When people need to download their emails using IMAP, fetchmail is probably the first package that comes to mind. Fetchmail works very well, but there’s still a problem: What to do if you have more than one client accessing the same IMAP server, say a desktop at home and a laptop on the road?

I lived with this dilemma for a long time, until I finally found offlineimap.

Unlike fetchmail, offlineimap is an IMAP “synchronizer”. Instead of downloading emails, it creates a “local copy” (using Maildir) of your remote IMAP mailboxes. When a message arrives at the server, offlineimap downloads the message to your local computer. If you delete a message locally, offlineimap deletes the message from the IMAP server, and so forth.

I’ve been using offlineimap for a long time now, and aside from some minor problems (nothing serious, really), I couldn’t be happier. I definitely recommend it to anyone who needs to access a central email repository from more than one computer.

• Debian offlineimap Page
• Offlineimap Gopher Page

Keywords: Daily Debian, offlineimap, imap, synchronizer, sync

[Permalink] | | | | |

Tracing network routing problems is a common task in the life of a typical systems administrator. The “canonical” tool for this job is traceroute, which is part of the default Debian installation. Traceroute follows the good old Unix philosophy: Do your job (and only your job), and do it well. It runs, prints the route, and quits. But what if you need a constant visualization of the path to a server, including latency figures? That’s where mtr enters the scene.

MTR displays the route to a given host in real-time, updating the figures every second. The constantly updated display makes it easier to spot intermittent routing problems. MTR uses ncurses to provide a full screen display, but it can also use GTK+, if running under X.

• Debian mtr page

Keywords: Daily debian, mtr, traceroute, networking, routing

[Permalink] | | | | |

Iftop is a “top” like tool that reports network usage instead of CPU usage. Unlike most other tools, iftop provides a clear and practical curses interfaces with the bandwidth utilization broken down by host/port. It also shows your traffic averages over the last 2, 10 and 40 seconds, as well as cumulative totals.

Iftop is definitely one of those programs wish you had known earlier.

Iftop can be found at http://www.ex-parrot.com/~pdw/iftop/

Keywords: Debian Daily, ntop, top, linux, network, ethernet

[Permalink] | | | | |

Most people these days use SSH to provide remote access to their servers. Many times, however, you don’t want to give your users full shell access to your system; all they really need is to transfer files and change permissions. If you find yourself in this situation, then scponly may be for you.

With scponly your users can use SCP, SFTP, WinSCP and other similar programs to copy files in and out of the system, but cannot use SSH to get a system prompt. Scponly can also be configured as a chrooted environment, effectively confining your users to their home directories.

Scponly can be found at http://www.sublimation.org/scponly.

Keywords: Debian Daily, scponly, security, ssh, scp, sftp, winscp

[Permalink] | | | | |

I finally got tired of all the script-kiddies trying to guess my root and other common user passwords by brute force attack. Even though I have SSH configured to allow only a few selected users to login, their brute force attempts create some quite large syslog files in my system.

I went around looking for a portknocker, but since many times we’re behind restrictive firewalls, it becomes impossible to remotely “open” SSH to your current IP address.

I then decided to write something myself, and webknock is the result of it.

Webknock is a Perl program that sits idly in the background monitoring your apache “access” logfile. Once a pre-determined sequence is hit, it executes a configurable command, with the calling IP as an argument. A popular choice here would be “iptables”, allowing access to your current IP.

After a pre-determined (but configurable) amount of time, another command is executed, this time “closing” access to the previously used IP address.

Note that this is only useful if you already have Apache running in your server, and port 80 or 443 can be accessed from anywhere in the net (my case). Also, no modifications are required to the Apache configuration.

You can Download Webknock Here. Documentation is available by executing “perldoc webknock”. Webknock is free software, available under the terms of the Gnu General Public License (GPL).

Keywords: webknock, apache, port knocking, port knocker

[Permalink] | | | | |