Category Archives: Debian / Ubuntu

Auto Added by WPeMatico

12 Years without Microsoft and loving it!

As of April, 2004 I stopped using all Microsoft products.

For many reasons. I know people like to debate about microsoft products. However, for me its not a debate.

Examples [Just a tiny bit]:

If I was a contractor and came into your company and said, “I am going to record all your keystrokes, and put them on my server every 30min”, you would laugh me out the door. Especially in software, where the source can be recreated from the key logs. Well, Microsoft does it.
If I was a contractor and came in to your company and found a security bug, and then sold it on the black market making you vulnerable before there is a patch to hackers. You would probably sue me; and maybe even press charges of some kind, as it can put you out of business. Well, Microsoft does it.
If I was a contractor and came in during the night and upgraded all your desktops to an OS you haven’t tested… well I think you get the point by now…
UEFI – Just look into it…
Severe security issues; and poor coding.
- Keep in mind even if they don’t use the keylog maliciously, with the poor security wrapped around it, it is within reason to think it would be compromised.

Please keep in mind I am just looking at the black and white of things. This has nothing to do with how I ‘feel’ about them. From a business standpoint, I can not simply fathom the use of any Microsoft product in any serious company; especially a software development one.

Now, I am experienced in IT/Software Development/DevOps; and anyone will tell you security is a trade off with convenience. That is true. However, between the cost (which is high); and the constant worry about security and stability with each patch. Its something people really need to ask themselves, ” Is this really convenient/cost effective”; and 15 years ago it might have been yes. Now, there is no excuse.

Reason #… I’ve lost count…not to use Microsoft.

Welcome all windows, and samba users. Please read badlock.org for why poor decisions have led to this day.

There is a known vulnerability with samba, please read the site listed. If time permits I will update this article with better info. However, if you are running Samba the shame on you… especially the old version. I have not “had to run samba”, for anything in several years now.

Please read my article on using AFPd in linux to use it as a time machine backup. Works great! Or my preference is NFS on a LAN.

Either way, I hope this helps a few people. Please share the article if it helped. There is a patch with CVE on the way according to their site.

Sincerely,
M

Be Careful with LetsEncrypt!

I must say, like a lot of people I love the idea of a free SSL Certificate. So I thought this would be great for my site. So I downloaded the LetsEncrypt package on to an Ubuntu 15.10 box. The server was running Apache2, and was pretty much stock. When I applied the cert to the site, it was super easy. I was very impressed with the ‘–apache’ option. I then updated my URLs in WordPress to HTTPS. That’s it I was up and running in a few min. I was pretty happy at this point.

Then, I realized it broke all of the other services I had on the machine that were public facing. I had several. Even ones with their own certs were breaking. So I decided to remove it…. After removing it from Apache completely I noticed an issue. All of my users that had been to the site; were getting redirected still. Somehow it is keeping the redirct with the cert/data that is installed when the cert is installed from visiting the site.

Long story short, I had many people that thought my site was down. I even moved servers; and it still happened. I tried clearing browser cache, DNS Cache on my MAC, from another IP. Finally after a reinstall (probably not needed, but quicker); I was able to actually load my site without the redirect. I am sure there is something here I am not seeing; but to be honest I didn’t feel like spending all my time dealing with browser settings.

If anyone would like to let me know how they get around this I would like to know.

I hope this helps those who are thinking of trying out LetsEncrypt. I am not saying its a bad product; or idea. I love the install and the idea of it. However, the practical implementation is not there yet. For those reading this keep in mind that it is still in Beta as of this article. So this might eventually go away.

P.S. – To those on the LetsEncrypt project, I appreciate all the work; and I hope you take this criticism positively. A good uninstall path is needed before I think this will go mainstream on monolithic boxes. Maybe its ok with a 12 factor applications.

Sincerely,

Matthew Curry

NAOMI Updated Pics

Here is the latest picture I have of the ‘Semi-Portable’ version of NAOMI.

This includes the following:

30AH Battery @ 2.2a (tested)
- 35AH LiON Cells “Quick Drain”
Touch Screen 7″
- Mounted Externally in own case
  - Not Permanent, built for bench
RPI2
1TB USB 3.0 Hard Drive
Bluetooth Dongle
- Not Shown
Powered USB Hub
- Replaced/Rebuilt for one with switched ports
Logitech C170 USB Camera/Mic

Time Machine Backup with Ubuntu 15.x and OSX 10.7+

In the Older versions of this how-to, you will see people use the method shown just below. Obviously that no longer works. I will walk you through setting up TimeMachine via AFP over your LAN. This is using an Ubuntu 15.04 machine; but since all the packages are common and in the base repos; I don’t see there being a problem getting it to work on any distro.
OLD METHOD:
defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1
NOTE: Any OSX after 10.6 Lion, will have to use the method demonstrated here.

Step 1: Install Netatalk

Install the following packages:
sudo apt-get install netatalk libc6-dev avahi-daemon libnss-mdns
Step 2: Configure /etc/nsswitch.conf

Once those packages are installed, we have to adjust 4 configuration files:
sudo nano /etc/nsswitch.conf
Locate the following:
hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
Add ‘mdns‘ as below:
hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns
Step 3: /etc/avahi/services/afpd.service
sudo nano /etc/avahi/services/afpd.service
Paste the following:
<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
    <name replace-wildcards="yes">%h</name>
    <service>
        <type>_afpovertcp._tcp</type>
        <port>548</port>
    </service>
    <service>
        <type>_device-info._tcp</type>
        <port>0</port>
        <txt-record>model=TimeCapsule</txt-record>
    </service>
</service-group>
Step 4: /etc/netatalk/AppleVolumes.default

Now we setup the share:
sudo nano /etc/netatalk/AppleVolumes.default
At the bottom the section that reads:
# The line below sets some DEFAULT, starting with Netatalk 2.1.
:DEFAULT: options:upriv,usedots

# By default all users have access to their home directories.
~/                      "Home Directory"

# End of File
Change the path “~/” to your share directory.

IMPORTANT: Don’t forget to add ‘tm’ to options:upriv,usedots
As seen below:
# The line below sets some DEFAULT, starting with Netatalk 2.1.
:DEFAULT: cnidscheme:dbd options:upriv,usedots,tm

# By default all users have access to their home directories.
/path/to/share                       "Time Capsule"

# End of File
Step 5: /etc/default/netatalk

Now, we need to adjust netatalk settings.

sudo nano /etc/default/netatalk

Locate the following section:

#### Set which legacy daemons to run.
#### If you need AppleTalk, run atalkd.
#### papd, timelord and a2boot are dependent upon atalkd.
ATALKD_RUN=no
PAPD_RUN=no
TIMELORD_RUN=no
A2BOOT_RUN=no

Update it to reflect the following:

#### Set which legacy daemons to run.
#### If you need AppleTalk, run atalkd.
#### papd, timelord and a2boot are dependent upon atalkd.
ATALKD_RUN=no
PAPD_RUN=no
CNID_METAD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
A2BOOT_RUN=no

Once all is completed, and all the services have been restarted on the Ubuntu server. The drive should show up under “Select Disk” under “Time Machine Preferences”. If you have an old one, you may have to remove it. Once selected you can use it as if it were physically plugged in.

*TIP – Use a wired connection only, and a gigE network will help immensely. I do not recommend WiFi .

Search entire server for Q4 2015 obfuscated PHP malware of unknown origin.

This is just a snippet I have used before to identify some malicious code on web servers. This will not work on everything; but it will give you a way to find suspect files. It is easy to cron in a script with others to make a nice daily report if you have those concerns.

#!/bin/bash
# Malware Search Script
# 11/1/15 – Matthew D. Curry
# Matt@MattCurry.com

echo “Search entire server for Q4 2015 obfuscated PHP malware of unknown origin.”

find / -name *.php -exec grep -Hn .1.=…….0.=…….3.=…….2.=…….5.= {} ;

Hope this helps, enjoy.

Remove Spaces (or any character) from File Names in Linux

This is actually a pretty common thing to run into in a Linux file system. It is especially prevalent in the files that are moved from another operating system (Usually Windows). So if you get files that need to have a space or a character removed, the below snipped is a very simple, and handy way to fix this issue.

└─(11:26:40)-(~/Example)->ls
file 1.txt
file – 2.txt

So, from here we want to rename the file “file 1.txt” to “file_1.txt”. This would be done as follows:

rename ‘s/ /_/g’ file 1.txt

This will remove any spaces in the file-name listed. If you want to do all the files in a directory:

rename ‘s/ /_/g’ *

Here is an example output if we run it on all the files in the directory (as seen above):

└─(11:33:59)-(~/Example)->ls
file_1.txt
file_-_2.txt

Note: If you are new to Linux; and you haven’t heard of the “sed” command, that is the syntax used in the command. If you get comfortable with this, then you can easily learn sed, which is a great tool to have on the command line.

If you use Microsoft, you get what you deserve…

…only if you read this and keep using it…

🙂

If you use Microsoft, it doesn’t make you dumb. We all know its the most popular, and shoved down your throat by the $2,000,000,000 they spend a year trying to sway your opinion. Not to mention the bullying tactics I have seen first hand in the B2B space.

Keep in mind I am not talking solely about privacy as seen in the picture below. However, that alone should be enough for any business to stop using them immediately. Most companies are afraid of change, because it usually costs money. Although, if you truly calculate the costs of running Microsoft as an OS you will see that it is much higher. Not only is it fiscally irresponsible (not to mention ethically/morally), but if you are a software company; or one that relies on it heavily. You will find that the completely horrid security of windows makes it a great target. Combine that with uneducated users and you get the hackers favorite playground.

You may have noticed that I haven’t mentioned performance comparisons. Thats because windows doesn’t even come close to the stability and speed of Linux/BSD. Here is an experiment for you Windows users. Try turning it on, and not doing anything and let it run for a month straight. Then make note of when it crashes (because it will). Then do the same with a vanilla Linux install. I turned my last laptop off after 376 days of uptime.

The Nightmare of Azkaban with Hive (Hadoop)

I have been working on a deployment of Azkaban for about a week now; and getting the server up and running was easy. However I have had many major issues with Azkaban since day one. I feel like sharing this could help someone else if they decide to use it.

Pros:

It has dependency flows that are easy to use.
ACLs
Pretty Graphs
Scheduling (Kinda its purpose)
Good API

Cons:

Hive/Pig and Possibly other Jobtypes simply do not work.
- After many hours of searching I found there is a bug in the jobtypes plugin, and it has not been fixed.
  - You must completely recompile with the newer version to have these job types work.
- The Newest version of Azkaban is no where close to the version they have on their site.
  - This also is not compiled, you will have to do it manually.
- The Documentation is full of errors, bad links, and omissions (at best).
  - Not to mention it is all for 2.5, when 3.x is out.
  - SSL Keystore Doc Links are all bad (major setup step).
- No Packages for YUM/APT/ZYPPER/etc
  - I would have thought someone would have done this by now
    - I created some using FPM
- No INIT script built. (Azkaban Init Script)
  - I created one for the web server and executor.
  - Azkaban Web Service Init Script.
  - Azkaban Executor Service Init Script.
  - It is not pretty but it is functional.

So, in closing as you can see the project has good intentions but that’s about it. Its not ready for prime time, and they really need to get their stuff together. If it were cleaned up and recompiled, and packaged. It would probably be an OK product. However, the lack of organization and communication will be what prevent me from recommending this for any of my personal customers going forward. I hope this helps anyone considering this product.

Sincerely,
Matthew Curry