Category: Tips

Posted on

samba password complexity check

Samba server can act as PDC ( primary domain controller ) .
you can force password policy with pdbedit command ,
but it doesnt check for complexity . in order to check complexity samba provides “check password script” attribute in smb.conf , and crackcheck that uses cracklib .
but what do you do when you need a specific password compexity policy ?
you can write your own script . any language will do as long as you return 0 (zero) for true , and higher then 0 for false .
here is an example of such script written in perl

#!/usr/bin/perl -w
# This Script will check password complexity
$min_length=8;
$min_upercase=1;
$min_lowercase=1;
$min_digits=1;
$min_specialchar=1;
$specialchars='!,@,#,$,%,^,&,*,(,),-,_,+,=';
# get the password from standard input ( possible to pipe )
$str_pass=<STDIN> ;
# now lets start check and update the counters is we find something
# but first lets set all counters to zero
$ctr_length=-1;
$ctr_upercase=0;
$ctr_lowercase=0;
$ctr_digits=0;
$ctr_specialcar=0;
# conver the string to array
@array_pass = split('',$str_pass);
# convert specias carachter into array
@arrayspecialchars = split(',',$specialchars);
foreach $pass_char (@array_pass)
{
	$ctr_length++;
	# check upercase
	if($pass_char =~ /[A-Z]/)
	{
		$ctr_upercase++;
	}
	# check lowercase
	elsif($pass_char =~ /[a-z]/)
	{
		$ctr_lowercase++;
	}
	# check digits
	elsif($pass_char =~ /[0-9]/)
	{
		$ctr_digits++;
	}
	else
	{
	# check special characters
	foreach $schar (@arrayspecialchars)
	{
		if($pass_char =~ /Q$schar/)
		{
			$ctr_specialcar++;
		}
	}
	}
}
# check if we reached minimal length
if($ctr_length<$min_length)
{
	print "too short , minimum $min_length and got $ctr_length n";
	exit 1 ;
}
# check if we reached minimal UPER case
if($ctr_upercase<$min_upercase)
{
	print "not enough upercase , minimum $min_upercase and got $ctr_upercase n";
	exit 2;
}
# check if we reached minimal lower case
if($ctr_lowercase<$min_lowercase)
{
	print "not enough lowercase , minimum $min_lowercase and got $ctr_lowercase n";
	exit 3;
}
# check if we reached minimal digits
if($ctr_digits<$min_digits)
{
	print "not enough digits , minimum $min_digits and got $ctr_digits n";
	exit 3;
}
# check if we reached minimal special characters
if($ctr_specialcar<$min_specialchar)
{
	print "not enough special characters , minimum $min_specialchar and got $ctr_specialcar n";
	exit 4;
}
# if you got up to here , meaning you passed it all with success
# we can now return a non error exit
exit 0;
Posted on

Export Import gpg keys

1. list current keys

$ gpg --list-keys
/home/yyagol/.gnupg/pubring.gpg
-------------------------------
pub 1024D/5E92C97A 2010-04-13  yyagol <[email protected]>
sub 2048g/2752CC68 2010-04-13

2. export both public and private

$ gpg --output mygpgkey_pub.gpg --armor --export 5E92C97A
$ gpg --output mygpgkey_sec.gpg --armor --export-secret-key 5E92C97A

3. copy the files to the other server and then import them

$ gpg --import mygpgkey_pub.gpg
$ gpg --allow-secret-key-import --import mygpgkey_sec.gpg
Posted on

file as raw device

Sometimes there is a need to have a file act as raw device , here is a simple trick that
you can take in order to achieve that goal (all commands should run as root) :
1. create an empty file using dd command ,
with the required size ( that can be change later on )

~# dd if=/dev/zero of=1G.img bs=1M count=1024
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 3.28652 s, 327 MB/s

2. create a file system on that file using mkfs -F

~# mkfs.ext4 -F 1G.img
mke2fs 1.42 (29-Nov-2011)
Discarding device blocks: done
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
65536 inodes, 262144 blocks
13107 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=268435456
8 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376Allocating group tables: done
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done

3. mount the file as it was a device

~# mkdir mymount
~# mount 1G.img mymount/
~# mount |grep mymount
/tmp/1G.img on /tmp/mymount type ext4 (rw)

And that is it , no more to do . now lets say you want to extend this partition/file , you can do it
with 2 simple commands , but first you need to umount the file .
1. check the fs and clean it before resize

~# e2fsck -f 1G.img
e2fsck 1.42 (29-Nov-2011)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
1G.img: 11/65536 files (0.0% non-contiguous), 12635/262144 blocks

2. resize the file

~# resize2fs 1G.img 2G
resize2fs 1.42 (29-Nov-2011)
Resizing the filesystem on 1G.img to 524288 (4k) blocks.
The filesystem on 1G.img is now 524288 blocks long.

~# ls -lh 1G.img
-rw-r--r-- 1 root root 2.0G Jun 19 22:31 1G.img
Posted on

Analyze Oracle Database schema

Why is it important to analyze , and what is analyze anyway ?
well analyze is a method to gather statistics on table objects in order for the optimizer
to choose the best way for executing queries .
for example the optimizer may choose to use full table scan or to use table index ,
it does so by looking at the table statistics .
Oracle doesn’t gather statistics on schema’s all by it self and the DBA must do it
as part of database maintenance . its is wise to analyze your schema on regular basis’s ,
depend on the data changes . i will show you a small script that can help you analyze your schema .

#!/bin/sh
#
# This script will call dbms_stats to Analyze SCHEMA_OWNER schema
ORACLE_SID=<sid name>
ORACLE_BASE=<path to oracle base>
ORACLE_HOME=<path to oracle home>
export ORACLE_SID ORACLE_BASE ORACLE_HOME
$ORACLE_HOME/bin/sqlplus -s " / as sysdba" <<eof1
spool /tmp/Analyzing.txt
exec dbms_stats.gather_schema_stats(ownname=>'SCHEMA_OWNER',estimate_percent=>5,cascade=>true);
exit;
eof1
Posted on

tab completion for sqlplus

Every person who ever worked with bash tab auto complete
know how fast and convenient it is to use .
but when it comes to Oracle sqlplus under Linux there is no such thing as tab completion
on most cases even the arrow keys doesn’t work . in the simple following steps
we will fix all that by using a tool called rlwrap .
in this post i used CentOS because it is similar to RedHat
but before we can compile we need to solve some dependencies first .
rlwrap depends on GNU lib named readline , let compile this one first

yum install ncurses-devel.i386 libtermcap-devel.i386
wget ftp://ftp.gnu.org/gnu/readline/readline-6.2.tar.gz
tar -xzvf readline-6.2.tar.gz
cd readline-6.2/
./configure
make && make install
echo "/usr/local/lib/" >>/etc/ld.so.conf
ldconfig

now we are ready to to compile rlwrap ,

wget http://utopia.knoware.nl/~hlub/rlwrap/rlwrap-0.37.tar.gz
tar -xzvf rlwrap-0.37.tar.gz
cd rlwrap-0.37/
./configure
make && make install

After rlwrap is installed we can start using it . note that it will save the commands
history under the user home directory so don’t use login with passwords .
using rlwrap is simple as starting it before running sqlplus
rlwrap sqlplus myuser/
but there will be no tab auto complete …. well here is the trick ,
rlwrap can take a lists of auto complete words list as a file .
so just create the a file containing all words you wish to auto complete and
just run it
rlwrap -f ~/my_completions sqlplus myuser/
note :
you can put all Oracle dictionary on that file ,all your schema objects
along with all PL/SQL commands

Posted on

Rotate Oracle logs

Oracle database logs doesn’t rotate by it self , and as time goes by, your
server may hold logs that are too big to read and takes too much storage space .
this can get your server to a maximum capacity , and in some cases crush your server .
The best thing i found is to use logrotate to handle this rotations .
there are 2 files that needs to be rotate ( depend on your infrastructure ) this files
are alert log and listener log . both can grow to unlimited size .
Create a new logrotate rule by edit a files
/etc/logrotate.d/oracle-alert and /etc/logrotate.d/oracle-listener
the oracle-alert file should point to the alert log usualy located under
$ORACLE_HOME/diag/rdbms/<database>/<sid>/trace/alert_.log
here is an example of oracle-alert , that will rotate weekly and store for 4 files back
also it will compress that backups and create a new file with the correct permissions .
* note that Oracle will create a new alert log ,if the file is missing, upon next event

/opt/app/DB/diag/rdbms/example/example1/trace/alert_example1.log {
compress
rotate 4
weekly
create 640 oracle oinstall
}

the next thing to handle is the listener , now the listener log cannot be remove just like that
if you do so , the listener would stop logging into that file . solving it with a special
commands that restart just the loger of the listener .
the location of the listener log is under $ORACLE_HOME/diag/tnslsnr/<database>/listener/trace/listener.log
This example shows how to weekly rotate and compress

/opt/app/DB/diag/tnslsnr/example/listener/trace/listener.log {
compress
rotate 4
weekly
create 640 oracle oinstall
prerotate
su - oracle "lsnrctl set Log_status off"
endscript
postrotate
su - oracle "lsnrctl set Log_status on"
endscript
}