranetWareheader P0F_BORDERMGR X-p0f-OS =~ /^Novell BorderManager/
score P0F_BORDERMGR 2.0
describe P0F_BORDERMGR Client is running BorderManagerheader P0F_SCO X-p0f-OS =~ /^SCO/
score P0F_SCO -1.0
describe P0F_SCO Client is running SCOheader P0F_DOS X-p0f-OS =~ /^DOS/
score P0F_DOS 3.0
describe P0F_DOS Client is running DOSheader P0F_OS2 X-p0f-OS =~ /^OS\/2/
score P0F_OS2 2.0
describe P0F_OS2 Client is running OS/2header P0F_TOPS20 X-p0f-OS =~ /^TOPS-20/
score P0F_TOPS20 -1.0
describe P0F_TOPS20 Client is running TOPS-20header P0F_AMIGA X-p0f-OS =~ /^AMIGA/
score P0F_AMIGA 1.0
describe P0F_AMIGA Client is running AMIGAOSheader P0F_MINIX X-p0f-OS =~ /Minix/
score P0F_MINIX -1.0
describe P0F_MINIX Client is running Minixheader P0F_PLAN9 X-p0f-OS =~ /^Plan9/
score P0F_PLAN9 -1.0
describe P0F_PLAN9 Client is running Plan9header P0F_FREEMINT X-p0f-OS =~ /^FreeMiNT/
score P0F_FREEMINT 1.0
describe P0F_FREEMINT Client is running FreeMiNTheader P0F_NETCACHE X-p0f-OS =~ /^NetCache/
score P0F_NETCACHE -0.1
describe P0F_NETCACHE Client is running NetCacheheader P0F_CACHEFLOW X-p0f-OS =~ /^CacheFlow/
score P0F_CACHEFLOW -0.1
describe P0F_CACHEFLOW Client is running CacheFlowheader P0F_POWERAPP X-p0f-OS =~ /^Dell PowerApp/
score P0F_POWERAPP -0.1
describe P0F_POWERAPP Client is running PowerAppheader P0F_PALMOS X-p0f-OS =~ /^PalmOS/
score P0F_PALMOS 0.1
describe P0F_PALMOS Client is running PalmOSheader P0F_SYMBIANOS X-p0f-OS =~ /^SymbianOS/
score P0F_SYMBIANOS 0.1
describe P0F_SYMBIANOS Client is running SymbianOSheader P0F_ZAURUS X-p0f-OS =~ /^Zaurus/
score P0F_ZAURUS 0.1
describe P0F_ZAURUS Client is running Zaurusheader P0F_POCKETPC X-p0f-OS =~ /^PocketPC/
score P0F_POCKETPC 0.1
describe P0F_POCKETPC Client is running PocketPCheader P0F_CONTIKI X-p0f-OS =~ /^Contiki/
score P0F_CONTIKI 0.1
describe P0F_CONTIKI Client is running Contikiheader P0F_PLAYSTATION X-p0f-OS =~ /^Sony Playstation/
score P0F_PLAYSTATION 3.0
describe P0F_PLAYSTATION Client is running Sony Playstationheader P0F_DREAMCAST X-p0f-OS =~ /^Sega Dreamcast/
score P0F_DREAMCAST 3.0
describe P0F_DREAMCAST Client is running Sega Dreamcastheader P0F_UNKNOWN X-p0f-OS =~ /^UNKNOWN/
score P0F_UNKNOWN 0.8
describe P0F_UNKNOWN Client OS is unknown
redémarrons spamassassin (/etc/init.d/spamassassin restart)
Si tout va bien l’entete X-Amavis-OS-Fingerprint: apparait dans les mails.
Spamassassin peut donc “scorer” les mails en fonction de cet entete.
! Attention ! Il faut une version >= 2.4.3 de amavisd