Enhance ClearOS 6 Password Policy


Our customer using ClearOS 6 (professional edition) to store user password and almost all applications using it as external authentication so user only has to remember one password and Zimbra is one of the application.

Recently the public IP that used as mail outgoing traffic being listed in RBL and by our check in server we found there are some user account has been hijacked so it’s sending spam email to outside domain (gmail.com, outlook.com, etc) then i set suspected status to close in zimbra also reset it’s password randomly  but it’s happen quite frequently.

Then i created simple php script using clearOS API to scan weak password (based on list), surprisingly there are bunch of user using weak password such as “Passwd11”, “Paasword88”, etc. so i conclude the builtin password policy in ClearOS is not good enough to prevent it.


Based on my experience create and modifying ClearOS module (as it’s just a PHP code) i modified ClearOS user module. to increase password policy by following criteria:

  • Maximum length
  • Minimum length
  • Minimum uppercase
  • Minimum numeric character
  • Minimum punctuation character
  • Forbid user to use username within password
  • Forbid user to use password that listed in weak password list.

Continue reading “Enhance ClearOS 6 Password Policy”

Icinga2 ido-mysql schema issue

I use icinga2 version 2.4 in my testing environment but unfortunately it doesn’t include with several several feature that i need to RnD one of them is InfluxDB Writer. so by just adding icinga2 PPA the latest version has been installed (2.6), but icinga2 cannot running with following error message in log file

critical/IdoMysqlConnection: Schema version ‘1.14.0’ does not match the required version ‘1.14.2’ (or newer
(0) Reconnecting to MySQL IDO database ‘ido-mysql’
icinga2.service: Main process exited, code=exited, status=1/FAILURE

So the root cause of this issue is different db schema between icinga2 version 2.4 and 2.6 in ido-mysql. then i apply new schema for 2.5 to 2.6 (must be sequentially).

for 2.5
mysql -uroot icinga2 < /usr/share/icinga2-ido-mysql/schema/upgrade/2.5.0.sql

then 2.6
mysql -uroot icinga2 < /usr/share/icinga2-ido-mysql/schema/upgrade/2.6.0.sql

Then restarting icinga2 service
# systemctl restart icinga2

Using HTTPS on CherryPY

Here’s CherryPY app configuration for using HTTPS:

  'server.ssl_module': 'builtin',
  'server.ssl_certificate': '/opt/myapp/conf/cert/cert.crt',
  'server.ssl_private_key': '/opt/myapp/conf/cert/cert.key',

for ssl module module you can use builtin or pyopensll (by installing pyOpenSSL module). Use this command if you want create self sign certificate.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout cert.key -out cert.crt

Dump & Restore MongoDB With Specified Collection and DB

For example i have collection with name logs and db postfix, the output for dumped DB will be located to /tmp/backupmong

mongodump --out /tmp/backupmong/ --collection logs&nbsp;--db postfix

The command above will generating 2 files .bson and .metadata.json

Here’s the command for restoring the database (collection) by using .bson file.

mongorestore /tmp/backupmong/postfix/logs.bson -d anotherdb -c anotercol

[MongoDB] Insert new data as first index in existing Array

For instance if i have following simple data:

{ "_id" : ObjectId("56a9d168e7d029513ded52f3"), "first_roof" : [ { "seq" : [ "John", "Ben", "Lee" ] } ] }

Then to add/update array namely seq by using this query:

db.test.update({_id: ObjectId("56a9d168e7d029513ded52f3")} , {$push: {'first_roof.0.seq': { $each: ["Omar"], $position: 0  } }    } );


  • 56a9d168e7d029513ded52f3 : is ID for document that i want to modify.
  • $push : mongodb modifier to append data with target position that i want to change.
  • first_roof.0.seq: Injecting data into first index of array seq that located on first index of array first_roof
  • $each: specifying data that will be appended.
  • $position: use index 0 if you want to insert as first element.