• Use Mac OS X's Keychain for Password Retrieval in OfflineIMAP

    In my earlier post, I explained how to retrieve a password stored in a Mac OS X keychain from within Mutt. Mutt can be compiled with IMAP support, allowing for up-to-date access to your email account, but sometimes you want local copies of your IMAP folders for offline browsing or for backups. OfflineIMAP provides exactly this functionality: it synchronizes local maildir format email folders with a remote IMAP host. As with mutt, you normally can put your passwords in the configuration file, ~/.offlineimaprc, but that leaves your password in clear text in the file. Thankfully, OfflineIMAP allows you to run python code in some of its fields, and it lets you specify a file containing python code for it to source methods from.

    Read more...

  • RKHunter — Making False Positives Go Away on Gentoo Linux

    Update 2018/05/06: Updated the RKHunter links to RKHunter’s homepage and the Gentoo package.

    RKHunter is a tool for detecting rootkits on Unix-like systems. I run it daily on my Gentoo server, and it emails me a report about whether it updated its database of tests as well as any warnings it comes across while running its tests. Recently, Gentoo marked rkhunter-1.3.4 as stable. After I updated it, it began reporting more false positives than the older 1.2.9 (it used to only report the existence of promiscuous network interfaces, which is caused by my network confguration).

    Some were due to programs in /usr/bin being shell scripts instead of binaries, while others were complaining about the fact that I did not have the latest version of GnuPG or OpenSSH (I stick to Gentoo’s stable releases, which are currently a minor version behind). Another problem was over Linux kernel modules. I built my kernel with all module support disabled, compiling in everything I want my kernel to have.

    Read on to find out how I resolved the various warnings in /var/log/rkhunter.log by editing /etc/rkhunter.conf.

    Read more...

  • Use Mac OS X's Keychain for Password Retrieval in Mutt

    I am a fan of Mutt, a command line email client. It is really powerful, and it is highly customizable. Configuring it can be difficult due to having so many settings, but there are quite a few decent tutorials online for learning to configure it and any related commands.

    Mutt used to have to rely on other programs in order to send and receive mail on a remote server. But it has been possible for a while now to use its own built-in support for POP and IMAP for receiving mail, and SMTP for sending mail. Normally, if you did not want to have to type in your password every time you connected, or if you use several different accounts, you would have to store your password(s) in your mutt configuration files in clear text. It would be nice if security storing services like Mac OS X’s Keychain, Gnome’s Keyring, or KDE’s kWallet could be used natively within Mutt, but that is not yet the case. Under Mac OS X, however, passwords can be stored in the Keychain and accessed from the command line with the security command, and Mutt configuration files can call snippets of shell code that will get replaced with the output of the shell commands.

    This article explains a basic approach on how to use the security command, and a basic way of using it in a Mutt configuration file. I may present the Ruby wrapper script that I actually use in a future article.

    Read more...

  • Converting Rails Applications from MySQL to PostgreSQL

    Update (2009/09/14): There is a much better article on doing this conversion here that is specific to migrating Typo from MySQL to PostgreSQL. I will admit that I have not tried using that article’s boolean conversion method.

    I recently decided to give PostgreSQL a try after learning about some of the oddities of MySQL, plus it gave me an opportunity to see what was necessary to convert between two RDBMs. I installed PostgreSQL 8.3.7, which is the most recent version currently in the main Gentoo Portage tree, using the Gentoo Wiki guide. Rather than explain the details of setting up and using PostgreSQL, I’ll explain what I did to convert my Redmine and Typo instances. (The following assumes some familiarity with how to use Rails, MySQL, and PostgreSQL command line commands. See their man pages as well for other options that you may want/need to use)

    Read more...

  • Apache Worker MPM and RLIMIT_NPROC Resource Limit

    I decided to give Apache 2.2’s worker mpm a try (a couple processes that each have many threads rather than the default prefork’s several processes that each handle a single thread), but I was having the Apache root process exit because its children were disappearing. Sometimes this would happen immediately after launching Apache, other times it would happen after I tried to access a web page. I tracked the problem down to being an issue with apache hitting the process limit for a given user. However, modifying limits.conf for the apache user did not solve the problem because the apache server inherits root’s limits on start up rather than referring to limits.conf.

    Read more...