What a difference more memory makes in the mac pro…….
Before:
After:
Pretty darn snappy now, and vmware does not page as much when doing things in “windows”
It is about time Adobe…
Well it seems that Adobe has finally released a new version of Acrobat Reader for Solaris x86… You can get it at http://get.adobe.com/reader/otherversions/… It is version 9.1. Now I can finally get rid of version 4!!
Wings Over Pittsburgh Canceled
kinda sad as I was looking forward to it, but the 911th posted this:
Ultra Restricted Shell in Solaris
How to setup a readonly environment on Solaris:
If you want to give a specific user readonly access to your solaris machine via ssh, and want to log everything they do, it is sort of easy to setup. Here is a quick step-by-step guide to setting it up.
1. First you will need to chose what restricted shell you want to use. In this case I used bash as I wanted the .bash_history file to contain the exact time every command was run on the system. Since Solaris does not come with the rbash command, the only thing you need to do is make a copy of /usr/bin/bash to /usr/bin/rbash.
2. Make the user’s shell be /usr/bin/rbash, this will make them use the restricted bash shell.
3. Make their home directory owned by root.
4. Make their .profile owned by root
5. Create a .bash_history file and make it owned by that user. This should be the only file in their directory that is owned by the user.
6. Pick a location for your “restricted” binaries to reside. If this user will be logging in to multiple machines and you have a shared file system (say /home) I would suggest making the directory in /home; say /home/rbin.. This way you only have to put /home/rbin in their PATH.
7. Make symbolic links in your restricted binary directory to the binaries you want to run. I.e. ls, ps, more, prstat,passwd and hostname :
lrwxrwxrwx 1 root root 17 Feb 19 20:47 hostname -> /usr/bin/hostname*
lrwxrwxrwx 1 root root 11 Feb 19 19:56 ls -> /usr/bin/ls*
lrwxrwxrwx 1 root root 13 Feb 19 19:57 more -> /usr/bin/more*
lrwxrwxrwx 1 root root 15 Feb 19 19:56 prstat -> /usr/bin/prstat*
lrwxrwxrwx 1 root root 11 Feb 19 19:56 ps -> /usr/bin/ps*
lrwxrwxrwx 1 root root 11 Feb 19 19:56 passwd -> /usr/bin/passwd*
By making these sym links instead of the actual binaries, you do not have to worry if you have multiple platforms that you are going between (i.e. Sparc, x86) and doing custom logic to use the right binary.
8. Create the users .profile with the following in it:
readonly PATH=/home/rbin
readonly TMOUT=900
readonly EXTENDED_HISTORY=ON
readonly HOSTNAME="`hostname`"
readonly export HISTTIMEFORMAT="%F %T "
readonly export PS1='${HOSTNAME}:${PWD}> '
This will make it so they can not change any of the Environment variables. It sets their path to /home/rbin. Sets a inactivity time out to be 15 minutes. Sets the extended history to be on (this logs the time each command was executed in their .bash_history file). And finally sets their prompt and makes it readonly as well.
9. The last thing you need to do is change the permissions on the scp and sftp-server binaries so that the user can not execute them. Otherwise, they would be able to download files and go any where on the server they want. (Restricted shell will prevent them from cd’ing out of their home directory) To do this, I created a group and put my user in it as their primary group. Say the group was called rdonly. Now I do the following:
setfacl -m group:rdonly:--- /usr/lib/ssh/sftp-server
setfacl -m group:rdonly:--- /usr/bin/scp
So the files should show up like this now:
bash-3.00# ls -la /usr/lib/ssh/sftp-server /usr/bin/scp
-r-xr-xr-x+ 1 root bin 40484 Jan 22 2005 /usr/bin/scp
-r-xr-xr-x+ 1 root bin 35376 Jan 22 2005 /usr/lib/ssh/sftp-server
And the getfacl will look like this:
bash-3.00# getfacl /usr/bin/scp
# file: /usr/bin/scp
# owner: root
# group: bin
user::r-x
group::r-x #effective:r-x
group:rdonly:--- #effective:---
mask:r-x
other:r-x
This makes it so when the user tries to sftp or scp in to the machine, it will immediately disconnect them as they don’t have permissions to run those 2 executables.
That is about it. Don’t forget to set their password, make sure it has a policy set on it to be changed often and require a combination of letters, numbers and special characters and that it is at least 8 characters in length.
So now when the user logs in they will see something similar to this:
[laptop:~] unixwiz% ssh unixwiz@fozzy
Password:
Last login: Thu Feb 19 22:10:15 2009 from laptop
fozzy:/home/unixwiz> cd /
-rbash: cd: restricted
fozzy:/home/unixwiz> vi /tmp/test
-rbash: vi: command not found
fozzy:/home/unixwiz> PATH=$PATH:/usr/bin
-rbash: PATH: readonly variable
fozzy:/home/unixwiz> timed out waiting for input: auto-logout
As you can see, it will give you errors if you try to do something that you are not allowed to do. The last line shows the time out message where it closes the connection due to inactivity.
Now if the administrator goes and looks at the users .bash_history file they would see this:
#1235099570
cd /
#1235099577
vi /tmp/test
#1235099587
PATH=$PATH:/usr/bin
The #number is the exact time that the user ran the command below it. The item is the seconds since the epoch…
XM Radio Customer Service
I believe that XM Radio’s Customer Service is probably the worst I have ever seen and has gotten worse every year I have had to renew my radio. This year their “trick” is that they are now going to start charging an extra fee to use the online part of the XM Radio service. Right now it is free but according to this:
Because you are a valued customer and you enjoy listening to XM Radio online, we are offering you a special opportunity to continue to listen online at no cost if you renew your subscription now with one of our longer term plans.
On March 11, 2009, the XM Radio Online listening platform will be upgraded to a higher quality digital audio and no longer included as a part of a base subscription at no charge. If you renew now at www.xmradio.com/lockintoday, you can continue to listen online for FREE for the length of term you choose — but only if you act quickly. Rest assured, any credits on the account from earlier payments made will be applied to your renewal – you’ll only be charged the difference.
Act before March 10!
This is your only chance to keep your online listening at no charge. Beginning March 11, if you wish to listen to XM Radio Online, you will need to purchase a supplemental Premium XM Radio Online subscription for $2.99* per month. Your current XM Radio Online listening privileges will be available at no charge until your next renewal date.**It’s Easy to “Lock In” & Save.
They are going to start charging for the online service. So I decided to “lock in” and renew my subscription for my car for 2 years, just so I would have the online service for free for the next 2 years as well. So I went to the web site they listed, and did a 2 year renewal and filled out all my information. The last thing I see is:
So I thought all was well. Well it has been 8 days since I did that. No charge has showed up on my credit card, and my “listenercare” site on XM’s web site still shows that my I still have the 1 year service, and it was last paid on March of 2008.
I then went back to XM’s site, and filled out a billing contact form to ask them what was going on… What did I get back from them:
XM is proud to announce our exciting new lineup. Along with your favorites, we have added new channels, shows, legendary DJ’s and celebrity hosts, giving you more of what you love about satellite radio. You’ll get 69 commercial-free music channels covering all genres of music, including new channels like Bruce Springsteen’s E Street Radio, the Grateful Dead Channel, Elvis Radio, Jimmy Buffett’s Radio Margaritaville, Siriusly Sinatra, Metropolitan Opera Radio, Eminem’s Shade 45, Jam On, Little Steven’s Underground Garage and more. Plus, you’ll also get new personalities and exclusive shows like Barabara Walters, Chris Mad Dog Russo and Jeff Foxworthy. And, even more entertainment including Doctor Radio, Blue Collar Radio and the Foxxhole.
Everything you need to know about the new lineup is online at www.xmradio.com/newlineup. Download the new channel guide and keep it by your radio. With all of the new programming and personalities, Everything Worth Listening To is Now on XM.
Absolutely nothing to do with the question I sent them. I still have not even received any information about what is going on with my account either. So I decided to call the number listed on the email.. Got a man name “samual” with an obvious indian accent. He had problems with my account and could not understand why my stuff did not work. He then transfers me to his manager “winston” with another indian accent. He then “fixed” my account and told me that my credit card would be billed at midnight when their system does billing. So we will see if it works or if I have to make another call back to them yet again.
One thing that XM really needs to do is work on their web site and their customer service. It is just piss poor.