Category: Linux

Linux is my primary operating system. I used it on the servers, desktops, laptops, netbooks, and even mobile phones since approximately 1997. I’ve tried a number of distributions over the years, and even created a couple myself. I still look around sometimes to see what others are up to. But most of my machines are running some sort of Red Hat – either a quick and easy Fedora Linux, or a stable and secure Red Hat Enterprise Server, or a cheaper CentOS alternative.

And while by now I am very comfortable in the Linux environment (both graphical and command line), I still discover a lot of new and interesting things about it. When I come across something worthy, I usually share it with the rest of the Open Software world, using this category.

SSH dynamic black list

Slashdot runs the post on how bots are now trying higher ports for SSH password guessing.  This is not a problem for those who do key-based authentication, but for those who have to have password authentication enabled, there is plenty of good advice in the comments to the post.  One of the comments provides this handy iptables-based dynamic black list:

iptables --new-chain SSHTHROTTLE
iptables --append SSHTHROTTLE --match recent --name bad_actors --update --seconds 86400 --jump DROP
iptables --append SSHTHROTTLE --match hashlimit --hashlimit-name ssh_throttle --hashlimit-upto 5/hour --hashlimit-mode srcip --hashlimit-burst 2 --jump ACCEPT
iptables --append SSHTHROTTLE --match recent --name bad_actors --set --jump DROP
iptables --append INPUT --in-interface ext+ --proto tcp --match conntrack --ctstate NEW --dport 22 --syn --jump SSHTHROTTLE

I haven’t tried it out myself yet, but I’m saving it here for the next time I have a server with password-based authentication SSH.

Redmine email notifications with Exim

When configuring Redmine project management to send email notifications, using Exim MTA, you might end up with test emails bouncing due to no recipients specified.  It’s a bit tricky to debug, but, fortunately, quite easy to fix.  The problem comes from different implementations of “-t” option handling for /usr/sbin/sendmail.  Redmine uses this option to specify on the command line to specify message recipients   However, Exim by default uses a different behavior, where it gets recipients from the message headers, and removes from that list recipients which are provided using the “-t” command line option.

The solution to the problem is a very simple – just add the following line to your /etc/exim/exim.conf file, as per this FAQ:

extract_addresses_remove_arguments = false

DriveDroid

DriveDroid

This seems handy.  Description from the app page:

DriveDroid allows you to boot your PC from ISO/IMG files stored on your phone. This is ideal for trying Linux distributions or always having a rescue-system on the go… without the need to burn different CDs or USB pendrives.

DriveDroid also includes a convenient download menu where you can download USB-images of a number of operating systems from your phone.

You can also create USB-images which allows you to have a blank USB-drive where you can store files in. Another possibility is to use tools on your PC to make a bootable USB-drive out of the blank image that DriveDroid created.

Installing Linux on the Chromebook Pixel

Installing Linux on the Chromebook Pixel

From this point forward, every time you boot, it’s going to say that Chrome OS can’t be found or something similarly alarming like that, just ignore and hit Ctr-D or wait 30 seconds to boot into Chrome OS. But that won’t be relevant for long as we’re going to wipe it off the machine below :-)

Upgrade to Fedora 18

As I mentioned a couple of days ago, Fedora 18 has been released.  And since now I have a somewhat flagman role for quite a few Fedora users around me, I took the courageous step of upgrading my personal laptop from Fedora 17 to 18.  More or less it went smooth.   Here are the notes for things that broke:

  1. As mentioned in the previous post, you should use “fedup –network 18” instead of “preupgrade“.   This is my preferred way of upgrading, since I can still use the computer while the download and good chunk of the upgrade are being done.
  2. Broken KDE.  Upon the first boot I got as far as the graphical login prompt.  Upon entering the username and password, and selecting KDE as the preferred session, I’d get a KDE loader screen for a bit, then a few screen spasms, a black console, and eventually an automatic reset back to the graphical login prompt.  That was ugly!   I tried it a few times, but it was behaving consistently.  Gnome however worked just fine.  All I had to do to sort this out was install updates.  But, there was a minor issue with that too – see the next one.
  3. No updates.  Running “yum update” was consistently telling me that I have no updates to install.  I found that difficult to believe, since I know for a fact that updates are available for Linux distributions pretty much the moment a new version is released.  Solution to the problem is a reset of yum cache, by using “yum clean all”.  Once that is done “yum update” will bring the usual megabytes of updates.  KDE bits and pieces are in there too.  Which sorted out the previous option.
  4. Google Chrome won’t start, spitting out an error of some missing library.  That looked weird.  Gladly, the solution is easy, and finding one is a single Google search away.  Simply re-install the RPM and all will be back to normal.
  5. Git branch information in bash prompt was no more.  Luckily, that was covered in the Release Notes.  A necessary shell file has been moved from one location to another, so .bashrc should be updated.

So, is there anything good in this version that would counter the above issues?  I don’t know, honestly, I haven’t been using it long enough yet.  The things that I’ve noticed are:

  • Some kind of a new behavior in the graphical login.  There is a screensaver-like mode before the prompt that shows time and date.  That’s convenient.  But dragging that screen away with the mouse a la mobile/tablet interface, is not very productive.
  • Dolphin file manager in KDE seems to be a lot more responsive.  At least it starts now in split second.   That was taking almost five seconds on the same machine before.  Not that I use that often, but it’s handy.
  • Gnome 3 polishing.  When I briefly logged into it, I noticed better shadows and borders for windows, as well as some system monitoring widgets in the activities screen.  That looked better than I remember it.

So far – not too much.  Hopefully, more awesomeness will be discovered during the next few days.