Linux Archives

Linux is my primary operating system. I used it on the servers, desktops, laptops, netbooks, and even mobile phones since approximately 1997. I’ve tried a number of distributions over the years, and even created a couple myself. I still look around sometimes to see what others are up to. But most of my machines are running some sort of Red Hat – either a quick and easy Fedora Linux, or a stable and secure Red Hat Enterprise Server, or a cheaper CentOS alternative.

And while by now I am very comfortable in the Linux environment (both graphical and command line), I still discover a lot of new and interesting things about it. When I come across something worthy, I usually share it with the rest of the Open Software world, using this category.

  3. Fedora 19 alpha is a Go

    By Leonid Mamchenkov

    Fedora 19 alpha version will be released next Tuesday.  I’ve been busy with other things recently, so that was a surprising announcement for me. Is it that time of the year again?  Apparently.  We are still a good three month away from the final release, but it’s still good to hear that there is progress.  Looking over the features for this release, I find these interesting:

    • Bind 10 – completely rewritten from scratch, and bringing both DNS and DHCP in one handy package.
    • Developers Assistant – the description is rather vague, but overall it sounds useful.
    • KScreen – finally I won’t have to reconfigure the second monitor every time I reboot the laptop.
    • MATE Desktop – I loved Gnome 2.  If Gnome 3 and KDE 4 won’t get significantly better by the time of the release, I will probably switch to MATE.
    • Node.js – I wanted to play around with it for a while now, but never got the time to get it on my box.  Maybe now I will.
    • PHP 5.5 – new PHP is better PHP.
    • Replace MySQL with MariaDB – that’s an interesting move. I wonder how much trouble this will create with MySQL still being on the servers.
    • Ruby 2.0 – Similar to Node.js, this just makes it so much easier to try new things.

    So, this looks like a busy release.

  5. Accessing current username in sudo scripts on CentOS

    By Leonid Mamchenkov

    I got a bit of a puzzle at work today.  I had a script that was executed as another user via sudo, but I wanted to access the original username in the script, to know who was executing it.  Sudoers manual suggest working with “Defaults env_keep“.  Looking into the /etc/sudoers, I noticed that $USERNAME variable was whitelisted (in line #3 below):

    Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

    So, I tried to use the $USERNAME variable in my script but it was coming up with empty results.  That made me look deeper into default Bash initialization, and I found out that $USERNAME variable setup wasn’t a part of it.  However, $LOGNAME was (in /etc/profile).  I think, so few people actually use it that nobody noticed or bothered about it until now.  Anyway, the solution now was obvious – simply add $LOGNAME variable to the sudo white list.  Appending this line to the above env_keep ones did the job:

    Defaults    env_keep += "LOGNAME"

    There. In hopes it will help future generations…

    P.S.: All that happened on a more or less default installation of CentOS 6.3, but I’m sure other Red Hat based distributions have a similar issue.

    P.P.S.: If your script is ALWAYS invoked via sudo, also have a look at $SUDO_UID, $SUDO_GID, and $SUDO_USER variables.

  6. SSH dynamic black list

    By Leonid Mamchenkov

    Slashdot runs the post on how bots are now trying higher ports for SSH password guessing.  This is not a problem for those who do key-based authentication, but for those who have to have password authentication enabled, there is plenty of good advice in the comments to the post.  One of the comments provides this handy iptables-based dynamic black list:

    iptables --new-chain SSHTHROTTLE
iptables --append SSHTHROTTLE --match recent --name bad_actors --update --seconds 86400 --jump DROP
iptables --append SSHTHROTTLE --match hashlimit --hashlimit-name ssh_throttle --hashlimit-upto 5/hour --hashlimit-mode srcip --hashlimit-burst 2 --jump ACCEPT
iptables --append SSHTHROTTLE --match recent --name bad_actors --set --jump DROP
iptables --append INPUT --in-interface ext+ --proto tcp --match conntrack --ctstate NEW --dport 22 --syn --jump SSHTHROTTLE

    I haven’t tried it out myself yet, but I’m saving it here for the next time I have a server with password-based authentication SSH.

  7. Redmine email notifications with Exim

    By Leonid Mamchenkov

    When configuring Redmine project management to send email notifications, using Exim MTA, you might end up with test emails bouncing due to no recipients specified.  It’s a bit tricky to debug, but, fortunately, quite easy to fix.  The problem comes from different implementations of “-t” option handling for /usr/sbin/sendmail.  Redmine uses this option to specify on the command line to specify message recipients   However, Exim by default uses a different behavior, where it gets recipients from the message headers, and removes from that list recipients which are provided using the “-t” command line option.

    The solution to the problem is a very simple – just add the following line to your /etc/exim/exim.conf file, as per this FAQ:

    extract_addresses_remove_arguments = false

  8. DriveDroid →

    This seems handy.  Description from the app page:

    DriveDroid allows you to boot your PC from ISO/IMG files stored on your phone. This is ideal for trying Linux distributions or always having a rescue-system on the go… without the need to burn different CDs or USB pendrives.

    DriveDroid also includes a convenient download menu where you can download USB-images of a number of operating systems from your phone.

    You can also create USB-images which allows you to have a blank USB-drive where you can store files in. Another possibility is to use tools on your PC to make a bootable USB-drive out of the blank image that DriveDroid created.

  9. Installing Linux on the Chromebook Pixel →

    From this point forward, every time you boot, it’s going to say that Chrome OS can’t be found or something similarly alarming like that, just ignore and hit Ctr-D or wait 30 seconds to boot into Chrome OS. But that won’t be relevant for long as we’re going to wipe it off the machine below :-)

  10. Upgrade to Fedora 18

    By Leonid Mamchenkov

    As I mentioned a couple of days ago, Fedora 18 has been released.  And since now I have a somewhat flagman role for quite a few Fedora users around me, I took the courageous step of upgrading my personal laptop from Fedora 17 to 18.  More or less it went smooth.   Here are the notes for things that broke:

    1. As mentioned in the previous post, you should use “fedup –network 18” instead of “preupgrade“.   This is my preferred way of upgrading, since I can still use the computer while the download and good chunk of the upgrade are being done.
    2. Broken KDE.  Upon the first boot I got as far as the graphical login prompt.  Upon entering the username and password, and selecting KDE as the preferred session, I’d get a KDE loader screen for a bit, then a few screen spasms, a black console, and eventually an automatic reset back to the graphical login prompt.  That was ugly!   I tried it a few times, but it was behaving consistently.  Gnome however worked just fine.  All I had to do to sort this out was install updates.  But, there was a minor issue with that too – see the next one.
    3. No updates.  Running “yum update” was consistently telling me that I have no updates to install.  I found that difficult to believe, since I know for a fact that updates are available for Linux distributions pretty much the moment a new version is released.  Solution to the problem is a reset of yum cache, by using “yum clean all”.  Once that is done “yum update” will bring the usual megabytes of updates.  KDE bits and pieces are in there too.  Which sorted out the previous option.
    4. Google Chrome won’t start, spitting out an error of some missing library.  That looked weird.  Gladly, the solution is easy, and finding one is a single Google search away.  Simply re-install the RPM and all will be back to normal.
    5. Git branch information in bash prompt was no more.  Luckily, that was covered in the Release Notes.  A necessary shell file has been moved from one location to another, so .bashrc should be updated.

    So, is there anything good in this version that would counter the above issues?  I don’t know, honestly, I haven’t been using it long enough yet.  The things that I’ve noticed are:

    • Some kind of a new behavior in the graphical login.  There is a screensaver-like mode before the prompt that shows time and date.  That’s convenient.  But dragging that screen away with the mouse a la mobile/tablet interface, is not very productive.
    • Dolphin file manager in KDE seems to be a lot more responsive.  At least it starts now in split second.   That was taking almost five seconds on the same machine before.  Not that I use that often, but it’s handy.
    • Gnome 3 polishing.  When I briefly logged into it, I noticed better shadows and borders for windows, as well as some system monitoring widgets in the activities screen.  That looked better than I remember it.

    So far – not too much.  Hopefully, more awesomeness will be discovered during the next few days.