The best reference that I’m aware of for this used to be at http://sial.org/howto/sendmail/cipherlist/ – but DNS to that site is currently broken. The site can be reached by IP address, at least for the time being.
Distilled instructions:
- Assuming you are building from source, add the following to your site.config.m4:
APPENDDEF(`confENVDEF', `-D_FFR_TLS_1')
- Next, rebuild the Sendmail binary; when finished, add the following to your sendmail.mc and rebuild your sendmail.cf:
LOCAL_CONFIG
O CipherList=DH
(Assuming, for whatever reasons, you want to limit ciphers to Diffie-Hellman varieties. Adjust as necessary.)
You can verify your CipherList values using OpenSSL:
> openssl ciphers DH
ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ADH-DES-CBC3-SHA:ADH-DES-CBC-SHA:EXP-ADH-DES-CBC-SHA:ADH-RC4-MD5:EXP-ADH-RC4-MD5:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA
Tested against Sendmail 8.14.1.
Use the “-l” flag to unzip:
> unzip -l Downloads/vijava2120100824.zip
Many more at 25 BEST SSH COMMANDS / TRICKS; three I didn’t know:
- Copy your SSH public key to your authorized_keys on another host:
ssh-copy-id [-i [identity_file]] [user@]machine
- Login to a host you can’t directly reach, through an intermediary that can reach the host:
ssh -t reachable_host ssh unreachable_host
(The -t flag is necessary to allocate a pseudo-tty.)
- Use a Wireshark running locally to inspect traffic that a remote host sees:
ssh root@example.com tshark -w - not tcp port 22 | wireshark -k -i -
or
ssh root@example.com tcpdump -U -w - not port 22 | wireshark -k -i -
(Of course, if you need to inspect SSH traffic, you’ll need to exclude the IP address of the local host running SSH from the remote tshark or tcpdump command. Also, the above assumes the use of SSH keypair authentication with the remote host – see Wireshark’s Pipes page for ideas if you need to enter a password on the command line.)
On the command line:
lpr -P printer-queue -o page-ranges=1-2 document.pdf
Reference: Command-Line Printing and Options
Convert an IP address to hex using the “gethostip” command:
$ gethostip 1.2.3.4
1.2.3.4 1.2.3.4 010203047
This is useful for naming files in a pxelinux.cfg directory, for instance.
To mount a file system:
> sshfs -o idmap=user haiku:/tank/doc_archive ~/haiku/doc_archive
To unmount the same file system:
> fusermount -u ~/haiku/doc_archive
In a comp.databases.postgresql.general thread from 2004, John Sidney-Woollett details how to change PostgreSQL permissions on tables, views, functions and sequences in bulk – go to the thread for background and further details. In case the thread should become unavailable, queries are replicated below:
Tables
select 'grant all on '||schemaname||'.'||tablename||' to SOMEUSERNAME;'
from pg_tables
where schemaname in ('SOMESCHEMA1', 'SOMESCHEMA2')
order by schemaname, tablename;
Views
SELECT 'grant all on '||n.nspname||'.'||c.relname||' to SOMEUSERNAME;'
FROM pg_catalog.pg_class c
LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace
WHERE n.nspname in ('SOMESCHEMA1', 'SOMESCHEMA2')
and c.relkind = 'v'
ORDER BY n.nspname, c.relname;
Functions
select 'grant all on function
'||n.nspname||'.'||p.proname||'('||oidvectortypes(p.proargtypes)||') to
SOMEUSERNAME;'
from pg_proc p, pg_namespace n
where n.oid = p.pronamespace
and n.nspname in ('SOMESCHEMA1', 'SOMESCHEMA2')
order by n.nspname, p.proname;
Sequences
select 'grant all on '||n.nspname||'.'||c.relname||' to MYUSERNAME;'
from pg_class c, pg_namespace n
where n.oid = c.relnamespace
and c.relkind IN ('S')
and n.nspname in ('SOMESCHEMA1', 'SOMESCHEMA2');
For Red Hat or clones, or ESX/ESXi, use “grub-md5-crypt”:
> grub-md5-crypt
Password:
Retype password:
$1$KnYGn/$wOAmKuQH3KP35XRjWiUpX/
Copy and paste to “rootpw –iscrypted” as appropriate.
> curl -s http://169.254.169.254/latest/meta-data/
ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
reservation-id
Use the --parseonly (puppet.conf manpage: “just check the syntax of the manifests”) and --ignoreimport (“enables you to parse-check a single file rather than requiring that all files exist”) flags to the puppet comand:
> puppet --parseonly --ignoreimport <filename.pp>
Reference: Puppet