I.T. Security and Linux Administration


May 14, 2012  9:42 AM

Is Ubuntu Moving To a Rolling Release Cycle Slowly?

Eric Hansen Eric Hansen Profile: Eric Hansen

Linux Today posted an article entitled “Ubuntu 12.10 Daily ISO Images Are Now Available“.  Now, there was talk before the 11.x branch of releases was coming out that Ubuntu was contemplating moving to a rolling release cycle, where there was no real designated “new” releases, just updates kept coming continuously.  However, talk on IRC back then was that it was just a rumor and not true.  I know 12.04 just got released back on April 26th, and these 12.10 daily ISOs are directed towards testers and Ubuntu developers more than anything, but it can still raise the question of whether this is leading to a rolling release cycle option.

I definitely do not see this being a mainstream option for Ubuntu, as it has taken the stance of basically being the transitional Linux flavor between Windows and some of the more intricate flavors such as Gentoo & Fedora.  But that still doesn’t mean it don’t have a chance of happening for those who are wanting more updates (i.e.: testing or unsupported repositories).

This can hurt Ubuntu, though, if it chooses to go this way.  While I like the way Unity has changed since its debut back in 11.04, Ubuntu seems to be more focused these days on more of the business market than consumer.  The feel for it is more commercialized and not really meant for people who want to test new software.  Linux flavors such as Gentoo and Arch Linux have made a name for themselves for being that Linux version to go to when you want that constant updating.  Businesses tend to be afraid of updating, however, unless there’s some known reason to do so.  Which makes sense, right?  The whole “don’t fix what’s not broken” mentality, it holds true.

Here is another option to think about though: it could be great to offer it as a secondary service of sorts.  There are those who are comfortable with Ubuntu and don’t want to use a different version of Linux.  For example me.  I spent the entire weekend trying to get Gentoo to play nice with my system, and I have had no luck.  With Ubuntu it works right out of the box.  But, what I personally do not like about Ubuntu is the slowness with the updates, especially if there’s a new feature in software X and I have a version or two older.  This is where having the opportunity to use another repository for installing the latest software (that hasn’t been tested thoroughly) can come in handy.

If they ever decide to add this feature in it would probably break APT because you probably won’t want to install all of the new software, just what you need/want.  I know the Ubuntu software package manager allows you to choose which software to update, but you have to consider the other copies of Ubuntu too that aren’t so kind to the user.  Some, like Linux Mint, have really taken a hold and given their users reasons to use their package manager, but its not always the case.

All in all, I think Ubuntu moving towards a rolling release cycle would be a good step forward for consumers, if given as an option.  I don’t feel forcing it on the user (ala Arch Linux & Gentoo) is a smart decision because of who Canonical wants to focus their product on, businesses.  If I were to give a definite verdict though, I would say to not do it.  Arch Linux and Fedora are not hard to set up and get running.

April 19, 2012  2:11 PM

NRPE: Could not complete SSL handshake

Eric Hansen Eric Hansen Profile: Eric Hansen

In setting up a server to remotely monitor various other servers I run, I decided to go the route of NRPE instead of SNMP (which I have set up for Cacti).  However, even after installing the SSL libs on both machines and compiling NRPE, I discovered one problem: the monitoring server could not connect to the remote host via NRPE.  When logged into the remote server, which is running Ubuntu 11.10 (32-bit), I could run check_nrpe -H localhost and it display NRPE v2.12.  However, the monitoring server running Debian Squeeze (32-bit) would give me this error:

root@hq:/tmp/nrpe-2.13# /usr/local/nagios/libexec/check_nrpe -H <ip address>

CHECK_NRPE: Error – Could not complete SSL handshake.

I ensured the permissions for /usr/local/nagios/* was set correctly, both versions of NRPE were compiled with SSL, and that the IP address of the Debian machine was found in both ALLOWED_HOSTS in the nrpe.cfg file and only_from in the xinetd.d/nrpe file.  Everything looked in order, and still kept receiving this issue.  Then, I looked at the output of ps aux | grep nrpe, which showed that the NRPE process was using the wrong configuration file.  So what I needed to do on the Ubuntu server was edit the init script (which was made during the apt-get install nagios-nrpe-server step I did earlier).  These are the two lines I had to edit:
DAEMON=/etc/nagios/bin/nrpe
CONFIG=/etc/nagios/nrpe.cfg
Both of these had to point to /usr/local/nagios/libexec for DAEMON and /usr/local/nagios/etc for CONFIG.  I restarted nagios-nrpe-server on Ubuntu and then ran the check_nrpe command from Debian again, getting this:
root@hq:/tmp/nrpe-2.13# /usr/local/nagios/libexec/check_nrpe -H <ip>
NRPE v2.13
Everything is back to working order and NRPE is working just as planned.


April 5, 2012  11:25 PM

Apache 2 + mod_rewrite + Subdirectory confusion

Eric Hansen Eric Hansen Profile: Eric Hansen

Originally my business’ website was set up fine, with the structure being similar to:

/ – Root domain
/accounts/ – CRM
/webmail/ – Webmail access

What I decided to do was create a subdomain, mail.securityfor.us to use instead of /webmail.  I’ve also wanted to set up a document resource section for my business, so I created a subdomain docs.securityfor.us.  Ultimately I was able to get the subdomains to play nicely with each other, but I was having issues with /accounts/ redirecting to mail.securityfor.us.  Then, the fun begins (after the “Continue”)… Continued »


March 29, 2012  1:51 PM

More Bash Alias Tips

Eric Hansen Eric Hansen Profile: Eric Hansen

So as of late I’ve been running into some issues on servers I manage.  A good example is today, I ran into a situation where mail was being stuck in the queue due to Amavis not running.  While this is find and dandy, and an easy fix (had to change the system’s hostname), I quickly got bored of typing out the same long string each time.  So, I decided to open up my .bashrc and start cracking, and here’s some helpful functions and aliases to get you started!
Continued »


March 25, 2012  2:42 PM

IP Banlist with Automagic Updating

Eric Hansen Eric Hansen Profile: Eric Hansen


First let me start off by saying that this can be used for iptables with some minor tweaking, but I chose to implement this using tcp_wrappers instead (/etc/hosts.allow; hosts.deny).  Main reason being is I wrote this for Rob to make his task of updating a list of banned IPs that much easier. Continued »


March 15, 2012  3:18 PM

Two-Factor Authentication in PHP Using SSH

Eric Hansen Eric Hansen Profile: Eric Hansen

For a good couple of years now I’ve wondered if there was a way to write an authentication system in PHP that utilized SSH instead of the widely-breakable database and flatfile methods. After doing some research I found its possible after installing a PHP extension. This guide will detail the methods used to do this, with the intent of hopefully having this a more versatile option. Continued »


March 14, 2012  11:09 AM

Custom Apache Directory Configuration with ISPConfig 3

Eric Hansen Eric Hansen Profile: Eric Hansen

I’ve started my own business, and have been working with a friend’s business to migrate his web hosting clients over to my servers.  For the most part this transition has been smooth, except for one client.  Due to how their directories were configured (and WP misconfigurations), instead of creating normal subdomains through ISPConfig, I had to create them as new domains.  This was fine until they changed their name servers to reflect mine…then in came the 500 and 503 errors.  Luckily, I documented what I did for similar issues with those who use Apache2 + PHP + ModFCGI. Continued »


March 12, 2012  10:59 PM

Resolving MySQL error 1146: “table doesn’t exist” when doing backup

Eric Hansen Eric Hansen Profile: Eric Hansen

While I’m not the biggest saint in the IT world when it comes to doing backups ([religious figure]-bless the fact OpenVZ has a simple container-back up function), when you do perform a backup one of the worse things that can possibly happen (besides a corrupted backup) is the backup not being created due to an error.  Even though I wasn’t doing a back up at the time I ran into this issue, I thought it would be helpful as MySQL still has a pretty strong hold on the database market, especially on *nix systems. Continued »


March 2, 2012  11:49 AM

OpenVZ and Ubuntu: No loopback adapter

Eric Hansen Eric Hansen Profile: Eric Hansen

For the past few months I’ve been working hard at getting my own business started and going.  Its definitely been a ride, and have learned a lot about business and I.T. that I didn’t think I’d ever touch on.  One of those I.T. aspects involves OpenVZ and their Ubuntu template (I use 11.04 x86), and the disappearance of lo, or the loopback adapter. Continued »


February 20, 2012  11:33 PM

Webmin (Part 1)

Eric Hansen Eric Hansen Profile: Eric Hansen

There’s plenty of control panels out there, some free and some that a lot of money.  A very popular pay one is cPanel, and that is arguably THE most popular control panel for servers out there.  You can do a lot with it, probably more than most should be allowed to do (this coming from my experiences working with web hosting companies).  However, over the past few years, when I’ve wanted a control panel for my own use I’ve stuck with the free-side of things.  That where this little write up comes in.  I’m talking about Webmin, and for those of you that have used it, you know just how powerful it can be.

Continued »


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: