Category Archives: Linux

Don’t litter

I’ve always hate when people throw their thrash around. My opinion about someone can go from “respectable citizen that I look up to” to “Obvious douche-bag that doesn’t respect anyone but him/herself” if I see them throw stuff on the ground. I often see people do it, and I try to lecture them whenever I catch them in the act. My hopes are of course that they will feel at least some bit of shame and maybe change their behaviour in the future.

Anyway, so near our apartment there’s this recycling station. A few containers where you can throw paper, plastic, metal and glass. The usual. Once a week there’s this pile of crap that keeps showing up. It almost always follows the same pattern and always ends up at the same spot, which makes me think that it might be the same person doing it. The trash in the pile is usually empty boxes from some fast food place (kebab and then some text in Arabic or something) and then usually a few electronics.

It always irritates me to the point where I would like to catch them in the act. But I never do. Well, until now. Or I didn’t really catch them in the act. It was more about what they dumped this time. On Wednesday this week, in the morning when I was leaving some plastic in the container, I noticed something in the “illegally placed trash pile”. Two computers (My time to shine)! I checked if there were any hard drives in them, and there were. So I decided that if the machines were still there when I came back after work, I would go there with a screwdriver and take out the drives. I was a bit worried since it was the day when they usually empty the containers, so the risk was that they would just bring the computers with them when they emptied everything else.

When I came back after work, the containers were empty but the computers were still there on the ground. So I went home, took a screwdriver and went back. It was a strange case that had a locking mechanism for the hard drives which was not easy to get off. Also, during the time I was sitting there in the dark with my screwdriver and flashlight, someone came to empty their recyclables. I quickly stood up and hid my stuff under a plastic bag, then proceeded to empty some plastic I had brought with me, in the container (to seem less suspicious. It’s all about the looks!). When the person had left I continue with my secret mission, and managed to take out all three drives.

I plugged them into my dock at home and took a quick look at the first drive. Unformated as expected with Windows Vista installed (bleh). I created a virtual drive for VirtualBox so that I could try to start the operating system on it.

VBoxManage internalcommands createrawvmdk -filename “henrietta.vmdk” -rawdisk /dev/sdg

However, the operating system was damaged and the repair process didn’t seem to work. It might have been a driver issue since it tried to load some ATI drivers before it crashed every time. I wasn’t too interested in spending a large amount of time on this, so I proceeded to just look at the data on the drive from my Linux machine. It appears to have been owned by a Ukranian lady (both machines seems to have been owned by her). They could of course have been stolen from her, so shouldn’t be too quick to blame. But i rule that out as the browser history and the programs installed all followed a consistent pattern, and all accounts saved in the browser (chrome) were using the same email and password. For the sake of our lady of the day (Henrietta), I will not disclose any detailed personal info.

The first hard drive with Windows Vista contained everything I would need to hijack the targets Internet life.

  • Browser history
  • Cookies
  • Email address (henr*************
  • Account names
  • Passwords
  • Personal files (A lot of text documents)
  • Images (hundreds)
  • Videos
  • Music

And loads of other sensitive data. I took a look at the data and then I threw everything away. No accounts were ever tested or anything unethical like that. One could argue that just taking theses drives were unethical, but if you throw something on the ground with the intention of dumping it where it’s not supposed to be, you sort of resign your ownership of it. Still there is the possibility of it being stolen. None of the operating systems worked on the machines, and the hardware was very old and some of the cards were even visibly broken. So I doubt it was stolen and then dumped there. Why would a thief go to the trouble of dumping it at “almost” the right location.

The second harddrive followed the same pattern but had Windows XP installed on it. The same user and the same type of websites had been visited. It also had a data partition with hundreds of family photos, photos of the suspected owner, and all sorts of sensitive personal data.

The third drive was completely dead and I didn’t put any more time into it.

All drives will be given to a friend who will physically destroy them (take them apart and render them useless).

Anyway, if you’re a complete ass who can’t take responsibility for your crap and just throw everything around you as you please, at least don’t throw crap that could potentially be traced back to you. Or, maybe continue, so that it’s easier to catch you. Right, Henrietta?

Installing Postfix and Courier with MySQL and SASL on Debian 7

I recently had to move to a new server and had some troube getting Postfix and Courier to work as I wanted. The tutorial I used to follow a bunch of years ago is gone and the tutorials I found were either outdated, wrong or didn’t do it my way. So with some inspiration from other tutorials including the old one I used to have, I have written my own modified version.

Step 1: Prepare your certificate now as you will be using it later
If you don’t already have one you can get one for free at StartSSL
This tutorial wont cover the steps at StartSSL as there are other documents for that.

Files that you will need:

– yourcert.crt
– yourprivatekey.key (in a decrypted state for server purpose)
– ca.pem

Place them in a folder like /etc/ssl/StartCom/year-month-day
For example, I use /etc/ssl/StartCom/2015-08-10 since that is the expiration date for one of my certs.
When the files have been placed there you need to do the following:

This is because Courier wants it in a pem file later, while Postfix wants them separated.
There might be a way to keep it consistent but I haven’t checked.

Also remember to set permissions to this folder!

Your private key is in there and you need to protect it.

Step 2: Install required software

Step 3: Setup MySQL database

Step 4: Configure postfix

Create these files below and paste the content that follows.
Remember to replace the user and password with whatever you chose before.

Change permissions of the files

Create user vmail

Set options in the Postfix configuration file.
Replace with a FQDN of your server.
Also replace the cert and key file with the cert and key file in your StartCom folder.
For example instead of /etc/postfix/smtpd.cert you write /etc/ssl/StartCom/2015-08-10/yourcert.crt

Now open /etc/postfix/ and uncomment the following section.
The format of these lines are important so only remove the comment characters (#) and nothing else.

Step 5: Configure Saslauthd

Create a folder for saslauthd

Open the following file.
Set START to yes and change the line OPTIONS=”-c -m /var/run/saslauthd” to OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -r”.

Open the following file and configure pam to use MySQL to authenticate you.

Edit smtpd.conf and configure sasl to use the sql plugin to authenticate users.

Add the postfix user to the sasl group

Restart postfix and saslauthd

Step 6: Configure courier

Edit Courier to use MySQL to authenticate

Now configure Courier to use your StartSSL cert for imap.
Courier wants the combined pem file.

Find the row TLS_CERTFILE and change the path.
For example: TLS_CERTFILE=/etc/ssl/StartCom/2015-08-10/combined.pem

Also find the the following rows and make sure they are set to the values below.

Since I don’t use pop3 I will make sure to disable it.

Find the the following row and make sure it’s set to the value below.

Restart courier

Step 7: Modify aliases

Issue this command to update the aliases

That should be all.
Don’t forget to populate the database with a user and a domain.

If you have any comments or feedback then feel free to leave them in the comment section below.
This tutorial will be updated later with some more security related settings to protect against certain SSL/TLS attacks.

Adding cert to eJabberd server

Forgot how to do this and took a little while to figure it out again.
Thus I have decided to put my solution here.
Security wise there are some things that need to be considered here.
Like the part where I decode the key so that I don’t have to insert the password every time the server starts.
I do this because it’s a VPS, but it wouldn’t always be optimal security wise.
I “solve” this problem by setting very strict permissions on the file (which you should always do anyway).

XMPP Certificate guide
You should start with the following files (I get my certs from Startcom SSL).

Now you need to decode the key file, so that we don’t have to insert the password everytime we start the server

Concatenate the files into one pem file (the order is crucial here)

Move the file where your server can reach it

Then you configure and restart the server, here’s an example of my conf