Stephen Reese

Mounting drives/volumes read-only in Microsoft Windows (Vista)

I needed to analyze a drive for a company that suspects an ex-employee may have taken corporate material (training exercise or else I would use a hardware write blocker and follow a chain of custody). I do not have a write blocker and rather then fire up a copy of ...

Converting Microsoft OS to VMWare Guest

A friend had two notebooks running Microsoft XP Home and Professional editions in which the notebooks were no longer functional but the hard drives were in good shape so I recommend running them in a VM guest. I knew I could use VMWare converter tool that was freely available and ...

Converting Microsoft Vista from one version to another

A desktop that I had which was used for work recently would not activate because it required connectivity to the companies KMS server which I would connect to via VPN to complete but since I no longer work there that is out of the question. Since the Vista OS was ...

Domain registrars spamming sub-domains?

In the process of setting up some virtual servers (slices) from www.slicehost.com I had to move the name servers around along with a migration to Google web apps. A user called complaining that they could not access the web-mail service. The user was trying to access www.mail ...

Encrypting a secondary drive (PGP or TrueCrypt)

In this post I am going to share my experiences with encrypting a secondary drive in a Windows Vista environment. The hardware is a Dell Optiplex core 2 duo. I will be encrypting a 1 terabyte Hitachi drive which I use primarily for storage. The first piece of software I ...

Force Outlook to open all email in plain text

For reference. Strip HTML email in Outlook into plain text Content: First, this is secure as many of the worms and bugs rely on HTML script code. One good example could be the needless advertisements or images sent inside spam (junk) emails. When you so much as view an email ...

Disable fast user switching on Vista

In Vista (unlike Windows XP), Fast User Switching works if you’re on a network domain. To turn off Fast User Switching, choose Start, type gpedit.msc in the Search box, and then press Enter. (If a security prompt appears, type an administrator password or confirm the action.) In the ...

Kicking a user off a linux system

This might break something the user is doing. You have been warned. last -i1 baduser | awk '{print $3;exit}' | xargs -p --replace iptables -A INPUT -s {} -j drop if [ "`who | grep $1`" != "" ] ; then sid=`ps -jU $1 | awk '{print $3}' | tail -1`" kill -HUP $sid echo "$1 was logged in ...

Authenicating kerberos against active directory

Your /etc/pam.d/system-auth is created with the command “authconfig” on a RHEL5 machine though you may have to manually edit it with other distributions: #%PAM-1.0# This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so ...

Configuring sendmail to accept mail

if you get ( doing a netstat -an more ) tcp 0 0 127.0.0.1:25 0.0.0.0:\* LISTEN Then your sendmail server is configured to accept connections from localhost only. To change this behavior, you need to edit /etc/mail/sendmail.mc. Find the line that starts ...


Running processes in the background on Linux

If you just want your program to simply run in the background, launch it with a “&” at the end of the command from the shell. However, if it expects to use stdout, stdin, or stderr, it will stop — so these must all be redirected to files or pipes. This will ...

Adding a character to a line using Perl

perl -p -i -e 's/(.)$/$1$1/g' filename This changed my nonsense file: ghggk dethaks gjfkdld fyduftsdu flkgjd kflgjlk flkgjl f into a slightly different nonsense file: ghggkk dethakss gjfkdldd fyduftsduu flkgjd kflgjlk flkgjl ff

Getting Samba to play nicely with SELinux on RHEL

This helpful bit was written by Don Meyer. I am a little too stubborn for a quick fix like this, so I went the route of adding the specific rules needed to allow SMB/Winbindd to run without throwing AVC errors. I am doing this on RHEL4 boxes, which install ...

Remove index.php from wiki URL

In httpd.conf: Alias /wiki/index.php /home/rsreese/richardsreese/htdocs/w/index.php Alias /wiki /home/rsreese/richardsreese/htdocs/w/index.php In Localsetting.php: $wgScriptPath = "/w"; $wgScript = "$wgScriptPath/index.php"; $wgRedirectScript = "$wgScriptPath/redirect.php"; # For more information on customizing the URLs please see: # http://meta.wikimedia.org/wiki ...

Courier Vacation Notice

cc "| /usr/lib/courier/bin/mailbot -t autoresponse -s 'AutoAwayMessage' -A 'From: test@somedomain.com' /usr/sbin/sendmail -f ''"cc "!user@somedomain.edu"cc "./Maildir" EXITCODE = 0 exit

Compare Directory Contents on Linux computer

#/bin/bash DIR_1=$1 DIR_2=$2 #check dir diffs ls -1 $DIR_1 >/tmp/diff.1 ls -1 $DIR_2 >/tmp/diff.2 echo "Check Dir differences:" diff /tmp/diff.1 /tmp/diff.2 && echo "Dir's have the same files" #check files differences echo "check files differences:" for file in `cat ...

NFS howto with static ports

First I am going to edit the /etc/sysconfig/nfs to specify the ports I want to run on. STATD_PORT=4000 STATD_OUTGOING_PORT=4004 LOCKD_TCPPORT=4001 LOCKD_UDPPORT=4001 MOUNTD_PORT=4002 Next I want to edit the /etc/hosts.allow to only allow specific hosts to access the resource. nfs:192.168 ...


SQL injection attack on a PostgreSQL database (t_jiaozhu)

A web server running Apache 2 and PostgreSQL was successfully compromised using a SQL injection vulnerability. I first noticed there was a new table in one of our PostgreSQL databases named ‘t_jiaozhu’. public t\_jiaozhu table postgres The table wasn not something that myself or our developer had created so ...