Elliott C. Back: In Aere Aedificare

People have figured out how to run commands on the serial interface of the iPhone, which apparently isn’t protected:

Your friends at #iPhone made a major breakthrough this morning.
we got a serial console working, here is how
the serial has the same pinouts as iPod serial
use a 6.8kish resistor from pin 21 to gnd
tie pin 11-sergnd to the real ground
use iphoneinterface to send the following commands in recovery mode:
setenv debug-uarts 1
saveenv
reboot
that should work

IT GIVES YOU A FULL INTERACTIVE SHELL
I REPEAT, A FULL INTERACTIVE SHELL

The command list is:
iphone.fiveforty.net/geohot/cmdlist.txt

You need a level converter, like the max 232 to make this work

This means that within a few days someone will package an unlocking program and an easier-to-use interface together to unlock the iPhone’s SIM card and make it do what it was really meant to do–let anyone have three or four Apple devices on their person.

Related Stories:
iPhone Edge Network Dies
Broken iPhone Screens, oh noes!
The beginning of iPhone hacks
Activate iPhone instructions for noobs

If you want to monitoring the bandwidth in/out of your linux server, a tool like bmon is essential. Use the fedora core RPMs from dries rather than compiling from source, it’s a lot easier. For some reason it refused to link to my ncurses, but once I installed the binary I got this beautiful graph:

You can run it with bmon -r .1 -R 30 to get a 30 second average, or with -o ascii to get terminal “plain” output for use with the standard linux pipes, cuts and other tools.

The following script will remove duplicate entries from your iptables banlist by first removing all the entries, making them unique (and sorted) and then adding them to iptables again. You may want, as extra insurance, to add your server / home ip to the sed delete line to protect against … accidents:

#!/bin/bash

/sbin/iptables -L -n | cut -d ” ” -f 12 | sort | sed ‘/^\s*$/d’ | sed ‘/^\(127\|localhost\|loopback\|0\.\|192.\|your_ips_here\).*$/d’ | uniq > /root/ips
/sbin/iptables -F

for ip in `cat /root/ips`
do
/sbin/iptables -I INPUT -s $ip -j DROP
done

/sbin/iptables -L -n

I accidentally hosed my server for the last, oh, 30m or so by screwing around with iptables as root. After it came up, I added the sed rules to make sure I didn’t accidentally do it again, and then scheduled the cleanup job to run every 8 hours:

chrontab -l
0 */8 * * * /root/iptables-clean.sh

Hope this helps someone out there having trouble managing their server…

If you want to, say, run iptables from a script to ban naughty users on your website, you’re going to quickly find yourself with an error:

Can’t initialize iptables table ’some table’: Permission denied (you must be root)

Since only root is allowed to run iptables, then we need to let apache be root to run it. Just edit /etc/sudoers and add the line apache (ALL)=(root) NOPASSWD: /sbin/iptables. This means that the user apache is allowed to run iptables as root for any server group, so it is not particularly security adverse. It certainly doesn’t grant apache all of root permissions, which would lead to instant disaster. After you make this change, you can now run sudo iptables as apache:

sudo -u apache sudo iptables -I INPUT -s 127.0.0.1 -j DROP

The addition of Plesk 8 causes numerous problems, but they are surmountable. Here’s a list of steps to go from 0 to a new distro without any hitches at all:

1) Get Yum. If you don’t have it, you can run these commands:

cd /tmp
wget yum-2.3.2-7.src.rpm
rpm -Uvh yum-2.3.2-7.src.rpm

2) Install the FC4 repository location:

wget fedora-release-4-2.noarch.rpm
rpm -Uvh fedora-release-4-2.noarch.rpm

3) Update everything in your standard Fedora Core 4 distro:

yum upgrade

4) Remove all kernels older than than 2.6.14:

rpm -qa “*kernel*”
yum remove kernel-2.6.14*

5) Install the FC5 repository location:

wget fedora-release-5-5.noarch.rpm
rpm -Uvh fedora-release-5-5.noarch.rpm

6) Update yum to the faster newer yum:

yum update yum

7) Install the atomic release locations for PSA 8.1:

wget atomic-release-1.0-3.rhfc5.art.noarch.rpm
rpm -Uvh atomic-release-1.0-3.rhfc5.art.noarch.rpm

8) Install the repository for PSA 8.1:

Add the following to the end of /etc/yum.conf:

[psa-8.1]
name=Atomic Rocket Turtle - FC5 - SW-Soft PSA 8.1 RPMS
baseurl=http://3es.atomicrocketturtle.com/atomic/psa-8.1/fedore/5/i386
gpgcheck=0

9) Upgrade everything:

yum clean all
yum upgrade

10) Fix any rpmdb / selinux issues:

/sbin/fixfiles relabel
rpm –rebuilddb
reboot

Now you should have an FC5 system with all the nice PHP bugfixes. If you use eaccelator or other PHP extensions you’ll have to install them again, and you will also want to fix up the config files before you reboot (httpd.conf, mysqld.conf, php.ini).