Category Archives: Linux

The Linux Category actually encompasses *BSD, RH, Fedora, Ubuntu, and the like.

Linux

Apt-get Woes

1 Comment

I had just done apt-get update && apt-get dist-upgrade when I saw something that made me cringe:

No apport report written because MaxReports is reached already
Errors were encountered while processing:
initramfs-tools
plymouth
linux-image-3.2.0-38-generic-pae
ubuntu-minimal
plymouth-theme-ubuntu-text
linux-image-generic-pae
linux-generic-pae
mountall
upstart
E: Sub-process /usr/bin/dpkg returned an error code (1)

Well that’s not the exact error – I ended up seeing “disk out of space” among other issues. Basically the /root filled up and it broke my apt-get upgrade right in the middle of updates. No good.
So I go to /boot and clean up the older kernel files – just make sure you delete the “abi”, the “config”, the “initrd”, the “System.map”, the “vmcoreinfo”, the “vmlinuz” etc all with the same version number.

Then I went about reinstalling the packages. Unfortunately since some of the packages were already installed prior to running out of space, the dependencies were a little off.

apt-get install -f was no help:

You might want to run ‘apt-get -f install’ to correct these.
The following packages have unmet dependencies:
initramfs-tools : Depends: initramfs-tools-bin (< 0.99ubuntu13.1~) but 0.99ubuntu13.1 is installed E: Unmet dependencies. Try using -f.

And I didn’t want to have to restore this beast since the last full backup was over 2 months ago. So I had to carry on.

First I noticed that initramfs-tools needed the bin installed, but the bin was too new for initramfs-tools to utilize and therefore could not update even via –configure. Chicken and egg?

So then I looked up what versions were available so that I could downgrade:
apt-cache showpkg initramfs-tools-bin

Versions:
0.99ubuntu13.1 (/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_precise-updates_main_binary-i386_Packages) (/var/lib/dpkg/status)
Description Language:
File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_precise_main_binary-i386_Packages
MD5: 14e601bd8c0a0905d238d89be3036fa8
Description Language: en
File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_precise_main_i18n_Translation-en
MD5: 14e601bd8c0a0905d238d89be3036fa8

0.99ubuntu13 (/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_precise_main_binary-i386_Packages)
Description Language:
File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_precise_main_binary-i386_Packages
MD5: 14e601bd8c0a0905d238d89be3036fa8
Description Language: en
File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_precise_main_i18n_Translation-en
MD5: 14e601bd8c0a0905d238d89be3036fa8

Ok, so this was getting easier. All I have to do is install the older version. I had to look it up since it generally doesn’t happen too often:
apt-get install initramfs-tools-bin=0.99ubuntu13

The following packages will be DOWNGRADED:
initramfs-tools-bin
0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 1 not upgraded.

From there I run the following:
apt-get dist-upgrade
apt-get autoremove
apt-get autoclean
reboot

Profit.

Linux, Miscellaneous

Fog, Windows 7, Sysprep

Leave a comment

Back in the day (I’m starting to feel old now) I setup a Ghost server with PXE booting. It was a pretty nice setup; a Dell PE2550 with 4x144GB SCSI (~385GB usable), 24port gigabit switch, and enough desk space – and power – to handle 16 laptops or 22 desktops at a time. It took 2 of us about 3 weeks to get the workspace setup, and another 3 weeks to get the Ghost server and PXE working. And then there was always the issue of updating the drivers on the PXE image without breaking anything else. Basically crossing your fingers and hoping for the best.

That was five years ago.

Looking back on my previous experiences I can definitely say I’ve grown and become more knowledgeable. Back then, when I had researched a solution, I just googled for “imaging software server” or something similar. Working for a computer reseller meant that I had access to NFR copies of quite a bit of software, so management decided that we should go with Ghost. I hadn’t even begun to research into FOG yet.

Fast forward the five (almost 6 now) years, and I know to look into server software that supports all operating systems, supports multicast, and is fairly intuitive to setup. Enter FOG.

I like to install the latest and greatest, but in this case I had some issues that I didn’t feel like resolving when I tried to use FOG with 12.04LTS. Instead I opted to use 10.04LTS. It’s an internal server, so the patching levels are not generally as critical. I also installed this on a production network – there are 7 VLANS, active directory and windows DNS/DHCP, cisco switches. IP helper has already been set on the switches for DHCP. The active directory environment is 2008R2.

Install Ubuntu 10.04LTS x32 – I gave it a single 2.4GHz Xeon core, 512MB RAM, and 120GB partition. Installed with LAMP (no mysql password), SSH, and Mail.
Change the Root Password
sudo passwd root
Login As Root
su
Update the system
apt-get update && dist-upgrade
Reboot
reboot

Install FOG – version 0.32 at the time of this writing
mkdir -p /opt/fog-setup
cd /opt/fog-setup
wget http://sourceforge.net/projects/freeghost/files/FOG/fog_0.32/fog_0.32.tar.gz
tar -xvzf fog*
cd fog*
cd bin
./installfog.sh
The wizard now starts. http://www.fogproject.org/wiki/index.php/Integrating_FOG_into_an_Existing_Network
I chose the following:
“N” normal installation
10.10.10.10 IP Address of FOG
“Y” to setup a router/DHCP address
10.0.10.1 IP address of DHCP server
“Y” to DNS
10.0.10.1 IP address of DNS
“N” eth0 is fine by me
“N” I already have DHCP
“N” I’m not international
“Y” looks good; set it up
Make sure you read! If you have a password setup on mysql you must adjust the configuration files accordingly (opt/fog/service/etc/config.php)
I ended up rebooting the server just in case.

Edit the Windows DHCP Options
I have 7 different DHCP scopes (one for each of the VLANs I had), so your settings may be different. Instead of making the options change per scope, I performed the task in the Server Options area.
Right-click and select “Configure Options”
Select 066 and set the value to your FOG server IP address
Select 067 and set the value to pxelinux.0

At this point you should be able to connect to your PXE FOG server – set a test workstation/laptop to boot PXE (Dell’s have F12 for this), and connect via your network interface.

SYSPREP coming soon
CONFIGURATION OF FOG coming soon

Linux

Disable SSL for Webmin

Leave a comment

Generally when I give a debian/ubuntu server to developers or other end users, I install webmin and teach them how to use it. Webmin is a great tool for those who either don’t like command line or are just not up to speed with the latest commands to use. Unfortunately a developer installed jira confluence and it broke the SSL settings on apache. Instead of “fixing” the problem, I just went and did it the lazy and easy way: disable ssl for webmin.

SSH to the server as root (or use sudo in front)
nano /etc/webmin/miniserv.conf
Change ssl=1 to ssl=0, save and quit nano
/etc/init.d/webmin restart
Profit!

Linux

Dovecot 1.2.9 Ubuntu Autodetection Failed

Leave a comment

I had an ubuntu server with 8.04LTS upgraded to 10.04LTS (not quite making it to 12.04, but that’s in the works) with webmin, LAMP, postfix, etc. I used webmin to install dovecot after I already configured postfix to receive mail without requiring SSL with plaintext. It’s an internal only server used to testing purposes, so I don’t mind if someone is sniffing the test passwords that only apply to this box.

Anyway, I was receiving the following in my /var/log/mail.err

Oct 17 08:35:33 SERVERNAME dovecot: POP3(USERNAME): mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/USERNAME
Oct 17 08:35:33 SERVERNAME dovecot: POP3(USERNAME): Fatal: Namespace initialization failed

Great. Brief search tells me that dovecot’s automatic detection failed (duh) and the fix is to enable the mail location in the configuration file
nano /etc/dovecot/dovecot.conf
Find #mail_location
Assuming it’s commented out, I just added the following below the line:
mail_location = maildir:~/Maildir
Save and close
/etc/init.d/dovecot restart

Linux, Networking

Add Public IP To DD-WRT

1 Comment

Customer has a comcast line (50/10) with 5 static IP addresses (/29 or .248, 1 IP used for the gateway) that they wanted to assign to various internal devices. I attempted to talk them into an actual firewall solution (either an ASA5505 or an Untangle system for roughly $400 plus my “fees”), but they were looking more into the sub-$100 range. After a bunch of options and a little bit of back and forth, they settled on buying a pair of refurbished E2000 Linksys Routers; one for the primary, and the second for a backup. Total cost for hardware: $85.

Unfortunately I needed to learn how to make their router work with additional public IPs. I’ve disliked the default (stock) interface of any home/small business router since the beginning of time, so I ended up installing dd-wrt on both of the routers. http://www.dd-wrt.com/wiki/index.php/One-to-one_NAT

Just set the router up as you would if you only had a single IP address. In my case I’ll use 173.x.x.0 as my public network:
173.x.x.0 network
173.x.x.1 Public 1
173.x.x.2 Public 2
173.x.x.3 Public 3
173.x.x.4 Public 4
173.x.x.5 Public 5
173.x.x.6 gateway
173.x.x.7 broadcast
And I’ll also use 192.168.1.0 as my internal private NAT network. My default configuration for the router then was a static WAN 173.x.x.1, with an internal IP of 192.168.1.1 (DHCP from 192.168.1.100-254)

From here, click on Administration, and then on the Commands tab.
In the text box, type the following (obviously I’m adding ALL other public IPs to my configuration. Edit as appropriate):

WANIF=`/sbin/get_wanface`
/sbin/ifconfig $WANIF:1 173.x.x.2 netmask 255.255.255.248 broadcast 173.x.x.7
/sbin/ifconfig $WANIF:2 173.x.x.3 netmask 255.255.255.248 broadcast 173.x.x.7
/sbin/ifconfig $WANIF:3 173.x.x.4 netmask 255.255.255.248 broadcast 173.x.x.7
/sbin/ifconfig $WANIF:4 173.x.x.5 netmask 255.255.255.248 broadcast 173.x.x.7

Now click on the Save Startup button. You should then see it after a page refresh. Basically this will add the vlan2:1 through vlan2:4 to your configuration.

Now that the virtual interfaces are configured, we need firewall rules to enable access. IPTables will enable this access. In that same box, type:

/usr/sbin/iptables -t nat -I PREROUTING -d 173.x.x.2 -j DNAT –to 192.168.1.x
/usr/sbin/iptables -t nat -I POSTROUTING -s 192.168.1.x -j SNAT –to 173.x.x.2

This will create the in and outbound rule to translate from public to private addresses. You can add the other pubic IP address if applicable. Click on Save Firewall and you should then see the configuration after a page refresh.

If you want to add specific port forwards to these new IP addresses, you must utilize the following template:

/usr/sbin/iptables -t nat -I PREROUTING -d 173.x.x.2 -j DNAT –to 192.168.1.x
/usr/sbin/iptables -t nat -I POSTROUTING -s 192.168.1.x -j SNAT –to 173.x.x.2
/usr/sbin/iptables -I FORWARD -d 173.x.x.2 -p tcp –dport 80 -j ACCEPT
/usr/sbin/iptables -I FORWARD -d 173.x.x.2 -p tcp –dport 22 -j ACCEPT

Then reboot your router.

After a reboot, you can telnet to your router and verify that you can see the iptables:

telnet 192.168.1.1 root/admin
iptables -t nat -L

Linux

Nagios Monitor Confluence Jira

1 Comment

Recently had to start monitoring a confluence installation on a virtual server using Nagios. Nagios’s built-in check_http looked like it could solve my woes. Unfortunately this was a slight pain due to the fact that confluence uses a non-standard port. So I had to relearn the commands.

I edited the service check first
nano /usr/local/nagios/etc/objects/commands.cfg
I copied the check_http command into a new one:

define command {
command_name check_http_port
command_line $USER1$/check_http -I $ARG1$ -u $ARG2$ -p $ARG3$ -s $ARG4$
}

So the command would be ./check_http -I (IP/Hostname) -u (URL Full Address) -p (Port) -s (String to look for). Technically this will already warn if there is a 400 or 500 error, but I also wanted to verify that the string could be found.

Now we edit the configuration of the system itself
nano /usr/local/nagios/etc/objects/confluence.cfg

define host{
use linux-server
host_name confluence
alias confluence
address 10.555.555.555
parents parent1, switch1, mfer1
hostgroups linux-production-servers, datacenter2
}

define service{
use generic-service
host_name confluence
service_description HTTP
check_command check_http_port!confluence!http://confluence:8090/login.action?os_destination=%2Fhomepage.action!8090!”Remember me”
}

Using the above check_command, you’re able to connect to the server and port listed above and check for the familiar login “remember me” string.

Linux

SFTP Email When New File Uploaded

1 Comment

I had setup vsftp for SSL (FTPES), but needed a way to send an alert to customer support whenever a file had been uploaded. Otherwise the support staff would need to manually check each customer’s folders to see if anything new had arrived.

Install Dnotify
apt-get install dnotify

Create your startup script
nano /dnotify.sh

dnotify -b -p 1 -r -C /home/ -e /email.sh {}

This will run dnotify in the -b background, no more than one -p process, -r recursive folder (subfolders), -C for file creations only, -e execute the following script.

Create your email script
nano /email.sh

#!/bin/bash
DIR=”$1″
rm /upload.txt
echo “Dear User,”>>/upload.txt
echo “A new file has been uploaded to the $DIR directory”>>/upload.txt
cat /upload.txt | mailx -s “New FTP File Upload” customersupport@domain.tld

Make both scripts run-able
chmod +x email.sh
chmod +x dnotify.sh

Run the script and test
./dnotify.sh
Upload a file using FTP/WinSCP/WGET or another method to any of the folders you’re searching (my script searches all of /home and subfolders).

I added this as a startup script.

I got most of my help from nixcraft