Tips – Page 9 – Guy Rutenberg

View Failed Login Attempts – `lastb`

The lastb command can be used to list failed login attempts. By default it displays a nice table of all failed attempts including the username, time and host the attempt had originated from.

sudo lastb -w | cut -d " " -f 1 | sort | uniq | less

The -w tells lastb to display full username. The cut, sort and uniq turn the output of lastb to sorted list that contains each user name only once.

When I ran it recently on my server I found some interesting results. Nobody tried in the last fortnight to login with root but they did try with r00t, root2, root3, roottest, rootuser and a bunch of similar ones. There were a bunch of generic users such as admin, support, test, user, sales and surprising number of software related ones: wordpress, wp, stunnel, mysql, moodle, mongodb, minecraft etc.

Another useful command is

$ sudo lastb -f /var/log/btmp.1 -w -i | awk '{print $3}' | sort | uniq --count | sort -nr | less

which lists hosts sorted by the number of failed attempts originated from each host.

Overall in the last two weeks my server experienced more that 3300 failed login attempts using more than 800 unique usernames. Fortunately, as my server only allows public-key authentication via ssh all those attempts are pretty futile.

Make Offline Mirror of a Site using `wget`

Sometimes you want to create an offline copy of a site that you can take and view even without internet access. Using wget you can make such copy easily:

wget --mirror --convert-links --adjust-extension --page-requisites 
--no-parent http://example.org

Explanation of the various flags:

--mirror – Makes (among other things) the download recursive.
--convert-links – convert all the links (also to stuff like CSS stylesheets) to relative, so it will be suitable for offline viewing.
--adjust-extension – Adds suitable extensions to filenames (html or css) depending on their content-type.
--page-requisites – Download things like CSS style-sheets and images required to properly display the page offline.
--no-parent – When recursing do not ascend to the parent directory. It useful for restricting the download to only a portion of the site.

Alternatively, the command above may be shortened:

wget -mkEpnp http://example.org

Note: that the last p is part of np (--no-parent) and hence you see p twice in the flags.

Comparison of Hebrew Fonts on Kindle Paperwhite

I’ve decided to compare the looks of four, freely available Hebrew fonts, on the Amazon Kindle Paperwhite.

Bootstrap: Combining `input-append` and `input-block-level`

If you have a button appended to an input control in Bootstrap, and you want it fill the entire width, it’s not sufficient to add the input-block-level to the input itself but this CSS class also needs to be added to the surrounding .input-append div. For example:

<div class="input-append input-block-level">
	<input type="text" class="search-query input-block-level" name="q" placeholder="Search">
	<button type="submit" class="btn btn-primary">Search</button>
</div>

Applying .input-block-level to only one of the elments (either the div or the input) just doesn’t work.

Enabling C++11 (C++0x) in CMake

Going over some CMakeLists.txt files I’ve written, I came across the following snippet:

include(CheckCXXCompilerFlag)
CHECK_CXX_COMPILER_FLAG("-std=c++11" COMPILER_SUPPORTS_CXX11)
CHECK_CXX_COMPILER_FLAG("-std=c++0x" COMPILER_SUPPORTS_CXX0X)
if(COMPILER_SUPPORTS_CXX11)
	set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
elseif(COMPILER_SUPPORTS_CXX0X)
	set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++0x")
else()
        message(STATUS "The compiler ${CMAKE_CXX_COMPILER} has no C++11 support. Please use a different C++ compiler.")
endif()

Various compiler versions of gcc and clang use different flags to specify C++11 support, namely older ones accept -std=c++0x and newer one -std=c++11. The above snippets detects which is the right one for the compiler being used and adds the flag to the CXX_FLAGS.

View `man` Pages Properly in gVim

Vim’s ability to display man pages easily using the K mapping often comes handy. It been bothering me for a while, that the same thing doesn’t work properly in gVim, which I use more. The reason is that Vim’s ability to display man pages depends on having a terminal emulator, which just isn’t true for gVim, hence the garbled display of man pages one sees if he tries viewing a man page in gVim.

Today, I found a way around this limitation. It turns out, Vim comes with support for displaying man pages in a split window, and does it perfectly – colors, links and all the necessary stuff. The first line, enables this feature which includes by default the K mapping to open the man page in a new split. The second part, which I find very convenient, makes the regular K do the same in gVim. And unlike the original mapping, it also accepts a count before, so pressing 3K will search the 3 man section of the keyword under the cursor.

" Properly display man pages
" ==========================
runtime ftplugin/man.vim
if has("gui_running")
	nnoremap K :<C-U>exe "Man" v:count "<C-R><C-W>"<CR>
endif

Highlight Whitespace at End-of-Line in Vim

Usually trailing whitespace is undesirable. Using vim’s :match command you can easily highlight those trailing whitespace:

:match Error /\s\+$/

This can be combined with autocmd and inserted to ~/.vimrc to highlight trailing whitespace only for certain files:

autocmd Filetype python match Error /\s\+$/

Preventing Directory Traversal in Python

Consider the following use case:

PREFIX = '/home/user/files/'
full_path = os.path.join(PREFIX, filepath)
read(full_path, 'rb')
...

Assuming that filepath is user-controlled, a malicious user user might attempt a directory traversal (like setting filepath to ../../../etc/passwd). How can we make sure that filepath cannot traverse “above” our prefix? There are of course numerous solutions to sanitizing input against directory traversalthat. The easiest way (that I came up with) to do so in python is:

filepath = os.normpath('/' + filepath).lstrip('/')

It works because it turns the path into an absolute path, normalizes it and makes it relative again. As one cannot traverse above /, it effectively ensures that the filepath cannot go outside of PREFIX.

Post updated: see the comments below for explanation of the changes.

Ubuntu Freezes When Booting with Degraded Raid

I tried testing my software raid (mdadm) setup by removing one of the disks. When I tried to boot the degraded system, the system hanged displaying a purple screen. If I try booting the system in recovery mode, I get the following error:

** WARNING: There appears to be one or more degraded RAID devices ** The system my have suffered a hardware fault, such as a disk drive failure. The root device may depend on the RAID devices being online. Do you wish to start the degraded RAID? [y/N]: — ** WARNING: There appears to be one or more degraded RAID devices **
The system my have suffered a hardware fault, such as a disk drive failure. The root device may depend on the RAID devices being online.
Do you wish to start the degraded RAID? [y/N]:

Galaxy S2 – Clearing Logs on an Unrooted Phone

I have a Samsung Galaxy S2 using an unrooted stock ROM. Lately, I couldn’t update any of my apps, or install new ones as every time I tried it would complain about Insufficient storage available. This was weird, as according to my phone the apps took less than 600MB and still I barely 200MB of free space in my device memory.