Not working Terminal and Root Terminal in Kali Linux

In some cases after installation or upgrade of Kali Linux everything works fine except console in GUI mode (Terminal and Root Terminal).
The solution is quite simple. Just go to Settings/Region & Language and change language from “iso… (bla bla bla)” to proper language.
After that Terminal magically start to work.

Free Cisco ASA firmware update

Don’t have an active service contract for your Cisco ASA ?

Here is an opportunity to get a free update! Just send an email to TAC and refer to that vulnerability report. You get free and legal update. Do not forget to attach serial number of your device and current firmware version.
Keep in mind that usage of obtained file is legal only on device for which was requested.

Tried and it really works ūüôā

QNAP custom dhcpd config file

In some network I wanted to use QNAP nas (QTS 4.3.4 x64) also as DHCP server, but with my own config file. I needed static bindings and special config with cookie for Smart-UPS RT 10000 XL (which I already mentioned here).
First option was to use some App from AppCenter like DNSMasq (not seen that app? ūüôā You can use alternative repo like https://www.qnapclub.eu/pl/repo/xml – maybe I’ll write something more about that some day), but in my case the default volume is encrypted. As long as I don’t enter password manually after restart or a power failure apps won’t get loaded, so network is dead without DHCP server.
Some solution is to make special not encrypted volume only with that app – but unfortunately most apps does not support volume migration (some other time I will write something more about how to enable this option).
The third solution is to use system dhcp server which is ISC DHCP. It is loaded even when main volume is not mounted. But how to provide custom config premanently?

First of all we need to enable dhcp server in Network & Virtual switch app. In my case br0 interface was used. I propose to configure as small IP range as possible in case if some client succeed to connect before we replace config (just one IP would be fine). Then we put our config file in

/etc/config/dhcpd_br0.conf

For my UPS it was something like:

#custom_config
ddns-update-style none;
get-lease-hostnames true;
default-lease-time 7200;                                                                                                                                                     
max-lease-time 7200;
log-facility local7;
ping-check false;
option apc-token code 43 = string;
authoritative;

subnet 192.168.1.0 netmask 255.255.255.0 {
    option domain-name "domain.org";
    option domain-name-servers 8.8.8.8, 8.8.4.4;
    option routers 192.168.1.1;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.1.255;
    range 192.168.1.71 192.168.1.90;
}

#some static host
host hsot1 {
   fixed-address 192.168.1.2;
   hardware ethernet 04:14:a6:c9:66:78;
}

#Smart-UPS RT 10000 XL  with AP9619 card 
host ups {
   fixed-address 192.168.1.13;
   hardware ethernet 00:ca:a7:62:37:64;
   #cookie needed to get things work
   option apc-token 01:04:31:41:50:43;
}

Then we create

/etc/config/dhcpd_check

file:

#!/bin/sh

/bin/grep -q custom_config /etc/dhcpd_br0.conf || \
    ( cp -f /etc/config/dhcpd_br0.conf /etc/dhcpd_br0.conf && \
    kill `cat /mnt/ext/opt/netmgr/api/core/dhcpdLink/br0.pid` )

That script checks if the current config file is ours. If not it replaces the file and kills dhcpd server. QTS has some kind of watchdog mechanism so we don’t need to bother to start it again (ISC DHCP does not support config reload with signals so more elegant way is not possible ūüôĀ ). Please remember to set correct permissions by

chmod 700 /etc/config/dhcpd_check

Last thing to do is to add our script to cron by editing

/etc/config/crontab

and adding

* * * * * /etc/config/./dhcpd_check

Not very elegant solution, but works ūüôā

UPS on macOS Sierra 10.12 with snmp problem

I’m using Smart-UPS RT 10000 XL on my network and wanted to use it also with my iMac runing macOS Sierra 10.12. An AP9619 card enables user to monitor UPS status with SNMP. For that purpose I installed apcupsd package using Homebrew:

brew install apcupsd

Configuration file is located at:

/usr/local/etc/apcupsd/apcupsd.conf

and there was a need to change some things:

UPSCABLE smart
UPSTYPE snmp
DEVICE 192.168.1.13:161:APC:public

Everything seemed to work, but after some time I noticed that power failure didn’t shut down my iMac.
I noticed that after reboot status check

/usr/local/Cellar/apcupsd/3.14.14/sbin/apcaccess status

resulted in something like that:

APC      : 001,018,0459
DATE     : 2018-02-03 13:27:16 +0100  
HOSTNAME : My-iMac.local
VERSION  : 3.14.14 (31 May 2016) darwin
UPSNAME  : My-iMac.local
CABLE    : Ethernet Link
DRIVER   : SNMP UPS Driver
UPSMODE  : Stand Alone
STARTTIME: 2018-02-03 13:08:14 +0100  
STATUS   : 
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME  : 0 Seconds
NUMXFERS : 0
TONBATT  : 0 Seconds
CUMONBATT: 0 Seconds
XOFFBATT : N/A
STATFLAG : 0x05000000
END APC  : 2018-02-03 13:27:44 +0100

I seemed that UPS was not visible. After restarting service

sudo sudo launchctl stop org.apcupsd.apcupsd
sudo sudo launchctl start org.apcupsd.apcupsd

everything was going back to normal:

APC      : 001,046,1075
DATE     : 2018-02-03 13:45:42 +0100  
HOSTNAME : My-iMac.local
VERSION  : 3.14.14 (31 May 2016) darwin
UPSNAME  : UPS
CABLE    : Ethernet Link
DRIVER   : SNMP UPS Driver
UPSMODE  : Stand Alone
STARTTIME: 2018-02-03 13:45:39 +0100  
MODEL    : Smart-UPS RT 10000 XL
STATUS   : ONLINE 
LINEV    : 243.0 Volts
LOADPCT  : 15.0 Percent
BCHARGE  : 100.0 Percent
TIMELEFT : 114.0 Minutes
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME  : 0 Seconds
MAXLINEV : 243.0 Volts
MINLINEV : 236.0 Volts
OUTPUTV  : 229.0 Volts
SENSE    : Unknown
DWAKE    : 0 Seconds
DSHUTD   : 20 Seconds
DLOWBATT : 2 Minutes
LOTRANS  : 196.0 Volts
HITRANS  : 253.0 Volts
RETPCT   : 0.0 Percent
ITEMP    : 25.0 C
ALARMDEL : 5 Seconds
BATTV    : 218.0 Volts
LINEFREQ : 49.0 Hz
LASTXFER : Unacceptable line voltage changes
NUMXFERS : 0
TONBATT  : 0 Seconds
CUMONBATT: 0 Seconds
XOFFBATT : N/A
SELFTEST : OK
STESTI   : 336
STATFLAG : 0x05000008
MANDATE  : 07/11/07
SERIALNO : IS000000000
BATTDATE : 07/11/07
NOMOUTV  : 230 Volts
EXTBATTS : 2
FIRMWARE : 476.17.W
END APC  : 2018-02-03 13:45:45 +0100 

After some debugging I realized that daemon is started before network was ready (don’t know if it is a brew package problem or my configuration is specific).
Turned out that apcupsd wasn’t able to use network connection initialized after it’s start. My solution is not very elegant, but fully satisfying – addition of some delay

/bin/sleep  180

in the second line of

/usr/local/Cellar/apcupsd/3.14.14/sbin/apcupsd-start

was sufficient.

Auto update image of running Docker containers

Many people are wondering if there is an easy way to update container to newest version, while it is already configured and running. Normal procedure is to use docker pull, delete the old one  and  deploy the new one with the very same configuration as before.

Easy but frustrating ūüôā

There is a tool that do it automatically named watchtower . It is also a Docker container and it interacts with the Docker API.  In order to monitor the running containers, it needs to be mounted to  /var/run/docker.sock with the -v flag when running. By default, watchtower will monitor all containers running within the Docker daemon:

docker run -d \
  --name watchtower \
  -v /var/run/docker.sock:/var/run/docker.sock \
  v2tec/watchtower

It can monitor only specified containers:

docker run -d \
  --name watchtower \
  -v /var/run/docker.sock:/var/run/docker.sock \
  v2tec/watchtower nginx redis

Setup wordpress site with docker stack

Lately I’m playing with Docker and as exercise I tried to setup full installation of WordPress using docker.
The most simple is to use official wordpress repository. The problem was that wordpress container doesn’t support sending mails. The easiest way to provide such functionality is to install ssmtp. So I created a container for that purpose defragmentator/wordpress_ssmtp
Sources are published on my GitHub.
That container enables user to easy configure outgoing email account with environment variables. If someone prefer to use config file on volume (/etc/ssmtp/ssmtp.conf) it is also possible.

config.yml:

version: '3'

services:
   db:
     image: mysql:5.7
     volumes:
       - /home/docker/wordpress/db:/var/lib/mysql
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: mysql
       MYSQL_DATABASE: wordpress
       MYSQL_USER: wordpress
       MYSQL_PASSWORD: wordpress

   wordpress:
     depends_on:
       - db
     volumes:
       - /home/docker/wordpress/html:/var/www/html
     image: defragmentator/wordpress_ssmtp:fpm
     restart: always
     environment:
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_USER: wordpress
       WORDPRESS_DB_PASSWORD: wordpress
       SSMTP_ROOT: [email protected]
       SSMTP_MAILHUB: smtp.gmail.com:587
       SSMTP_USETLS:  'YES'
       SSMTP_USESTARTTLS:  'YES'
       SSMTP_FROMLINEOVERRIDE: 'YES'
       SSMTP_AUTHUSER: [email protected]
       SSMTP_AUTHPASS: password


   web:
        image: nginx:latest
        restart: always
        ports:
            - "80:80"
        volumes:
            - /home/docker/wordpress/log:/var/log/nginx
            - /home/docker/wordpress/html:/var/www/html
            - /home/docker/wordpress/nginx/default.conf:/etc/nginx/conf.d/default.conf

Having properly edited config.yml deployment can be done with command:

sudo docker stack deploy -c config.yml wordpresssite

My repository contains of two branches: apache and fpm. I prefere fpm with nginx, bacause it was much simpler to deploy with CloudFlare. To get real IPs of users I added some lines to default.conf:

set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;

# use any of the following two
real_ip_header CF-Connecting-IP;
#real_ip_header X-Forwarded-For;

Too many pipes open in php-fpm

Configuring php-fpm I had a problem – even when configured in php-fpm.conf

<value name="max_children">150</value>

I got only about 120 childrens.  I found that the problem was krenel maximum open files limit. You can check it with

ulimit -a
core file size (blocks)     unlimited
data seg size (kbytes)      unlimited
file size (blocks)          unlimited
open files                  256
pipe size (512 bytes)       10
stack size (kbytes)         8192
cpu time (seconds)          unlimited
max user processes          29995
virtual memory (kbytes)     unlimited

These values can be globally changed in

/etc/system

. In this case reboot is needed, but for me it was easier  to add

ulimit -n 1024 

at the top

sbin/php-fpm

startup script.

Dynamic library functions’ listing

Sometimes it would be useful to see what functions does export dynamic library.

There is very useful solaris tool which may help

/usr/ccs/bin/nm

example usage:

/usr/ccs/bin/./nm /lib/libmd5.so
/lib/libmd5.so:

[Index]   Value      Size    Type  Bind  Other Shndx   Name

[27]    |         0|       0|SECT |LOCL |0    |1      |
[2]     |       148|       0|SECT |LOCL |0    |1      |
[3]     |       308|       0|SECT |LOCL |0    |2      |
[4]     |       612|       0|SECT |LOCL |0    |3      |
[5]     |       972|       0|SECT |LOCL |0    |4      |
[6]     |      1004|       0|SECT |LOCL |0    |5      |
[7]     |      1060|       0|SECT |LOCL |0    |6      |
[8]     |      1100|       0|SECT |LOCL |0    |7      |
[9]     |      1208|       0|SECT |LOCL |0    |8      |
[10]    |      1268|       0|SECT |LOCL |0    |9      |
[11]    |      5392|       0|SECT |LOCL |0    |10     |
[12]    |      5472|       0|SECT |LOCL |0    |11     |
[13]    |      5600|       0|SECT |LOCL |0    |12     |
[14]    |      5604|       0|SECT |LOCL |0    |13     |
[15]    |     73728|       0|SECT |LOCL |0    |14     |
[16]    |     73740|       0|SECT |LOCL |0    |15     |
[17]    |     73852|       0|SECT |LOCL |0    |16     |
[18]    |     74068|       0|SECT |LOCL |0    |17     |
[19]    |     74108|       0|SECT |LOCL |0    |18     |
[20]    |     74120|       0|SECT |LOCL |0    |19     |
[21]    |     74184|       0|SECT |LOCL |0    |20     |
[22]    |         0|       0|SECT |LOCL |0    |21     |
[23]    |         0|       0|SECT |LOCL |0    |22     |
[24]    |         0|       0|SECT |LOCL |0    |1      |
[25]    |         0|       0|SECT |LOCL |0    |23     |
[26]    |         0|       0|SECT |LOCL |0    |24     |
[43]    |      5304|      88|FUNC |LOCL |0    |9      |Encode
[48]    |      1588|     136|FUNC |GLOB |0    |9      |MD5Final
[52]    |      1268|      60|FUNC |GLOB |0    |9      |MD5Init
[42]    |      1772|    3532|FUNC |LOCL |0    |9      |MD5Transform
[65]    |      1328|     260|FUNC |GLOB |0    |9      |MD5Update
[40]    |     74120|      64|OBJT |LOCL |0    |19     |PADDING
[63]    |         0|       0|OBJT |GLOB |0    |ABS    |SUNW_1.1
[59]    |     73852|       0|OBJT |GLOB |0    |16     |_DYNAMIC
[30]    |     74184|       0|OBJT |LOCL |0    |20     |_END_
[57]    |     73728|       0|OBJT |GLOB |0    |14     |_GLOBAL_OFFSET_TABLE_
[50]    |     73740|       0|OBJT |GLOB |0    |15     |_PROCEDURE_LINKAGE_TABLE_
[28]    |         0|       0|OBJT |LOCL |0    |1      |_START_
[56]    |         0|       0|NOTY |WEAK |0    |UNDEF  |__1cG__CrunVdo_exit_code_in_range6Fpv1_v_
[54]    |         0|       0|NOTY |WEAK |0    |UNDEF  |__1cH__CimplKcplus_fini6F_v_
[58]    |         0|       0|NOTY |WEAK |0    |UNDEF  |__1cH__CimplKcplus_init6F_v_
[35]    |     74112|       0|NOTY |LOCL |0    |18     |_cpp_finidata0
[51]    |     74184|       0|OBJT |GLOB |0    |19     |_edata
[62]    |     74184|       0|OBJT |GLOB |0    |20     |_end
[61]    |      5864|       0|OBJT |GLOB |0    |13     |_etext
[60]    |         0|       0|NOTY |WEAK |0    |UNDEF  |_ex_deregister
[36]    |      5600|       0|NOTY |LOCL |0    |12     |_ex_range0
[46]    |      5600|       0|NOTY |LOCL |0    |12     |_ex_range1
[53]    |         0|       0|NOTY |WEAK |0    |UNDEF  |_ex_register
[34]    |     74084|       0|NOTY |LOCL |0    |17     |_ex_shared0
[45]    |     74100|       0|NOTY |LOCL |0    |17     |_ex_shared1
[37]    |      1268|       0|NOTY |LOCL |0    |9      |_ex_text0
[47]    |      5392|       0|NOTY |LOCL |0    |9      |_ex_text1
[32]    |      5472|     128|FUNC |LOCL |0    |11     |_fini
[29]    |      5392|      80|FUNC |LOCL |0    |10     |_init
[31]    |      5604|       4|OBJT |LOCL |0    |13     |_lib_version
[55]    |         0|       0|FUNC |GLOB |0    |UNDEF  |bcopy
[49]    |         0|       0|FUNC |GLOB |0    |UNDEF  |bzero
[33]    |         0|       0|FILE |LOCL |0    |ABS    |crti.s
[44]    |         0|       0|FILE |LOCL |0    |ABS    |crtn.s
[1]     |         0|       0|FILE |LOCL |0    |ABS    |libmd5.so.1
[39]    |         0|       0|FILE |LOCL |0    |ABS    |md5.c
[64]    |      1724|      48|FUNC |GLOB |0    |9      |md5_calc
[41]    |      5608|     256|OBJT |LOCL |0    |13     |md5_consts
[38]    |         0|       0|FILE |LOCL |0    |ABS    |values-Xa.c</em></blockquote>

Shared libraries conversion

I was wondering if it’s possible to convert binary dynamic library to a shared static library and vice versa.¬† I’ve done some research and I found a solution to do it but only in one direction.

ar -x libtermcap.a

extracts static library to .o object, then you can compile it to dynamic library

gcc -shared *.o -o libtermcap.so.2

Unfortunately it looks like that conversion in opposite direction is impossible.