2016/06/22

Minimal Perl

Setting up Perl on CentOS 6. I'm putting this here so that I can find it easily.

yum install perl perl-CPAN
cpan 
# make everything automatic
o conf prerequisites_policy follow
o conf build_requires_install_policy yes
o conf commit
q
cpan local::lib
cpan Bundle::CPAN # keep an eye on this because Realine wants you to hit enter
cpan App::cpanminus

Now we can install Imager (say)

sudo yum install giflib-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel t1lib-devel
cpanm Imager
Posted by at No comments:
File under , , ,

2016/06/16

sqlite3 vs firefox

Firefox keeps lots of useful in sqlite files in the user's profile. Under Linux, you will find these files in ~/.mozilla/firefox/PROFILE_DIR/. To find PROFILE_DIR, you pull look in ~/.mozilla/firefox/profiles.ini. Of interest to me is places.sqlite, which contains info on all sites visited. To pull a list out, simply do

 sqlite3 -csv ~/.mozilla/firefox/ucjmuboi.default/places.sqlite \
    'SELECT url,title,visit_count,visit_date/1000000 FROM moz_historyvisits JOIN moz_places ON place_id = moz_places.id'

The visit_date is bizarely in microseconds, so divide by 1,000,000 to get epoch seconds.

Of course, the above doesn't work on CentOS 5 nor 6. You wil get a Error: file is encrypted or is not a database error. CentOS 5 ships with sqlite 3.3.6, CentOS 6 ships with 3.6.20. Firefox uses 3.7 and creates a file that isn't backward compatible. Here is how to install a compatible version: 

cd ~/work
wget http://www.sqlite.org/2016/sqlite-autoconf-3130000.tar.gz
tar zxvf sqlite-autoconf-3130000.tar.gz
cd sqlite-autoconf-3130000
./configure --prefix=/opt/sqlite-3130000
make all
sudo make install
sudo ln -s sqlite-3130000 /opt/sqlite
sudo bash -c "echo /opt/sqlite/lib > /etc/ld.so.conf.d/sqlite.conf"
sudo ldconfig

This will install 3.13.0. Make sure to check the download page for the latest version.

It should be pointed out that by putting /opt/sqlite/lib into ld.so.conf.d, we are overriding the .so default system .so. I don't know if this will break anything. I do know that it means that DBD::SQLite and /usr/bin/sqlite3 now use the new .so and this is what I want.

Posted by at No comments:
File under , , ,

2016/03/23

Someone broke the build

One can no longer cleanly do cpan Bundle::CPAN on a fresh install of CentOS 6. Some dependencies don't install properly. I had to do the following:

cpan CPAN::Meta::YAML Parse::CPAN::Meta 
cpan Test::YAML
cpan Compress::Raw::Zlib
cpan Spiffy Test::Base
cpan Module::Metadata  CPAN::Meta Perl::OSType version
cpan Compress::Raw::Bzip2
cpan Sub::Identify
cpan SUPER
cpan Test::MockModule
cpan Bundle::CPAN

At least I didn't have to go into /root/.cpan and install things by hand.

Posted by at No comments:
File under , ,

2016/02/29

Fraud alert

If Jonathan Night calls you, leaving a blurry message in an Indian accent claiming you have unethical or illegal activity on your tax return and need to phone him? Yeah, that's fraud.

A simple Google search of the phone number will reveal this.

Posted by at No comments:

2016/02/22

SELinux vs SphinxSE

It should be noted that SphinxSE wants to talk to searchd on port 9312. SELinux will prevent this. To enable it:

semanage port -a -t mysqld_port_t -p tcp 9312
Posted by at No comments:
File under , , ,

2016/02/16

SELinux vs mysql

I'm a strange kind of fool. I maintain my own mysql packages, which makes installing them annoying because everything wants to pull in mysql-libs from the mainline.

I also sometimes want to install mysql in /home/mysql, not /var/lib/mysql as in standard on CentOS. SElinux is set up to prevent just this sort of thing. The short version is that everyhing in /home is has the home_root_t security context, which mysqld and mysqld_safe aren't allowed to interact with.

The solution is the following:

# first we are setting up the directory
mkdir -p /home/mysql/{InnoDB,etc,log,data,tmp,bin,sbin}
mv /etc/my.cnf /home/mysql/etc
ln -s /home/mysql/etc/my.cnf /etc
for n in /usr/bin/my* ; do ln -s $n /home/mysql/bin ; done
for n in /usr/sbin/my* ; do ln -s $n /home/mysql/sbin ; done
chmod 1777 /home/mysql/tmp
chown mysql:mysql -R /home/mysql
joe /home/mysql/etc/my.cnf  # change datadir
joe /etc/init.d/mysql       # change datadir and basedir

# now comes the part where we fight with selinux
semanage fcontext -a -t mysqld_db_t "/home/mysql(/.*)?"
semanage fcontext -a -t etc_t "/home/mysql/etc(/.*)?"
semanage fcontext -a -t bin_t "/home/mysql/bin(/.*)?"
semanage fcontext -a -t bin_t "/home/mysql/sbin(/.*)?"
semanage fcontext -a -t mysqld_tmp_t "/home/mysql/tmp(/.*)?"
semanage fcontext -a -t mysqld_safe_exec_t "/home/mysql/bin/mysqld_safe" 
restorecon -R -v /home/mysql
service mysql start

But it's still failing, because /home/mysql/bin/mysqld_safe is a symlink. To fix this, I did

grep mysqld /var/log/audit/audit.log | audit2allow -M "mysqlhome"
semodule -i mysqlhome.pp 
service mysql start

Yay! Now it works

Posted by at No comments:
File under , ,

2016/02/12

NT_STATUS_ACCESS_DENIED

So I'm setting up SAMBA on a new machine, I can connect correctly but dir listings are failing. The problem is SELinux, because I tried setenable 0 and it worked.

So I ask on IRC and find out I need to do the following:

semodule -BD # turn off ignored AVCs
# redo the directory listing in another window
semodule -B # turn AVCs ignoring on
grep smb audit.log | audit2allow # parse those AVCs
#============= smbd_t ==============

#!!!! This avc can be allowed using one of the these booleans:
#     samba_export_all_ro, samba_enable_home_dirs, samba_export_all_rw
allow smbd_t user_home_t:dir read;
setsebool -PV samba_enable_home_dirs 1
Posted by at No comments:
File under , ,
Subscribe to: Posts (Atom)