rubysecurity.org

Cloud Architect / DevOps Engineer / SRE / Developer | /root

Home About Books Blog Portfolio Archive

Tag Cloud


Currently Reading

Certified Kubernetes Administrator (CKA) Study Guide
Certified Kubernetes Administrator (CKA) Study Guide
38 / 155 Pages


Latest Book Reviews

Latest Posts


January 7, 2012

Configuring Ubuntu server to automatically email package update notices

by Alpha01

Apticron will give you the ability to automatically email information about any packages on a Ubuntu system that needs to be updated.

Installing it and configuring it, is dead simply that even my six year old nephew can do it.

sudo apt-get install apticron

Now simply update the /etc/apticron/apticron.conf config with your email address. By default the cron entry gets added to run every day, /etc/cron.daily/apticron.

Unlike Red Hat’s yum-updatesd utility, the apticron also includes a summary information about the package’s update changes.

Tags: [ ubuntu ]
January 7, 2012

Compiling the Linux Kernel

by Alpha01

A snob Linux elitist would say, “You can’t call yourself a serious GNU/Linux user if you have never successfully compiled the Linux kernel at least once in your life.”

The following were the steps I made to compile the Linux kernel over 4 years ago (I just happened to find my reference text file that I saved, buried within my home directory).

1). Download kernel source code from https://www.kernel.org.

2). Extract kernel source.

3). Update EXTRAVERSION variable on Makefile.

4). (Only do steps 4 if a previous kernel compilation was made within this source tree) make mrproper (goes through the source tree and cleans out temp files)

make mrproper
make clean

5). make menuconfig (actual configuration of the kernel compilation. Creates .config file)

make menuconfig

6). make (performs the actual compilation. creates bzimage file. makes the modules)

make

7). make modules_install (install modules into /lib/modules)

make modules_install

8). make install (will automatically copy the kernel and initrd file to /boot and modify the boot loader config file)

make install

Reference one liner

make clean dep bzImage modules install modules_install
Tags: [ kernel ]
January 2, 2012

BIND 9.7.3 Gotchas

by Alpha01

On my new CentOS 6 powered BIND DNS server, it took a while to figure out why my custom jailed BIND configuration was not able to load any zone data files, even though the zone data files did not had any sort of syntax errors. Of which I verified using the named-checkzone utility.

Errors

Dec 29 21:29:04 centos6 named[17311]: etc/db.rubysecurity.org:2: ignoring out-of-zone data (rubysecurity.org)
Dec 29 21:29:04 centos6 named[17311]: etc/db.rubysecurity.org:9: ignoring out-of-zone data (rubysecurity.org)
Dec 29 21:29:04 centos6 named[17311]: etc/db.rubysecurity.org:10: ignoring out-of-zone data (rubysecurity.org)
Dec 29 21:29:04 centos6 named[17311]: etc/db.rubysecurity.org:11: ignoring out-of-zone data (rubysecurity.org)
Dec 29 21:29:04 centos6 named[17311]: etc/db.rubysecurity.org:12: ignoring out-of-zone data (www.rubysecurity.org)
Dec 29 21:29:04 centos6 named[17311]: zone db.rubysecurity.org/IN: has 0 SOA records
Dec 29 21:29:04 centos6 named[17311]: zone db.rubysecurity.org/IN: has no NS records
Dec 29 21:29:04 centos6 named[17311]: zone db.rubysecurity.org/IN: not loaded due to errors.
Dec 29 21:29:04 centos6 named[17311]: etc/db.ubuntu:2: ignoring out-of-zone data (ubuntu)
Dec 29 21:29:04 centos6 named[17311]: zone db.ubuntu/IN: has 0 SOA records
Dec 29 21:29:04 centos6 named[17311]: zone db.ubuntu/IN: not loaded due to errors.

I came to realize the issue was within my named.conf master config file. Since I’m using BIND 9.7.3 (and newer versions), it turns out that the zone name needs to have a dot (.) at the end of the domain name. This was really annoying since it appears that earlier versions didn’t tagged this an error and were able to load up zone files perfectly fine without the addition of the dot character at the end of the zone file name. Luckily, I was able to fix the issue, which by the way, the named-checkconf utility was not able to detect this problem.

Broken:

zone "rubysecurity.org" IN {
        type master;
        file "etc/db.rubysecurity.org";
        allow-update { key rndc-key; };
        allow-query { any; };

};

Fix

zone "rubysecurity.org." IN {
        type master;
        file "etc/db.rubysecurity.org";
        allow-update { key rndc-key; };
        allow-query { any; };

};
Tags: [ bind ]
December 22, 2011

Logging mod_rewrite redirects

by Alpha01

Extremely useful for debugging mod_rewrite rules.

# Trace:
# (!) file gets big quickly, remove in prod environments:
RewriteLog "/web/logs/mywebsite.rewrite.log"
RewriteLogLevel 9
RewriteEngine On
Tags: [ apache ]
December 19, 2011

Resetting MySQL root password

by Alpha01

1). End current mysql process

2). Run MySQL safe daemon with skipping grant tables

mysqld_safe --skip-grant-tables &

3). Login to MySQL as root with no password:

mysql -u root mysql

4). Run UPDATE query to reset the root password. In MySQL command line prompt issue the following two commands:

UPDATE user SET password=PASSWORD("NEWPASSWD") WHERE user="root";
FLUSH PRIVILEGES;
Tags: [ mysql ]