Spind.net Blog

I’ve had a few issues with my Firefox previously, but this time it somehow forgot all my saved passwords and stopped offering to remember new ones. This one was a quickie, but I’ll post it for later reference.

This problem can be fixed by removing the files key3.db and signons3.txt from your Firefox profile directory. On Unix, it’s usually a random generated directory under ~/.mozilla/firefox. Be aware that removing these files will remove any stored passwords – mine were already gone though.

Uncategorized Amnesia, Desktop, Firefox

I’ve been playing around with Sun VirtualBox. Installation of both Windows XP and CentOS 5 went smooth, but installing the guest OS tweaks – in the VirtualBox world referred to as Additions – gave me a little trouble on CentOS. It’s done the same way as on VMWare, by mounting an ISO with the scripts and drivers required. It’s not as painless as on VMWare though.

For starters, you have to find the ISO yourself – but I’ll give you a hint: look in /usr/share/virtualbox/ After mounting the ISO image, a directory popped up. I tried double clicking on autorun.sh but nothing ever comes easy, does it? I tried running it in the terminal, and was somewhat enlightened as I realized it was looking in vain for gksu – probably a Gnome frontend for su. Luckily there seemed to be another script I could run – VBoxLinuxAdditions-amd64.run – but it whined about OpenGL direct rendering:

Before I ran the script, I made sure the newly installed CentOS was crispy by running yum upgrade. I also had a sneaking suspicion that a C compiler was required, so I made sure the system also sported gcc. The only thing I personally noticed by reading the message above, was that some missing OpenGL crap prevented the additions to be installed. As I was typing the message in this blog, I also noticed something about kernel headers. Rather embarrassing, but I really didn’t see it until now. Anyway, obviously the thing needed was kernel goodness, so I ran yum install kernel-devel. That seemed to make the VirtualBox additions script more happy and now it seems to be running flawlessly.

So, to summarize – what to do to make the damned thing work:

I rebooted as I was told to, but mouse integration didn’t seem to work. Probably due to the kernel being upgraded without rebooting and actually utilizing it. So, I ran the additions script again, rebooted again and woo – mouse integration seems to work. The clipboard doesn’t though, and the maching is still creating some really nasty spikes on my CPU graph every three seconds or so:

It’s worth mentioning that when I’m running my Windows XP guest in VirtualBox, the CPU graphs on the host system are nice and flat.

I’m not entirely pleased, but I think VirtualBox will eventually win me over from VMWare.

Uncategorized CentOS, Fedora, Sun, VirtualBox, x86_64

I recently installed mod_security on our Apache server, and everything seemed to be working fine. Suddenly, while working on the previous post, I was presented with this error:

I checked the log files, and found these hits:

In short, it’s mod_security telling me that the text /etc/ triggered rule 950005, which should be protecting our server against malicious attempts to access local files – like the ones in the /etc directory. The access file only showed a POST to /wp/wp-admin/post.php so I had no idea where the /etc/ string was coming from. Maybe some weird hidden Javascript? Maybe something else?

This post narrowed acknowledged it to be related to mod_security and suggested to disable it permanently or just turn it temporarily off while posting. I aim to do better.

The previous post has a wonderful nugget of enlightenment about prioritizing services on Linux, and suggested a couple of changes to the Linux configuration files – most of which are located in.. the /etc/ folder. In short, I triggered mod_security rule 950005 by posting data containing /etc/.

If you ever plan to cover issues related to deployment and administration of operating system in the Unix family, this rule absolutely has got to go. Obviously it’s written with the best of intentions, but as it is doesn’t work and should be disabled.

Avoid messing with /etc/httpd/modsecurity.d/modsecurity_crs_40_generic_attacks.conf and just disable the specific rules in /etc/httpd/conf.d/mod_security.conf by adding this:

Uncategorized Apache, CentOS, Linux, ModSecurity, Paranoia

Administrating a Linux system is always interesting, especially when something starts hogging the resources and people start complaining. Everyone wants their e-mail on time and spam free, but nobody wants to wait on a slow web server. What to do? Put a priority on your services!

My initial thought was “wow, someone must have thought about this before me”, and I looked briefly through the service scripts in /etc/rc.d/init.d. I was specifically interested in tweaking the nice level for the Amavis daemon, but found nothing in the amavisd file – just a simple call to the daemon function in /etc/rc.d/init.d/functions.

With my initial thought still fresh in my mind, I dug down in the functions script, and saw that it actually honours a couple of environment variables set by the configuration scripts in /etc/sysconfig – one of them being NICELEVEL.

In short: if you want a service – like the Amavis daemon – to run with priority 15, add this to /etc/sysconfig/amavisd:

Uncategorized