Category Archives: lessons

who did what with ROOT?! [Updated]

When you are not sure who is using SUDO on a server, and you really need to know who keeps making that annoying change.  You can install something to watch them, and maintain that software and related logs. Keep it setup in your package management system, and make sure it doesn’t have any patches.

OR

You could use the little-known (at least those I have asked in the field) modifications I will list below.  They are two fold.  One, you will enable to record who logs in and uses SUDO, and records their session. Much like many pieces of software out there today.  The one catch to my method is simple.  You already have the software installed, yup this has been a feature of SUDO since version 1.7.4p4.  So nothing else to install, worry about, or maintain.  It is also very easy to setup, see below:


/etc/sudoers modifcation:
All you need to do is to add 2 tags to all required sudoers entries.
*(where "su" specified, either with command or alias). 
LOG_INPUT and LOG_OUTPUT
Example: 
%admins ALL=(ALL) NOPASSWD: LOG_INPUT: LOG_OUTPUT: ALL

Add the following default log dir structure to sudoers:
Defaults iolog_dir=/var/log/sudo-io/%{user}
Note:
Output is logged to the directory specified by the iolog_dir option (/var/log/sudo-io by default) using a unique session ID that is included in the normal sudo log line, prefixed with TSID=.  The iolog_file option may be used to control the format of the session ID.  Output logs may be viewed with the
sudoreplay(8) utility, which can also be used to list or search the available logs.   Keeping in mind that if the user has a really long session you will be viewing it like a movie, it will replay as if he is sitting there typing.  With this in mind, sudoreplay gives you the ability to play back at faster speeds.  This makes it easier to find where things happened in a long recording.

So that is one good method to help find a culprit, but what if you are just looking at history of root?  Can you tell me who ran what? Can you tell me when they ran the commands you see when you type ‘history’?  By default, no.  The next tidbit of info is very useful, and extremely easy to add to your machines.  Simply add the following to your /etc/profile:

/etc/sudoers modifcation:export HISTTIMEFORMAT="%m.%d.%y %T "

Yes, that is a space at the end.  If you do not put that in there you will end up with it running together with the actual command typed in history.  So your history should look like the example below:

1995 06.10.15 13:08:05 top
1996 06.10.15 13:08:05 clear
1997 06.10.15 13:08:05 df -h
1998 06.10.15 13:08:05 umount /media
1999 06.10.15 13:08:05 sudo umount /media
2000 06.10.15 13:08:05 sudo su –
2001 06.10.15 13:08:07 history

I hope this helps someone save some time, as it has me.  Please feel free to share with others.

-M

 

Kill Switch Pictures/Update

Hello All,

For those following along, I have moved Kill Switch, my sons e-vehicle project. To a permanent page.  I have also added a gallery for the work as I go.  Keep an eye…

You can also subscribe to my RSS if you like.

Thanks,
-M


P.S.

Thanks to TJUMP7 for the donated 4gb SD card, and help with the motor controllers!  I can’t wait to get all the parts and get it going!

Handy One-Liners – Full Debian Update

This one is great for a “Full Update” on debian / ubuntu machines.

It calls the script without ever installing anything (assuming curl is installed).  Be sure to run as root, either with sudo or as root directly.

As you can see in the snippet; it uses a script that is remotely hosted (in a github gist).  This is great because you  can see exactly what it does by looking at the script.  It just calls system commands, so it can’t do anything malicious.  Just run sudo, then the above command and it will run the below script:

Another trick you can do with something like this, is copy it to  /usr/bin/fullupdate (as root of course), and ensure its executable “sudo chmod +x /usr/bin/fullupdate”.  Then you can call “sudo fullupdate”, from anywhere and use it when needed. Alternatively, you can use it on a cron to run on a schedule!  If you don’t want all the options, just download the script and change it for your liking.

 

Welcome to open source.

Got an Idea? Need Help? Raspberry PI prototyping!

Just another thing that I helping with lately.  If anyone need help with a new idea for a Raspberry PI, or IoT device message me.  I have been  through several POC’s (proof of concepts).

Keep in mind, if you are working on a new product; or sensitive information I keep all client info secret, and have no issues with an NDA.

  • Home Automation
  • Voice Recognition
  • Several TTS/STT Options
  • Custom Hardware
    • Integration with existing hardware
  • Custom Software
    • Custom Plugins/Adjustments
    • Coding
  • R&D on Subject Matter
    • Build
    • Test
    • Design
  • … and whatever else is needed …

Happy to just answer questions; or see what I can do to help.  Just contact me.

Building E-Vehicle/Robot for Son!

I am building a robot (named aptly: Kill Switch) from old parts I had laying around, and it is powered by hub motors from a ‘hover-board’.  The stats were pretty strong for small kids; so I am building a lot of safety into it.

This will include software, and hardware measures to ‘take over’ the device, and even limit speed.  Eventually I will be able to return him back to a certain spot with playtime is over.  I hope to automated charging as well eventually.  There are a lot of features I have ready; however I am still building out the hardware.

This can be difficult to do and keep extremely safe.  So for starters I am testing it only; and I have 2 kill switches I am putting in to ensure safety.  One the person will have to keep his foot on constantly for the buggy to run.  The other is a simple quick kill switch.  (Eventually these will be automated).

The Device already has an RPI3 with a small motor-controller for future automation’s.  This will control other aspects of the vehicle via software.  Such as speed limitations, power usage, GPS, WIFI, BT.  I will also be using a pico router to establish a LAN around the device.  This is for media, as the vehicle will have speakers/screen to watch/host media on the LAN.

Hardware Safety Features:

  • Dash Kill Switch
  • Foot Kill Switch
  • Flip/Tilt Sensor
  • Lights
  • Front
  • Rear

Once testing is completed, and it works; I will go through how I set it up.  However, this will be piece by piece as I do it.  I have even considered some youtube videos.  However, that will depend on my success in doing this on a budget.  I am also using completely reclaimed parts, minus a couple bolts I bought.  So its been free so far.

On that note, I have been building the chassis, but if anyone in the Dallas, TX area has an old go-cart frame that rolls/steers, I am looking.  I think it would make it a lot lighter.  Shoot me a message, info is on my contact me page.

 

MUCH More to come… Please keep an eye on the series…

-M

Setting up Raspberry PI 3 Wifi (Via CLI/BASH)

To all Raspberry PI Tinkerers…
I have had several people as for a how-to on setting up wifi on a Raspberry PI via command line.  It is actually quite easy.

Here is a quick tutorial I hope helps.


First, we need to open the file that controls what wifi we connect to.

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

This will open the file that controls what access points your RPI looks for.

Here is an example of how one should look (RPI3):

country=US
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
        ssid="SSID_HERE"
        psk="KEY_HERE"
        key_mgmt=WPA-PSK
}

Now that this file has been updated; we will need to reboot to ensure everything comes back up correctly.
Ensure that your RPI is connected to wifi.

Simply type: ifconfig

Then it will show all the interfaces, the wireless is usually “WLAN0”, or something that starts with a “W”.
The ethernet will usually start with an “E”, for example “ETH0” is very common.

Need DevOps Help?

  • Had issues with your DevOps pipeline?
  • Need help streamlining automation or configuration management?
  • Need to green field or “lift and shift” applications into the cloud?

If you are trying to do any of these, and running into issues please contact me.  I am now open to consulting directly.  Fixing even a few small inefficiencies can have a huge impact on the bottom line.  Not only that, if the DevOps philosophies are really taken up, its likely that the employee base will also be happier, and proud of their accomplishments as a team.

As far as technologies I support, please take a look at my Technologies page.  (Updated often)  I am also happy to take on new ones for a project if needed.

Creating an efficient pipeline is what I do; and a fully functional system that is working well can be an amazing thing.

 

Matthew Curry
MattCurry.Com

 

The Eagle Has landed….

All,

I have made it…. the move is complete!   I just wanted to say thank you for everyone that has been waiting on me.  I know I have taken a while on a few things, and I am finally in a position to run with everything again.  I finally have a decent internet connection [330mbps/330mbps]; so I will also be able to host things at high speed for us now as well.

As far as the installer goes, I hope to be done very soon with it ;  I am putting my final touches on it for the Pixel desktop.  If I get time I might be able to get Bluetooth working!  However, I have to get caught up first.

For those waiting on hardware, most has been shipped with a few exceptions.  I have notified those people.  I have a true ‘shop’ area again, and this will allow me to be much more efficient.  Meaning shorter wait times/etc…

 

Sincerely,

-M

Thank you to all… Jasper v1.6 Image News!

First, I would like to say thank you to the community members for helping out. I have gotten a lot of input on the new image.  This has also given me better feel for what the community wanted in an image. Which leads me to the next bit of news.


Some of you are undoubtedly wondering why I have not released my Jasper v1.6 image as of yet.  Well, I can assure you there are very good reasons.

Firstly,  I have had some severe family/health issues come up as of late which take priority.  I am also in the middle of moving a family of 5.  Combine that with the other reasons below, and I feel that most will feel the wait to be worth it.

This leads me to the next bit of news, however shocking it may be.

  1.  There will be no version 1.6 image.
    1. There will be no image at all…
  2.  Instead, there will be a full installer.
    1. This is one of the reasons for the delay.
  3.   The installer will work with a full GUI, and on the desktop.
    1. Examples:
      1. Full ubuntu Install.
      2. Fresh RPI install with GUI.
  4. The installer will be iterated on by feature going forward.
    1. We can add community approved features one at a time.
      1. Example:
        1. Change Jaspers Name
        2. Change STT after setup
        3. Etc.

FAQ (COMING SOON)

  • So whats that mean for me?
  • What do I do if I am running Jasper v.15?
  • Where do I get the installer?
  • Do I need to upgrade?