I.T. Security and Linux Administration


September 26, 2011  9:47 PM

Duo Security Review

Eric Hansen Eric Hansen Profile: Eric Hansen

I’ve written about two-factor authentication methods before (namely using the Google Authenticator to log in to SSH).  While that method was fine, there’s also a new product that’s come out over the year or so, and is also local to my home.  It’s called Duo Security, and they have an authenticator system that takes it one step further than your every day method of secure authorization. Continued »

September 18, 2011  6:57 PM

Postfix and Post Queue

Eric Hansen Eric Hansen Profile: Eric Hansen

A lot of talk and discussions can be found online in regards to mail systems like sendmail, Qmail, etc…but, at least for me, Postfix is more of the silent assassin of sorts.  Out of the systems though, I’d have to say Postfix is one of the easier and more versatile MTA’s to use for Linux.  sendmail is sort of the de facto standard, and Postfix has always been intended to be a superset of sendmail.  In this post, I’d like to discuss the mail queue, and how to handle it.

Continued »


September 9, 2011  12:00 PM

Parsing E-mails via Postfix and PHP

Eric Hansen Eric Hansen Profile: Eric Hansen

While not everyone is going to have a need for this, there are a lot of good reasons to parse e-mail.  Perhaps the best is if you use a help desk/bug tracking/ticket system (Bugtraq, Clientexec, etc…), and want to allow people to send in requests and such via e-mail.  Among other things, this is the easiest way to do this with Postfix.  Since this works whether you are using virtual or real domains, you don’t have to worry about this.  There are methods to do this with MySQL as well, but I have yet to get it to work. Continued »


September 7, 2011  4:31 PM

Shell Scripting tip

Eric Hansen Eric Hansen Profile: Eric Hansen

While for the most part you may never run into an issue when writing (and using) shell scripts, there’s one little caveat that I’ve experienced as of late.

Instead of starting your scripts with this:

#!/bin/sh

You will most likely better off in the long run specifying the exact shell you want to use.  For example, if you want to use Bash:

#!/bin/bash

The problem here is that /bin/sh is generally a symlink to a shell program (Bash, Dash, etc…).  While this is handy, not every shell is going to have the same features.  For example, in Bash, if you want to create an array variable, you’d do this:

VARNAME=(arrayval1 arrayval2 etc…)

However, on my VPS, /bin/sh is linked to /bin/dash, which doesn’t allow you to create arrays like that.  If you want to to see where your /bin/sh is linked to, you can run the following command:

ls -liha /bin | grep “sh ->” | grep lrwxrwxrwx

There might be multiple entries.  You could remove it then recreate the symlink, but if you’re going to write scripts for portability (like what I offer on this blog), you should specify the exact shell to be on the safe side.


September 1, 2011  9:09 PM

[Revisited] SquirrelMail PHP Hack

Eric Hansen Eric Hansen Profile: Eric Hansen

Even though I just posted an article on listing domains in SquirrelMail earlier today, I decided to revamp it a little more.  Now, it works the same, but looks a little bit more like the old-school Hotmail log in, where you had the area to put in your username, and then next to it is the domain(s) to choose from.  However, I’ve added another little tweak to it as well, which I’ll showcase, just “continue”…! Continued »


September 1, 2011  1:05 PM

SquirrelMail PHP Hack to Allow Domain Selection

Eric Hansen Eric Hansen Profile: Eric Hansen

For anyone who has used SquirrelMail, you know you pretty much always have to enter “@domain.tld” after the username to log in and use it.  Its one thing when you’re running it for one domain, but it makes it even worse when you have multiple domains using the same script as well.  This alone got me wanting to hack SquirrelMail to be less troublesome, so I can get into mail faster.  With a few file changes, I was able to do this without worry.

Version Information: SquirrelMail v1.4.22 ; PHP v5.3.8
Total time needed: ~10 minutes, ~5 if you’re just copying and pasting.

Continued »


August 17, 2011  9:16 AM

LinuxCon Live Streaming

Eric Hansen Eric Hansen Profile: Eric Hansen

I know this is a bit of (very) short notice here, since this is happening today, but I’d like to pass along a bit of exciting news about LinuxCon.  Thanks to Linux Foundation, this event will be live streaming the key notes from 8/17 to 8/19.  If it live streams more than that, I’ll be surprised but very happy.  More information is available at these links:

View List of Keynotes: http://events.linuxfoundation.org/events/linuxcon/schedule
Click Here To Register: http://events.linuxfoundation.org/events/linuxcon/live-video-streaming

Live video streaming will be broadcast beginning at 9:00am Pacific Daylight Time.


August 12, 2011  9:18 PM

SSH Proxy

Eric Hansen Eric Hansen Profile: Eric Hansen

When I was working at Ford, you were put behind a proxy. The idea intrigued me, as it was able to handle so many connections at once. Since then, I’ve been thinking of different ways to develop proxies, and looked at current solutions. If you want the easy pleasy way of doing things, then Tor is your best option (though, granted, not always the most safest). However, if you want to trust a reliable connection, you can easily set one up to go through your home (or business) network. Keep in mind, this is going to focus more on secure measures, and is meant for businesses who want to set up a network proxy.

Continued »


August 8, 2011  12:07 PM

[Script] iptables Helper

Eric Hansen Eric Hansen Profile: Eric Hansen

After messing around with the elusive iptables firewall for a few (very, very long) days, I’ve written a couple of functions that help me when it comes to saving and reloading the rules. Keep in mind, this is a default path (see /etc/conf.d/iptables to see where your rules should be stored), so you might have to edit this a little. Lets begin!

Continued »


August 5, 2011  12:28 PM

The removal of tcp_wrappers

Eric Hansen Eric Hansen Profile: Eric Hansen

Not too long ago, Arch Linux released an update on their distribution, stating that they are removing support for tcp_wrappers. For the most part, this doesn’t seem to be a big deal. They aren’t a world-renown distribution like Ubuntu or Red Hat, so its unlikely that unless its a kernel-based decision, the world is going to break and shatter. However, this does raise an interesting point in terms of security…just how secure is tcp_wrappers?

Continued »


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: