dxcmd error “Unable to initialize DClient” caused by config file permissions

Attempting to run dxcmd was yielding this error on one of our IDM servers:

DirXML Command Line Utility
Copyright (C) 2003-2011 Novell Inc., All Rights Reserved

Enter user name: foo.user
Enter user’s password:
java.lang.Error: Unable to initialize DClient
at novell.jclient.JClient.initializeDclient(Native Method)
at novell.jclient.JClient.initialize(JClient.java:906)
at com.novell.nds.dirxml.util.DxCommand.commandLine(DxCommand.java:419)
at com.novell.nds.dirxml.util.DxCommand.main(DxCommand.java:391)

Using the command

strace -f dxcmd -user foo.user -password S00perS33cr3t

turned up a “permission denied” error while trying to open /etc/opt/novell/nici64.cfg. On other servers, that file was world-readable; on the problem server, it was owner- and group-readable only.

The chosen fix was to remove world-readable attribute on all servers, and use “sudo dxcmd” to eliminate the file permissions problem.

Deleting sendmail file pairs based on content

This one-liner will identify files containing a string, and then use some bash string manipulation to generate a wildcard for the pair of files sendmail creates for each message (dfn for message content, and Qfn for headers). This assumes you’re running it in the mail queue directory (/var/spool/mqueue for example).

for f in `grep -l -i viagra *`; do t=${f:10:6}; rm -f *${t}; done

The ${f:10:6} extracts the last 6 characters of the filename, then the rm command prepends that with the wildcard.

Some sample output:

[root@mail mqueue]# grep -l -i cialis *

But there are actually six files:

[root@mail mqueue]# ls -l | egrep "020530|015512|031687"
-rw------- 1 root smmsp 2062 Aug 30 01:27 dfn7U8Rc3X020530
-rw------- 1 root smmsp 2232 Aug 30 06:07 dfn7UD7BUh015512
-rw------- 1 root smmsp 2069 Aug 31 07:21 dfn7VELCbV031687
-rw------- 1 root smmsp 825 Aug 30 01:27 Qfn7U8Rc3X020530
-rw------- 1 root smmsp 837 Aug 30 06:07 Qfn7UD7BUh015512
-rw------- 1 root smmsp 810 Aug 31 07:21 Qfn7VELCbV031687

So we run the command, using cialis:

for f in `grep -l -i cialis *`; do t=${f:10:6}; rm -f *${t}; done

Then there are no more files 🙂

[root@mail mqueue]# for f in `grep -l -i cialis *`; do t=${f:10:6}; rm -f *${t}; done
[root@mail mqueue]# grep -l -i cialis *
[root@mail mqueue]#

One-liner to count current IP connections

A quick one-liner to show the IP addresses with an established connection to your server, sorted in order:

netstat -ant | grep ESTABLISHED | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr

If you care only about a certain TCP port, say 80 for web traffic, the command becomes:

netstat -ant | grep :80 | grep ESTABLISHED | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr

Output would look like:


Continue reading “One-liner to count current IP connections”

sudo and local passwords vs SSH

Just tracked down a problem with sudo at work. The error message

sudo: pam_authenticate: Module is unknown

would show up when doing “sudo su -”

An initial strace shows that libkeyutils was being looked for:

open("/lib64/tls/x86_64/libkeyutils.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/tls/x86_64", 0x7fffe8902810) = -1 ENOENT (No such file or directory)
open("/lib64/tls/libkeyutils.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/lib64/x86_64/libkeyutils.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/x86_64", 0x7fffe8902810)   = -1 ENOENT (No such file or directory)

but was not installed on the server. A “correct” server shows:

[root@host ~]# rpm -qa | grep keyutils|sort

Without keyutils installed, the SSH keys we had set up weren’t able to be processed. PAM then fell back to local passwords, which was not set for the particular user in question.

Anyway, just hoping this helps someone else in the future.