Tommi’s stuff

I wanted to put up for easy reference, how to setup the Oracle Instant Client packages on a SELinux enabled Red Hat Enterprise Linux 5 machine, the documentation was created on a x86_64 machine but should work on the 32 bit version as well.

Install packages:

oracle-instantclient11.1-basic-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-devel-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.x86_64.rpm

Put the relevant libraries into the textrel_shlib_t context:

semanage fcontext -a -t textrel_shlib_t /usr/lib/oracle/11.1/client64 /lib/libnnz11.so
semanage fcontext -a -t textrel_shlib_t /usr/lib/oracle/11.1/client64/lib/libclntsh.so.11.1
semanage fcontext -a -t textrel_shlib_t /usr/lib/oracle/11.1/client64/lib/libsqlplus.so
semanage fcontext -a -t textrel_shlib_t /usr/lib/oracle/11.1/client64/lib/libociei.so
semanage fcontext -a -t textrel_shlib_t /usr/lib/oracle/11.1/client64/lib/libsqlplusic.so
restorecon -R -v /usr/lib/oracle/11.1/client64/lib/

Put the libraries into the path of the dynamic library loader

echo "export ORACLE_HOME=/usr/lib/oracle/11.1/client64" > /etc/profile.d/oracle.sh

Set the path to the tnsnames.ora, I like /etc/tnsnames.ora

echo “export TNS_ADMIN=/etc/tnsnames.ora” >> /etc/profile.d/oracle.sh

Of course you have to have a valid tnsnames.ora file available.

Logout and login to update your environment and voila, you should be able to run sqlplus, install perl-DBD-Oracle or php-oci8, python, whatever your flavor is..

Ohh, and merry christmas!

Installed Fedora 10 a couple of days ago and I must say I’m very pleasantly surprised. Install went smoothly as ever and getting everything up and running was pretty much painless. Here’s pretty much what I needed to do to get it working on my HP nw9440 laptop:

• Installed from the DVD install media
• Setup RPMFusion - rpm -Uvh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
• Installed nvidia drivers,yum install xorg-x11-drv-nvidia
• Installed a few of my favorites, gnome-do, mplayer, networkmanager-vpnc, rdesktop, gnucash

A nice surprise was that rhythmbox now automaticly invites me to download and install the needed rpms for mp3 playback and others, finally!

Also, suspend and hibernate now works perfectly.

NetworkManager now works out of the box with my iwl3945 wifi card.

OpenOffice.org 3.0, now opens evil Microsoft Office 2007 files.

Conclusion, haven’t stumbled across a single annoying thing so I’m extremely happy with the quality of this release!

*Update* This also affects Fedora 10

Just ran into quite a bit of trouble trying to get VMware Server 2.0 to run on Fedora 9. After quite a bit of digging I found that vmware-hostd calls PAM and unix_chkpwd seems to cause a problem in hostd. The error message from the VMware Management Web:

The server is not responding. Please check that the server is running and accepting connections.

And after looking through the proccess list I found the following:

root      9817  9741  0 17:26 ?        00:00:00 [unix_chkpwd] <defunct>

My fix was to turn off password authentication in PAM for VMware and hope for a fix from VMware soon. This fix was suggested in this post.

Turning off authentication:

# cat /etc/pam.d/vmware-authd

#%PAM-1.0

auth       required    pam_permit.so

account    required    pam_permit.so

After that I suggest closing out connections to the vmware ports using iptables if you have disabled the default firewall which should keep you safe. Addition to /etc/sysconfig/iptables follows:

-A INPUT -i ! lo -m tcp -p tcp -m multiport --dports 8009,8222,8308,8333 -j REJECT

Hope this helps..

There was a change in recent module for FreePBX where the lookup source uri could not contain cid=${CALLERID(num)}. The fix for that is to change it to cid=[NUMBER].

See the AsteriskJA page.

I’ve tried quite a few methods to block password guessers from guessing passwords on machines that have open SSH, POP, IMAP… What I usually used was iptables and the recent module “iptables -m recent –help” if you are interested in that. The main problem with the iptables approach is it blocks a number of new connections from the same host whether they are invalid password attempts or just a user opening many ssh connections.

In comes pam_abl which enables blacklisting on unsuccesfull password attempts. I’ve installed this on a few Red Hat Enterprise Linux machines, you can download rpm’s for RHEL at Dag Wieers site.

Download pam_abl

# wget http://dag.wieers.com/rpm/packages/pam_abl/pam_abl-0.2.3-1.el5.rf.x86_64.rpm

Install

# rpm -Uvh pam_abl-0.2.3-1.el5.rf.x86_64.rpm

Configure pam_abl in /etc/pam.d/system-auth

auth        required      pam_env.so
auth        required      pam_abl.so config=/etc/security/pam_abl.conf
auth        sufficient    pam_unix.so nullok try_first_pass

Configure /etc/security/pam_abl.conf according to your own paranoia.. Here’s mine:

# /etc/security/pam_abl.conf
# debug
host_db=/var/lib/abl/hosts.db
host_purge=2d
host_rule=*:4/1h,30/1d
user_db=/var/lib/abl/users.db
user_purge=2d
user_rule=!root:4/1h,30/1d

You can check the state of pam_abl and manipulate it with the command pam_abl

# pam_abl
Failed users:
tommi (5)
Blocking users [!root]
Failed hosts:
evil.tommi.org (5)
Blocking users [*]

Now you have Auto Blacklisting for ftp, ssh, imap, pop, basicly anything that uses PAM for authentication. You can also just use it for one and one service for instance putting the pam line in /etc/pam.d/sshd instead of /etc/pam.d/system-auth.

I just finished updating my tv_grab_is script to use the xml interfaces which every Icelandic broadcasting company has.

I changed the xmltv id’s to reflect changes of names at 365. Sýn became Stöð 2 Sport, Sýn2 became Stöð 2 Sport 2, etc…

If you are using mythtv you need to update your xmltvid’s for channels and also the ~/.mythtv/FILENAME.xmltv. Run

tv_grab_is –list-channels

You can always get my newest version from my trac.

You will need to install the perl module XML::Simple until I rewrite the xml handling code but I’m too lazy right now, install methods:

yum install perl-XML-Simple

apt-get perl-XML-Simple

cpan perl-XML-SImple

Just discovered one of the most usefull apps I have come upon in a long time, Gnome DO!

This program makes programs and actions in them really easy. I have for instance installed the pidgin plugin for it, I hit “Windows button (super) - Space”, type the first few letters in a contacts email and voila, you have a open chat window with your friend.

I have a few icons to connect to various Windows terminal servers. I can hit Super-Space and then the first few letters of the hostname and whamm, I’m in. Same goes for ssh sessions, type for instance “root@mach”->Enter and I’m in.

This program is very similar to Quicksilver for MacOS X.

Here you can find some Gnome DO videos.

The Gnome DO webpage

Just re-added my gnucash scripts for importing data from Kaupþing XML transaction data and Landsbanki kredit card statements. Find them at /gnucash

I’m expecting to start work on changing tv_grab_is program guide grabber to utilize the new XML feeds from 365 (Stöð 2) and also using the XML from RUV in the next few days. Sadly Skjár 1 have not yet created a XML feed so I’ll have to keep on doing HTML parsing for their program data.

Also going to revisit having the xmltv folks accept my new version.

My current version of tv_grab_is

I am finishing writing a program called pysmsqueue that can manage to send SMS text messages through phones on multiple hosts or multiple phones on multiple hosts. There for handles load balancing, e.g. sending multiple messages at the same time. The code works pretty much for me but should be considered beta quality. You can have a look at the source in my trac.

The reason for writing it is that I needed something more than the gnokii-smsd that can handle failures of phones. I’m using this as a messaging system for Nagios so it needs to be highly available.

I’m expecting to release a setup file with RPM’s pretty soon.

You can do a subversion checkout with

svn co http://tommi.org/repos/tommi/trunk/pysmsqueue