PHP publishes mail headers in mail body

Today I have faced with an issue: PHP inserts mail headers in the body, for example:

Reply-To: test@test.ru
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=windows-1251
X-Mailer: PHP/5.3.8-ZS5.5.0
Message-Id: <20111211211028.A229D8A0075@example.ru>
Date: Mon, 12 Dec 2011 01:10:28 +0400 (MSK)

Solution was found here: http://www.johnconde.net/blog/php-mail-headers-are-displayed-in-email-body/

The problem maybe in dash between Reply and To or in /r, which should be removed. Example of correct working script:

<?php // Set our parameters $to = 'test@example.ru'; $subject = 'This is a sample email'; $message = 'test'; $headers = 'Reply-To: john@fakedomain.net' . "\n"; $headers = 'From: john@fakedomain.net' . "\n"; $headers = 'X-Mailer: PHP/' . phpversion(); // Send the email mail($to, $subject, $message, $headers); ?>

Check average ambient temp in server room using BMC on IBM servers via Icinga or Nagios

First allow in /etc/sudoers for user icinga to launch  /usr/sbin/smbridged without password. Sometimes it needs root privileges. smbridged can be downladed somewhere from IBM :)

Icinga (Nagios) plugin:

#!/bin/bash
s1=$(sudo /usr/sbin/smbridged -ip 192.168.0.10 -u user -p password 

sensor | grep Ambient | cut -d "|" -f5 | cut -d "." -f1)

s2=$(sudo /usr/sbin/smbridged -ip 192.168.0.18 -u user -p 

password sensor | grep Ambient | cut -d "|" -f5 | cut -d "." -f1)

s3=$(( (s1 + s2) / 2 ))

if [ $s3 -ge 23 ] && [ $s3 -le 26 ]; then
echo "Warning: Ambient temperature is $s3" && exit 1
elif [ $s3 -ge 27 ]; then
echo "Critical: Ambient temperature is $s3" && exit 2
else
echo "OK: Ambient temperature is $s3" && exit 0

Check BMC status on IBM servers via Icinga and Nagios

First allow in /etc/sudoers for user icinga to launch  /usr/sbin/smbridged without password. Sometimes it needs root privileges. smbridged can be downladed somewhere from IBM :)

Extreme simple plugin:
#!/bin/bash
error=$(sudo /usr/sbin/smbridged -ip $1 -u user -p password sensor 2>&1 | cut -d '|' -f 4 | egrep -i "Failure|Error")
if [ -n "$error" ]
then
echo Warning: $error && exit 1
else
echo Everything is OK! && exit 0
fi

Samhain tips

Check files against database

samhain -t check --foreground

Update database

samhain -t update --foreground

Options for debaugging
--foreground -p debug

Nmap statistics

nmap -n -sn -T4 -oG out.txt -PS1-65535 -PU53,88,123,137,138,161,500,514 x.x.x.x/21
37 hours - full TCP and well known UDP + PING discovery scan.
2048 hosts.

Naming debian package

General structure:
Epoch: Upstream version + dfsg - debian version
dfsg means that package was repacked because of containing some non-free elements

Mailman, outlook, from field

Repost from: http://it.geekman.ca/2010/01/mailman-sender-field.html

Mailman Sender FieldBy Geekman on January 8, 2010 11:37 AM

Our organization uses mailman mailing lists to categorize e-mail and deliver to staff. But I've always been driven mad by the fact that mailman removes e-mails' "Sender" field and replaces it with the list address, then moving the actual sender to a "From" field.

This is all fine and good but for the fact that Outlook can't separate the "sender" and the "from" fields; all mail comes from " on behalf of ". So using the rules feature in Outlook, it's impossible to automatically sort mail by sender: a truly infuriating combination of technological limitations.

Fortunately, I found a message in the mailman-users mailing list that explains how to fix this behaviour.

First go to mailman's directory:

cd /usr/share/mailman/Mailman/Handlers/

You'll need to edit SMTPDirect.py and comment out the following lines:

del msg['sender']
  msg['Sender'] = envsender

Save the changes. Next you'll need to compile the script you edited. I suggest making a backup of the compiled script first.

sudo cp SMTPDirect.pyc SMTPDirect.pyc.backup

Now, you'll need to enter python:

sudo python

At the Python prompt, enter the following commands

import py_compile
  py_compile.compile("SMTPDirect.py")

Press ctrl-d to exit Python. You'll need to restart mailman with the following command:

sudo /usr/share/mailman/bin/mailmanctl restart

Pray and test the configuration. With luck, your messages in Outlook should now be coming from the actual person who sent them.

Please note I have only tested this with my own server which is running OS X Server 10.4. Your mileage may vary, use at your own risk.

PCI DSS tips

2.2.3.a  Interview system administrators and/or security managers to verify that they have knowledge of common security parameter settings for system components.
Sysadmins may/must have related certifications. They also may attend in security policy creation or at least know and understand these policies.

2.2.3.c For a sample of system components, verify that common security parameters are set appropriately.
We need to check, that most important security settings are in place on a system - usually based on security standart for this system and system passport.

6.2.b  Verify that processes to identify new security vulnerabilities include using outside sources for security vulnerability information and updating the system configuration standards reviewed in Requirement 2.2 as new vulnerability issues are found.
Check if admins are regulary notified by vendor about security updates and react on these alerts with due diligence. They also have to be subscribed to best practises, magazine, vendor blog or something like this, to be always aware of best security configuration practises and news.

10.2.6 Verify initialization of audit logs is logged.
Try to change audit options, it must be logged.

10.2.7 Verify creation and deletion of system level objects are logged.
For windows try to create registry key. For linux try to create a process.

Browser security

Check your browser security:
https://browsercheck.qualys.com/
http://www.surfpatrol.ru/

Monitoring systems list

• Zenoss


• Icinga


• Zabbix


• OCS inventory NG


• Nagios


• OpenNMS

Nagios tips

Plugins, addons, sites and other great stuff for Nagios:

•     Monitoring Exchange
  


•     Nagios Exchange
  


•     Nagios Wiki
  


•     Nagios plugins
  


•     Nagvis
  


•     PNP4nagios
  


•     check_mk
  


•     Centreon
  

Good plugin for check CPU:

check_cpu.pl

To make it work you need to install some Perl modules:

    cpan -i Nagios::Plugin Getopt:Compact

I usually use this plugin with the fillowing parametres:

$USER1$/check_nrpe -H $HOSTADDRESS$ -c check_cpu -a -w 50 -c 80

Another plugin for checking CPU is check_cpu.sh.

It is more accurate because it produces two CPU checks, using -i (interval) option. When there is only one check, false aletrts may happen. For example, if one program occupies 100% of CPU for 2 seconds and exactly at this time Nagios checks CPU, critical alert would be sent.

Memory plugin, that I usually use:

check_memory.pl

Send SMS with gammu

~/.gammurc

[gammu]

port = /dev/ttyUSB0

model = connection = at19200

synchronizetime = yes

logfile =

logformat = nothing

use_locking =

gammuloc =

gammu sendsms text 07874454543

Sharepoint tips

Backup family of sites:
Stsadm -o backup -url http://site -filename \\srv\SHARE2010\%DATE%.bak

Restore family of sites:
Stsadm -o restore -url http://site -filename \\srv\sharepoint\site.bak -overwrite
Before this operation you have to create "site" web application.
stsadm program must be launched as administrator.

Some security notes

In this post I would like to describe main concepts of information security.
CIA triad:

• confidentiality 
• integrity 
• availability

Three types of controls

• Administrative control 
• Technical control 
• Physical control

 And supplemental: nonrepudiation

4 A's:

• authentication - verifies unique identification 
• authorization - check user rights 
• access control - check resource rights 
• auditing - tracks activities 

Security consists of three main areas:

• Physical security 
• Operational security
• Management and policies

Main goals if information security are:

• prevention 
• detection 
• response 

Security is combination of 3 Ps:

• processes 
• procedures 
• policies 

The main concerns in security process are:

• design goals 
• security zones
• technologies 
• business requirments 

When you think about security design, you have to think about:

• confidentiality 
• integrity 
• authentication 
• accountability 
• availability 

Main security zones are:

• internet 
• extranet 
• DMZ 
• intranet

Main business requirments are:

• identifying assets 
• assessing risks - consists of identifying assests, threat assesment and impact assesment. During impact assesment you are determining potential monetary losts. During threat assesment you are determining probability that threat can occur. Risk assesment may be qualitative and quantitative. Qualitative is descriptive assesment. It needs short time and small budget. 
• identifying threats 
• evaluating vulnerabilities

Three main attack types:

• access attack: dumpster diving, eavesdropping, snooping, interception, 
• modification or repudiation attack
• denial of service attack: ping of death, buffer overflow, TCP SYN flood, smurth attack

Stages of incident response:

• Preparation 
• Identification 
• Containment 
• Eradication 
• Recovery 
• Follow-up 

Etch repositories

One of my servers runs Debian Etch, very old distrib. To upgrade php on this server I need etch repositories. All of them are on archive Debian server:
deb http://archive.debian.org/debian/ etch main non-free contrib 

deb http://archive.debian.org/debian-security/ etch main non-free contrib 

deb http://archive.debian.org/debian-volatile/ etch main non-free contrib

Upgrade to new Debian 6

List of repositories to insert to /etc/apt/sources.list:
deb http://ftp.us.debian.org/debian/ squeeze main

deb http://security.debian.org/ squeeze/updates main

deb http://ftp.debian.org/debian squeeze-updates main

As you see, volatile is replaced by another site. There are no sites with src packages, because I don't use them :)

Here they are:

deb-src http://ftp.us.debian.org/debian/ squeeze main

deb-src http://security.debian.org/ squeeze/updates main

PHP script to convert character set for all tables in database

$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'pass';
$dbname = 'db';

header('Content-type: text/plain');

$dbconn = mysql_connect($dbhost, $dbuser, $dbpass) or die( mysql_error() );
$db = mysql_select_db($dbname) or die( mysql_error() );

$sql = 'SHOW TABLES';
$result = mysql_query($sql) or die( mysql_error() );
while ( $row = mysql_fetch_row($result) )
{
$table = mysql_real_escape_string($row[0]);
$sql = "ALTER TABLE $table DEFAULT CHARACTER SET cp1251 COLLATE cp1251_general_ci";
mysql_query($sql) or die( mysql_error() );
print "$table changed to cp1251.\n";
}

mysql_close($dbconn);
?>

Apache tips

Setting handler
Let's imagine that you are accessing .pl file from your browser and instead of opening the page, browser suggests you to save this .pl file. In this case you have to configure the right handler for your type of the file, in our case this is cgi-script handler. So add the following line to your httpd.conf or virtual host configuration:
AddHandler cgi-script .pl 

Sample Kerberos configuration
AuthType Kerberos 
KrbAuthRealms DOMAIN.DOM
KrbServiceName HTTP
Krb5Keytab /root/keytab.file
KrbMethodNegotiate on
KrbMethodK5Passwd off
Require valid-user

Configure access based on subnets
Order Deny, Allow
Deny from All
Allow from 192.168.0.0/16

Sample basic auth
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /etc/apache2/passwdRequire valid-user

Sample Digest auth
AuthType Digest

AuthName "kb"
AuthDigestProvider file
AuthUserFile /etc/apache2/digest_pw
Require valid-user

Active Directory authentication via LDAP
AuthName "Access"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://domain.com:389/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "user@domain.com"
AuthLDAPBindPassword yourpassword
require valid-user - access for any user in AD
require ldap-user "admin" - access for certain user in AD
If there is HTTP 500 error after LDAP auth and the following string is in the logs:
auth_ldap authenticate: user user authentication failed; URI / [ldap_search_ext_s() for user failed][Operations error]
Then you can try to change port number in the AuthLDAPURL to 3268

Enable X-Frame-Options

First enable header module

Then add the following string to Apache configuration file

Header always append X-Frame-Options SAMEORIGIN

Add Secure and HTTP only attributes to cookies
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
If Apache is older than 2.2.24
Header set Set-Cookie HttpOnly;Secure

Disable Apache Content Negotiation
Comment string
#AddHandler type-map .var

And add
Options -Multiviews

Typical secure SSL configuration:
SSEngine on

SSLCertificateFile /etc/apache2/ssl/site.crt
SSLCertificateKeyFile /etc/apache2/ssl/myserver.key
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
DocumentRoot /var/www
Options IncludesNoExec
Options SymLinksIfOwnerMatch
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined

Watch loaded and compiled in modules in Apache(Ubuntu & Debian)
apache2ctl -t -D DUMP_MODULES

or

apache2ctl -M

Watch only compiled in modules:

apache2 -l

Simple redirect

Redirect permanent / https://domain.com/

Monitor Apache connections
netstat -tc
apachetop

CPAN problems

I always had problems with installing Nagios:: Plugin for Perl via CPAN on different servers. It always reported various errors with make or something else. I think, I have found solution, at last.... You just need to install make, automake and build-essential:
aptitude install make automake build-essential
This is for Debian and Ubuntu versions of Linux....

Another tip to search and install perl modules in Ubuntu:
sudo apt-cache search perl Nagios::Plugin
aptitude install libnagios-plugin-perl

Hope this helps somebody :)