Tag Archives: ubuntu

Connect to Lantronix Spider from Ubuntu RS232 Serial Port or USB

If you need to connect to the Lantronix Spider or SpiderDuo KVM-over-IP Devices via a serial connection, for example to change the configuration or reset the password, you need to use a serial console to do this. I was using an Ubuntu machine with a standard serial / com port ( DB9/RS232 ) and had one of the $4 RJ45 to DB9/RS232 cables To get connected I ended up installing picocom which I like better than using screen as it seems to be more forgiving if something goes wrong and not lock up the system. Then I used the command picocom -b 9600 /dev/ttyS0 to connect to the device and got prompt so I could reset the device: Welcome! Choose a command for the following features: -Initial IP configuration: “config”. -Reset device: “reset”. [(none) spider]> If you don’t have a RS232 you can also use a ~ $10 USB to RS-232 DB9 Serial Converter in order to get a serial port. The device will show up in /dev/ as something like /dev/ttyUSB0 which will change your picocom command to be: picocom -b 9600 /dev/ttyS0 To exit picocom use control+a, control+x. To install picocom on Ubuntu / Debian linux systems use apt-get install -y picocom A few notes from the Lantronix page: How do I perform the reset? See details on the lantronix page – you will need to use the reset button on the back of the device in combination with a terminal connection described above. What is the default … Continue reading

Posted in Server Admin | Tagged , | Leave a comment

How to update bash on Ubuntu 10.10 Maverick – fix shellshock

Ubuntu 10.10 Maverick is now past the end-of-life / end-of-support phase so it will no longer be getting any updates, including security updates. To update / patch bash you must do so from source. Here are the commands to download the source for bash and build and install it. Update – the instructions below were previous instructions, but to prevent the continuous need to apply patches there is an updated method using git: New Method 1 This method downloads a tarball of the latest source code and is around 7MB in size. wget “http://git.savannah.gnu.org/cgit/bash.git/snapshot/bash-master.tar.gz” unzip bash-master.tar.gz cd bash-master ./configure make make install New Method 2 This method uses git and requires ~ 150MB of space ( includes version history ) but makes future updates easier with a git pull: git clone git://git.sv.gnu.org/bash.git cd bash ./configure make make install Old Method mkdir src cd src wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz #download all patches for i in $(seq -f “%03g” 0 27); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done tar zxvf bash-4.3.tar.gz cd bash-4.3 #apply all patches for i in $(seq -f “%03g” 0 27);do patch -p0 < ../bash43-$i; done #build and install ./configure && make && make install cd .. cd .. rm -r src Testing Bash for Shellshock Paste this into a terminal env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” Desired Result bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ this is a test If you get something like the above message you’re good … Continue reading

Posted in Server Administration | Tagged , | 5 Comments

Install mitmproxy from source on Ubuntu

If you want to live on the dangerous side, you can install mitmproxy from its master branch. If you encounter any bugs, please do us the favor and report them on the Github issue tracker briefly. Install from source using PIP pip uninstall mitmproxy netlib pip install git+https:[email protected] pip install git+https:[email protected] Install from source on Ubuntu Installing mitmproxy master from sources on stock Ubuntu – first uninstall using: pip uninstall mitmproxy netlib Now install the required tools: $ sudo apt-get install -y build-essential libssl-dev libffi-dev python-dev python-pip libxml2-dev libxslt-dev git Now install with sudo: $ sudo pip install git+https:[email protected] $ sudo pip install git+https:[email protected] Now start up a python console and paste in these two commands – this is a workaround for issue 32 : $ sudo python # >>> from netlib import certffi >>> exit() Source: github gist

Posted in Linux | Tagged , , | 1 Comment

Vim and Jailkit

Recently I installed Jailkit on Ubuntu 12.04 and then tried to use the vim editor to edit files as the jailed user (specifically a user jailed with the bash shell) and vim was behaving oddly. The colors on the terminal were just a gray (default color) and a bold white. After a little digging I found out this is how vim does syntax highlighting when it thinks that only two colors are available. Also, I was having trouble with the arrow keys not working – I could move around with HJKL but there also seemed to be lag and vim was hanging or would hang sometimes and was not responsive. I typed in set terminal and it told me ansi which is the default, “dumb” terminal. You can change vim to another terminal type, like xterm a few ways. Inside vim type :set term=xterm and that should do it Edit your .vimrc file (in your home directory) and add set term=xterm Before launching vim type export TERM=xterm to set an environmental variable Add that last command (export TERM=xterm) into one of your startup files like ‘~/.profileor ‘~/.bashrc This fixed the issue with the arrow keys, the lag and hanging, but I still only had two colors. After many hours of digging I realized that with Jailkit on Ubuntu even if you do jk_init -v /home/jail editors to install joe and vim and emacs you still get this problem. I did a stack trace on vim and even turned on debugging … Continue reading

Posted in Server Admin | Tagged , , | Leave a comment

How use crontab / cron with Jailkit on Ubuntu 12

Recently I began testing jailkit on Ubuntu 12 and 12.04 and wanted users to have access to cron and crontab I read a lot of the documentation for man cron and have a pretty good understanding of how Vixie Cron works. There is a bit of a conflict with permissions of Cron and Jailkit. Jailkit wants most everything inside the jail (most often /home/jail/) to be owned by root and in the root group, and basically nothing to be writable by the jailed users (except for /home/jail/tmp/ and the users home directories in /home/jail/home/*) Cron, on the other hand, doesn’t want you to edit the crontab files for the users directly. They live in /var/spool/cron/crontabs cron searches its spool area (/var/spool/cron/crontabs) for crontab files (which are named after accounts in /etc/passwd); crontabs found are loaded into memory. Note that crontabs in this directory should not be accessed directly – the crontab command should be used to access and update them. More information is given from man crontab: There is one file for each user’s crontab under the /var/spool/cron/crontabs directory. Users are not allowed to edit the files under that directory directly to ensure that only users allowed by the system to run periodic tasks can add them, and only syntactically correct crontabs will be written there. This is enforced by having the directory writable only by the crontab group and configuring crontab command with the setgid bid set for that specific group. That’s great, but… How do I set up … Continue reading

Posted in Server Administration | Tagged , , , | Leave a comment

mod_auth_openid v0.6 on Ubuntu 12.04 for AuthOpenIDAXRequire

I believe the standard version of mod_auth_openid that comes with Ubuntun 12.04 precise pangolin is v0.5 This library is also known by the name libapache2-mod-auth-openid Make sure you have apxs2 installed: Apache Extension Tools (apxs / apxs2) apache extension tools apt-get install sudo apt-get install apache2-threaded-dev I didn’t have the time to finish editing this post to my liking, so I’m just adding my notes as-are: mod_auth_openid v0.6 on Ubuntu 12.04 with AuthOpenIDAXRequire sudo apt-get install apache2-threaded-dev AuthOpenIDAXRequire schema email http://openid.net/schema/namePerson/prefix http://openid.net/schema/namePerson/first http://openid.net/schema/namePerson/last http://openid.net/schema/namePerson/middle http://openid.net/schema/namePerson/suffix http://openid.net/schema/namePerson/friendly http://openid.net/schema/person/guid http://openid.net/schema/birthDate/birthYear http://openid.net/schema/birthDate/birthMonth http://openid.net/schema/birthDate/birthday http://openid.net/schema/gender http://openid.net/schema/language/pref http://openid.net/schema/contact/phone/default http://openid.net/schema/contact/phone/home http://openid.net/schema/contact/phone/business http://openid.net/schema/contact/phone/cell http://openid.net/schema/contact/phone/fax http://openid.net/schema/contact/postaladdress/home http://openid.net/schema/contact/postaladdressadditional/home http://openid.net/schema/contact/city/home http://openid.net/schema/contact/state/home http://openid.net/schema/contact/country/home http://openid.net/schema/contact/postalcode/home http://openid.net/schema/contact/postaladdress/business http://openid.net/schema/contact/postaladdressadditional/business http://openid.net/schema/contact/city/business http://openid.net/schema/contact/state/business http://openid.net/schema/contact/country/business http://openid.net/schema/contact/postalcode/business http://openid.net/schema/contact/IM/default http://openid.net/schema/contact/IM/AIM http://openid.net/schema/contact/IM/ICQ http://openid.net/schema/contact/IM/MSN http://openid.net/schema/contact/IM/Yahoo http://openid.net/schema/contact/IM/Jabber http://openid.net/schema/contact/IM/Skype http://openid.net/schema/contact/internet/email http://openid.net/schema/contact/web/default http://openid.net/schema/contact/web/blog http://openid.net/schema/contact/web/Linkedin http://openid.net/schema/contact/web/Amazon http://openid.net/schema/contact/web/Flickr http://openid.net/schema/contact/web/Delicious http://openid.net/schema/company/name http://openid.net/schema/company/title http://openid.net/schema/media/spokenname http://openid.net/schema/media/greeting/audio http://openid.net/schema/media/greeting/video http://openid.net/schema/media/biography http://openid.net/schema/media/image http://openid.net/schema/media/image/16×16 http://openid.net/schema/media/image/32×32 http://openid.net/schema/media/image/48×48 http://openid.net/schema/media/image/64×64 http://openid.net/schema/media/image/80×80 http://openid.net/schema/media/image/128×128 http://openid.net/schema/media/image/160×120 http://openid.net/schema/media/image/320×240 http://openid.net/schema/media/image/640×480 http://openid.net/schema/media/image/120×160 http://openid.net/schema/media/image/240×320 http://openid.net/schema/media/image/480×640 http://openid.net/schema/media/image/favicon http://openid.net/schema/timezone via http://stackoverflow.com/questions/7403536/list-of-available-attributes-for-http-axschema-org-and-http-schemas-openid-n changeset on openid auth schemas http://sourceforge.net/apps/trac/simpleid/changeset/459 openid auth properties http://openid.net/specs/openid-attribute-properties-list-1_0-01.html Introduction : The Apache OpenID Module http://findingscience.com/mod_auth_openid/ AuthType OpenID require valid-user AuthOpenIDTrusted ^https://www.google.com/accounts/o8/ud AuthOpenIDSingleIdP https://www.google.com/accounts/o8/id AuthOpenIDAXRequire email http://openid.net/schema/contact/email [email protected] AuthOpenIDAXUsername email via http://mmornati.tumblr.com/post/23559005172/apache-and-mod-auth-openid-on-f16-centos openid explained http://openidexplained.com/use myopenid https://www.myopenid.com Using Mod_auth_openid With Ubuntu SSO http://rtg.in.ua/blog/2011/11/modauthopenid-and-ubuntu-sso/ sudo apt-add-repository ppa:rye/ppa sudo apt-get update sudo apt-get install libapache2-mod-auth-openid apt-cache policy libapache2-mod-auth-openid libapache2-mod-auth-openid: Installed: 0.6-0ubuntu1 Candidate: 0.6-0ubuntu1 Using Apache2’s mod_auth_openid… http://hustoknow.blogspot.com/2012/05/setting-up-google-apps-single-sign-on.html sudo apt-get install automake sudo apt-get install autotools-dev sudo apt-get install libtool sudo apt-get install libtidy-dev sudo apt-get install libcurl4-openssl-dev sudo apt-get install libopkele-dev ./autogen.sh ./configure make <location “/”> LoadModule authopenid_module /usr/lib/apache2/modules/mod_auth_openid.so AuthType OpenID require valid-user AuthOpenIDTrusted ^https://www.google.com/accounts/o8/ud … Continue reading

Posted in Server Admin | Tagged , , , , , , | Leave a comment

LookupException in API_Linux.cpp:98: Could not lookup username “wwwrun”

In order to get suPHP to run you’ll need to edit the config file, which is by default stored in /etc/suphp/suphp.conf If you’re getting the error LookupException in API_Linux.cpp:98: Could not lookup username “wwwrun” it means specifically that you probably have not uncommented the line webserver_user in that config file. If you’re on an Ubuntu server you will probably set that line to www-data but on other systems it perhaps needs to be set to apache or nobody. You can view your list of users by using the command cat /etc/passwd, which will give you several lines in this format: www-data:x:33:33:www-data:/var/www:/bin/sh If you’re on Ubuntu you should see the line above, which shows the entry for the user www-data which has a user id and group id of 33 (the first two numbers). If you see that then you should probably change your suphp.conf file to have the webserver_user set to www-data and also you should change the Minimum UID and Minimum GID to the matching numbers, probably 33 and 33… webserver_user=www-data ; Minimum UID min_uid=33 ; Minimum GID min_gid=33 A decent guide for setting up suPHP on Ubuntu 11 can be found at http://websoftserbia.com/en/ubuntu/66-install-suphp-on-ubuntu-11-04.html I would recommend walking through that guide first, so you know what you’re doing, but I’ll also give you an example of a configured suphp.conf file: [global] ;Path to logfile logfile=/var/log/suphp.log ;Loglevel loglevel=info ;User Apache is running as webserver_user=www-data ;Path all scripts have to be in ;docroot=/var/www:${HOME}/public_html ;Security options allow_file_group_writeable=true allow_file_others_writeable=false allow_directory_group_writeable=true allow_directory_others_writeable=false ;Check wheter … Continue reading

Posted in Linux, Server Admin, Server Administration, Web Development | Tagged , , , , | Leave a comment