Unprivileged Unix Users vs. Untrusted Unix Users. How to harden your server security by confining shell users into a minimal jail

As a server administrator, I recently discovered a severe oversight of mine, one that was so big that I didn’t consciously see it for years. What can Unprivileged Unix Users do on your server? Any so-called “unprivileged Unix users” who have SSH access to a server (be it simply for the purpose of rsync’ing files) is not really “unprivileged” as the […]

Continue Reading 2

Exim and Spamassassin: Rewriting headers, adding SPAM and Score to Subject

This tutorial is a follow-up to my article Setting up Exim4 Mail Transfer Agent with Anti-Spam, Greylisting and Anti-Malware. I finally got around solving this problem: If an email has a certain spam score, above a certain threshold, Exim should rewrite the Subject header to contain the string  *** SPAM (x.x points) *** {original subject} Spamassassin has a configuration option to rewrite a subject header […]

Continue Reading 9
On "sittinghere", a VNC viewer is started and told to connect to localhost port 7002. This connection is detected by ssh which makes sshd running on "hopper" connect to port 7001, which causes ssh running on "overthere" connect to port 5900. Now the route is complete and we can see the remote screen!

Teamviewer alternative: How to get a Remote Desktop VNC connection via SSH over an intermediate server, avoiding firewalls

What to do when Teamviewer suddenly doesn’t connect or you can’t or don’t want to use it for other reasons? What if a friend needs urgent assistance and you need to see his screen to help out? Standard Open Source tools to the rescue! If you know how to use SSH from the command line and […]

Continue Reading 4
wlan card

Debian Linux HowTo: Bridging WLAN to Ethernet for Access Point (Infrastructure Mode) for Android Phones

I am using the Wireless (WLAN) mainly to connect my mobile phone to the internet, for faster downloads and to test mobile apps. First, I only used Apple devices (such as iPad, iPod, iPhone, etc.), and those could connect without problems to a so-called Ad-Hoc network. However, many mobile devices, such as Android, unfortunately will […]

Continue Reading 4

Symlinks within shared folders in VirtualBox: Operation not permitted and Read Only Filesystem

This is not a bug, it is a security feature of Virtual Box. Nevertheless it is annoying when you want to use your virutal system as a build system which needs symlinks in shared folders. To enable symlink creation, do the following: Shut down your virtual machine, close all VirtualBox windows, including the main GUI […]

Continue Reading 2
GDFL 1.2

Do not Panic! Remote Server (Hetzner) not rebooting any more – A Solution

I went through this experience recently. First of all, don’t panic! I panicked, and because of this, I made a mistake: I didn’t wait long enough for it to come online. Had I waited up to 60 minutes, it would probably have come online (see reason below). The story: I had broken packages on my Ubuntu […]

Continue Reading 23
Mysql screenshot

A solution for MySQL Assertion failure FIL_NULL

A defective RAM module recently caused data corruption in MySQL tables. MySQL would log the following to /var/log/syslog  in regular intervals, about every few minutes:

Reading MySQL documentation and various blogs didn’t help much. I ran CHECK TABLES  on all the tables and they all reported OK. Then I ran

and still all tables reported OK. […]

Continue Reading 1

Powered by WordPress. Designed by Woo Themes