Updating My 6.3 release box

Use src for many times make me get surprised when using freebsd-update for fix is very easy. Simple though.

mail# freebsd-update fetch
Looking up update.FreeBSD.org mirrors… 1 mirrors found.
Fetching metadata signature for 6.3-RELEASE from update1.FreeBSD.org… done.
Fetching metadata index… done.
Fetching 2 metadata patches.. done.
Applying metadata patches… done.
Inspecting system… done.
Preparing to download files… done.
Fetching 9 patches….. done.
Applying patches… done.

The following files will be updated as part of updating to 6.3-RELEASE-p2:
/lib/libpthread.so.2
/usr/lib/libpthread.a
/usr/lib/libssh.a
/usr/lib/libssh.so.3
/usr/sbin/sshd
/usr/src/crypto/openssh/channels.c
/usr/src/lib/libpthread/sys/lock.c
/usr/src/lib/libpthread/thread/thr_kern.c
/usr/src/sys/conf/newvers.sh

mail# freebsd-update install
Installing updates… done.
mail#

Cool!

OpenSSH X11-forwarding privilege escalation

Just update the box with this issue :

FreeBSD-SA-08:05.openssh                                    Security Advisory
                                                          The FreeBSD Project

Topic:          OpenSSH X11-forwarding privilege escalation

Category:       contrib
Module:         openssh
Announced:      2008-04-17
Credits:        Timo Juhani Lindfors
Affects:        All supported versions of FreeBSD
Corrected:      2008-04-16 23:58:33 UTC (RELENG_7, 7.0-STABLE)
                2008-04-16 23:58:52 UTC (RELENG_7_0, 7.0-RELEASE-p1)
                2008-04-16 23:59:35 UTC (RELENG_6, 6.3-STABLE)
                2008-04-16 23:59:48 UTC (RELENG_6_3, 6.3-RELEASE-p2)
                2008-04-17 00:00:04 UTC (RELENG_6_2, 6.2-RELEASE-p12)
                2008-04-17 00:00:28 UTC (RELENG_6_1, 6.1-RELEASE-p24)
                2008-04-17 00:00:41 UTC (RELENG_5, 5.5-STABLE)
                2008-04-17 00:00:54 UTC (RELENG_5_5, 5.5-RELEASE-p20)
CVE Name:       CVE-2008-1483

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

Just use freebsd-update start by :
freebsd-update fetch
freebsd-update install

Patch set :-)

Downgrade FreeBSD ports

I used to use FreeBSD ports in all related server job. I don’t remember what ports that might behave strangely in my  mail server until I remember last portupgrade job. I upgrade dovecot to latest version. I think if I downgrade dovecot ports I’ll get my stable mail server back :-)

Here’s my steps to downgrade dovecot ports : ( similar way applicable to other FreeBSD ports)

1. Find out installed dovecot version :

mail2# pkg_info | grep dovecot

dovecot-1.0.13_1 Secure and compact IMAP and POP3 servers

2. Install portdowngrade (use ports) and execute portdowngrade after rehash.

I took freebsdanoncvs@anoncvs.FreeBSD.org as cvs server from here :

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/anoncvs.html

mail2# portdowngrade dovecot -s freebsdanoncvs@anoncvs.FreeBSD.org:/home/ncvs

portdowngrade 0.6 by Heiner Eichmann
Please note, that nothing is changed in the ports tree
unless it is explicitly permitted in step 6!
read more »

Reset Cacti Password, step by step

My other staff  ask me password for username admin. Yes, its administrator level in cacti.

After hardy trying to remember I gave up, I decide to reset it to other value but how?

I try to find out using database approach :

Here’s my steps :

1. Checking for cacti location and see db setting.

monitor# pwd

/usr/local/share/cacti/include

see setting dbnya.

monitor# cat db-settings.php

<?php
/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "cacti";

$database_port = "3306";
?>

2. Enter database with information taken from db-settings.php information.

monitor# mysql -ucacti -p

Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8343
Server version: 5.0.45 FreeBSD port: mysql-server-5.0.45_1

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql>

mysql> use cacti;

Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> select * from auth_user;

ERROR 1146 (42S02): Table ‘cacti.auth_user’ doesn’t exist

Ups, my bad :-)

mysql> select * from user_auth;

+—-+———-+————-———————+——-+—————+————–——–+———–+———–+————–+—————-+————+—————+————–+———–—+————————+
| id | username | password                         | realm | full_name     | must_change_password | show_tree | show_list | show_preview | graph_settings | login_opts | policy_graphs | policy_trees | policy_hosts | policy_graph_templates |
+—-+———-+————-———————+——-+—————+————–——–+———–+———–+————–+—————-+————+—————+————–+———–—+————————+
|  1 | admin    | 7a40008b8368b684bec2286db1b073e2 |     0 | Administrator |                      | on        | on        | on           | on             |          1 |             1 |            1 |            1 |                      1 |
|  3 | monitor  | 719daab8833968dc805a345c58545ea6 |     0 | monitoring    |                      | on        | on        | on           | on             |          3 |             1 |            1 |            1 |                      1 |
|  7 | crash    | ac43724f16e9241d990427ab7c8f4228 |     0 | Nsun T        |                      | on        | on        | on           | on             |          3 |             1 |            1 |            1 |                      1 |
+—-+———-+————-———————+——-+—————+————–——–+———–+———–+————–+—————-+————+—————+————–+———–—+————————+
3 rows in set (0.00 sec)

mysql>exit

3. Generate new password with md5 utility.

monitor# md5 -s mypassword

MD5 ("mypassword") = 34819d7beeabb9260a5c854bc85b3e44

4. Update database value with new created password string.

monitor# mysql -ucacti -p

Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8344
Server version: 5.0.45 FreeBSD port: mysql-server-5.0.45_1

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql>

mysql> update auth_user set password=’34819d7beeabb9260a5c854bc85b3e44′ where username=’admin’

done :-)

Problem with file(1) and maia mailguard solved

I just install new FreeBSD server using 7.0 release.

In this stage I found file(1) problem not detected by maia mailguard properly.

mail# /var/amavisd/maia/scripts/configtest.pl

Application/Module      Version   Status
========================================================================
Perl                 :    5.8.8 : OK
file(1)              :      N/A : NOT INSTALLED (required by Maia Mailguard)
Archive::Tar         :     1.38 : OK
Archive::Zip         :     1.23 : OK

Trying to find out if file already installed.

mail# file -v

file-4.23
magic file from /usr/share/misc/magic

mail# ls -l /usr/local/bin | grep file

-r-xr-xr-x  1 root  wheel    11372 Apr  9 09:24 file
-r-xr-xr-x  1 root  wheel     5344 Apr  1 13:58 pamfile
lrwxr-xr-x  1 root  wheel        7 Apr  1 13:58 pnmfile -> pamfile

mail# whereis file
file: /usr/bin/file /usr/share/man/man1/file.1.gz /usr/src/usr.bin/file

Seem that file reading from /usr/local/bin

Making symlink

mail# ln -s /usr/bin/file /usr/local/bin/file

mail# /var/amavisd/maia/scripts/configtest.pl

Application/Module      Version   Status
========================================================================
Perl                 :    5.8.8 : OK
file(1)              :      N/A : NOT INSTALLED (required by Maia Mailguard)

Hehehehe, still not work. Trying to move file in /usr/bin

mail# mv /usr/bin/file /usr/bin/file_old

mail# cd /usr/ports/sysutils/file

mail# file -v

file-4.21
magic file from /usr/local/share/file/magic

Detect file installed from ports.

Trying again to detect.

mail# /var/amavisd/maia/scripts/configtest.pl

Application/Module      Version   Status
========================================================================
Perl                 :    5.8.8 : OK
file(1)              :     4.21 : OK
Archive::Tar         :     1.38 : OK

It works now, continue now 😉