Linux Archives

Over 80% is running on some form of Linux – so does your Mac and you iPhone. Sometimes we have to get our hands dirty on the command line – it makes you feel like a proper hacker.

Here are some pointers I picked up on my journey.

How to remove an IP from the CBL (Composite Blocking List)

Today I was introduced to something called the CBL, or the Composite Blocking List. This is one of several Spamhaus projects that’s there to make sure IP’s are blacklisted when they’re sending spam.

You can check if your IP’s are OK at http://www.spamhaus.org/lookup/

The CBL is a separate website in which you can also lookup IPs. Spamhaus will tell you if that’s the case and direct you to the CBL here: http://www.abuseat.org/lookup.cgi

Even though my IP was otherwise fine, it was listed in the CBL, and Yahoo kindly made me aware of this as part of an error message I’ve received when trying to send an email. If ever there is an email problem in CentOS, the first place to look is /var/log/maillog. Here’s Yahoo’s very helpful explanation: https://help.yahoo.com/kb/postmaster/SLN5070.html

Turns out that the hostname was not setup yet, so the box would respond as localhost.localdomain. That’s a big fat no-no as far as the CBL people are concerned. Here’s CBL’s explanation:

This IP address is HELO’ing as “localhost.localdomain” which violates the relevant standards (specifically: RFC5321).

The CBL does not list for RFC violations per-se. This _particular_ behaviour, however, correlates strongly to spambot infections. In other words, out of thousands upon thousands of IP addresses HELO’ing this way, all but a handful are infected and spewing junk. Even if it isn’t an infection, it’s a misconfiguration that should be fixed, because many spam filtering mechanisms operate with the same rules, and it’s best to fix it regardless of whether the CBL notices it or not.

Read more

How to set the hostname on CentOS and Fedora

CentOS 7 has a nice command called hostnamectl. With it we can display the current hostname, and set any of the three types of hostname: static hostname (something like example.com) transient hostname (anything you like, assigned when using DHCP) pretty hostname (something like Jay’s MacBook Pro) By default, a CentOS installation comes back with localhost.localdomain … Read more

How to disable SSH access from everywhere except for certain IPs in CentOS 7

Here’s how to do it: firewall-cmd –zone=internal –add-service=ssh –permanent firewall-cmd –zone=internal –add-source=1.2.3.4/32 –permanent firewall-cmd –zone=internal –add-source=5.6.7.8/32 –permanent firewall-cmd –zone=public –remove-service=ssh –permanent firewall-cmd –reload This declares an internal zone with two IPs (add as many or as few as you like) and subsequently removes the SSH service from the public zone altogether. As a result, any … Read more

How to install Parallels Tools via the Command Line in CentOS

I like setting up barebones CentOS and other flavoured VMs on my Mac via Parallels Desktop. Trouble is, for such things like time synchronisation to work properly, something called Parallels Tools needs to be installed on each VM. This is to make sure Parallels Desktop can speak to the VM and communicate with it properly. … Read more