Category Archives: lessons

who did what with ROOT?!

When you are not sure who is using SUDO on a server, and you really need to know who keeps making that annoying change.  You can install something to watch them, and maintain that software and related logs. Keep it setup in your package management system, and make sure it doesn’t have any patches.

OR

You could use the little-known (at least those I have asked in the field) modifications I will list below.  They are two fold.  One, you will enable to record who logs in and uses SUDO, and records their session. Much like many pieces of software out there today.  The one catch to my method is simple.  You already have the software installed, yup this has been a feature of SUDO since version 1.7.4p4.  So nothing else to install, worry about, or maintain.  It is also very easy to setup, see below:


/etc/sudoers modifcation:
All you need to do is to add 2 tags to all required sudoers entries.
*(where "su" specified, either with command or alias). 
LOG_INPUT and LOG_OUTPUT
Example: 
%admins ALL=(ALL) NOPASSWD: LOG_INPUT: LOG_OUTPUT: ALL

Add the following default log dir structure to sudoers:
Defaults iolog_dir=/var/log/sudo-io/%{user}
Note:
Output is logged to the directory specified by the iolog_dir option (/var/log/sudo-io by default) using a unique session ID that is included in the normal sudo log line, prefixed with TSID=.  The iolog_file option may be used to control the format of the session ID.  Output logs may be viewed with the
sudoreplay(8) utility, which can also be used to list or search the available logs.   Keeping in mind that if the user has a really long session you will be viewing it like a movie, it will replay as if he is sitting there typing.  With this in mind, sudoreplay gives you the ability to play back at faster speeds.  This makes it easier to find where things happened in a long recording.

So that is one good method to help find a culprit, but what if you are just looking at history of root?  Can you tell me who ran what? Can you tell me when they ran the commands you see when you type ‘history’?  By default, no.  The next tidbit of info is very useful, and extremely easy to add to your machines.  Simply add the following to your /etc/profile:

export HISTTIMEFORMAT=”%d.%m.%y %T “

Yes, that is a space at the end.  If you do not put that in there you will end up with it running together with the actual command typed in history.  So your history should look like the example below:

1995 06.10.15 13:08:05 top
1996 06.10.15 13:08:05 clear
1997 06.10.15 13:08:05 df -h
1998 06.10.15 13:08:05 umount /media
1999 06.10.15 13:08:05 sudo umount /media
2000 06.10.15 13:08:05 sudo su –
2001 06.10.15 13:08:07 history

I hope this helps someone save some time, as it has me.  Please feel free to share with others.

-M

 

 

Need DevOps Help?

  • Had issues with your DevOps pipeline?
  • Need help streamlining automation or configuration management?
  • Need to green field or “lift and shift” applications into the cloud?

If you are trying to do any of these, and running into issues please contact me.  I am now open to consulting directly.  Fixing even a few small inefficiencies can have a huge impact on the bottom line.  Not only that, if the DevOps philosophies are really taken up, its likely that the employee base will also be happier, and proud of their accomplishments as a team.

As far as technologies I support, please take a look at my Technologies page.  (Updated often)  I am also happy to take on new ones for a project if needed.

Creating an efficient pipeline is what I do; and a fully functional system that is working well can be an amazing thing.

 

Matthew Curry
MattCurry.Com

 

The Eagle Has landed….

All,

I have made it…. the move is complete!   I just wanted to say thank you for everyone that has been waiting on me.  I know I have taken a while on a few things, and I am finally in a position to run with everything again.  I finally have a decent internet connection [330mbps/330mbps]; so I will also be able to host things at high speed for us now as well.

As far as the installer goes, I hope to be done very soon with it ;  I am putting my final touches on it for the Pixel desktop.  If I get time I might be able to get Bluetooth working!  However, I have to get caught up first.

For those waiting on hardware, most has been shipped with a few exceptions.  I have notified those people.  I have a true ‘shop’ area again, and this will allow me to be much more efficient.  Meaning shorter wait times/etc…

 

Sincerely,

-M

Thank you to all… Jasper v1.6 Image News!

First, I would like to say thank you to the community members for helping out. I have gotten a lot of input on the new image.  This has also given me better feel for what the community wanted in an image. Which leads me to the next bit of news.


Some of you are undoubtedly wondering why I have not released my Jasper v1.6 image as of yet.  Well, I can assure you there are very good reasons.

Firstly,  I have had some severe family/health issues come up as of late which take priority.  I am also in the middle of moving a family of 5.  Combine that with the other reasons below, and I feel that most will feel the wait to be worth it.

This leads me to the next bit of news, however shocking it may be.

  1.  There will be no version 1.6 image.
    1. There will be no image at all…
  2.  Instead, there will be a full installer.
    1. This is one of the reasons for the delay.
  3.   The installer will work with a full GUI, and on the desktop.
    1. Examples:
      1. Full ubuntu Install.
      2. Fresh RPI install with GUI.
  4. The installer will be iterated on by feature going forward.
    1. We can add community approved features one at a time.
      1. Example:
        1. Change Jaspers Name
        2. Change STT after setup
        3. Etc.

FAQ (COMING SOON)

  • So whats that mean for me?
  • What do I do if I am running Jasper v.15?
  • Where do I get the installer?
  • Do I need to upgrade?

 

A few BASH tips from an old Linux admin.

Everyone has seen these “Top 50 commands” blah blah blah….. #clickbait….

I am writing this just to make BASH a much more pleasant experience for people new and old to Linux.  It is also for any sysadmin that has simply not been introduced to some of them.

I could list tons of them, but that’s going to get a simple TL;DR for most people.  Then they will move on.  So I will list a few and lets let those digest.  Keep in mind all commands are in Linux, and may vary by distribution.

First BASH tips (Simple, but time savers):

  1.  Type ‘cd’ and you will go to your home directory for the user you are logged into.
    1. Similar to “cd” ~, however ~ can sometimes rely on the environment.
  2. To return to the previous directory you can type ” cd -“.
    1. This will return you to your previous location, not home.
  3. Type “tailf”, instead of “tail f” for the same results.
    1. Also, “tail -200” can be used instead of “tail -n 200”
  4. Use a custom “PS1” for root, and regular users.
    1. A “PS1” is the text in the login prompt. See Example to the right:
      1. Notice it is yellow
      2. Do the same but in red for root.
    2. Examples:
      1. Debian PS1 for a normal user (as seen to the right)
      2. Debian PS1 for a ROOT user.
        1. These will need to be added to the bottom of “.bashrc” in your home directory
        2. Keep in mind files starting with a . are hidden in Linux, but there.
          1. I also have MAC PS1’s public in my gists.

 

I think that is enough for today, I hope this helps make BASH your friend.

 

-M

Jasper Kits on hold…

These were for the community, and I have enjoyed designing and building these kits.  However, I am at a point now, where I do not have the time to properly maintain and build and ship them.  This is not necessarily a permanent decision, I may bring them back in the future given I have the time.

That being said, I do have a few left.  If you are interested please let me know now.  I will get an exact count soon, and update it here.  Once they are gone, I will not be building more.

With all that being said, I am still here to help with questions.  I am also still developing what I hope is a better user experience with my images.  (Version 1.6 out soon!)

If you have any questions; or would like one of the last kits, I would suggest speaking up now.  Not that I will disappear, but I will be unable to spend the time on them for a while starting soon.

I also wanted to say thank you again to the community members that are helping each other, and the new guys.  I do notice, and it is appreciated.

-M

Jasper Image V1.6 – Release Date!

I have recently had a large number of people wanting to know the exact release date for the v1.6 image. I will release it without the installer, and release the installer separately so it can be used on images that are not mine.

  • Release Date:
    February 15, 2017

I would highly suggest that if there is annoyance; or fix for the next release that it be reported ASAP to the room in our SLACK.

 

Thanks for your patience,

Matthew Curry

Google Disables Hangouts API…breaking many services.

I have seen much FUD around this, and I wanted to clarify so people are aware what Google’s Intentions are for Hangouts.  As I am a heavy user of the product, I was very surprised to see this.  It appears that Google will still keep Hangouts around, but for the ‘normal’ user demographic only.  They will be disabling their API on April 25.  This however, should not be a complete surprise.  Google has made it clear that with the arrival of their new products Allo and Duo that they are switching to an enterprise vision for many of their products.  However, they will NOT BE REMOVING IT COMPLETELY, as mentioned in the linked engadget.com article.

What does this mean for you? The ‘End User’, if just using the services at face value may not even see a difference.  However, services and sites that use the integration features will likely be affected.  They (google) have allowed for an exception, and that is if they site/service qualifies as an “Enterprise Communication Tool”, slack for example.  There won’t be many of those I expect.

Basically it comes down to this, they are ending the Hangouts API integration (publicly) on April 25th.

 

Hope that helps,

Matthew Curry

How AI listens in Jasper (and others)!

 There are two basic kinds of listeners, an active and a passive.  You will not get good offline (passive listener) results for a wide variety of speech currently.  Most offline listeners are used as ‘passive’ listeners. They usually just listen for the wake word or just a few small commands.  They are very accurate but can’t sustain a large vocabulary without CPU issues.  Some are also closed source such as Kitt.ai (snowboy), and require that you train each word on their site.

The other kind, aka the “Active listener”; or the one always listening.  Would be used to listen once activated by the passive listener, and has a much more broad vocabulary.  However, these are online only. Due to the way they work (gathering metadata to increase accuracy), its just not possible currently on a small device. Examples would be standard APIs such as Google, Wit.ai, Ivona/Polly, etc.

There are projects to fix these offline issues, but they are all in the works. See my site for info on some of them. mattcurry.com

NEW Jasper Documentation!

Hello All,

First, I want to thank everyone that has been patient with me so far in getting these things done one at a time…

I know it is not easy to get some of these things completed without good documentation.  So, with the help of a few community members, I have started what is a very rough draft of our documentation.  It is neither complete, or ready….  However, we are adding information as we go, so keep a close eye.  Even feel free to clone it, and contribute.  There will be documentation on how to do both of those coming as well.  Feel free to watch here, the repository, or the Support Forums/Slack for updates.  I update them all.

If you have items you would like to see added to the documentation, I would run it by myself, or d34dman first.  If we have not already written it (there are some not committed yet); then we will just let you know to put in a PR (aka Pull Request).  Once we have both reviewed it and give it a thumbs up.  We will merge it.

Alright, all that said… Here is the link to the documentation!

 

Thanks,

Matthew Curry