Archive
Posts in Linux
Breaking the telnet addiction with netcat
After many years of use it's become almost second nature to type 'telnet open. Newer systems no longer install telnet by default: I can't think of a valid reason to keep telnet around (there are probably valid use cases). Since netcat and tcpdump are a billion times better for debugging TCP issues, I need to apply newer microcode to my brain to perform a 's/telnet/nc -v/g' each time I need to test if a TCP port is open: Anyone else have a telnet attachment they just can't break? :)
$ read more →A couple of cool Illumos videos
I've been reading more about the Illumos project over the past few weeks. As most of my blog readers know, I'm a huge fan of Solaris and used to be quite active in the OpenSolaris community. My involvement in OpenSolaris came to an end in 2011 after the project was squashed by Oracle. I started investing my time in various Linux projects, and learning about new web technologies…
$ read more →Using the automated bug-reporting tool (abrt) to generate core dumps when a Linux process fails
Software fails, and it often occurs at the wrong time. When failures occur I want to understand why, and will usually start putting together the events that lead up to the issue. Some application issues can be root caused by reviewing logs, but catastrophic crashes will often require the admin to sit down with gdb and review a core file if it exists. Solaris has always led the charge when it comes to reliably creating core files during crashes…
$ read more →Using exec-shield to protect your Linux servers from stack, heap and integer overflows
I've been a long time follower of the OpenBSD project, and their amazing work on detecting and protecting the kernel and applications from stack and heap overflows. Several of the concepts that were developed by the OpenBSD team were made available in Linux, and came by way of the exec-shield project. Of the many useful security features that are part of exec-shield, the two features that can be controlled by a SysAdmin are kernel virtual address space randomizations and the exec-shield operating mode. Address space randomization are controlled through the kernel.randomize_va_space sysctl tunable, which defaults to 1 on my CentOS systems: The exec-shield operating mode is controlled through the kernel.exec-shield sysctl value, and can be set to one of the following four modes (the descriptions below came from Steve Grubb's excellent post on exec-shield operating modes): A value of 0 completely disables ExecShield and Address Space Layout Randomization > A value of 1 enables them ONLY if the application bits for these protections are set to “enable” > A value of 2 enables them by default, except if the application bits are set to “disable” > A value of 3 enables them always, whatever the application bits The default exec-shield value on my CentoOS servers is 1, which enables exec-shield for applications that have been compiled to support it: To view the list of running processes that have exec-shield enabled, you can run Ingo Molnar and Ulrich Drepper's lsexec utility: In this day and age of continuos security threats there is little to no reason that you shouldn't be using these amazing technologies…
$ read more →Fcron, a feature rich cron and anacron replacement
I've been looking at some opensource scheduling packages, and while doing my research I came across the fcron package. Fcron is a replacement for vixie cron and anacron, and provides a number of super useful features: Run jobs based on the system load average. Serialize jobs. Set the nice value of the process that is fork()'ed…
$ read more →