Web : zend_mm_heap corrupted

Posted by kgagnon@itechlounge.net on January 24, 2012 None comments

You may notice this error in the Apache logs : zend_mm_heap corrupted

Try to enable or increase this parameter either in your Apache config, htaccess or php.ini file :

output_buffering = 4096

Active Directory : Change the default display name format for user and contact objects

Posted by kgagnon@itechlounge.net on January 20, 2012 None comments

Here is how to change the default display name format for user and contact objects in Active Directory. By default, it display “Last name and First name”. We want to revert this to “First name, Last name”.

Before doing this step, make sure your user is a member of either “Enterprise Admins” or “Domain Admins” group!

First, open up ADSI Edit console (Start > Run) :

adsiedit.msc

Then, connect to your Domain Controller using the “Configuration mode”.

Expand the following container :

cn=DisplaySpecifiers

Double-click on :

CN=409.NOTE

(This is the code for en-US language. You must change the value matching your language)

Then, right-click and click on Properties on the contextual menu of the following object :

createDialog

Set value to :

%<sn>. %<givenName>

 

Windows : Setting LAN Authentication Level on 7 Home Premium

Posted by kgagnon@itechlounge.net on January 19, 2012 None comments

Windows 7 Home Premium doesn’t have the “Local Security Policy” console (aka : secpol.mmc). In order to access SMB share running the old protocol version, you need to enable the Authentication LAN Manager directly inside the registry.

Open the registry editor (Start > Run) :

regedit

Browse to :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Create a new DWORD value  with the following properties :

LmCompatibilityLevel = 1

Linux : Partition and format external hard drive as ext3 filesystem

Posted by kgagnon@itechlounge.net on January 19, 2012 None comments

This tutorial is about partitioning a USB external hard drive as good for internal drive.

First, list devices on your system using one of the following commands :

dmesg

(USB drive should appear as SCSI drive)

fdisk -l | grep ‘^Disk’

Now, assuming your new drive is “sdb”, use the following command to invoke the fdisk partition utility :

fdisk /dev/sdb

To create a new partition (assuming this is a new unused drive), just type “n“. Then, save your work typing “w” and “q” to exit the utility.

Any doubt or need help about fdisk utility, just type “m“.

Let’s format the partition as traditional EXT3 Linux file system :

mkfs.ext3 /dev/sdb1

Okay, the hard disk partitioning and formatting is done now.

Create a directory where you want to have your drive mounted (replace all “external_hd” value with the name you want to use ) :

mkdir /mnt/external_hd

Mount the drive :

mount /dev/sdb1 /mnt/external_hd

You’re now ready to use it! However, this mount will not survive to a reboot. To make it permanent, you need to edit fstab :

vi /etc/fstab

And add the following line :

/dev/sdb1               /mnt/external_hd           ext3    defaults        1 2

NOTE : If you manually mount the drive instead doing the fstab way, do not forget to manually unmount it before unplug it! Serious data loss problem may occur if you skip this step!

umount /dev/sdb1

Active Directory : You do not have sufficient privileges to delete Organizational Unit

Posted by kgagnon@itechlounge.net on January 10, 2012 None comments

Working in Active Directory Users and Computers (ADUC) trying to delete an Organizational Unit (OU), you get the following error :

Active Directory Domain Services

You do not have sufficient privileges to delete < Organizational Unit >, or this
object is protected from accidental deletetion.

By default, you need to uncheck the box “Protect object from accidental deletion”. To achieve this, you need to activate Advanced Features on ADUC console.

Click on : View > Advanced Features

Now you got a lot more options!

Right click on the OU you want to remove and then Properties ;
Click on Object tab ;
Uncheck the box Protect object from accidental deletion.

You’re done!

Web : Prevent image hot linking to your site

Posted by kgagnon@itechlounge.net on January 10, 2012 None comments

This article is about stopping theses sites who hot link your images, steal them and your bandwidth! I assume you are running Apache as Web server and have some basic knowledge of httpd.conf, htaccess and rewrite rules.

You have two choice, either put the rules directly inside your httpd.conf vhost or inside an Apache configuration file (well known as .htaccess). If you use the httpd.conf way, you can ignore the first step.

First, make sure your vhost is allowing htaccess usage (in httpd.conf) :

AccessFileName .htaccess

<Directory “/path/to/vhost”>
AllowOverride All
Options SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

Now, add theses rewrite rules into your config file (httpd.conf or htaccess) :

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.tld [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://public.domain.tld/images/hotlinking_denied.jpg [NC,R,L]

 

Ok, let’s explain this a little bit… the following line contain the URL who is authorized to call images (your own site must be listed! – replace “domain.tld” with your own domain). You may add as many allowed URL you want, simply duplicate the line and domain.

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.tld [NC]

The last line contain the image to return to theses stealers… their site will show this image instead of the one they tried to link (again, replace with your own URL/path) :

RewriteRule \.(jpg|jpeg|png|gif)$ http://public.domain.tld/images/hotlinking_denied.jpg [NC,R,L]

*Make sure the image you want to display is not contained into the same URL you are trying to protect. Infinite loop is expected!

Qmail : HowTo generate a certificate for POP3-SSL and IMAP-SSL

Posted by kgagnon@itechlounge.net on January 4, 2012 None comments

This tutorial is about generating a SSL certificate to secure POP3 and IMAP communications between clients (MUA) and Qmail server (MTA).

1. Go to Qmail config directory :

cd /var/qmail/control

2. Generate key :

openssl genrsa -des3 -out servercert.key.enc 2048

3. Decrypt the key (get rid of the passphrase) :

openssl rsa -in servercert.key.enc -out servercert.key

4. Generate a certificate request (well known as CSR) :

openssl req -new -key servercert.key -out servercert.csr

5. Submit your CSR to your certificate provider (CA) or generate a self-signed certificate :

openssl req -x509 -key servercert.key -in servercert.csr > servercert.crt

6. Create a PEM certificate (either with your certificate provided by your CA or your self-signed certificate) :

cat servercert.key servercert.crt > /var/qmail/control/servercert.pem

7. Restart Qmail :

qmailctl restart

Linux : Error running command require /proc could not read procfs

Posted by kgagnon@itechlounge.net on January 1, 2012 None comments

Having this issue on Linux machine trying to run command as a user who require /proc filesystem (such as top or htop) ?

[user@server ~]$ top
top: /proc is not mounted, required for output data

[user@server ~]$ htop
Error: could not read procfs (compiled to look in /proc).

This usually happen because /proc lose his permission. Make sure it’s owned by root and group root and permissions set to read-execute for owner, group and everyone (r-xr-xr-x) or 555.

chown root:root /proc
chmod 555 /proc

Bind : Unexpected RCODE (REFUSED) resolving ‘xx.xx.xx.xx.in-addr.arpa/PTR/IN’

Posted by kgagnon@itechlounge.net on December 31, 2011 None comments

Experiencing this error in Bind logs?

named[xxxxxx]: unexpected RCODE (REFUSED) resolving ‘xx.xx.xx.xx.in-addr.arpa/PTR/IN’: xxx.xxx.xxx.xxx#53

This is probably because you have a forwarder in your named.conf that refuse your requests. Simply look at the end of the previous line : “xxx.xxx.xxx.xxx#53″ and search this address in your named configuration file – it should be located inside the forwarders :

forwarders { xxx.xxx.xxx.xxx; };

You need to remove or comment this host to get rid of the error in log or allow your host to query this server if it belongs to you!

Tip : To make sure the remote DNS server you are trying to query is refusing your request, you can try to DIG a host like this replacing the domain and IP to meet your situation :

dig domain.tld @xxx.xxx.xxx.xxx

Bind : Transfer of ‘domain.tld’ from xx.xx.xx.xx#53 failed receiving responses permission denied

Posted by kgagnon@itechlounge.net on December 30, 2011 None comments

I recently notice this error on a master/slave Bind (named) DNS server setup (this error actually happened on slaves servers) :

transfer of ‘domain.tld/IN’ from xxx.xxx.xxx.xxx#53: failed while receiving responses: permission denied

First, make sure the “allow-transfer” directive is properly set on the primary master server :

allow-transfer { xxx.xxx.xxx.xxx; };

This is probably the case and the problem is more likely at the filesystem permission level on the slaves servers.  This is a common error.  So let’s fix this by reseting permission like this :

chmod 775 /var/named/chroot/var/named

For the record, everything contained in /var/named should belong to “named:named”.  Feel free to correct this recursively if this is not the case :

chown -Rf named:named /var/named