hawking's weblog

There are a few mutt patches that are very useful but not in gentoo-patches. One of them is the mutt-sidebar patch which creates a sidebar with a list of folders on the left side of the mutt window.
Another one is the mutt X-face patch which uses w3mimgdisplay to display X-Faces. I wrote an ebuild for mutt-1.5.14 adding use flags sidebar and xface which is in my overlay.
Here is the layman configuration file for my overlay if you're interested ;)

I found a new vim script called hints_man3. It shows the prototype of C library functions as you write them. You need to set your cmdheight option to at least 2 for it to work. This can be done by adding:

au BufRead,BufNewFile *.c,*.h set ch=2

to your .vimrc file. Here is a screenshot:

Thanks to nonlogic people I have my own overlay now which contains my experimental ebuilds - mainly wireless tools like aircrack-ng, lorcon, airpwn etc.
I also plan to add wireless modules like madwifi-ng with lorcon patches soon.If you want to use it just get this layman xml file and add file:///path/to/hawking.xml to your overlays line in /etc/layman/layman.cfg.

I've been experimenting with sshguard today. It turns out it won't parse the log messages when sshd is using pam for authentication. pam_tally might be used to prevent brute forces but I don't think it's as practical as sshguard so I decided to add support for PAM messages to sshguard.
On my system this is how a PAM authentication failure looks like:

Mar 12 03:24:11 mars sshd[10656]: pam_unix(sshd:auth): authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1  user=hawking

I added a regex to parse the messages among with the other changes. The patch and the updated ebuild are here. It works fine now. To check just start entering wrong passwords to sshd:

hawking@mars ~ $ ssh mars.solar
Password: ..wrong password..
Password: and again
Password: and again..
Permission denied (publickey,keyboard-interactive).
hawking@mars ~ $ ssh mars.solar
Password: ..wrong password..

After four tries sshguard blocked me :-)

Mar 12 03:24:11 mars sshguard[10658]: Blocking 127.0.0.1: 4 failures
over 12 seconds

I think sshguard will be cool when it has a list of different regexes to parse with. I'm planning to let upstream know about it.

There are many tools to prevent SSH brute force attacks. My favourite is sshguard. First of all it's not a script, it's written in C and it's pretty easy to configure.
For those who are interested I wrote an ebuild for it, it's in sunrise overlay right now.
As a short tutorial here is how I configured it. First you need to make syslog-ng call sshguard in case of an authentication failure. Adding these lines to syslog-ng.conf would do it:

destination sshguardproc { program("/usr/sbin/sshguard"); };
filter sshd { facility(authpriv) and match(ssh); };
log { source(src); filter(sshd); destination(sshguardproc); };

For efficiency make sure sshd doesn't use DNS when logging IP addresses. This can be done by adding

UseDNS no

to /etc/ssh/sshd_config.
Last but not least we need the iptables configuration to make sshguard work. First create a new chain called sshguard. Then pass all SSH traffic to this chain:

iptables -N sshguard
iptables -A INPUT -p tcp --dport 22 -j sshguard

All done :-)

I wrote an ebuild for chessdb and two patches so that it works fine under Gentoo. You can get the ebuild and the patches here. I also wrote a bug report to include it in portage.

Bitlbee developers released a testing version of 1.1 branch. I wrote an ebuild for it. You can get it here. I tested it with use flags jabber,msn,oscar,ssl,xinetd and yahoo. It seems to work fine. The ldap use flag doesn't do anything much as ldap support is pretty new.