Category Archives: Programming

Material related to computer programming.

MySQL SSL connections not working with phpMyAdmin and mysqli

Posted on by
44

I had a problem with phpMyAdmin not using encrypted connections.

My server was correctly configured for SSL as indicated by:

SHOW VARIABLES LIKE '%ssl%'

Which returned:

Variable_name Value
have_openssl YES
have_ssl YES
ssl_ca /etc/mysql/cacert.pem
ssl_capath
ssl_cert /etc/mysql/server-cert.pem
ssl_cipher
ssl_key /etc/mysql/server-key.pem

However when I ran:

SHOW STATUS LIKE 'Ssl_cipher'

I got back a null result, indicating that the connection was not encrypted.

Eventually I figured out that the problem was caused by using the ‘mysqli’ provider for my connections in phpMyAdmin. When I switched my connections to use ‘mysql’ instead then encryption started working and an Ssl_cipher was reported.

I’d love to know what the actual problem is, but for now I’m just happy that my connections are actually encrypted. I spent a while hacking on the mysqli dbi interface to try and get it to play nice with SSL but I didn’t make any progress.

fail2ban.actions.action: ERROR

Posted on by
28

Found some discussion on dealing with “fail2ban.actions.action: ERROR” errors from fail2ban. Basically there’s a race condition and a few suggestions to deal with it. One is to modify /usr/bin/fail2ban-client like this:

def __processCmd(self, cmd, showRet = True):
	beautifier = Beautifier()
	for c in cmd:
		time.sleep(0.1)
		beautifier.setInputCmd(c)

But the other one, that I think I like better, is to edit /etc/fail2ban/actions.d/iptables-multiport.conf to include a call to sleep for a random time up to three seconds:

 actionstart =   sleep `perl -e 'print rand(3);'`
             iptables -N fail2ban-<name>
             iptables -A fail2ban-<name> -j RETURN
             iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>

Getting absolute path from relative path in Bash

Posted on by
25

I was writing a shell script and I wanted to change directory. But before I changed directory I wanted to get the absolute path to a file relative to the current directory so that I could access the file again later. I learned that you can do this in Bash with the readlink facility, passing in the -f command line switch, i.e.:

 $ readlink -f ./some/path

Postfix Virtual Mailboxes and Procmail Filtering

Posted on by
Reply

Am interested in getting procmail to work with my Postfix/Courier setup. Am using virtual domains/aliases/mailboxes stored in a MySQL database and a Maildir file system. Have only just begun my investigations. So far I’ve found:

Security considerations for find

Posted on by
41

Read about the security considerations for find. Find is a *nix tool for searching though directories for files and filtering them to build lists or run commands.

While I’m here I might as well show you my latest find command, I think it’s a beauty. :)

sudo find . \
  \( \( \( \! -user jj5 \) -or \( \! -group jj5 \) \) \
    -execdir chown jj5:jj5 '{}' \+ \) , \
  \( \( -type d \( \! -perm -u+rwx \) \) \
    -execdir chmod u+rwx '{}' \+ \) , \
  \( \( -type f \( \! -perm -u+rw \) \) \
    -execdir chmod u+rw '{}' \+ \)