Tonejito

Thursday, May 12, 2016

Linux mirrors for ttylinux and RIPLinux

Hello

Without any doubt I'm a Debian user, I really like its stability for server and desktop machines. However, I found myself amused back in 2010 when I found out about ttylinux, a small ISO of about 100MB with ssh, http and firewall support.

ttylinux boot screen

With an small footprint, compatibility with older CPU and low memory support I became a occasional user of ttylinux to quickly boot it on bare metal from a CD-RW and say "Hey, this machine can run Linux". With the advent of virtualization I choose to boot ttylinux before anything else in order to check that my virtualization environment (VirtualBox, Xen, VMware or whatever else) was fully working or at least functional.

ttylinux login screen

In the same year 2010 @RoadMr talked about RIPLinux and I quickly downloaded the ISO image, it was bigger, around 150 MB but it had many utilities and both a 32 and 64 bit kernels. The main purpose of the distribution was to rescue data, hence its name "(R)ecovery (I)s (P)ossible Linux"

RIPLinux boot screen

I didn't used the X utilities much but I like the fact that you could perform rsync, sftp and even reset Windows passwords from the SAM hive, it even included the ntfs-3g which enables read-write support on NTFS filesystems. I found myself amused again and I added another CD-RW to my toolset.

RIPLinux login screen

It was terrible for me when I found out the last month that the ttylinux site was unreachable, I was trying to check two implementations I made, one with VirtualBox and another one with VMware. I quickly searched through the net and found various ISO images from current and past releases, the I found the ttylinux-mirror project on SourceForge and commited to download the 2.2 GB 7z archive.

Soon after I also realized about the RIPLinux website being unreachable too, this time I had no luck on finding a mirror archive until I found an exact copy on some Linux user group sites (thank you for mirroring :P). I downloaded the several copies and unified them on a single directory.

This exercise lead me to the idea of making my own mirror for both distros and perhaps working on them on my little free time, I set up the web server, bought the domains and later on pointed them to the web server where the content was.

I even set up two repositories on github to preserve the web sites because the djerome ttylinux github repositories simply vanished as well as the google group. If anyone has a copy of the archives, post a comment and I will make the archive available on the web.

Chop wood, carry water.

--
  = ^ . ^ =

Tuesday, April 26, 2016

Logwatch weekly reports

I realy like Logwatch [1] for analyzing server log entries, however having an email from each host every morning could be an issue when hosts > 10. So I found a way to tell logwatch "analyze the logs for the past week" thanks to the Perl module for date manipulation [2][3].

I posted the logwatch.conf on Github [4] and I have tested it on the following distros:

Debian 6 squeeze, 7 wheezy and 8 jessie
Ubuntu 12.04 LTS precise and 14.04 LTS trusty
CentOS 6 and 7

References:

Cheers!

--
 = ^ . ^ =

Thursday, October 15, 2015

Logwatch + MailGun

I really like the way Logwatch works but I hate when I can't properly send mail due to reverse DNS restrictions, based on this post [1] I came with the idea of leveraging the power of MailGun in order to send Logwatch email notifications and it went successfuly.

In the logwatch main configuration file (/etc/logwatch/conf/logwatch.conf) on Debian, change the following:

comment out the sendmail line

# mailer = "/usr/sbin/sendmail -t"

add a line to use our custom mailgun mailer script

mailer = "/usr/local/sbin/mailgun"

After changing the values, you can run a test with the following command line

/etc/cron.daily/00logwatch

The mailgun shell script can be (literally) checked out here [2].

--
    = ^ . ^ =

Tuesday, July 21, 2015

XenServer and NTP

After spending hours and hours trying to set up the timezone and hwclock via ntp on a Debian 7.8 Wheezy VM on XenServer 6.5 I gave up and ended up setting the timezone to UTC because the clock was only displayed correctly if the tz was UTC (damn bad).

I came up this morning with the idea of checking the time of the XenServer dom0 to see if at least the physical box had its time ok. Big was my surprise when I realized the dom0's time was also skewed just like in the VMs as stated on [1]

I restarted the NTP daemon because I configured it to point to the ntp pool when setting up the box. Big was my surprise when I realized the NTP daemon was starting, but the synchronization was failed:

[root@xenserver ~]# service ntpd restart
Shutting down ntpd:                   [ OK ]
ntpd: Synchronizing with time server: [FAILED]
Starting ntpd:                        [ OK ]

I restarted the NTP daemon on the old fashioned way, since the XenServer 6.5 is based on CentOS, that shouldn't be an issue.

[root@xenserver ~]# /bin/bash -vx /etc/init.d/ntpd restart

After some output, I realized the script runs ntpdate to get the synchronization done like this:

ntpd: Synchronizing with time server: + /sbin/ntpdate -U ntp -s -b 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org

After running the command with debug and verbose flags I realized that there was something wrong with using an privileged port and dropping privileges to the ntp user, so turning on the -u flag on /etc/sysconfig/ntpd was the right way to do it. [2] [3]

[root@xenserver ~]# cat /etc/sysconfig/ntpd
# Drop root to id 'ntp:ntp' by default.
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -x"

# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=no

# Additional options for ntpdate
NTPDATE_OPTIONS="-u"

After the change everything went smoothly:

[root@xenserver ~]# service ntpd restart
Shutting down ntpd:                   [ OK ]
ntpd: Synchronizing with time server: [ OK ]
Starting ntpd:                        [ OK ]

--
= ^ . ^ =

[1] http://docs.vmd.citrix.com/XenServer/6.0.0/1.0/en_gb/guest.html#time_linux
[2] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sect-Date_and_Time_Configuration-Command_Line_Configuration-Network_Time_Protocol.html
[3] http://linux.die.net/man/8/ntpdate

Thursday, July 2, 2015

Bulk enable servers in phpMyAdmin

Put this in config.inc.php in phpMyAdmin if you are connecting to a bunch of servers (like I do xD).


--

= ^ . ^ =

Wednesday, June 4, 2014

VMware Player certificate error in Linux

When installing a virtual machine and attempting to install VMware Tools on it it will fail complaining about being unable to check a certificate and display an error message.

A certificate error occurred for the update server. Check your Internet settings or contact your system administrator

I searched on the internet and foud this page [1] and I modified the instructions as shown below.

This is the VMware version I'm using:

This is the error message

This is the normal application dialog appearing after the issue has been fixed:

The dialog when downloading the VMware Tools ISO image:

After the ISO has been downloaded it shows the instructions for installing.

As always the patch on github

Related resources

http://www.fedoraforum.org/forum/showthread.php?t=240980


--

= ^ . ^ =

Wednesday, May 28, 2014

./hibernate.sh

My Debian Jessie hibernation option is somehow broken and I needed a quick way to set the laptop to hibernate when I'm on the road. As always, the github gist is below for both the script and the sudo config:


--

= ^ . ^ =

Monday, May 26, 2014

Drupal 2 Pgpass - Convert Drupal 6 pgsql db_url to .pgpass format and set permissions

I needed to automagically connect to the database of some drupal 6 instances, so I wrote this script to convert the settings.php [1] $db_url [2] into the ~/.pgpass [3] file, remember to also set the apropriate permissions (0600) and also be sure to own the file, otherwise it won't work.

Related resources


--

= ^ . ^ =

Monday, March 10, 2014

Automatically download and gpg-verify running Linux kernel source

Automates the download kernel source and verify proccees stated on the official kernel.org page [1]
gist @Github.

Related resources

https://www.kernel.org/signature.html


--

= ^ . ^ =

Wednesday, March 5, 2014

Apache httpd configuration sections

To understand how Apache httpd apply configuration blocks. gist @Github.

Related resources

http://httpd.apache.org/docs/2.2/sections.html


--

= ^ . ^ =

Apache httpd configuration file and directory structure

Might be handy when working with different Linux distributions.
I also created a gist @Github.


--

= ^ . ^ =

Apache Security Settings - /etc/apache2/conf.d/security

Common Apache httpd security settings to prevent information disclosure. This file must be placed under:
/etc/apache2/conf.d/security
I also created a gist @Github.
Related resources

http://httpd.apache.org/docs/2.2/


--

= ^ . ^ =

Apache httpd debug mode on Debian GNU/Linux

I use this script most of the times I'm debugging Apache-specific issues on Debian GNU/Linux. I also created a gist @Github.

Related resources

http://httpd.apache.org/docs/2.2/


--

= ^ . ^ =

Monday, February 17, 2014

Download and display SSL certificate validity dates issuer and subject

Pretty handy to check certificate validity dates.
I also created a gist @Github.


--

= ^ . ^ =

Wednesday, September 25, 2013

Launch VirtualBox VM and attach to serial console

(like xm create -c) I ported an older Mac OS X specific shell magic to GNU/Linux, see the old post for details. I also created a @Github gist.
Related resources

http://www.telecom.otago.ac.nz/tele301/student_html/subnetfw-serial-terminal.html
http://howtoware.blogspot.mx/2012/01/oracle-vm-virtualbox-how-to-use-serial.html


--

= ^ . ^ =

Sunday, September 22, 2013

Optical media size

I needed this, so I'm posting it here and also as a github gist

Optical Media

Write Once - Read Many (a.k.a. Read-Only)

The optical media industrial production systems work with a master media which is printed into the plastic discs using a thermal techinque transfering the zeroes (pits) and ones (lands) from the "negative" master to the final media, the types of media produced by this method are the following:

CD-ROM
DVD-ROM
DVD-ROM Dual Layer
HD DVD-ROM
BD-ROM

One time write media

This kind of media may be recorded only once by using a laser which marks the pits and lands in the spiral groove of the disc on the polycarbonate layer, the data is formatted most of the times according to the ISO9660 standard described on [1], this kind of discs are refered with the following names:

CD-R
DVD+R
DVD-R
DVD+R Dual Layer
DVD-R Dual Layer
BD-R

ReWritable Media

The rewritable media, as its name implies, may be writed and erased many times, thanks to this feature a failed or incomplete burned disc may be erased and then reused rather than be disposed, the polycarbonate used can return to its normal state with the aid of a special laser beam. The designations for this media are as follows:

CD-RW
DVD+RW
DVD-RW
BD-RE

Credits

http://en.wikipedia.org/wiki/DVD
http://jesusnjim.com/using-computers/optical-drives/media-capacities.html


--

= ^ . ^ =

Wednesday, March 20, 2013

Get installed packages in Debian 64-bit


--

= ^ . ^ =

Thursday, March 7, 2013

Skype on Debian 7 "Wheezy" amd64

Please comment if it worked for you

Regards


--

= ^ . ^ =

Monday, January 28, 2013

Find all users in group

I needed this, so I'm posting it

Regards


--

= ^ . ^ =

Monday, November 5, 2012

Apache httpd deflector shields

Today I deceided to research which HTTP status codes are supported by the Apache httpd server, browsing around the source code repository [1] I found the http_protocol.c file which describes the implemented http status codes in the daemon.

As part of my good practices I have developed an ErrorDocument template that I call "Deflector Shield" which returns a 302 status instead of 404, 403 or the awful 500. According to the official documentation [2], the directive goes as follows:

ErrorDocument <StatusCode> <Document>
Where
<StatusCode> is one of the implemented in the source code [1]
<Document> is an error message or the path to a resource (either local or remote)

All this works for status codes other than 401 (Authorization Required) which require the message to be either the hardcoded or a custom string.

The custom error document directives are here [3]
[1] http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/http/http_protocol.c
[2] http://httpd.apache.org/docs/2.2/mod/core.html#errordocument
[3] https://gist.github.com/4015668/

--
= ^ . ^ =