linux

A 4-post collection

Setting up Automatic Updates for Ubuntu

Keeping your system up to date is the single most important way to prevent security and malware issues.  Ubuntu provides nice tools for maintaining your system, but if you manage it via a command line you may be used to seeing: 1 2 3 packages can be updated. 3 updates are security updates. This is the Ubuntu system notifying you that it noticed there are 3 packages that have updates available.  This check is enabled by default and is part of the update-motd system.  Some background on how this works will provide insight into the workings of Ubuntu and then we’ll talk about automating those updates. Background update-motd is a system program introduced in Ubuntu that allows for the...

Create a Startup / Boot Script under Ubuntu

In managing Unix systems, you will often have occasion to have a process or action performed at boot time. There are several ways of accomplishing this goal, but the right way is to create an init script and configure it to run at the proper run levels. Here’s how to do that under Ubuntu. A valid LSB (Linux Standard Base) Init Script has 4 components: Provide, at least, the following actions: start, stop, restart, force-reload, and status (actually optional) Return proper exit status codes Document runtime dependencies Log messages using the Init.d functions: logsuccessmsg, logfailuremsg and logwarningmsg (optional) To document runtime dependencies you’ll have to define a header on your script. The header is required by the...

MySQL Database Replication over an SSH Tunnel

SSH Tunnel Setup Create an SSH key (Version 2) to allow passwordless replication: $ ssh-keygen -t rsa Copy the SSH key to the Master (assumes same user account on Master and Slave): $ ssh-copy-id master.machine.dom Setup the SSH Tunnel from the Slave to the Master on Slave Port 3305: $ ssh -f master.machine.dom -L 3305:127.0.0.1:3306 -N Now local port 3305 is actually port 3306 on the Master. Test that you can access the Master Database from the Slave: $ mysql -h 127.0.0.1 -P 3305 -uUSER -p You must use 127.0.0.1, not localhost, because MySQL treats “localhost” differently. If you are able to get a MySQL connection and verify access...

CloudEngines Plugs Security Flaw in Pogoplug with Firmware 2.1

In my original Blog Post entitled Beware the Pogoplug I pointed out a rather serious security hole in the Cloud Engines‘ Pogoplug device. That security hole allowed public SSH access into the device, as long as the device was reachable over the Internet or a Wi-Fi connection. CloudEngines’ even published the root password you needed to access the device. That’s been fixed now. Enter Pogoplug Firmware 2.1 Introduction: By default now, the Pogoplug has SSH access disabled. This is a welcome improvement and is the single biggest issue I had with the old firmware. I wholly support vendors giving us root-level SSH access to our devices. It frankly makes them much more useful and interesting to people like...