Tommi’s stuff

I’ve tried quite a few methods to block password guessers from guessing passwords on machines that have open SSH, POP, IMAP… What I usually used was iptables and the recent module “iptables -m recent –help” if you are interested in that. The main problem with the iptables approach is it blocks a number of new connections from the same host whether they are invalid password attempts or just a user opening many ssh connections.

In comes pam_abl which enables blacklisting on unsuccesfull password attempts. I’ve installed this on a few Red Hat Enterprise Linux machines, you can download rpm’s for RHEL at Dag Wieers site.

Download pam_abl

# wget http://dag.wieers.com/rpm/packages/pam_abl/pam_abl-0.2.3-1.el5.rf.x86_64.rpm

Install

# rpm -Uvh pam_abl-0.2.3-1.el5.rf.x86_64.rpm

Configure pam_abl in /etc/pam.d/system-auth

auth        required      pam_env.so
auth        required      pam_abl.so config=/etc/security/pam_abl.conf
auth        sufficient    pam_unix.so nullok try_first_pass

Configure /etc/security/pam_abl.conf according to your own paranoia.. Here’s mine:

# /etc/security/pam_abl.conf
# debug
host_db=/var/lib/abl/hosts.db
host_purge=2d
host_rule=*:4/1h,30/1d
user_db=/var/lib/abl/users.db
user_purge=2d
user_rule=!root:4/1h,30/1d

You can check the state of pam_abl and manipulate it with the command pam_abl

# pam_abl
Failed users:
tommi (5)
Blocking users [!root]
Failed hosts:
evil.tommi.org (5)
Blocking users [*]

Now you have Auto Blacklisting for ftp, ssh, imap, pop, basicly anything that uses PAM for authentication. You can also just use it for one and one service for instance putting the pam line in /etc/pam.d/sshd instead of /etc/pam.d/system-auth.

I just finished updating my tv_grab_is script to use the xml interfaces which every Icelandic broadcasting company has.

I changed the xmltv id’s to reflect changes of names at 365. Sýn became Stöð 2 Sport, Sýn2 became Stöð 2 Sport 2, etc…

If you are using mythtv you need to update your xmltvid’s for channels and also the ~/.mythtv/FILENAME.xmltv. Run

tv_grab_is –list-channels

You can always get my newest version from my trac.

You will need to install the perl module XML::Simple until I rewrite the xml handling code but I’m too lazy right now, install methods:

yum install perl-XML-Simple

apt-get perl-XML-Simple

cpan perl-XML-SImple

Just discovered one of the most usefull apps I have come upon in a long time, Gnome DO!

This program makes programs and actions in them really easy. I have for instance installed the pidgin plugin for it, I hit “Windows button (super) - Space”, type the first few letters in a contacts email and voila, you have a open chat window with your friend.

I have a few icons to connect to various Windows terminal servers. I can hit Super-Space and then the first few letters of the hostname and whamm, I’m in. Same goes for ssh sessions, type for instance “root@mach”->Enter and I’m in.

This program is very similar to Quicksilver for MacOS X.

Here you can find some Gnome DO videos.

The Gnome DO webpage

Just re-added my gnucash scripts for importing data from Kaupþing XML transaction data and Landsbanki kredit card statements. Find them at /gnucash

I’m expecting to start work on changing tv_grab_is program guide grabber to utilize the new XML feeds from 365 (Stöð 2) and also using the XML from RUV in the next few days. Sadly Skjár 1 have not yet created a XML feed so I’ll have to keep on doing HTML parsing for their program data.

Also going to revisit having the xmltv folks accept my new version.

My current version of tv_grab_is

I am finishing writing a program called pysmsqueue that can manage to send SMS text messages through phones on multiple hosts or multiple phones on multiple hosts. There for handles load balancing, e.g. sending multiple messages at the same time. The code works pretty much for me but should be considered beta quality. You can have a look at the source in my trac.

The reason for writing it is that I needed something more than the gnokii-smsd that can handle failures of phones. I’m using this as a messaging system for Nagios so it needs to be highly available.

I’m expecting to release a setup file with RPM’s pretty soon.

You can do a subversion checkout with

svn co http://tommi.org/repos/tommi/trunk/pysmsqueue

I just tried out recordmydesktop. It’s a pretty cool program that basicly does what it says, that is record my desktop. It also captures audio from mic and any music/sounds you are playing at the time of recording. Good for creating video demos, tutorials, whatever. Grit!

I created a script, AsteriskJA, a while back which can fetch data from a website and use in a CallerID lookup source within Asterisk. This script utilizes the Icelandic online phone book, http://ja.is/. It is written in perl and I’ve been using it now for several months. The effect is that if someone calls you from Iceland and they are registered in the Phonebook, you get the name of the caller. Pretty neat ehh?

I wrote this script to take screenshots of my desktop because I have on occasion forgot to fill in my time sheet on a daily basis. Basicly it’s a script that takes a screenshot of my desktop every 15 minutes and saves to a directory structure.

screenshot.sh

My crontab entry:

*/5 8-19 * * * /home/tommi/screenshot.sh