HOWTO

HOW TO : Pass environment variables when using sudo

Say you need to sudo as a particular user and run a command and at the same time you need to pass an environmental variable to the command, you can do it by passing the command in doublequotes.

For example, I want to start Oracle while I am logged in as another user (vinay), I can start the database using dbstart by issues

"sudo su - oracle -c "dbstart /$ORACLE_HOME"

$ORACLE_HOME is an environmental variable listed under user oracle’s environment.

Needless to say, you need to ensure that you have sudo configured to allow your userID to su to oracle.

HOW TO : Block outbound e-mails in Postfix

I ran into a challenge at work, where we had to allow e-mail delivery for certain domains, but block all other domains. But at the same time, we had to ensure that the clients sending e-mails did not get a delivery error. We were using Postfix as the MTA running on Redhat Linux. Here’s how I resolved it

  • Edit the main.cf file (the default location is in /etc/postfix) and add “transport_maps = hash:/etc/postfix/transport” (without the quotes) to the file.
  • Create a file named “transport” in /etc/postfix, if it doesn’t exist
  • Add the following at the end of the transport file

DOMAIN1 :
DOMAIN2 :
* discard:

  • Run “postmap /etc/transport” to create a hash of the transport file
  • Run “service postfix restart” to restart the postfix service

This configuraiton will ensure that all e-mails address to DOMAIN1 and DOMAIN2 are delivered normally, but the rest of the e-mails are silently discarded.

Note : Ensure that you follow the syntax for where to place the : verbatim.

HOW TO : Setup SOCKS proxy using SSH/Putty and configure Pidgin to use SOCKS proxy

I ran into a challenge  recently, when I tried to connect to my IM services (Yahoo, MSN, AOL, GTalk) using Pidgin in a secured network. For some reason, the network administrator thought that he/she should make life hell for people trying to log into IM. I will have a whole new rant about companies trying to lock down networks thinking they are making the employees productive..

Here’s what I did to connect to my IM services.

  1. Configure Putty/SSH to act as a SOCKS proxy.
    • Most people might not be aware, but a typical SSH client can act as a SOCKS proxy. So I decided to leverage this functionality.
    • You will need access to a SSH server and Putty (Opensource Windows SSH client)
    • Launch Putty
    • Setup a new server connection profile. I used FREE_MY_IP as the profile name in this screen shot, but you can name it anything you want

    • Expand the SSH option in the left column and click on Tunnels
    • Choose any port higher than 1024 as source port (unless you are running some kind of server software on your workstation, it is safe to use any port above 8000) and enter the SSH server in the Destination field. Then choose the “Dynamic” option and click on Add.. the screen shot below shows the options I used

    • The tunnel will show up as below

    • Click on Open and establish the SSH tunnel
  1. Configure Pidgin (open source IM client) to use the SOCKS proxy
    • Launch Pidgin
    • Click on Tools -> Preferences in the menu
    • Click on the network tab
    • Choose SOCKS4 as the proxy type and enter localhost in the host field. In the port field enter the port you selected when setting up the tunnel in Putty.

  1. Connect to your IM services.. chat away and be unproductive 🙂

HOW TO : Force expire sudo security permissions..

Ever run into a situation when you thought you had sudo rights on a machine and tried to issue the sudo command and upon finding that you don’t have them..get your name added to the sudoers list by begging the sysadmin.. and then frusrated when sudo keeps throwing an error that you are not part of the sudoers list? Hmm.. that is a long sentance :)..

To expire any cached security permissions, so that sudo is forced to check the sudoers files, issue the following command

sudo -k

HOW TO : Simple perl script to replace lines in file

Nothing fancy.. but here is a simple perl script to open a file, search for specific content in the a line and replace it with some other content.

open (SOURCE, "< source.xml") or die "Could not open file source.xml: $!\n"; open (DESTINATION, ">modfile.xml")
or die "Could not open file modfile.xml: $!\n";

while (defined($line =)) {
if ($line =~ m/YYYYYYYY/i) {
$line = "XXXXXXXXXXXXXXXXXXX\n";
}
print DESTINATION "$line";
}

close (SOURCE);
close (DESTINATION);

You are opening a file named source.xml, reading every line and if there is some text that matches “YYYYYYYY”, you are replacing the whole line with “XXXXXXXXXXXXXXXXXXX”. I am sure there are more elegant ways to write this :).. but this will do the trick too..

HOW TO : View HTML pages in Linux (command line)

If you are stuck in a terminal on a Linux workstation and need to view a html file.. you can use the following command

links NAME_OF_HTML_FILE

Links displays the HTML code in the page by default..If you want to just view the rendered HTML, press “\” and you can toggle between HTML and Text views.

P.S : You need to have links installed to use it :).. But most of the new distributions have it installed by default.

HOW TO : Microsoft Windows – Routing to /dev/null

Ran into an interesting issue at work today and wanted to document it. We had a rouge process in one of our applicatoins and it was trying to send e-mails via one of our mail gateways at an alarming rate..There was no customer impact, since the mail server was rejecting all the connections. But the high number of connections were causing a strain on our firewalls..

If this was Linux, we would have done something simple like adding a route to point all the traffic destined to mail server to /dev/null by running “route add IP_ADDRESS_OF_MAIL_SERVER MASK /dev/null

A search on Google showed that you can achieve similar results by doing the following “route ADD IP_ADDRESS_OF_MAIL_SERVER MASK 255.255.255.255 127.0.0.1“. 127.0.0.1 being the IP address of the loopback interface in this case. But when we ran the command, we got an error “incorrect gateway 127.0.0.1”.. So there is NO way to route traffic in Microsoft Windows to a null device..

Finaly, we figured out a round about way to achieve this.. Since the main aim was to reduce the load on the firewall, we identifid an un used IP in the same network as the application server and added a static route to point all traffic going to the mail server to this IP. We ran the following command “route ADD IP_ADDRESS_OF_MAIL_SERVER MASK 255.255.255.255 UN_USED_IP_ADDRESS

For example, if you application server is in the range 192.168.1.0/24, the mail server is 192.168.2.20.. and an unused IP in the application server range is 192.168.1.10.. the command would look like this “route ADD 192.168.2.20 MASK 255.255.255.255 192.168.1.10“.. You will see a lot of SYN_SENT status in the network connections, since the application is trying to connect t othe mail server via an IP address that doesn’t exist..

Might not be the smartest way to achive this.. but it did the trick.