Using LD_PRELOAD to override a function
This was blatantly stolen from technovelty, kept here because I hate it when my bookmarks die.
For some reason, people seem to get this quite wrong a lot of the time. Certainly one should not be playing with symbols that start with __ unless you really know what you're doing with them.
pid_t getpid(void) return orig_getpid(); ianw@lime:~/tmp/override$ cat test.c int main(void) ianw@lime:~/tmp/override$ gcc -shared -fPIC -o liboverride.so override.c -ldlianw@lime:~/tmp/override$ cat override.c
#define _GNU_SOURCE 1
#include
#include
#include
#include
#include
{
pid_t (*orig_getpid)(void) = dlsym(RTLD_NEXT, "getpid");
printf("Calling GETPID\n");
}
#include
#include
#include
{
printf("%d\n", getpid());
}
ianw@lime:~/tmp/override$ gcc -o test test.c
ianw@lime:~/tmp/override$ LD_PRELOAD=./liboverride.so ./test
Calling GETPID
15187
Debian and Ubuntu auto-login and Xorg without a display manager
If you have a harddrive password (most laptops do this) or full disk encryption, you might not feel the need for an additional login after your system boots.
On most Debian-based systems, TTY's 1 through 6 are available after boot, while TTY 7 is used for Xorg. Therefore, I like to put my auto-login TTY on TTY 8, so it's out of the way and leaves TTY 1 available for troubleshooting and similar.
Auto-login to Xorg requires two things: The actual auto-login and a script which loads Xorg.
First things first. The autologin.
In the olden days on a Debian system, this was done by adding a line similar to this one in /etc/inittab:
8:23:respawn:/bin/login -f bolt tty8 /dev/tty8 2>&1
This spawns a TTY 8 and logs in as "bolt" (change to suit your needs). It will do so on runlevels 2 and 3.
Now, however, the tool "rungetty" is generally used for this, as it's more flexible and performs the same functions with a cleaner syntax. First, "apt-get install rungetty" to make sure it's there, then add a line similar to the following:
8:3:respawn:/sbin/rungetty tty8 --autologin bolt
Note that on Debian Lenny and older, the version of rungetty has a specific check in code which only allows --autologin to work on tty1. If asked to autologin on another tty, rungetty would silently fail and spawn a normal login tty. This restriction has been removed from Squeeze and onwards.
On Ubuntu 10.10, the tty configuration is not in /etc/inittab. There, you have to add a file called "/etc/init.d/tty8.conf" with the following contents:
# tty8 - getty
#
# This service maintains a getty on tty8 from the point the system is
# started until it is shut down again.
start on runlevel [23]
stop on runlevel [!23]
respawn
exec /sbin/rungetty tty8 --autologin bolt
I basically copied tty6.conf and modified it to make that.
Autostarting Xorg
So by default when you login, both Debian and Ubuntu will leave you with a bash prompt, and very little graphical goodness. Thus, you want your login script to start Xorg, but only if Xorg is not already running, and we're on tty8. Otherwise, switching from Xorg to a console with, for example, ctrl+alt+f1, would cause another attempt to launch Xorg.
Thus I made this script, named ".bash_login", and put it in my home directory.
# ~/.bash_login: executed by bash(1) for login shells.
# include .profile if it exists
if [ -f "${HOME}/.profile" ] && [ -r "${HOME}/.profile" ]; then
source "${HOME}/.profile"
fi
# if we're not root and we're logged in on tty8, we assume a rungetty autologin and start xorg
if [ ! -z "${UID:-}" ] && [ "$UID" != "0" ] && [ -z "${DISPLAY}" ] && [ ! -z "${SHLVL:-}" ] && [ "$SHLVL" == "1" ]; then
if [ "$(tty)" == "/dev/tty8" ]; then
trap "chvt 1; logout" INT TERM EXIT
chvt 8
while true; do
echo "starting xorg"
startx
echo "sleeping 2 seconds"
sleep 2
done
fi
fi
This script will do a few sanity checks, then run Xorg. If Xorg exits, it will sleep 2 seconds and run it again. If the script is told to stop, it will change to tty1, then logout of tty8.
Save and restore partition tables with sfdisk
In my raid setup, I set up the partitions a certain way for running several mdadm raids on the same drive.
My server currently boots off of two drives, sda and sdb, where sda1 and sdb1 are the root file system in raid 1 (mirror) and sda2 and sdb2 are (encrypted) swap in raid 0 (striped). This is useful to have the redundancy of raid for booting, but none of that redundancy for the volatile swap partition. Instead I get higher write speed, which is always a bonus.
Note: Most Linux distros would actually stripe the swap anyway, given two swap partitions with equal priority, but I chose to do it this way.
Anyway, when one of the drives went for a one-way trip to electronic oblivion, the need arose to configure my new drive exactly as the old ones. Mind you, mdadm can actually handle non-equal partition sizes in a raid, but I'm kind of anal about this.
sfdisk to the rescue!
First, of course, I replaced the faulty drive (sdb) with one of the same brand and equal size. You don't necessarily need the same brand, but that's what I had.
Then, to export and save the partition table from sda (which was still working)
sfdisk -d /dev/sda > sda_partitions
..and save it to the replaced sdb
sfdisk /dev/sdb < sda_partitions
You can also do it all in one go
sfdisk -d /dev/sda | sfdisk /dev/sdb
As usual, RTM for more options 
sudo without a password
Note, this is not something I recommend doing. In fact, the only reason why I'm documenting it is that I am removing this solution from the last box I used to have it on.
Anyway, edit the /etc/sudoers file (with visudo, as root), then add lines under the default one for root, like this:
# User privilege specification root ALL=(ALL) ALL bolt ALL=(ALL) ALL bolt ALL=NOPASSWD: ALL
(replace "bolt" with your own username)
If you would rather want to not type a password only for specific commands, specify them like this:
bolt ALL=NOPASSWD: /sbin/shutdown, /bin/mount, /bin/umount
(replacing the username and commands with the ones you want)
Using Flags and Arguments in Bash
Here's a simple example script, showing how to deal with different inputs depending on the flag preceding them:
#!/bin/bash
USAGE="Usage: Enter a noun after either -p (polite) or -i (insulting)."
while getopts ":p:i:" OPTIONS; do
case $OPTIONS in
p ) polite=$OPTARG;;
i ) insulting=$OPTARG;;
h ) echo $USAGE;;
\? ) echo $USAGE
exit 1;;
* ) echo $usage
exit 1;;
esac
if [ $polite ];then echo "Your $polite smells good."; fi
if [ $insulting ];then echo "Your $insulting smells bad."; fi
done
Stolen from http://www.okboot.org/2010/04/using-flags-and-arguments-in-bash.html
exim4 smarthost smtp password
Note to self:
To use a smarthost you have to authenticate to with exim4, edit /etc/exim4/passwd.client
# password file used when the local exim is authenticating to a remote # host as a client. # # see exim4_passwd_client(5) for more documentation # # Example: ### target.mail.server.example:login:password *:myusername:myawfullylongpassword
Here I added a username and password for all target mail servers (*) because this host sends everything through the smarthost.
If yours does not, you have to be more specific (like the example).
Surprisingly, there is no need to reload or restart exim4 after modifying the passwd.client file.
Use OpenDNS with Smoothwall Express 3.x
If you're using DHCP to get your public IP, Smoothwall doesn't allow you to override the DNS addresses given by your ISP through the DHCP protocol. Time to override Smoothwall
Edit /etc/rc.d/rc.updatered, and add "DNSMASQ_DNS1=208.67.222.222" and "DNSMASQ_DNS2=208.67.220.220" at the bottom of the DHCP section, making the file look like this:
#!/bin/sh
. /var/smoothwall/ethernet/settings
if [ "$RED_TYPE" = "DHCP" ]; then
DNSMASQ_DNS1=`/usr/bin/smoothwall/getdnsfromdhcpc.pl 1`
DNSMASQ_DNS2=`/usr/bin/smoothwall/getdnsfromdhcpc.pl 2`
. /var/lib/dhcpc/dhcpcd-${RED_DEV}.info
echo "$IPADDR" >/var/smoothwall/red/local-ipaddress
echo "$GATEWAY" >/var/smoothwall/red/remote-ipaddress
DNSMASQ_DNS1=208.67.222.222
DNSMASQ_DNS2=208.67.220.220
elif [ "$RED_TYPE" = "STATIC" ]; then
DNSMASQ_DNS1=$DNS1
DNSMASQ_DNS2=$DNS2
echo "$RED_ADDRESS" >/var/smoothwall/red/local-ipaddress
echo "$DEFAULT_GATEWAY" >/var/smoothwall/red/remote-ipaddress
fi
echo -n "$RED_DEV" >/var/smoothwall/red/iface
touch /var/smoothwall/red/active
echo "$DNSMASQ_DNS1" >/var/smoothwall/red/dns1
echo "$DNSMASQ_DNS2" >/var/smoothwall/red/dns2
/usr/bin/smoothcom dnsproxyrestart $DNSMASQ_DNS1 $DNSMASQ_DNS2
/usr/bin/smoothcom setxtaccess
/usr/bin/smoothcom setincoming
/usr/bin/smoothcom snortrestart
/usr/bin/smoothcom upnpdrestart
/usr/bin/smoothcom trafficrestart
/usr/bin/smoothwall/setddns.pl
/usr/bin/smoothwall/updatelists.pl
/etc/rc.d/rc.vpn.up
/etc/rc.d/rc.machineregister
The next time you Smoothwall connects, the setting you just put will override the ones from your ISP. Reboot or reconnect to apply.
What’s touching that config file?!
Recently I started wondering what the heck was putting "root: bolt" at the end of /etc/aliases "every time" I did an upgrade of something.
I asked #debian on irc.freenode.net, who told me to run this:
grep /etc/aliases /var/lib/dpkg/info/*postinst
What it does is basically to look though all files which names end in "postinst" in the /var/lib/dpkg/info/ directory, showing all lines which contain "/etc/aliases", and where they're at.
The result was this:
$ grep /etc/aliases /var/lib/dpkg/info/*postinst
/var/lib/dpkg/info/exim4-config.postinst: echo "root: ${poma}" >> /etc/aliases
/var/lib/dpkg/info/exim4-config.postinst:#initialize /etc/aliases
/var/lib/dpkg/info/exim4-config.postinst:echo '# /etc/aliases' > /etc/aliases.tmp
/var/lib/dpkg/info/exim4-config.postinst:echo 'mailer-daemon: postmaster' >> /etc/aliases.tmp
/var/lib/dpkg/info/exim4-config.postinst:done >> /etc/aliases.tmp
/var/lib/dpkg/info/exim4-config.postinst:mv /etc/aliases.tmp /etc/aliases
/var/lib/dpkg/info/exim4-config.postinst: if [ ! -e /etc/aliases ] ; then
/var/lib/dpkg/info/exim4-config.postinst: if ! grep -q '^root:[[:space:]]*[[:alnum:]]' /etc/aliases && \
This tells you a lot of things. Firstly, exim4 is likely the culprit here. Upgrading it will likely cause "root: bolt" (or whoever is set as your postmaster in exim4) to be added to the end of the file again. Also, if you notice the last line there, it's actually grepping for a line starting with "root:", followed by a space and something alpha-numeric.
This means that if I, instead of removing or commenting the "root: bolt" line, replace it with "root: root", directing all of root's mail... to root, there will be a line matching the aforementioned description, and exim4's postinst script will leave /etc/aliases alone.
Hooray!
OTP (one-time passwords) on Debian Squeeze SSH logins
So, you're out of your secret lair and now you need to log in from a computer you don't trust. After all, every computer you don't administer is most likely full of viruses, malware and probably even a hardware keylogger somewhere along the keyboard cord, right?
So you want to use a one-time password, so that even if someone snatches it, it has already been used and can never be used again.
Fortunately, one-time passwords on Debian is a breeze to set up.
apt-get install opie-server
This will install opie-server, which will drag along opie-client and libpam-opie as dependencies, unless you have them already.
Now you have to choose if you want one-time passwords for every single login, or only the ones happening over SSH
I wanted it only for SSH logins, so I edit /etc/pam.d/sshd (might be named just "ssh" in other distros)
At the bottom of the file, I appended:
auth sufficient pam_opie.so auth required pam_deny.so
This will make your server first ask for your password, then ask for the one-time password if the password is correct. If you want it to not ask for your normal password, comment out the last line of the file, saying "@include common-auth"
"common-auth", in /etc/pam.d, is also the file you have to edit if you want one-time passwords for all logins, not just for SSH. Don't have sshd ask for your normal password if you also use that for FTP connections or other stuff which doesn't also require a one-time password. Your normal password should be unique.
Then you need to enable challenge response authentication in SSH, which is disabled by default in Debian Squeeze. Edit /etc/ssh/sshd_config and locate the line "ChallengeResponseAuthentication no" change this to "yes" and restart sshd
/etc/init.d/ssh restart
Next, all you have to do is set a passphrase for your one-time passwords:
opiepasswd -cf
-c is for console mode, -f is only needed if you're currently logged in remotely, to force opiepasswd to assume the connection is secure.
Enter the passphrase it asks for. This should be some sentence you can easily remember, preferably with upper and lower case and punctuation.
Now you're ready to try it. Connect, enter your password, watch the one-time password challenge appear:
ssh myserver.dhampir.no Password: otp-md5 498 sl8229 ext, Response:
You can generate the one-time passwords using any suitable tool. I use VeJOTP to generate the passwords on my Java phone, which is really neat, but you can also just use "opiekey" to generate passwords and print them out:
$ opiekey -n 10 498 sl8229 Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Sorry, but you don't seem to be on the console or a secure terminal. Warning: Continuing could disclose your secret pass phrase to an attacker! Enter secret pass phrase: 489: BABY NAN GALL MONA WEST LUG 490: FEND DES WOO RACE BED AQUA 491: GET FAST HECK BELA NONE RAY 492: NINE SUCH CUNY ARID JUNO SOUR 493: DOTE DUG BRED WARN AWRY SAID 494: FAWN ABUT SAY KILL WAVE WATS 495: RASH AMES BLUE SAP DEE GAB 496: JACK DIRE LUCY ROOM JACK RENA 497: FLUE LOAM TICK LAMB ROWS BEST 498: GLIB ELBA POE OUCH ROW LEN
This command generates the 10 next passphrases, counting down from the requested one (498) based on challenge sl8229.
One-time passwords count downwards, because every key is based on the previous ones, and starting at the end of the list, you then can't calculate the "next" (previous) key.
Switching alsa sound cards around
Short reference on switching around alsa sound cards, making another one the default.
Needed to do this since my computer has 3 sound cards (M-Audio, SoundBlaster and the G35 headset)
List alsa modules:
cat /proc/asound/modules 0 snd_ice1724 1 snd_ctxfi 2 snd_usb_audio
Edit /etc/modprobe.d/alsa-base.conf, adding the following lines (note the underscores from above are now dashes):
options snd-ctxfi index=-2 options snd-usb-audio index=-2 options snd-ice1724 index=-1
Done.
If you're reading this, and you're not me, customize the above to match your settings, and the priorities you want for your modules.