Saturday, October 3, 2015

Don't lose your crontab

I use Fedora on my home server, and I maintain /home as a separate filesystem, which I backup.  When I upgrade to new Fedora versions, I do a full reinstall using kickstart, keeping the /home filesystem intact.

The one thing that I want to preserve across upgrades that is not kept in /home is my crontab, which lives in /var/spool/cron.  Occasionally I would forget to grab a copy of my crontab before upgrading, and then I'd be sad.

It finally occurred to me that I should keep an up-to-date copy of my crontab in my home directory.  And what better way to do that than with cron itself.  Here's what I have in my crontab now:

00 03 * * * /bin/crontab -l > $HOME/.crontab-${USER}-backup

Now I always have a recent backup of my crontab in my home directory, and I never have to worry about losing it during an upgrade.

Sunday, July 26, 2015

Suspicious burst of dns queries from Windows

Reviewing dns query logs on my home network, I discovered that every afternoon a Windows 7 machine would issue a fast burst of about 1000 dns queries.  The list of domain names queried each day appeared to be the same, and included quite a few porn and foreign sites.

Right away I figured I've got malware on the machine.  I did the following:

Everything came up clean -- no detected problems.

Since the dns burst happened every day, I was trying to figure out how to determine what process on a Windows 7 machine issued a given dns query.  And in the middle of working on that, some google searches pointed out that Avast itself is the culprit.  Arghhhh.

Apparently Avast performs a dns lookup on the top 1000 sites to spot dns hijacking. Of couse, in doing so, Avast creates a highly suspicious traffic signature. Sounds like many people have wasted hours trying to hunt this down, only to find that Avast is the root cause. :(