Saturday, March 18, 2017

Uninstalling Avast - breach of customer trust

I've been using Avast antivirus for quite a while. Today I noticed that it started adding an email signature to my outgoing gmail with an ad and link for Avast! Without my consent or telling me! Holy Schnikeys! That's a complete and total breach of trust. What genius at Avast thought it is a good idea to modify a customer's email?!  I'm uninstalling it now.

Monday, September 5, 2016

Fedora 24 and gsutil and crcmod

I was using gsutil rsync on a Fedora 24 system to copy data to google cloud storage.  I got this message:
WARNING: gsutil rsync uses hashes when modification
time is not available at both the source and
destination. Your crcmod installation isn't using
the module's C extension, so checksumming will
run very slowly. If this is your first rsync since
updating gsutil, this rsync can take significantly
longer than usual. For help installing the
extension, please see "gsutil help crcmod".

I followed the instructions at https://cloud.google.com/storage/docs/gsutil/addlhelp/CRC32CandInstallingcrcmod hoping to get the fast C extension installed.  But after following the Fedora instructions there, I still did not have the C extension for crcmod.

Troubleshooting and debugging eventually determined that the reason the C extension was not built and installed for crcmod was a missing file dependency, /usr/lib/rpm/redhat/redhat-hardened-cc1, which is provided by the redhat-rpm-config package.

So the solution to getting the fast crcmod C extension on Fedora 24 is to install redhat-rpm-config.

# dnf install redhat-rpm-config

Monday, May 9, 2016

DNF and logwatch

When Fedora linux used yum, logwatch reports contained a section about package changes.  When Fedora switched from yum to dnf, logwatch reports no longer contained a package-changes section, because there are no dnf scripts for logwatch.

I have a patch for that.  Details at http://forums.fedoraforum.org/showthread.php?t=309879

Saturday, October 3, 2015

Don't lose your crontab

I use Fedora on my home server, and I maintain /home as a separate filesystem, which I backup.  When I upgrade to new Fedora versions, I do a full reinstall using kickstart, keeping the /home filesystem intact.

The one thing that I want to preserve across upgrades that is not kept in /home is my crontab, which lives in /var/spool/cron.  Occasionally I would forget to grab a copy of my crontab before upgrading, and then I'd be sad.

It finally occurred to me that I should keep an up-to-date copy of my crontab in my home directory.  And what better way to do that than with cron itself.  Here's what I have in my crontab now:


00 03 * * * /bin/crontab -l > $HOME/.crontab-${USER}-backup

Now I always have a recent backup of my crontab in my home directory, and I never have to worry about losing it during an upgrade.

Sunday, July 26, 2015

Suspicious burst of dns queries from Windows

Reviewing dns query logs on my home network, I discovered that every afternoon a Windows 7 machine would issue a fast burst of about 1000 dns queries.  The list of domain names queried each day appeared to be the same, and included quite a few porn and foreign sites.

Right away I figured I've got malware on the machine.  I did the following:

Everything came up clean -- no detected problems.

Since the dns burst happened every day, I was trying to figure out how to determine what process on a Windows 7 machine issued a given dns query.  And in the middle of working on that, some google searches pointed out that Avast itself is the culprit.  Arghhhh.

Apparently Avast performs a dns lookup on the top 1000 sites to spot dns hijacking. Of couse, in doing so, Avast creates a highly suspicious traffic signature. Sounds like many people have wasted hours trying to hunt this down, only to find that Avast is the root cause. :(

References:

Saturday, March 8, 2014

Switching Fedora 20 sendmail from port 25 to port 587

My fedora server sends outgoing email to smtp.comcast.net.  I've always been able to configure that with just this in /etc/mail/sendmail.mc:

define(`SMART_HOST', `smtp.comcast.net')dnl

But two days ago Comcast finally started blocking port 25 on me (http://customer.comcast.com/help-and-support/internet/email-client-programs-with-xfinity-email/).

There are quite a few posts and articles about switching to port 587.  Below is what I found worked on my Fedora 20 server.

Step 1.  New /etc/mail/sendmail.mc config setup:

define(`SMART_HOST', `smtp.comcast.net')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
FEATURE(authinfo)dnl

Step 2. Setup authinfo

Assuming your comcast account is walrushose@comcast.net with password door123 ...

# touch /etc/mail/authinfo && chmod 600 /etc/mail/authinfo
# echo 'AuthInfo:smtp.comcast.net "U:walrushose" "P:door123" "M:PLAIN"' > /etc/mail/authinfo
# makemap hash /etc/mail/authinfo < /etc/mail/authinfo
# chmod 600 /etc/mail/authinfo.db

Step 3. Remake and restart sendmail

# make -C /etc/mail
# systemctl restart sendmail.service

Now my server is happily using port 587 for outgoing email.

Monday, June 17, 2013

Auto-upgrade Raspbian

I like to auto-upgrade fedora systems with yum-cron. To do the same thing on raspbian:

rpi# aptitude install cron-apt
rpi# echo 'dist-upgrade -y' > /etc/cron-apt/action.d/4-upgrade

You can monitor /var/log/cron-apt/log and /var/log/apt/history.log to confirm that upgrades are happening.