Quick Links

SELinux fix: allowing write to /var/lib/mod_security/

There’s a long-standing bug that prevents mod_security from writing to /var/lib/mod_security/.

According to Red Hat Bugzilla this bug should been fixed around May 2013, but it still exists – on fully patched CentOS 6.5. From /var/log/audit/audit.log:

type=AVC msg=audit(1411718594.811:7017): avc: denied { write } for pid=28144 comm="httpd" name="global.dir" \
dev=dm-0 ino=1577960 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file

type=AVC msg=audit(1411718594.812:7018): avc: denied { write } for pid=28144 comm="httpd" name="ip.dir" \
dev=dm-0 ino=1577962 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file

To relabel this directory with the proper “httpd_var_lib_t” context, run the following as root:

semanage fcontext -a -t httpd_var_lib_t "/var/lib/mod_security(/.*)?"
restorecon -Rv /var/lib/mod_security

Auto Draft

The Archiveteam Warrior is available for download as an OVA virtual appliance for use with VirtualBox, VMware Workstation/Player etc.

To use this virtual appliance on VMware ESXi 5.1, you need to make some changes related to unsupported virtual hardware.

The instructions below are for Windows – the VMware vSphere Client doesn’t run on my Mac or Linux boxes, so I keep a Windows VM around just to run the vSphere client.

Download the .OVA file and extract its contents

An OVA file is a TAR file. You can use 7-Zip to unpack the OVA file (to your Desktop). After unpacking, you should see 3 new files:

archiveteam-warrior-v2-20121008.ovf
archiveteam-warrior-v2-20121008-disk1.vmdk
archiveteam-warrior-v2-20121008-disk2.vmdk

Modify the .OVF file to make it compatible with ESXi

Open the .OVF file in a text editor (use Notepad or Notepad++). It is an XML formatted file, describing the virtual appliance.

First, change the Virtual Machine type (line 38):

<vssd:VirtualSystemType>virtualbox-2.2</vssd:VirtualSystemType>

into:

<vssd:VirtualSystemType>vmx-07</vssd:VirtualSystemType>

Next, locate the virtual SATA storage controller (starting at line 75):

<Item>
 <rasd:Address>0</rasd:Address>
 <rasd:Caption>sataController0</rasd:Caption>
 <rasd:Description>SATA Controller</rasd:Description>
 <rasd:ElementName>sataController0</rasd:ElementName>
 <rasd:InstanceID>5</rasd:InstanceID>
 <rasd:ResourceSubType>AHCI</rasd:ResourceSubType>
 <rasd:ResourceType>20</rasd:ResourceType>
</Item>

This virtual SATA controller is not supported by ESXi 5.1, so replace the item with the following:

<Item>
 <rasd:Address>0</rasd:Address>
 <rasd:Caption>SCSIController</rasd:Caption>
 <rasd:Description>SCSI Controller</rasd:Description>
 <rasd:ElementName>SCSIController</rasd:ElementName>
 <rasd:InstanceID>5</rasd:InstanceID>
 <rasd:ResourceSubType>lsilogic</rasd:ResourceSubType>
 <rasd:ResourceType>6</rasd:ResourceType>
</Item>

Save the OVF file.

Import the Virtual Appliance

  1. Start the vSphere Client and select File > Deploy OVF Template.
  2. Browse to the .OVF file (on your Desktop) and click Next.
  3. Now, vSphere Client will display a warning that the “Debian” OS is unknown, and was remapped to “Other (32-bit)”. You can ignore this warning. Deployment should complete successfully.

Power on the Virtual Machine and follow the instructions on the Console window – happy Archiving!

Fixing corroded battery contacts on the Wii Fit Balance Board

I inadvertently left some Duracell alkaline batteries in the Balance Board. Sure enough, they were already starting to leak – damaging the battery contacts in the Balance Board.

It turns out there is a relatively easy way to remove the gunk from the leaky Duracells: they are alkaline batteries, so a mild acid (household vinegar) should do the trick. After disassembling the Balance Board, carefully remove the corroded metal contacts from the battery holder and drop them in a small jar with household vinegar:

Dip battery contacts in small glass jar with vinegarIMG_5323

Watch the corrosion dissolve; if needed, use a toothbrush or Q-tip to brush the last bits of gunk from the contacts. Rinse with water, and allow the contacts to properly dry before re-assembly.

P.S. It seems that Duracell batteries are quite prone to leaking – quality sure went downhill over the years. I’m replacing all of them to prevent further damage.

Sending SMS notifications with Gnokii on CentOS 6

I had a couple of Huawei USB UMTS/HSPA sticks gathering dust, so I decided to use them for SMS notifications. Below is a quick set of notes I took during the experiment.

Configuration

My setup:

  • CentOS 6.3 (64-bit)
  • GNOKII 0.6.30 (available from EPEL)
  • Huawei E160G and Huawei E176
  • Valid SIM card, PIN entry disabled

Plug in the USB stick, watch /var/log/messages. You should see something like this:

Jan 19 23:23:47 hal kernel: usb 2-2: new high speed USB device number 13 using ehci_hcd
Jan 19 23:23:48 hal kernel: usb 2-2: New USB device found, idVendor=12d1, idProduct=1003
Jan 19 23:23:48 hal kernel: usb 2-2: New USB device strings: Mfr=2, Product=1, SerialNumber=0
Jan 19 23:23:48 hal kernel: usb 2-2: Product: HUAWEI Mobile
Jan 19 23:23:48 hal kernel: usb 2-2: Manufacturer: HUAWEI Technology
Jan 19 23:23:48 hal kernel: usb 2-2: configuration #1 chosen from 1 choice
Jan 19 23:23:48 hal kernel: scsi36 : SCSI emulation for USB Mass Storage devices
Jan 19 23:23:48 hal kernel: usb 2-2: USB disconnect, device number 13
Jan 19 23:23:54 hal kernel: usb 2-2: new high speed USB device number 14 using ehci_hcd
Jan 19 23:23:54 hal kernel: usb 2-2: New USB device found, idVendor=12d1, idProduct=1003
Jan 19 23:23:54 hal kernel: usb 2-2: New USB device strings: Mfr=2, Product=1, SerialNumber=0
Jan 19 23:23:54 hal kernel: usb 2-2: Product: HUAWEI Mobile
Jan 19 23:23:54 hal kernel: usb 2-2: Manufacturer: HUAWEI Technology
Jan 19 23:23:54 hal kernel: usb 2-2: configuration #1 chosen from 1 choice
Jan 19 23:23:54 hal kernel: option 2-2:1.0: GSM modem (1-port) converter detected
Jan 19 23:23:54 hal kernel: usb 2-2: GSM modem (1-port) converter now attached to ttyUSB0
Jan 19 23:23:54 hal kernel: option 2-2:1.1: GSM modem (1-port) converter detected
Jan 19 23:23:54 hal kernel: usb 2-2: GSM modem (1-port) converter now attached to ttyUSB1
Jan 19 23:23:54 hal kernel: scsi39 : SCSI emulation for USB Mass Storage devices
Jan 19 23:23:54 hal kernel: scsi40 : SCSI emulation for USB Mass Storage devices
Jan 19 23:23:55 hal kernel: scsi 39:0:0:0: CD-ROM            HUAWEI   Mass Storage     2.31 PQ: 0 ANSI: 2
Jan 19 23:23:55 hal kernel: scsi 40:0:0:0: Direct-Access     HUAWEI   MMC Storage      2.31 PQ: 0 ANSI: 2
Jan 19 23:23:55 hal kernel: sr1: scsi-1 drive
Jan 19 23:23:55 hal kernel: sr 39:0:0:0: Attached scsi generic sg3 type 5
Jan 19 23:23:55 hal kernel: sd 40:0:0:0: Attached scsi generic sg4 type 0
Jan 19 23:23:55 hal kernel: sd 40:0:0:0: [sdc] Attached SCSI removable disk

Each Huawei sticks presents itself as 2 separate USB modems: /dev/ttyUSB0 and /dev/ttyUSB1. I will use /dev/ttyUSB1 since SMS notifications are apparently only sent to the second port. The Micro-SD slot is reported as a SCSI device – not used here.

Now it’s time to configure Gnokii. I’ll send SMS as root, so I created directories under /root:

$ mkdir -p /root/.config/gnokii
$ mkdir -p /root/.cache/gnokii

Copy the default configuration file from /etc/gnokiirc to /root/.config/gnokii/config and add the following section:

# Huawei USB Stick
[phone_huawei]
model = AT
port = /dev/ttyUSB1
connection = serial

Issue a Gnokii command to verify that it works:

$ gnokii --phone huawei --identify
GNOKII Version 0.6.30
IMEI         : 333444555666777
Manufacturer : huawei
No flags section in the config file.
Model        : E176
Product name : E176
Revision     : 11.126.02.01.55

Sending SMS

OK, now for the real test – sending an SMS:

$ echo "SMS from Huawei" | gnokii --sendsms +31612341234 -r

If the SMS was sent correctly, gnokii exits with status 0. You can check that using the $? variable in your shell.

Receiving SMS

Incoming SMS are saved on the SIM-card memory, in memory slots starting at 0 (zero). To read the first (oldest) received message:

$ gnokii --phone huawei --getsms SM 0

The next one can be read using:

$ gnokii --phone huawei --getsms SM 1

… and so on.

Once you processed a message, you can delete it from the SIM-card:

$ gnokii --phone huawei --deletesms SM 1

There’s a lot of fun to be had with this setup – using simple SMS.

For interactive viewing of incoming SMS, use:

$ gnokii --phone huawei --smsreader

This will show new messages immediately.

Wrap-up

There’s lots more information to be found on the Gnokii Wiki.

My Huawei E160G turns out to have a SIM-lock on it. It would error out on most requests until I inserted a SIM of the correct network. Not all documented commands work:

$ gnokii --phone huawei --getlocksinfo
GNOKII Version 0.6.30
Error: Command called isn't implemented in model.

This makes troubleshooting quite a bit harder…

Nagios alerting

Next on my list is integration with Nagios – this is fairly simple; set up a Host Notification and Service Notification command that echoes a message to Gnokii. Voila: SMS alerting for Nagios ;-)

Process incoming SMS

Incoming SMS can be read using “gnokii --getsms“, but “gnokii-smsd” is a better option. It polls the USB modem regularly, and stores received messages in a database (PostgreSQL or MySQL). This makes it quite easy to use SMS from your own applications.

Have fun!

Setting up email notifications on a Synology NAS using Google Apps

I recently purchased two DS413j Synology NAS devices, running Disk Station Manager 4.1.

They offer various notification options, including Email, SMS and Push. These notifications are really helpful, as they can warn you of impending doom (for example, a failing disk).

It’s a fairly straight-forward process:

  1. Set up a dedicated Google Apps user account for sending your notifications (do not forget to activate the account via the webmail interface)
  2. Configure email notifications on your Synology NAS
  3. (Optional) customize the list of events that send out notifications

Configure Google Apps

Log on to Google Apps as a domain administrator and go to the Organization & users tab. Click “Create a new user” and follow the instructions to create a dedicated user account for sending your notifications (for example, “notifications@your.domain”). Activate that account (log on using the web interface, fill the Captcha, accept the conditions, set a secure password) and try sending an email from the web interface to verify that the account works.

Configure email notifications

On the Synology, open the web interface and go to Control Panel – Notification. On the General tab, check “Enable e-mail notifications” and enter the Google Apps email server details:

SMTP server: smtp.gmail.com
SMTP port: 587

Check “Secure connection (SSL/TLS) is required” (see Google Support for up-to-date SMTP server names and port numbers)

Next up, click “SMTP Authentication” and fill in the username and password for the Google Apps account you just created.

Finally, we need to specify who should receive these notifications. Enter your email address here and click “Send a test email”. You should receive a test notification within minutes.

If all is well, click Apply to save these settings. Done!

Optional: Customize notifications

I recommend leaving these settings at default (all events will send out an email). If you want to customize anyway, go to Control Panel – Notification and switch to the Advanced tab. Here you can select what type of events should trigger a notification.