Tales of an IT Nobody

devbox:~$ iptables -A OUTPUT -j DROP

Shortcut to a directory with a bat file and a sub directory containing the same name May 31, 2011

Check this out.
Make a directory structure like this:

Dir
Dir/AnotherDir
Dir/anotherdir.bat

Fill the .bat file with something creative… (Non destructive)

Now, make a shortcut from anywhere to Dir/AnotherDir – lemme guess, it tries to name the shortcut after the bat file? Odd! Rename it in the prompt then.

Save your shortcut and try to use it. Lemme guess, executed the bat file?

See below if you’re too lazy to try ;)

No Comments on Shortcut to a directory with a bat file and a sub directory containing the same name
Categories: security windows

MySQL 5.5.12 – init script warning May 25, 2011

I’ve just reported a bug regarding the init script that comes in MySQL 5.5’s source distribution .

Basically, if you call the ‘start’ clause of the script twice it will hose the service by allowing multiple instances to run trying to utilize the same resources (pid file, socket and tcp port) – naturally this renders the service that -was- working fine to screech to a halt, mysqladmin shutdown won’t work.. The only way to fix this is to do something like this to get things to normal:

My solution to avoid this for the time being is to put this in the beginning of the ‘start’ case clause in the ‘mysql.server’ script that we’re copying to /etc/init.d:

I chose exit 0; because technically, it’s still a successful command.

No Comments on MySQL 5.5.12 – init script warning
Categories: linux mysql servers

PHPUnit and apache ant junitreport task May 13, 2011

There’s not a whole lot of ‘purdy’ interfaces for parsing junit results. For what little that’s out there – it’s even a bit more difficult when you consider the PHP camp looking for a parser for the output from the likes of PHPUnit

If you’re looking for an easy way out with a reasonable result on the unit test report – take a look at my quick and dirty conversion script.
Basically, the default output from PHPUnit’s –log-junit argument doesn’t jive 100% with ant’s junitreport task. This is due to the nested ‘testsuite’ elements in the results. All the script does is flatten those into several files, something the junitreport task expects.
Take a look, maybe it’ll help someone besides myself. 
Someday I may get around to writing a straight up php parser to deal with either the junit xml or the json output from phpunit… maybe…
No Comments on PHPUnit and apache ant junitreport task
Categories: ant php programming purdy

Amazon AWS – The risk of using a cooked AMI May 11, 2011

Straight from the horses mouth; I no longer use this AMI – but the only ones I’ve used are Debian EBS and SLES … Fortunately I already went through authorized_keys on the one I do keep around.

People take AWS services seriously – but the AMI sharing always set off a flag for me. “Community AMI?” – No thanks! (Unfortunately the only choice for people who don’t want to – or do not have the time to make their own AMI they can trust).


Dear AWS Customer,

We are aware that a public Amazon Machine Image (AMI) in the Amazon EC2 US East (Virginia) region includes a public SSH key that could allow the AMI publisher to log in as root. Our records indicate that you have launched instances of this AMI.

AWS Account ID:  [REMOVED]

AMI(s)
==========
ami-0c638165

Instance ID(s)
==========
i-[REMOVED]

We are taking steps to remove the affected AMI within the next 24 hours. This will prevent launching new instances of the affected AMI, though existing instances of this AMI will continue to function normally.  For existing instances you may have of this AMI, we recommend that you migrate services to new instances based on a different AMI.

While you are migrating your services to a new instance, we also recommend that you identify and disable unauthorized public SSH keys. To do so, you will need to remove any unrecognized keys from your running instance(s). Note that public SSH keys are not guaranteed to be in the ‘/root/.ssh/authorized_keys’ file. The following command will locate all of the “authorized_keys” files on disk, when run as root:
       find / -name “authorized_keys” -print -exec cat {} \;

This command will generate a list of all known “authorized_keys” files, which you can then individually edit to remove any unrecognized keys from each of the identified files. To ensure that you do not inadvertently remove your authorized keys, we recommend that you initiate two SSH sessions when starting this process for each instance. You should keep the second session open until you have confirmed that all unrecognized / unauthorized keys are removed and that you still have SSH login access to the instance using your authorized key.

If you do not use SSH to connect to your Amazon EC2 instances, we recommend that you check the security groups associated with the above instance(s) to ensure that port 22 inbound is closed to all unknown IPs. This can be done via the AWS Management Console. For detailed instructions, please check the “Using Security Groups” section of the Amazon EC2 User guide:

http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.html

We hope this information is helpful.

Best regards,

Amazon Web Services Support

This message was produced and distributed by Amazon Web Services LLC, 410 Terry Avenue North, Seattle, Washington 98109-5210

3 Comments on Amazon AWS – The risk of using a cooked AMI
Categories: security servers