Category: Unix/Linux

Blocking incoming mail by subject in sendmail

LOCAL_RULESETS HSubject: $>Check_Subject
D{MPat}ILOVEYOU
D{MMsg}This message may contain the LoveLetter virus. SCheck_Subject
R${MPat} $*$#error $: 550 ${MMsg}
RRe: ${MPat} $*$#error $: 550 ${MMsg}

In this case, we are blocking the ILOVEYOU virus.
“D{MPat}ILOVEYOU” is what’s in the subject line when the message comes in.“D{MMsg}This message may contain the LoveLetter virus.” is the message that sendmail will give to the sender. You are free to be creative with this message and you could also create a universal error message for all of the mails with the subject line you want to block.

If you have a huge list of subject lines you want to block, you could do it this way:
LOCAL_RULESETS HSubject: $>Check_Subject
D{MPat}ILOVEYOU
D{MPat2}Mother’s Day Order Confirmation
D{MPat3}Important ! Read carefully !!
D{MMsg}Your mail has been rejected because it may have a virus. SCheck_Subject
R${MPat} $*$#error $: 550 ${MMsg}
RRe: ${MPat} $*$#error $: 550 ${MMsg}
R${MPat2} $*$#error $: 550 ${MMsg}
RRe: ${MPat2} $*$#error $: 550 ${MMsg}
R${MPat3} $*$#error $: 550 ${MMsg}
RRe: ${MPat3} $*$#error $: 550 ${MMsg}

 

Hopefully, you get the idea here. After all this, you have to recompile the sendmail.cf file and restart sendmail for this to take effect. To recompile the sendmail.cf file:
1 – backup your original /etc/mail/sendmail.cf
2 – in the /usr/lib/mail/cf directory, run:
/usr/ccs/bin/m4 ../m4/cf.m4 main.v7sun.mc > /etc/mail/sendmail.cf To restart sendmail:
/etc/init.d/sendmail stop
/etc/init.d/sendmail start Have fun!]]>

Installing Openssl/Openssh on Solaris 8

Installing Openssl/Openssh on Solaris 8

Some Compiling NOTES
– If you have problems and decide to start over, run “echo $?” after each command to see if you have errors in your steps
– If you get an error “Cannot find ELF”, it may be because you are using the gnu strip (from binutils). Use the strip that comes with Solaris in /usr/ccs/bin

1) Install compiler (gcc or equivalent – I used Forte Developer 7). You can install gcc with packages SUNWgcmn and SUNWgcc from the Solaris Companion CD or you can get it from sunfreeware.com.

2) path set – cc and make in your path
ie: PATH=/opt/sfw/bin:/usr/ccs/bin:$PATH
The “make” binary is /usr/ccs/bin and if you got gcc from the companion cd, it will be in /opt/sfw/bin (if you got it from sunfreeware.com, it will be in /usr/local/bin)

3) Install patch 112438-01 (reboot the machine after install)

4) Install Openssl (from openssl.org) – latest version as of this writing is 0.96g.
./Config
make
make install

5) Install Openssh (openssh.org) – latest version as of this writing is 3.4p1 – I’m configuring it with pam (so that I can authenticate via ldap) and xauth (so that I can do XForwarding)
./configure –with-pam –with-xauth=/usr/openwin/bin/xauth
make
make install

6) Create a user for ssh
useradd -g nobody -s ‘/usr/bin/false’ sshd

7) If you want XForwarding, in /usr/local/etc/sshd_config, set:
X11Forwarding yes

8) Start the SSH server
/usr/local/sbin/sshd

9) You may want a script to start the ssh server. This is a modified version of the one I took from a source I can’t remember:

#!/sbin/sh
#
# Init file for OpenSSH server daemon
RETVAL=0
prog=”sshd”

# Some functions to make the below more readable
KEYGEN=/usr/local/bin/ssh-keygen
SSHD=/usr/local/sbin/sshd
RSA1_KEY=/usr/local/etc/ssh_host_key
RSA_KEY=/usr/local/etc/ssh_host_rsa_key
DSA_KEY=/usr/local/etc/ssh_host_dsa_key
PID_FILE=/var/run/sshd.pid

do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
echo -n $”Generating SSH1 RSA host key: ”
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C ” -N ” >&/dev/null; then
chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
success $”RSA1 key generation”
echo
else
failure $”RSA1 key generation”
echo
exit 1
fi
fi
}

do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo -n $”Generating SSH2 RSA host key: ”
if $KEYGEN -q -t rsa -f $RSA_KEY -C ” -N ” >&/dev/null; then
chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
success $”RSA key generation”
echo
else
failure $”RSA key generation”
echo
exit 1
fi
fi
}

do_dsa_keygen() {
if [ ! -s $DSA_KEY ]; then
echo -n $”Generating SSH2 DSA host key: ”
if $KEYGEN -q -t dsa -f $DSA_KEY -C ” -N ” >&/dev/null; then
chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
success $”DSA key generation”
echo
else
failure $”DSA key generation”
echo
exit 1
fi
fi
}

do_restart_sanity_check()
{
$SSHD -t
RETVAL=$?
if [ ! “$RETVAL” = 0 ]; then
failure $”Configuration file or keys are invalid”
echo
fi
}

start()
{
# Create keys if necessary
do_rsa1_keygen
do_rsa_keygen
do_dsa_keygen

echo -n $”Starting $prog:”
$SSHD
RETVAL=$?
# [ “$RETVAL” = 0 ] && touch /var/lock/subsys/sshd
echo
}

stop()
{
echo -n $”Stopping $prog:”
pkill $SSHD
RETVAL=$?
# [ “$RETVAL” = 0 ] && rm -f /var/lock/subsys/sshd
echo
}

reload()
{
echo -n $”Reloading $prog:”
killproc $SSHD -HUP
RETVAL=$?
echo
}

case “$1” in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
condrestart)
if [ “$RETVAL” = 0 ] ; then
stop
# avoid race
sleep 3
start
fi
# fi
;;
status)
status $SSHD
RETVAL=$?
;;
*)
echo $”Usage: $0 {start|stop|restart|reload|condrestart|status}”
RETVAL=1
esac
exit $RETVAL

Sendmail Routing with LDAP

Sendmail Routing with LDAP

One of the reasons you might want to do this is if you just acquired a new company and want mail to be routed through your same old sendmail relays as you had previously or if you’re running some kind of spam or virus scanner that requires sendmail or maybe you just want to have a relay in between your the Internet and your mail server for security purposes.

Note: In this case, this is for routing mail with sendmail and not accepting mail and putting mail into /var/mail on this machine. If you want the mail stored on this machine, you should be able to get on this machine with an ‘su – uid’ command. Otherwise, you will probably get the message, “User unknown”.

You can use whatever directory server you want with whatever schema you want as long as you know what you are looking for and how to use the data.

You will need a version of sendmail that has ldap capabilities

compiled into it. You can check this with:

/usr/lib/sendmail -d0.11 < /dev/null

Version 8.12.10+Sun

Compiled with: DNSMAP LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8

When you see LDAPMAP, you know that it will work. Solaris 7-9 should all

work. Patches are available for those that don’t.

In this example, we will use the ldap data from a SunONE Messaging server.

We first do a search to find a user so that we know what we will need.

Here, I pull the user’s ldif data with this command:

/usr/sbin/ldapsearch -b ‘o=isp’ -p 4389 -h flash.atac.ebay.sun.com [email protected]

In this case, I’m looking for alton’s user entry and using the mail attribute.

Here are my results:

uid=alton, ou=people, o=atac.ebay.sun.com, o=isp

objectClass=top

objectClass=person

objectClass=organizationalPerson

objectClass=inetOrgPerson

objectClass=inetUser

objectClass=ipUser

objectClass=nsManagedPerson

objectClass=userPresenceProfile

objectClass=inetMailUser

objectClass=inetLocalMailRecipient

[email protected]

mailUserStatus=active

mailHost=flash.atac.ebay.sun.com

givenName=alton

cn=alton yu

uid=alton

nsdaCapability=mailListCreate

sn=yu

inetUserStatus=active

mailDeliveryOption=mailbox

preferredLanguage=en

nswmExtendedUserPrefs=meDraftFolder=Drafts

nswmExtendedUserPrefs=meSentFolder=Sent

nswmExtendedUserPrefs=meTrashFolder=Trash

nswmExtendedUserPrefs=meInitialized=true

pabURI=ldap://flash.atac.ebay.sun.com:4389/ou=alton, ou=people, o=atac.ebay.sun.com, o=isp,o=pab

So now we know what kind of information to set up sendmail with, we will start tinkering with it.

In the sendmail.mc file, I add:

First, I go to /usr/lib/mail/cf

I make a backup of my old main.mc to create sendmail.mc

cp main.mc sendmail.mc

and then I open the file and add:

define(`confLDAP_DEFAULT_SPEC’,`-h flash.atac.ebay.sun.com -b o=isp -p 4389′)

LDAPROUTE_DOMAIN(`atac.ebay.sun.com’)

FEATURE(`ldap_routing’)

I then build the cf file with:

make sendmail.cf

and now I do my test.

/usr/lib/sendmail -C/usr/lib/mail/cf/sendmail.cf -bv [email protected]

[email protected]… User unknown

Hmmm…. I wonder why …

I go to the ldap server access logs and find:

[25/Mar/2004:17:14:38 -0800] conn=347 op=2 SRCH base=”” scope=0 filter=”(objectClass=*)” attrs=ALL

[25/Mar/2004:17:14:38 -0800] conn=347 op=2 RESULT err=0 tag=101 nentries=1 etime=0

[25/Mar/2004:17:14:47 -0800] conn=348 fd=44 slot=44 connection from 129.149.141.32 to 10.4.18.140

[25/Mar/2004:17:14:47 -0800] conn=348 op=0 BIND dn=”” method=128 version=2

[25/Mar/2004:17:14:47 -0800] conn=348 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=””

[25/Mar/2004:17:14:47 -0800] conn=348 op=1 SRCH base=”o=isp” scope=2 filter=”(&(objectClass=inetLocalMailRecipient)([email protected]))” attrs=”mailRoutingAddress”

[25/Mar/2004:17:14:47 -0800] conn=348 op=1 RESULT err=0 tag=101 nentries=0 etime=0

[25/Mar/2004:17:14:47 -0800] conn=348 op=2 SRCH base=”o=isp” scope=2 filter=”(&(objectClass=inetLocalMailRecipient)([email protected]))” attrs=”mailHost”

[25/Mar/2004:17:14:47 -0800] conn=348 op=2 RESULT err=0 tag=101 nentries=0 etime=0

[25/Mar/2004:17:14:47 -0800] conn=348 op=3 SRCH base=”o=isp” scope=2 filter=”(&(objectClass=inetLocalMailRecipient)([email protected]))” attrs=”mailRoutingAddress”

[25/Mar/2004:17:14:47 -0800] conn=348 op=3 RESULT err=0 tag=101 nentries=0 etime=0

[25/Mar/2004:17:14:47 -0800] conn=348 op=4 SRCH base=”o=isp” scope=2 filter=”(&(objectClass=inetLocalMailRecipient)([email protected]))” attrs=”mailHost”

[25/Mar/2004:17:14:47 -0800] conn=348 op=4 RESULT err=0 tag=101 nentries=0 etime=0

[25/Mar/2004:17:14:47 -0800] conn=348 op=5 UNBIND

[25/Mar/2004:17:14:47 -0800] conn=348 op=5 fd=44 closed – U1

Okay. It looks like it’s looking for maillocaladdress and mailRoutingAddress. I don’t have either of those, so I think rather than changing it in the ldap server, I will make some changes in the sendmail.mc.

I change just

FEATURE(`ldap_routing’)

to:

FEATURE(`ldap_routing’,`ldap -1 -v mailHost -k (&(objectclass=inetorgperson)(mail=%0))’)

So now instead of searching for maillocaladdress, I’m now searching for mail.

By doing that and rebuilding my sendmail.cf file, I now get:

/usr/lib/sendmail -C/usr/lib/mail/cf/sendmail.cf -bv [email protected]

[email protected]… deliverable: mailer relay, host flash.atac.ebay.sun.com, user [email protected]

Now this looks better. How’s the ldap access log look?

[25/Mar/2004:17:39:03 -0800] conn=383 fd=44 slot=44 connection from 129.149.141.32 to 10.4.18.140

[25/Mar/2004:17:39:03 -0800] conn=383 op=0 BIND dn=”” method=128 version=2

[25/Mar/2004:17:39:03 -0800] conn=383 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=””

[25/Mar/2004:17:39:03 -0800] conn=383 op=1 SRCH base=”o=isp” scope=2 filter=”(&(objectClass=inetLocalMailRecipient)([email protected]))” attrs=”mailRoutingAddress”

[25/Mar/2004:17:39:03 -0800] conn=383 op=1 RESULT err=0 tag=101 nentries=0 etime=0

[25/Mar/2004:17:39:03 -0800] conn=383 op=2 SRCH base=”o=isp” scope=2 filter=”(&(objectClass=inetorgperson)([email protected]))” attrs=”mailHost”

[25/Mar/2004:17:39:03 -0800] conn=383 op=2 RESULT err=0 tag=101 nentries=1 etime=0

[25/Mar/2004:17:39:03 -0800] conn=383 op=3 UNBIND

[25/Mar/2004:17:39:03 -0800] conn=383 op=3 fd=44 closed – U1

Okay. Good enough.

Hopefully this is enough to get you started on your journey in setting up your sendmail with ldap routing.

How to upgrade from NIS+ to LDAP

This is from Arup Mitra.

1. Installing nisplus server

/usr/lib/nis/nisserver -v -r -d atac.ebay.sun.com.

******** ******** WARNING ******** ********

NIS+ might not be supported in a future release. Tools to aid

the migration from NIS+ to LDAP are available in the Solaris 9

operating environment. For more information, visit

http://www.sun.com/directory/nisplus/transition.html

******** ******** ******* ******** ********

This script sets up this machine “native9” as an NIS+

root master server for domain atac.ebay.sun.com..

Domain name : atac.ebay.sun.com.

NIS+ group : admin.atac.ebay.sun.com.

NIS (YP) compatibility : OFF

Security level : 2=DES

Is this information correct? (type ‘y’ to accept, ‘n’ to change) y

This script will set up your machine as a root master server for

domain atac.ebay.sun.com. without NIS compatibility at security level 2.

Use “nisclient -r” to restore your current network service environment.

Do you want to continue? (type ‘y’ to continue, ‘n’ to exit this script) y

setting up domain information “atac.ebay.sun.com.” …

setting up switch information …

killing process keyserv …

restarting process keyserv …

killing NIS and NIS+ processes …

killing process ypbind …

killing process rpc.nisd …

killing process rpc.nispasswdd …

killing process nis_cachemgr …

stopping nscd …

setup NIS_GROUP environment variable …

rm /var/nis files …

running nisinit …

This machine is in the “atac.ebay.sun.com.” NIS+ domain.

Setting up root server …

All done.

starting root server at security level 0 to create credentials…

running nissetup to create standard directories and tables …

org_dir.atac.ebay.sun.com. created

groups_dir.atac.ebay.sun.com. created

passwd.org_dir.atac.ebay.sun.com. created

group.org_dir.atac.ebay.sun.com. created

auto_master.org_dir.atac.ebay.sun.com. created

auto_home.org_dir.atac.ebay.sun.com. created

bootparams.org_dir.atac.ebay.sun.com. created

cred.org_dir.atac.ebay.sun.com. created

ethers.org_dir.atac.ebay.sun.com. created

hosts.org_dir.atac.ebay.sun.com. created

ipnodes.org_dir.atac.ebay.sun.com. created

mail_aliases.org_dir.atac.ebay.sun.com. created

sendmailvars.org_dir.atac.ebay.sun.com. created

netmasks.org_dir.atac.ebay.sun.com. created

netgroup.org_dir.atac.ebay.sun.com. created

networks.org_dir.atac.ebay.sun.com. created

protocols.org_dir.atac.ebay.sun.com. created

rpc.org_dir.atac.ebay.sun.com. created

services.org_dir.atac.ebay.sun.com. created

timezone.org_dir.atac.ebay.sun.com. created

client_info.org_dir.atac.ebay.sun.com. created

auth_attr.org_dir.atac.ebay.sun.com. created

exec_attr.org_dir.atac.ebay.sun.com. created

prof_attr.org_dir.atac.ebay.sun.com. created

user_attr.org_dir.atac.ebay.sun.com. created

audit_user.org_dir.atac.ebay.sun.com. created

adding credential for native9.atac.ebay.sun.com…

Enter login password:

creating NIS+ administration group: admin.atac.ebay.sun.com. …

adding principal native9.atac.ebay.sun.com. to admin.atac.ebay.sun.com. …

updating the keys for directories …

restarting NIS+ root master server at security level 2 …

killing process rpc.nisd …

restarting process rpc.nisd …

starting NIS+ password daemon …

starting NIS+ cache manager …

modifying the /etc/init.d/rpc file …

starting Name Service Cache Daemon nscd …

This system is now configured as a root server for domain atac.ebay.sun.com.

You can now populate the standard NIS+ tables by using the

nispopulate script or /usr/lib/nis/nisaddent command.

2. Populating NIS+ tables

# cd /source

# ls -al

total 32

drwxr-xr-x 2 root other 512 Apr 16 16:02 .

drwxr-xr-x 27 root root 512 Apr 14 19:49 ..

-rw-r–r– 1 root other 18 Apr 16 15:59 auto_home

-rw-r–r– 1 root other 69 Apr 16 16:00 auto_master

-rw-r–r– 1 root other 290 Apr 14 19:51 group

-r–r–r– 1 root other 128 Apr 14 19:52 hosts

-r–r–r– 1 root other 380 Apr 16 16:02 netmasks

-r–r–r– 1 root other 372 Apr 16 16:01 networks

-rw-r–r– 1 root other 109 Apr 15 14:49 passwd

-r–r–r– 1 root other 1807 Apr 16 16:02 protocols

-r–r–r– 1 root other 3869 Apr 16 16:02 services

-rw-r–r– 1 root other 80 Apr 15 14:48 shadow

# /usr/lib/nis/nispopulate -v -F

NIS+ domain name : atac.ebay.sun.com.

Directory Path : (current directory)

Is this information correct? (type ‘y’ to accept, ‘n’ to change) y

This script will populate the standard NIS+ tables for domain

atac.ebay.sun.com. from the files in current directory:

auto_master auto_home ethers group hosts ipnodes networks passwd protocols services rpc netmasks bootparams netgroup aliases timezone auth_attr exec_attr prof_attr user_attr audit_user shadow

**WARNING: Interrupting this script after choosing to continue

may leave the tables only partially populated. This script does

not do any automatic recovery or cleanup.

Do you want to continue? (type ‘y’ to continue, ‘n’ to exit this script) y

auto_master.org_dir.atac.ebay.sun.com. OK…

populating auto_master table from file ./auto_master…

adding standard key-value table auto_master…

adding ./auto_master to table auto_master.org_dir.atac.ebay.sun.com.

adding/updating “/net”

adding/updating “/home”

adding/updating “/xfn”

3 entries added/updated

auto_master table done.

auto_home.org_dir.atac.ebay.sun.com. OK…

populating auto_home table from file ./auto_home…

adding standard key-value table auto_home…

adding ./auto_home to table auto_home.org_dir.atac.ebay.sun.com.

adding/updating “*”

1 entries added/updated

auto_home table done.

ethers.org_dir.atac.ebay.sun.com. OK…

**WARNING: file ./ethers does not exist!

ethers table will not be loaded.

group.org_dir.atac.ebay.sun.com. OK…

populating group table from file ./group…

adding standard table group…

adding ./group to table group.org_dir.atac.ebay.sun.com.

adding/updating “root”

adding/updating “other”

adding/updating “bin”

adding/updating “sys”

adding/updating “adm”

adding/updating “uucp”

adding/updating “mail”

adding/updating “tty”

adding/updating “lp”

adding/updating “nuucp”

adding/updating “staff”

adding/updating “daemon”

adding/updating “sysadmin”

adding/updating “smmsp”

adding/updating “nobody”

adding/updating “noaccess”

adding/updating “nogroup”

17 entries added/updated

group table done.

hosts.org_dir.atac.ebay.sun.com. OK…

populating hosts table from file ./hosts…

adding standard table hosts…

adding ./hosts to table hosts.org_dir.atac.ebay.sun.com.

adding/updating “localhost”

adding/updating “native9”

adding/updating “igs”

adding/updating “arup”

adding/updating “daredevil”

5 entries added/updated

hosts table done.

Populating the NIS+ credential table for domain atac.ebay.sun.com.

from hosts table.

dumping hosts table…

loading credential table…

Adding key pair for [email protected] (arup.atac.ebay.sun.com.).

…added arup

Adding key pair for [email protected] (daredevil.atac.ebay.sun.com.).

…added daredevil

Adding key pair for [email protected] (igs.atac.ebay.sun.com.).

…added igs

Adding key pair for [email protected] (localhost.atac.ebay.sun.com.).

…added localhost

…native9 already exists

The credential table for domain atac.ebay.sun.com. has been populated.

The password used will be nisplus.

ipnodes.org_dir.atac.ebay.sun.com. OK…

**WARNING: file ./ipnodes does not exist!

ipnodes table will not be loaded.

networks.org_dir.atac.ebay.sun.com. OK…

populating networks table from file ./networks…

adding standard table networks…

adding ./networks to table networks.org_dir.atac.ebay.sun.com.

adding/updating “loopback”

adding/updating “arpanet”

adding/updating “arpanet (arpa)”

3 entries added/updated

networks table done.

passwd.org_dir.atac.ebay.sun.com. OK…

populating passwd table from file ./passwd…

adding standard table passwd…

adding ./passwd to table passwd.org_dir.atac.ebay.sun.com.

adding/updating “test1”

adding/updating “arup”

adding/updating “test2”

3 entries added/updated

passwd table done.

Populating the NIS+ credential table for domain atac.ebay.sun.com.

from passwd table.

dumping passwd table…

loading credential table…

Adding key pair for [email protected] (test1.atac.ebay.sun.com.).

…added test1

…arup already exists

Adding key pair for [email protected] (test2.atac.ebay.sun.com.).

…added test2

The credential table for domain atac.ebay.sun.com. has been populated.

The password used will be nisplus.

protocols.org_dir.atac.ebay.sun.com. OK…

populating protocols table from file ./protocols…

adding standard table protocols…

adding ./protocols to table protocols.org_dir.atac.ebay.sun.com.

adding/updating “ip”

adding/updating “icmp”

adding/updating “igmp”

adding/updating “ggp”

adding/updating “ipip”

adding/updating “ipip (IP-IP)”

adding/updating “tcp”

adding/updating “cbt”

adding/updating “egp”

adding/updating “igp”

adding/updating “pup”

adding/updating “udp”

adding/updating “mux”

adding/updating “hmp”

adding/updating “xns-idp”

adding/updating “rdp”

adding/updating “idpr”

adding/updating “idpr-cmtp”

adding/updating “sdrp”

adding/updating “idrp”

adding/updating “rsvp”

adding/updating “gre”

adding/updating “mobile”

adding/updating “ospf”

adding/updating “ospf (OSPFIGP)”

adding/updating “pim”

adding/updating “ipcomp”

adding/updating “vrrp”

adding/updating “sctp”

adding/updating “hopopt”

adding/updating “ipv6”

adding/updating “ipv6-route”

adding/updating “ipv6-frag”

adding/updating “esp”

adding/updating “ah”

adding/updating “ipv6-icmp”

adding/updating “ipv6-nonxt”

adding/updating “ipv6-opts”

38 entries added/updated

protocols table done.

services.org_dir.atac.ebay.sun.com. OK…

populating services table from file ./services…

adding standard table services…

adding ./services to table services.org_dir.atac.ebay.sun.com.

adding/updating “tcpmux 1/tcp”

adding/updating “echo 7/tcp”

adding/updating “echo 7/udp”

adding/updating “discard 9/tcp”

adding/updating “discard 9/tcp (sink)”

adding/updating “discard 9/tcp (null)”

adding/updating “discard 9/udp”

adding/updating “discard 9/udp (sink)”

adding/updating “discard 9/udp (null)”

adding/updating “systat 11/tcp”

adding/updating “systat 11/tcp (users)”

adding/updating “daytime 13/tcp”

adding/updating “daytime 13/udp”

adding/updating “netstat 15/tcp”

adding/updating “chargen 19/tcp”

adding/updating “chargen 19/tcp (ttytst)”

adding/updating “chargen 19/tcp (source)”

adding/updating “chargen 19/udp”

adding/updating “chargen 19/udp (ttytst)”

adding/updating “chargen 19/udp (source)”

adding/updating “ftp-data 20/tcp”

adding/updating “ftp 21/tcp”

adding/updating “ssh 22/tcp”

adding/updating “telnet 23/tcp”

adding/updating “smtp 25/tcp”

adding/updating “smtp 25/tcp (mail)”

adding/updating “time 37/tcp”

adding/updating “time 37/tcp (timserver)”

adding/updating “time 37/udp”

adding/updating “time 37/udp (timserver)”

adding/updating “name 42/udp”

adding/updating “name 42/udp (nameserver)”

adding/updating “whois 43/tcp”

adding/updating “whois 43/tcp (nicname)”

adding/updating “domain 53/udp”

adding/updating “domain 53/tcp”

adding/updating “bootps 67/udp”

adding/updating “bootpc 68/udp”

adding/updating “kerberos 88/udp”

adding/updating “kerberos 88/udp (kdc)”

adding/updating “kerberos 88/tcp”

adding/updating “kerberos 88/tcp (kdc)”

adding/updating “hostnames 101/tcp”

adding/updating “hostnames 101/tcp (hostname)”

adding/updating “pop2 109/tcp”

adding/updating “pop2 109/tcp (pop-2)”

adding/updating “pop3 110/tcp”

adding/updating “sunrpc 111/udp”

adding/updating “sunrpc 111/udp (rpcbind)”

adding/updating “sunrpc 111/tcp”

adding/updating “sunrpc 111/tcp (rpcbind)”

adding/updating “imap 143/tcp”

adding/updating “imap 143/tcp (imap2)”

adding/updating “ldap 389/tcp”

adding/updating “ldap 389/udp”

adding/updating “submission 587/tcp”

adding/updating “submission 587/udp”

adding/updating “ldaps 636/tcp”

adding/updating “ldaps 636/udp”

adding/updating “tftp 69/udp”

adding/updating “rje 77/tcp”

adding/updating “finger 79/tcp”

adding/updating “link 87/tcp”

adding/updating “link 87/tcp (ttylink)”

adding/updating “supdup 95/tcp”

adding/updating “iso-tsap 102/tcp”

adding/updating “x400 103/tcp”

adding/updating “x400-snd 104/tcp”

adding/updating “csnet-ns 105/tcp”

adding/updating “pop-2 109/tcp”

adding/updating “uucp-path 117/tcp”

adding/updating “nntp 119/tcp”

adding/updating “nntp 119/tcp (usenet)”

adding/updating “ntp 123/tcp”

adding/updating “ntp 123/udp”

adding/updating “netbios-ns 137/tcp”

adding/updating “netbios-ns 137/udp”

adding/updating “netbios-dgm 138/tcp”

adding/updating “netbios-dgm 138/udp”

adding/updating “netbios-ssn 139/tcp”

adding/updating “netbios-ssn 139/udp”

adding/updating “NeWS 144/tcp”

adding/updating “slp 427/tcp”

adding/updating “slp 427/udp”

adding/updating “mobile-ip 434/udp”

adding/updating “cvc_hostd 442/tcp”

adding/updating “ike 500/udp”

adding/updating “uuidgen 697/tcp”

adding/updating “uuidgen 697/udp”

adding/updating “exec 512/tcp”

adding/updating “login 513/tcp”

adding/updating “shell 514/tcp”

adding/updating “shell 514/tcp (cmd)”

adding/updating “printer 515/tcp”

adding/updating “printer 515/tcp (spooler)”

adding/updating “courier 530/tcp”

adding/updating “courier 530/tcp (rpc)”

adding/updating “uucp 540/tcp”

adding/updating “uucp 540/tcp (uucpd)”

adding/updating “biff 512/udp”

adding/updating “biff 512/udp (comsat)”

adding/updating “who 513/udp”

adding/updating “who 513/udp (whod)”

adding/updating “syslog 514/udp”

adding/updating “talk 517/udp”

adding/updating “route 520/udp”

adding/updating “route 520/udp (router)”

adding/updating “route 520/udp (routed)”

adding/updating “ripng 521/udp”

adding/updating “klogin 543/tcp”

adding/updating “kshell 544/tcp”

adding/updating “kshell 544/tcp (cmd)”

adding/updating “new-rwho 550/udp”

adding/updating “new-rwho 550/udp (new-who)”

adding/updating “rmonitor 560/udp”

adding/updating “rmonitor 560/udp (rmonitord)”

adding/updating “monitor 561/udp”

adding/updating “pcserver 600/tcp”

adding/updating “sun-dr 665/tcp”

adding/updating “kerberos-adm 749/tcp”

adding/updating “kerberos-adm 749/udp”

adding/updating “kerberos-iv 750/udp”

adding/updating “krb5_prop 754/tcp”

adding/updating “ufsd 1008/tcp”

adding/updating “ufsd 1008/udp”

adding/updating “cvc 1495/tcp”

adding/updating “ingreslock 1524/tcp”

adding/updating “www-ldap-gw 1760/tcp”

adding/updating “www-ldap-gw 1760/udp”

adding/updating “listen 2766/tcp”

adding/updating “nfsd 2049/udp”

adding/updating “nfsd 2049/udp (nfs)”

adding/updating “nfsd 2049/tcp”

adding/updating “nfsd 2049/tcp (nfs)”

adding/updating “eklogin 2105/tcp”

adding/updating “lockd 4045/udp”

adding/updating “lockd 4045/tcp”

adding/updating “dtspc 6112/tcp”

adding/updating “fs 7100/tcp”

139 entries added/updated

services table done.

rpc.org_dir.atac.ebay.sun.com. OK…

**WARNING: file ./rpc does not exist!

rpc table will not be loaded.

netmasks.org_dir.atac.ebay.sun.com. OK…

populating netmasks table from file ./netmasks…

adding standard table netmasks…

adding ./netmasks to table netmasks.org_dir.atac.ebay.sun.com.

adding/updating “10.4.17.0”

1 entries added/updated

netmasks table done.

bootparams.org_dir.atac.ebay.sun.com. OK…

**WARNING: file ./bootparams does not exist!

bootparams table will not be loaded.

netgroup.org_dir.atac.ebay.sun.com. OK…

**WARNING: file ./netgroup does not exist!

netgroup table will not be loaded.

mail_aliases.org_dir.atac.ebay.sun.com. OK…

**WARNING: file ./aliases does not exist!

mail_aliases table will not be loaded.

timezone.org_dir.atac.ebay.sun.com. OK…

**WARNING: file ./timezone does not exist!

timezone table will not be loaded.

auth_attr.org_dir.atac.ebay.sun.com. OK…

**WARNING: file ./auth_attr does not exist!

auth_attr table will not be loaded.

exec_attr.org_dir.atac.ebay.sun.com. OK…

**WARNING: file ./exec_attr does not exist!

exec_attr table will not be loaded.

prof_attr.org_dir.atac.ebay.sun.com. OK…

**WARNING: file ./prof_attr does not exist!

prof_attr table will not be loaded.

user_attr.org_dir.atac.ebay.sun.com. OK…

**WARNING: file ./user_attr does not exist!

user_attr table will not be loaded.

audit_user.org_dir.atac.ebay.sun.com. OK…

**WARNING: file ./audit_user does not exist!

audit_user table will not be loaded.

passwd.org_dir.atac.ebay.sun.com. OK…

populating passwd table from file ./shadow…

adding standard table passwd…

adding ./shadow to table passwd.org_dir.atac.ebay.sun.com.

adding/updating “test1”

adding/updating “arup”

adding/updating “test2”

3 entries added/updated

passwd table done.

Credentials have been added for the entries in the

hosts and passwd table(s). Each entry was given a default

network password (also known as a Secure-RPC password).

This password is:

nisplus

Use this password when the nisclient script requests the

network password.

nispopulate failed to populate the following tables:

ethers ipnodes rpc bootparams netgroup mail_aliases timezone auth_attr exec_attr prof_attr user_attr audit_user

3. Testing that NIS+ master is operational

# ps -ef | grep rpc.nisd

root 509 1 0 16:05:14 ? 0:02 rpc.nisd

# /usr/bin/nisls

atac.ebay.sun.com.:

org_dir

groups_dir

# /usr/bin/niscat passwd.org_dir

test1:7l7c7hBNh8gCc:1001:10::/home/test1:/bin/sh:::::::

arup:gl.r/Ug8qln4c:1002:10::/home/arup:/bin/sh:::::::

test2:B3Tg5MA6FSu3c:1003:10::/home/test2:/bin/sh:::::::

4. Adding a NIS+ client

a) On the master server:

# /usr/lib/nis/nisclient -v -d atac.ebay.sun.com -c igs

******** ******** WARNING ******** ********

NIS+ might not be supported in a future release. Tools to aid

the migration from NIS+ to LDAP are available in the Solaris 9

operating environment. For more information, visit

http://www.sun.com/directory/nisplus/transition.html

******** ******** ******* ******** ********

You will be adding DES credentials in domain atac.ebay.sun.com. for

igs

** nisclient will not overwrite any existing entries in the

** credential table.

Do you want to continue? (type ‘y’ to continue, ‘n’ to exit this script) y

checking atac.ebay.sun.com. domain…

checking cred.org_dir.atac.ebay.sun.com. permission…

checking info type for igs…

… principal igs already exist — skipped!

b) On the client host called igs:

#/usr/lib/nis/nisclient -v -i -h native9 -a 10.4.17.106 -d atac.ebay.sun.com

initializing client machine…

Initializing client igs for domain “atac.ebay.sun.com.”.

Once initialization is done, you will need to reboot your

machine.

Do you want to continue? (type ‘y’ to continue, ‘n’ to exit this script) y

killing NIS and/or NIS+ processes…

killing process ypbind…

killing process nis_cachemgr…

killing process rpc.nispasswdd…

stopping nscd …

setting up backup files…

setting up NIS+ server information…

setting up domain information “atac.ebay.sun.com.”…

setting up the name service switch information…

killing process keyserv…

running nisinit command …

nisinit -c -H 10.4.17.106 …

credential exists for setting up security…

setting up security information for root…

At the prompt below, type the network password (also known

as the Secure-RPC password) that you obtained either

from your administrator or from running the nispopulate script.

Please enter the Secure-RPC password for root: nisplus

Please enter the login password for root: root_passwd_for_this_client_machine

Your network password has been changed to your login one.

Your network and login passwords are now the same.

killing process nis_cachemgr…

starting nscd …

removing the temporary backup file for /etc/nsswitch.conf…

Client initialization completed!!

Please reboot your machine for changes to take effect.

5. Change /etc/nsswicth.conf appropriately and reboot client machine

passwd: files nisplus

group: files nisplus

hosts: files nisplus

services: nisplus files

networks: nisplus files

protocols: nisplus files

rpc: nisplus files

ethers: nisplus files

netmasks: nisplus files

bootparams: nisplus files

publickey: nisplus

netgroup: files nisplus

automount: files nisplus

aliases: files nisplus

sendmailvars: files nisplus

6. Test from client_machine that you can login as a NIS+ user with proper home

directory

7. Now install the built-in IDS 5.1 on solaris 9 server

/usr/sbin/directoryserver setup

8. Then run idsconfig

# /usr/lib/ldap/idsconfig

and follow instructions from URL:

http://docs.sun.com/db/doc/816-7511/6md … dssetup-33

9. stop-slapd

10. Do the vlvindexing for six fields:

# /usr/sbin/directoryserver -s native9 vlvindex -n userRoot -T

atac.ebay.sun.com.getgrent

and similarly for atac.ebay.sun.com.gethostent , atac.ebay.sun.com.getnetent ..

and so on

11 start-slapd

12. From the cosole of the IDS, we have to create a ou=nisPlus underneath

dc=atac.ebay.sun.com , and again ou=nisPlus underneath the earlier

ou=nisPlus

13. We need to look for a file called /var/nis/NIS+LDAPmapping.template and, if

present , we need to copy it to /var/nis/NIS+LDAPmapping

14. We need to look for a file called /etc/default/rpc.nisd , and we need to do

a few changes there. But before that we backup /etc/default/rpc.nisd

The four main changes are:

line 117, make sure authentication is simple

line 123, defaultsearchbase=dc=atac.ebay.sun.com

line 146, needs to read nisPlusLDAPproxyuser=cn=directory manager

line 154 is your directory manager password, you need to change that

15. We manually update the schema in IDS 5.1 for attribute nisPlusObject

a) Pease have a copy of 99user.ldif file first

b) Please add these lines in

/slapd-instance/config/schema/99user.ldif

objectClasses: ( 1.3.6.1.4.1.42.2.27.5.42.42.2.0 NAME ‘nisplusObjectContainer’

DESC ‘Abstraction of an NIS+ object’ STRUCTURAL MUST ( cn $ nisplusObject )

X-ORIGIN ‘user defined’ )

attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.42.42.1.0 NAME ‘nisplusObject’ DESC

‘An opaque representation of an NIS+ object’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5

SINGLE-VALUE X-ORIGIN ‘user defined’ )

16. pkill -9 rpc.nisd

17. In order to automatically dump all data from nis+ to ldap and then exit out:

# rpc.nisd -D -x nisplusLDAPinitialUpdateAction=to_ldap

-x nisplusLDAPinitialUpdateOnly=yes

It is also advisable to :

tail -f access

tail -f errors

on two separate consoles to look for possible errors and problems. These are

our only clues as to what is going wrong

PS: Thing to note is that if those tables possibly not proper in NIS+, they

might give different errors in access log, but otherwise all data come

across fine, and then rpc.nisd exits out.

18. Check in ldap that all data have come across by appropriate ldapsearch

19. We may also build a native ldap client on a different solaris 9 client

and test the ldap data on server by logging in with home directories

20. Now, to keep both NIS+ & LDAP always in synch , start rpc.nisd normally:

/usr/sbin/rpc.nisd

21. In order to test if they are really in synch:

a) Modify NIS+ hosts table by:

/usr/lib/nis/nisaddent -d hosts > /tmp/hosts

vi /tmp/hosts and insert an additional host entry there

/usr/lib/nis/nisaddent -rvf /tmp/hosts hosts

b) # niscat hosts.org_dir , and check if that entry came into nis+

b) Check the access log that immediately the new nis+ entries are pushed to

ldap

c) ldapsearch for the appropriate hosts entry by:

ldapsearch -b “dc=atac.ebay.sun.com” ipHostNumber=*

and observe that it appeared into ldap automatically

Apache 2.0.x reverse proxy using and have it rewrite urls

How to set up a reverse proxy using Apache 2.0.x and have it rewrite urls.

This is particularly useful if you’re using an Identity server internally and want to be able to access the server externally. You can set up an Apache reverse proxy server in your DMZ and allow it to do so. If you use Identity Server 6.3 or higher, you will not need to do this.

The sole purpose for this article is because we needed a workaround for a customer due to a problem with the older version of Identity server where for the logout button uses an absolute url rather than a relative url and it causes the link to be inaccessible.

Because the customer was doing this on Linux, the instructions here will be for Linux and will differ from what you would do in Solaris. If you wanted to do this in Solaris, you would need either more sources or you could install the binaries from http://www.blastwave.org or http://www.sunfreeware.org.

To start with, you will need Apache 2.0.x installed. You can verify this with:

rpm -qav | grep httpd

or

rpm -qav | grep apache (depending on which Linux distribution you have)

My output shows I have httpd-2.0.52-3.1 installed.

You will want to check to see that your Apache installation also includes the mod_proxy modules. You can check this with:

rpm -qil httpd

My output shows:

/usr/lib/httpd/modules/mod_proxy.so

/usr/lib/httpd/modules/mod_proxy_connect.so

/usr/lib/httpd/modules/mod_proxy_ftp.so

/usr/lib/httpd/modules/mod_proxy_http.so

Redhat Linux and Trustix Secure Linux both have these by default. I obviously can’t speak for all the other Linux distributions out there. If you don’t have these, you don’t want to continue. You will probably want to either find an rpm that has these or go and download the source and compile Apache with them.

Now, here comes the fun stuff. You will need to compile a new module – mod_proxy_html. You can download the module from: http://apache.webthing.com/mod_proxy_html/

You may want to follow this as a guide: http://www.apacheweek.com/features/reverseproxies

There are a few dependencies you will need to compile this module. For instance, you will definitely need a compiler and some libraries. Here’s a small list that I have installed on my box. You may need more.

gcc

httpd-devel-2.0.52-3.1

libxml2-2.6.16-3.i386.rpm

libxml2-devel-2.6.16-3.i386.rpm

zlib-devel-1.2.1.2-1.i386.rpm

To compile the module, run:

apxs -c -I/usr/include/libxml2 -i mod_proxy_html.c

After doing this, you should find the module located where your apache modules are stored like:

ls -l /usr/lib/httpd/modules/mod_proxy_html.so

-rwxr-xr-x 1 root root 59627 Apr 8 18:02 /usr/lib/httpd/modules/mod_proxy_html.so

Congratulations! You now have the module installed. You now have to configure it.

In my case, the apache configuration file is located in /etc/httpd/conf/httpd.conf

Here, I add where the modules are:

———————————————————————————————–

LoadFile /usr/lib/libxml2.so.2

LoadModule proxy_html_module modules/mod_proxy_html.so

———————————————————————————————–

Then, later in the file:

———————————————————————————————–

ProxyHTMLLogVerbose On

LogLevel Debug

ProxyRequests off

ProxyPass /amserver http://sapphire.atac.ebay.sun.com/amserver

ProxyPassReverse /amserver http://sapphire.atac.ebay.sun.com/amserver

ProxyPass /amconsole http://sapphire.atac.ebay.sun.com/amserver

ProxyPassReverse /amconsole http://sapphire.atac.ebay.sun.com/amserver

SetOutputFilter proxy-html

ProxyHTMLURLMap http://sapphire.atac.ebay.sun.com http://megatron.atac.ebay.sun.com i

———————————————————————————————–

What I’m doing here is rewrite the url for any requests that go into amconsole or amserver to go and grab the data from the sapphire machine. Any urls that are within the pages that point to sapphire will be rewritten as megatron.

All you have to do now is restart apache.

/usr/sbin/apachectl restart

That’s it! You now should be able to access http://megatron.atac.ebay.sun.com/amserver or

http://megatron.atac.ebay.sun.com/amconsole and get the same login screen and be able to navigate the entire Identity Server or whatever else you put behind the proxy.

For issues, be sure to look at your Apache access and error logs and you can visit the following links:

http://apache.webthing.com/mod_proxy_html/

http://www.apacheweek.com/features/reverseproxies

List of command line commands to access POP3 and IMAP4.

List of command line commands to access POP3 and IMAP4.

POP3

Start, Run, type ‘cmd’, Select ‘ok’.

Type:

Telnet

Set local_echo : This is so you can see what you type.

Open London 110 : London can be replaced with the ip address of the Exchange server.

User administrator : Administrator is the user account.

Pass password : password is the password of the user.

Stat : gives you the number of messages and total size of your mailbox.

List : Lists each message number and gives you its size.

Retr message number : message number is the number of the individual message, the message will be displayed.

Dele message number : message will be deleted from your mailbox.

Quit : end of session.

IMAP4

Start, Run, type ‘cmd’, Select ‘ok’.

Type:

Telnet

Set local_echo : This is so you can see what you type.

Open London 143 : London can be replaced with the ip address of the Exchange server.

0000 login administrator password : login with username and password.

0001 select “inbox” : select the folder you want to view.

0002 fetch 1 all : retrieves the first message header information.

0003 logout : logout.

RPM commands

How to compile rpm from src.rpm

1) download src.rpm

2) rpm -ivh file.src.rpm

3) cd /usr/src//spec

4) rpmbuild -bb file.spec

new rpm should be in /usr/src/distro/rpms/…

other RPM commands:

rpm -ivh file.rpm (install)

rpm -Uvh file.rpm (upgrade)

rpm -qav (list rpms installed)

rpm -qil (list files in an installed rpm)

rpm -qilp file.rpm (list files that are included in the rpm)

rpm -qf /path/to/somefile (find rpm that installed the file)

rpm -qav | grep name (look to see if some rpm is installed)

Apache SSL Self-Signed Certificates Without Passphrase

taken from: http://www.rpatrick.com/tech/makecert/

Following is a quick listing of the commands you need to use when setting up an SSL key for Apache that doesn’t require a passphrase to be entered during normal operations, and includes a self-signed certificate so you needn’t bother with cert requests and CAs. The sequence of events is to create a 3DES key, remove the passphrase, and then generate a self-signed certificate.

The following commands are to be entered via the command line, with each openssl statement requiring interactive input. Performed on Red Hat Linux, these instructions ought to also work on other flavors of Unix with OpenSSL and Apache installed.

openssl genrsa -des3 -out pass.key 1024
openssl rsa -in pass.key -out server.key
openssl req -new -key server.key -x509 -out server.crt -days 999

cp server.key /etc/httpd/conf/ssl.key/
cp server.crt /etc/httpd/conf/ssl.crt/

apachectl restart

Verifying that Apache has the correct SSL directives and is using the correct key and certificate created above is left as an exercise for the webmaster.

If your system has a Makefile or symlink in the Apache conf directory, you can opt to pursue an earlier method to this madness using the below steps (provided here only for completeness):

cd /etc/httpd/conf
/usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key
chmod go-rwx /etc/httpd/conf/ssl.key/server.key
make testcert

Optionally, if you need a server.pem file for a given application, such as courier-imapd, use the following to create the .pem file from the previously created certificate and key:

cat server.key server.crt >server.pem

Using the above method you can enjoy the encryption protection provided by SSL without having to pay a commercial vendor to sign your server keys. If you don’t like the popup presented by some applications (e.g. web browsers) about an untrusted certificate, simply follow the process provided by your application to import or install the certificate, at which point you will no longer have to deal with future dialog boxes regarding an untrusted site.

compiling xinetd on Solaris 8

You’ll want to download xinetd from here: https://github.com/xinetd-org/xinetd

Just my notes from an old version:

./configure
make
make install perl /usr/local/sbin/xconv.pl < /etc/inetd.conf > /tmp/xinetd.conf then modify your /etc/rc2.d/S72inetsvc
/usr/sbin/inetd -s &
to
/usr/local/sbin/xinetd& mv /tmp/xinetd.conf /etc/xinetd.conf
then make appropriate changes in /etc/xinetd.conf service ftp
{
socket_type = stream
wait = no
protocol = tcp
user = root
server = /usr/local/sbin/in.proftpd
bind = 192.168.0.3
}
service telnet
{
flags = NAMEINARGS
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
server_args = in.telnetd
}

How to get USB devices to work in Linux or the ESX console

Here is how I’ve gotten a couple of cdroms / usb memory sticks / hard drives to work.

1) modprobe usb-ohci
Or
modprobe usb-uhci
(one of them should work, one may fail)

2) modprobe usb-storage

3) tail /var/log/messages
Or
dmesg
and you should see something like this:
Feb 8 14:50:56 supp15 kernel: Initializing USB Mass Storage driver…
Feb 8 14:50:56 supp15 kernel: usb.c: registered new driver usb-storage
Feb 8 14:50:56 supp15 kernel: scsi1 : SCSI emulation for USB Mass Storage devices
Feb 8 14:50:56 supp15 kernel: Vendor: SanDisk Model: Cruzer Mini Rev: 0.4
Feb 8 14:50:56 supp15 kernel: Type: Direct-Access ANSI SCSI revision: 02
Feb 8 14:50:56 supp15 kernel: VMWARE SCSI Id: Supported VPD pages for sdb : 0x1f 0x0
Feb 8 14:50:56 supp15 kernel: VMWARE SCSI Id: Could not get disk id for sdb
Feb 8 14:50:56 supp15 kernel: :VMWARE: Unique Device attached as scsi disk sdb at scsi1, channel 0, id 0, lun 0
Feb 8 14:50:56 supp15 kernel: Attached scsi removable disk sdb at scsi1, channel 0, id 0, lun 0
Feb 8 14:50:56 supp15 kernel: scsi_register_host starting finish
Feb 8 14:50:56 supp15 kernel: SCSI device sdb: 2001888 512-byte hdwr sectors (976 MB)
Feb 8 14:50:56 supp15 kernel: sdb: Write Protect is off
Feb 8 14:50:56 supp15 kernel: sdb: sdb1 Feb 8 14:50:56 supp15 kernel: scsi_register_host done with finish
Feb 8 14:50:56 supp15 kernel: USB Mass Storage support registered.

4) Now that we know that it’s sdb1,
Create the mountpoint directory:
mkdir /mnt/usb
Mount the device:
mount /dev/sdb1 /mnt/usb

That’s it. Your files should be in /mnt/usb. To check, just run ls /mnt/usb

In a case that you don’t have /dev/sdb1 there, which is what happened to me once with a Dell CDrom, I had to mknod the device.
After plugging the usb cdrom into the machine, /var/log/messages showed:

date hostname kernel: sr0: scsi3-mmc drive: 10x/10x cd/rw …..

Unfortunately, if you type: “mount /dev/sr0 /mnt/mountpoint”, it will say:
“mount: special device /dev/sr0 does not exist” and that doesn’t do us any good. So what I did after that was:
cd /dev
mknod sr0 b 11 0

With that, /dev/sr0 existed and hence I was able to run:
mount /dev/sr0 /mnt/mountpoint

or, I could run:
ln -s /dev/sr0 /dev/cdrom
and run:
mount /dev/cdrom /mnt/mountpoint

That’s it!