Archive for September, 2008
DD Backups over SSH
To perform backups of a local workstation’s hard disk over a network, perform the following procedures (adjusted to your particular situation of course):
- Download and boot from a live Linux distro
- Become “root” within a shell
- Run “fdisk -l” (”mac-fdisk -l” I know works on SystemRescueCD 0.2.0 (PPC) for PPC/Macs (what about Intel Macs?)) and note the internal hard disk partition to backup (ex: ‘/dev/hda’)
The rest assumes that (in short, you will probably have to substitute some numbers or devices and you have ssh access somewhere):
- You have network access
- You have access to an SSH server
- Your network is configured with private addresses and you are not assigning one that conflicts with another local IP address
- Your netmask is the same as the one supplied in the following commands
Give an IP address to the workstation you have just booted the live Linux disc on, set the netmask, and bring the network interface up:
Set the default gateway (if you need to reach outside of the LAN that is… normally this is your router’s IP address):
Set a DNS server (if you are in the habit of not strictly using IP addresses):
Execute the backup command:
Obviously, most of the previous is getting the network up… try running “dhclient” if the live Linux disc has it installed, and your network has DHCP setup. 
Goldfish and forged spam
Recently I had the goldfish autoresponder (vacation responses / email auto reply) setup for a user for about one week. Checking their inbox about half way through this time period revealed it having over 47,000 unread messages. What was happening is that spammers were sending email with forged headers. Have you ever received a spam message that apparently has been sent from yourself?
I suppose it can be accomplished via a variety of ways, however I was able to reproduce this particular issue via generating one of these tasty spam mails via the following (all internally of course… I am not a spammer):
and then issuing these commands:
mail from:<emailuser@example.com>
rcpt to:<emailuser@example.com>
data
From: <emailuser@example.com>
To: <emailuser@example.com>
Subject: testing a loop
Message text
.
quit
Notice the mail is being sent to the user… and from the user…
- The server would receive the email addressed to emailuser@example.com
- goldfish would parse the message and notice it needed to respond to… emailuser@example.com
- The mail was delivered
- Rinse, wash, repeat
The source of the message looked something like this:
Return-Path: <emailuser@example.com>
Delivered-To: emailuser@example.com
Received: from localhost (localhost [127.0.0.1]) by server.example.com (Postfix) with ESMTP id 923E9185F7 for <emailuser@example.com>; Thu, 4 Sep 2008 15:37:42 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at server.example.com
Received: from server.example.com ([127.0.0.1]) by localhost (server.example.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q3tScOaitRoS for <emailuser@example.com>; Thu, 4 Sep 2008 15:37:42 -0400 (EDT)
Received: from workstation.example.com (workstation.example.com [xx.xxx.xxx.xx]) by server.example.com (Postfix) with ESMTP id B89E1185EB for <emailuser@example.com>; Thu, 4 Sep 2008 15:37:25 -0400 (EDT)
From: <emailuser@example.com>
To: <emailuser@example.com>
Subject: testing a loop
Message-Id: <20080904193728.B89E1185EB@server.example.com>
Date: Thu, 4 Sep 2008 15:37:25 -0400 (EDT)
Message text
and to prevent goldfish from causing havoc on the particular inbox (or mitigating what was already done… and preventing future issues), I added the following PHP:
$addressCheck = substr($address,0,strlen($address)-1);
if ($addressCheck==$email)
{
$log->addLine("Email address from autoresponder table is the same as the intended recipient! Not sending the mail!");
break;
}
just before letting the mail being sent…
I love goldfish. It’s like a do it yourself autoresponder! Keep in mind, this code works on Version 002, patch level 1, but could very well not work on any future releases (there have been indications that a newer version is in the works). Maybe I will post a few more tweaks in upcoming posts if the latest stable stays around for much longer.
Recovering after an OS X update
After applying Security Update 2008-005 to an OS X laptop this past week, I rebooted the operating system as instructed and received the nice warm gray screen with animated progress circle… however it stuck around for over 5 minutes. Obviously something went wrong.
Sitting at my administrative workstation I:
- looked at Apple Remote Desktop and noticed that the troubled laptop on the network had an odd status and I could not connect graphically (not that it would help if I could)
- tried opening a terminal and ping‘ing. It responded.
- was able to ssh into the laptop. Running ‘top‘ showed that CrashReporter kept running.
I wondered if rebooting it would have any different effect, so I issued a quick “reboot” over ssh and gave it another shot. This boot had the same behavior… So I tried the standard recovery procedures when things act odd:
- Restart into single user mode and fsck
- Repair permissions
Still no change. The only other “best idea” I had was to try and install the update again… but since I couldn’t login graphically I had to go through the command line (Mac’s seem so much cooler since being built on top of Unix).
- Download Security Update 2008-005 (PPC) on the administrative workstation (target was a 700 MHz, PowerPC, iBook).
- scp SecUpd2008-005PPC.dmg adminUser@host.fqdn:
- ssh adminUser@host.fqdn
- hdiutil attach ./SecUpd2008-005PPC.dmg
- sudo install -pkg “SecUpd2008-005PPC.pkg” -target /
- sudo reboot
The laptop rebooted, went past the animated progress circle and auto logged in to the user account it had so many times previously. That made me happy.