Category Archives: Linux Stuff

Linux Stuff

Raspberry Strudel: My Raspberry Pi in Austria

I remember my first colocated server rather fondly. It was a 1U Supermicro that had
been decommissioned from my employer after a few years’ service. Although it was too
old and slow for my company, the 800MHz CPU, 1GB RAM and 36GB SCSI storage was
perfect for my needs back in 2005. A friend was kind enough to allow me to colocate
the server at his facility for free. more>>

    

Slackware Linux 1337 installed and the Network card does not work!

I just installed Slackware Linux 1337 and the network card does not show up even though it was configured on setup. I looked around restarted the network and nothing worked. After trying to figure it out I googled around for slackware 8139too wont start and some other phrases. I found someone saying it was the blacklist file.

Sure enough I look in /etc/modprobe.d/blacklist.conf and there is
blacklist 8139cp

I comment it out
#blacklist 8139cp

Then I reboot and it works.

Linux admins!

Ubuntu Turns 7 Years Old

I remember when I first used Ubuntu. One of the guys I worked with at a local data center threw a cd in a nice cover at me. It said Linux for Human Beings. I did not think much of it but once I installed it I was like wow. Not bad. I did not like Debian much at the time I liked Redhat better but even then Ubuntu was cool!

Ubuntu, the worlds most popular GNU/Linux based operating system is celebrating its 7th year today. Ubuntu was first released on 20 October 2004. In these 7 years Ubuntu has changed the GNU/Linux desktop segment by making it more useful for ordinary user.Ubuntu has made some major wins this year as Indian Judiciary system switches to Ubuntu from RHEL. One of the reasons could be Ubuntus ease of use and focus on desktop users as compared to RHEL. Ubuntu also made a major win by being selected by Amazon and HP for their servers. 2011 may bring the much needed profitability to Canonical, the company which has been funding Ubuntu for all these years.

via Ubuntu Turns 7 Years Old, First Ubuntu Was Released Today | Muktware.

IRC caused me to use Linux! Quick how to setup a shell server.

Years ago back in the day as they say I was constantly on IRC! I was told try Linux to run several services! That is what got me into to linux. I want to say around 1998! I am sure it was 98! Anyways I started off with Slackware. It might have been Slackware 6! That is what sticks out in the the mind… I setup a shell server today for a customer on CentOS5 64 bit. It is really simple. You just install gcc, screen, glibc, automake, autoconf, oidentd, BitchX and some other packages if needed. Then lock the server down so that shell users can only use what you want them to. Remove unneeded packages. Install a firewall and brute force detection. You might also install malware detection and rootkit detection. Here is a quick and easy setup for a centos5 shell box.

Install CentOS make sure to unselect everything but the base install make sure to customize packages and select nothing but the BASE INSTALL. I cannot count how many times people have told me it needs the SECOND CD! NO it does not if you unselect everything but the base install. You have to choose customize when selecting packages….

After you have CentOS installed update the system with yum.
yum -y update

download the DAG Repository Installer! Super simple! I n my case I used CentOS 5 64bit
rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Next yum install the packages you require. Here is what i installed.
yum install gcc glibc automake autoconf oidentd BitchX znc gcc-c++ ncurses ncurses-devel glibc-common glibc-devel glibc-headers glibc-utils compat-glibc linx links curl

I also install ncftp as it is an easy to use command line ftp client.
wget ftp://ftp.pbone.net/mirror/centos.karan.org/el5/extras/testing/x86_64/RPMS/ncftp-3.2.0-3.el5.kb.x86_64.rpm
rpm -Uvh ncftp-3.2.0-3.el5.kb.x86_64.rpm

Next lock down the server a bit you can always do more than I did this time…
userdel adm
userdel lp
userdel shutdown
userdel halt
userdel news
userdel uucp
userdel operator
userdel games
userdel gopher
groupdel adm
groupdel lp
groupdel news
groupdel uucp
groupdel games
groupdel dip
chmod 700 /bin/linuxconf
chmod 750 /bin/mt
chmod 750 /bin/setserial
chmod 750 /sbin/badblocks
chmod 750 /sbin/ctrlaltdel
chmod 750 /sbin/chkconfig
chmod 750 /sbin/debugfs
chmod 750 /sbin/depmod
chmod 6750 /sbin/dump
chmod 750 /sbin/dumpe2fs
chmod 750 /sbin/fdisk
chmod 750 /sbin/fsck
chmod 750 /sbin/fsck.ext2
chmod 750 /sbin/fsck.minix
chmod 750 /sbin/ftl_check
chmod 750 /sbin/ftl_format
chmod 750 /sbin/halt
chmod 750 /sbin/hdparm
chmod 750 /sbin/hwclock
chmod 750 /sbin/ifconfig
chmod 750 /sbin/ifdown
chmod 750 /sbin/ifport
chmod 750 /sbin/ifup
chmod 750 /sbin/ifuser
chmod 750 /sbin/init
chmod 750 /sbin/insmod
chmod 750 /sbin/killall5
chmod 750 /sbin/lilo
chmod 750 /sbin/mingetty
chmod 750 /sbin/mkbootdisk
chmod 750 /sbin/mke2fs
chmod 750 /sbin/mkfs
chmod 750 /sbin/mkfs.ext2
chmod 750 /sbin/mkfs.minix
chmod 750 /sbin/mkfs.msdos
chmod 750 /sbin/mkinitrd
chmod 750 /sbin/mkraid
chmod 750 /sbin/mkswap
chmod 750 /sbin/modinfo
chmod 750 /sbin/modprobe
chmod 2750 /sbin/netreport
chmod 750 /sbin/portmap
chmod 750 /sbin/quotaon
chmod 6750 /sbin/restore
chmod 750 /sbin/runlevel
chmod 750 /sbin/stinit
chmod 750 /sbin/swapon
chmod 750 /sbin/tune2fs
chmod 750 /usr/bin/eject
chmod 4750 /usr/bin/gpasswd
chmod 4755 /usr/bin/lpr
chmod 750 /usr/sbin/atd
chmod 750 /usr/sbin/atrun
chmod 750 /usr/sbin/crond
chmod 750 /usr/sbin/edquota
chmod 750 /usr/sbin/exportfs
chmod 750 /usr/sbin/groupadd
chmod 750 /usr/sbin/groupdel
chmod 750 /usr/sbin/groupmod
chmod 750 /usr/sbin/grpck
chmod 750 /usr/sbin/grpconv
chmod 750 /usr/sbin/grpunconv
chmod 750 /usr/sbin/in.identd
chmod 750 /sbin/klogd
chmod 750 /usr/sbin/logrotate
chmod 2750 /usr/sbin/lpc
chmod 740 /usr/sbin/lpd
chmod 755 /usr/sbin/lsof
chmod 550 /usr/sbin/makemap
chmod 750 /usr/sbin/mouseconfig
chmod 750 /usr/sbin/newusers
chmod 750 /usr/sbin/ntpdate
chmod 750 /usr/sbin/ntpq
chmod 750 /usr/sbin/ntptime
chmod 750 /usr/sbin/ntptrace
chmod 750 /usr/sbin/ntsysv
chmod 750 /usr/sbin/pwck
chmod 750 /usr/sbin/pwconv
chmod 750 /usr/sbin/pwunconv
chmod 550 /usr/sbin/quotastats
chmod 750 /usr/sbin/rdev
chmod 550 /usr/sbin/repquota
chmod 750 /usr/sbin/rpc.mountd
chmod 750 /usr/sbin/rpc.nfsd
chmod 750 /usr/sbin/rpc.rquotad
chmod 750 /sbin/rpc.statd
chmod 750 /usr/sbin/rpcinfo
chmod 750 /usr/sbin/setup
chmod 750 /usr/sbin/showmount
chmod 750 /sbin/syslogd
chmod 750 /usr/sbin/tcpd
chmod 750 /usr/sbin/timeconfig
chmod 750 /usr/sbin/tmpwatch
chmod 750 /usr/sbin/tunelp
chmod 750 /usr/sbin/useradd
chmod 750 /usr/sbin/userdel
chmod 4750 /usr/sbin/userhelper
chmod 750 /usr/sbin/usermod
chmod 4750 /usr/sbin/usernetctl
chmod 750 /usr/sbin/vipw
chmod 755 /bin/mount
chmod 755 /bin/umount
chmod 755 /bin/ping
chmod 755 /usr/bin/at
chmod 0 /usr/bin/rcp
chmod 0 /usr/bin/rlogin
chmod 0 /usr/bin/rsh
chmod 750 /usr/sbin/usernetctl
chmod 755 /usr/sbin/traceroute
chmod 500 /usr/bin/lpr
chmod 500 /usr/bin/lprm
chmod 500 /usr/bin/lpq

Remove unneeded packages
Remove what ever is not used these are just some that do not need to be on a shell server.
rpm -ev –nodeps apmd
rpm -ev –nodeps sndconfig
rpm -ev –nodeps aumix
rpm -ev –nodeps cups-devel
rpm -ev –nodeps cups-drivers
rpm -ev –nodeps cups-libs
rpm -ev –nodeps cups
rpm -ev –nodeps kernel-pcmcia-cs
rpm -ev –nodeps LPRng printconf
rpm -ev –nodeps pnm2ppa
rpm -ev –nodeps mpage
rpm -ev –nodeps Omni Omni-foomatic
rpm -ev –nodeps foomatic
rpm -ev –nodeps cdlabelgen
rpm -ev –nodeps cdparanoia-devel
rpm -ev –nodeps cdparanoia
rpm -ev –nodeps cdparanoia-alpha9
rpm -ev –nodeps cpd
rpm -ev –nodeps playmidi
rpm -ev –nodeps talk
rpm -ev –nodeps talk-server
rpm -ev –nodeps inews
rpm -ev –nodeps inn
rpm -ev –nodeps a2ps
rpm -ev –nodeps docbook-utils docbook-utils-pdf
rpm -ev –nodeps docbook-style-dsssl
rpm -ev –nodeps docbook-dtd30-sgml docbook-dtd31-sgml
rpm -ev –nodeps docbook-dtd40-sgml docbook-dtd41-sgml
rpm -ev –nodeps psgml
rpm -ev –nodeps sgml-tools
rpm -ev –nodeps bcm5820
rpm -ev –nodeps efax
rpm -ev –nodeps eject

Turn off service you do not use an easy way to do this is to type ntsysv and hit space bar on services you do not want to run on start up. If there is an X the run on started..

Install a firewall and brute force detection I used APF and BFD
Find ports you need to open. 22 for SSH is open by default and the firewall is in development mode be default as well.

Download APF and BFD (Advanced Policy Firewall and Brute Force Detection)
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

Install APF
Extract it
tar xvzf apf-current.tar.gz
Go into the extracted directory
cd apf-0.9.7-1
Install APF
sh install.sh
Edit the conf.apf
vi /etc/apf/conf.apf

For inbound ports edit these lines.
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=22
and
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=

also turn OFF devmode when you are done opening ports
# Set firewall dev cronjob
# 1 = enabled / 0 = disabled
DEVM=

Save the file
In vi hit esc then :wq to save the file
service apf restart to restart the firewall
or /etc/init.d/apf restart

Install BFD
Extract it
tar xvzf bfd-current.tar.gz
Go into the extracted directory
cd bfd-1.4
Install BFD
sh install.sh
You can edit the conf file but it is ready to go out of the box you dont have to edit it.
vi /usr/local/bfd/conf.bfd
You might want to set it up to email the root user when the server is brute force attacked.

After that install some kind of malware and rootkit detection the two I used today are Linux Malware Detect and chkrootkit.

Download Linux Malware Detect and install it.
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar xvzf maldetect-current.tar.gz
cd maldetect-1.4.0/
sh install.sh

Edit the conf for your needs.
vi  /usr/local/maldetect/conf.maldet

Next download and install chkrootkit.

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
mv chkrootkit-0.49 chkrootkit
mv chkrootkit /usr/local
cd chkrootkit
make sense
Create chkrootkit.sh with the following settings
nano chkrootkit.sh

#!/bin/sh
(
/usr/local/chkrootkit/chkrootkit
) | /bin/mail -s ‘CHROOTKIT Daily Run (servername)’ emailaddress

Now setup a cronjon to run chkrootkit nightly
crontab -e
0 15 * * 0 /usr/local/chkrootkit.sh

There is a whole lot more you can do but this is a quick and easy how to on how to setup a shell server quickly. I hope you learned something or found it useful!

Virtualization using Proxmox VE

If you are an IT guy I am sure you have used some kind of Virtualization or at least heard about it. I personally have used just about everything out there. I am sure I have missed some but here is the list I have used. Vmware, Xen, OpenVZ, Virtual Box, KVM, Virtual PC, HyperV, and Parallels. I am sure I missing some that I cannot think of right now. I have also tried and used many control panels for Virtualization Management. To list some HyperVM, SolusVM, Proxmox VE, and OnAPP. I am sure I am missing some again as I used several of Vmware’s and others… Back to the topic. I started using Proxmox a few years ago. I put a couple in the data center I worked at as they were way to cheap to buy anything. One thing I like about it is that any Virtual Host has its own cp or it can be cluster and have one cp for several servers. The next thing I like about is is it can do Online Migrations if you have a SAN. There is more I like as well. You can setup backups on a schedule. It allows you to use KVM or OpenVZ. Proxmox VE has a bunch of OpenVZ templates built it. It is easy to install you just put the cd in and go! Most of all its FREE! Being in Data Centers all the time I see it used quite often. If you want a great piece of Virtualization Technology try Proxmox VE They just released the Beta and will be releasing version 2 very soon!

CentOS5 couldn’t load file “/usr/lib/tls/libtls1.6.so”: /usr/lib/tls/libtls1.6.so: cannot open shared object file: No such file or directory

I ran into this issue in the last week. I tried installing the rpms I could find with out any resolution. I could not find any help online about it. Then I finally downloaded the source and installed it. Which I try not to do with Redhat based OSes like CentOS unless I have to.

Basically it was simple to fix. Go to sourceforge download the source compile it and bam! Th error went away and the customer was happy once again.

couldn’t load file “/usr/lib/tls/libtls1.6.so”: /usr/lib/tls/libtls1.6.so: cannot open shared object file: No such file or directory

You have to have gcc, glibc, make, automake and a bunch of other libraries before you can compile it.

Download it

wget http://downloads.sourceforge.net/project/tls/tls/1.6/tls1.6-src.tar.gz

tar xvzf tls1.6-src.tar.gz

cd tls1.6

./configure

make

make install

That is all it took for me to get it working. Of course the libraries needed to compile it were already on the server!