• Home
• About

Posts Tagged ‘ubuntu’

No Dig on Ubuntu 9.10 Minimum Virtual Machine

Well, I guess Canonical has taken the idea of “minimum virtual machine” to the extreme. The 9.10 version of Ubuntu Server JeOS (F4 + select “Minimal Virtual Machine” at install time) apparently doesn’t include dig in the default installed packages.

I was shocked when my new virtual machine was having problems with connecting to the Ubuntu repositories and I couldn’t do a dig as a test:

-bash: dig: command not found

I’ve never seen a Linux distro without dig installed by default, but apparently it’s not as necessary to others as I would have thought..

Anyway, the package comes with the dnsutils package:
sudo apt-get install dnsutils

Tags: ubuntu
Filed under How-Tos / Tips : Comments (0) : Jan 26th, 2010

Insecurity by Non-Obscurity

I was a bit shocked and disheartened tonight to discover that my WordPress version was being broadcast to the world without me knowing it. It’s something that I hadn’t ever really given much thought to, mostly because I always assumed that a piece of information like that wasn’t being given out. What was even more disheartening to me was what I discovered as the method for disabling this broadcasting of my version number. The easiest way, by far, was to just install the Secure WordPress extension (or I could dive into a bit of their PHP code and have to make the change with each upgrade, not so much fun). Not so long ago, there was a huge ordeal about a vulnerability in WordPress 2.8.3 that allowed an attacker to reset an admin password very easily. No wonder they urged us to upgrade so quickly – your vulnerability was being broadcast.

The sad part is, broadcasting this version number isn’t something that can be disabled using the built-in settings. I don’t know what the rationale is, but one either has to edit the functions.php file in WordPress directly, or install the plugin mentioned above.

Anyway, this got me thinking about plenty of other open source softwares that I’ve disguised over the years.. For instance, perform a fresh install of Ubuntu 8.04 with the LAMP stack and you’ll see the version listed in the headers as detailed as this:

Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch Server

Yup, there it is, script kiddies. Bust out Metasploit and eat your hearts out. In this case, if one leaves the defaults enabled, the server major version, minor version, PHP version, OS, and WordPress version all are exposed. That leaves a pretty nice little attack vector.

Of course, hiding these things doesn’t mean that anything is secure. On the contrary, one must go far deeper than that. I am just disappointed in so many open source projects that cut down the time needed for any script kiddies to start playing with my public services.

Tags: linux, security, ubuntu
Filed under Tech Trends : Comments (1) : Jan 18th, 2010

Running LAMP Applications Using Nginx

While playing with WordPress on nginx for my last post, I discovered that a majority of the how-tos out there on running PHP/MySQL applications using nginx left a bit to desired. Here’s the steps that I took to get my application (WordPress, specifically) working.

Install nginx, MySQL, and PHP
First, let’s install nginx and PHP along with a few PHP libraries:
sudo apt-get install php5-mhash php5-mysql php5-odbc curl php5-curl php5-gd php5-imap nginx php5-cgi php5-cli php5-common

If you didn’t already have MySQL installed on your server, you’ll need that too:
sudo apt-get install mysql-server
The installer will prompt you to enter a root password. Make sure it’s a fairly good password, but also be sure to record it as you’ll need it later.

Install spawn-fcgi
Spawn-fcgi used to be included with lighttpd, but has been moved to its own project, so it can be downloaded separately. Unfortunately, the spawn-fcgi project is not in the Ubuntu repositories, so it has to be installed separately. First, download the tarball from the spawn-fcgi project page. As of this writing, it’s on version 1.6.2. For this particular version, run the following from a directory your user can download to:
wget http://www.lighttpd.net/download/spawn-fcgi-1.6.2.tar.gz

Untar it:
tar zxf spawn-fcgi-1.6.2.tar.gz

Make sure you have the compilation tools:
sudo apt-get install build-essential

Now, navigate into the spawn-fcgi download directory and compile:
cd spawn-fcgi-1.6.2
./configure
make

Now, let’s install it into /usr/bin:
cd src
sudo cp spawn-fcgi /usr/bin/

Now, let’s make the init script. Copy the following example into /etc/init.d/fastcgi:

#!/bin/bash
PHP_SCRIPT=/usr/bin/php-fastcgi
RETVAL=0
case "$1" in
'start')
$PHP_SCRIPT
RETVAL=$?
;;
'stop')
killall -9 php5-cgi
RETVAL=$?
;;
'restart')
killall -9 php5-cgi
$PHP_SCRIPT
RETVAL=$?
;;
*)
echo “Usage: php-fastcgi {start|stop|restart}”
exit 1
;;
esac
exit $RETVAL


Next, let’s create the script to launch the PHP CGI process. Copy the following example text into /usr/bin/php-fastcgi:

/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -C 5 -u www-data -g www-data -f /usr/bin/php5-cgi


Make sure the new scripts are executable:

chmod +x /usr/bin/php-fastcgi /etc/init.d/fastcgi


You should be able to start up your fastcgi process now with the following:
/etc/init.d/fastcgi start

Make the fastcgi process start at boot:
sudo update-rc.d fastcgi defaults

Setup nginx site
I used the following as my site file. A majority of it was taken from the default site and parts from other how-tos. You can rewrite the /etc/nginx/sites-available/default with this templated page (in my example, I assumed that the site is called site.com and that you are using WordPress at /var/www/wordpress). Be sure to change the “root” and “SCRIPT_FILENAME” lines.

server {
listen 80;
server_name site.com;
access_log /var/log/nginx/localhost.access.log;
location / {
root /var/www/wordpress;
index index.php;
if (-f $request_filename) {
expires 30d;
break;
}
if (!-e $request_filename) {
rewrite ^(.+)$ /index.php?q=$1 last;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/nginx-default;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME /var/www/wordpress$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}


Before restarting nginx, make sure everything is cool with the config and correct any errors:
sudo nginx -t

Now, restart nginx with the new changes:
sudo /etc/init.d/nginx restart

Install your application
You can now install your application as you normally would using Apache. In this example, you can download the WordPress packages to /var/www/wordpress and install from there, making sure that the files are owned by the www-data user.

Tags: nginx, ubuntu
Filed under How-Tos / Tips : Comments (2) : Aug 29th, 2009

Linux Vendors: United They Will Stand?

Ever since reading OStatic’s article about how Linux netbook returns really aren’t the problem with Linux market share, I can’t seem to quite get over the conclusion. They make an excellent point. Microsoft has lots of money and can afford to throw a lot of it at marketing. And Linux vendors? Not so much. To ‘requote’ (RQ?) Joe Brockmeier from Novell:

“If you took the marketing budgets of all the Linux vendors combined, and then doubled that figure, and then added a zero, you might start approaching what Microsoft spends on marketing Windows. Maybe.”

Wow. That’s one heck of a deficit to overcome. The funny thing about the software business is that as long as your technology is ‘good enough’, often that’s all it takes. From there it’s marketing. It’s sad, but true. It’s not that one has to match dollar-for-dollar, but that’s certainly not a difference that’s easily compensated for.

Okay, so there’s a problem. What’s the solution? Let’s read on in Brockmeier’s quote:

“The ad councils for various industries have the right idea — it’s a good idea to pool your money to grow the market when you’re jointly competing with another industry.”

This is where I have to disagree. Pooling money for marketing from Canonical, Red Hat, and Novell (and perhaps some lesser-known Linux vendors) for the benefit of whom? Linux? What Linux? Ubuntu? Red Hat? SUSE? If I were a Red Hat shareholder, I wouldn’t exactly appreciate my dollars being spent marketing ‘Linux’. While I like Linux, Red Hat needs to market Red Hat.

Is this what Linux has come to? A charity that vendors can pool their money into with the hopes of getting something out of it? Now, it is true that these vendors rely upon Linux upstream to have a product to sell, but as long as there are differences in distributions, there will be different marketing strategies. And that’s for good reason. Ubuntu is popular on desktops and laptops. Red Hat is not. In fact, Red Hat appears to not even care about the desktop market. SUSE fits somewhere in the middle there.

Can the three combine marketing strategies? Maybe. While I definitely like the idea of Linux dominating both the server and client operating system market shares, I would hate to see tension created between vendors because advertising doesn’t help out each equally. That would just serve to hurt all three. As a community, Linux vendors can’t even agree on a sound subsystem, let along a marketing strategy.

Tags: linux, microsoft, novell, red hat, ubuntu
Filed under Tech Trends : Comments (0) : Aug 16th, 2009

2X App Server Client on 64-bit Ubuntu

Today I got to replace my aging Ubuntu desktop with a new machine. We’ve been using 2X for some time to run Windows apps on our Macs and I was pumped a few months ago to figure out that they had packaged a new version of their client for Ubuntu (well, Debian but it works on Ubuntu).

When I got up and running, I went to install the 2X client again:
wyatt@host:~$ sudo dpkg --install 2XClient.deb
[sudo] password for walterw:
dpkg: error processing 2XClient.deb (--install):
package architecture (i386) does not match system (amd64)
Errors were encountered while processing:
2XClient.deb


Wrong architecture. Dang.

Not to worry! 2X also distributes the binaries in a tarball so, using the 32-bit libraries, one can just run the binaries.

First, download the tarball. You can download it using your browser from their downloads page, or from the terminal via:
wget http://www.2x.com/downloads/AppServer-LoadBalancer/2XClient.tar.bz2

Untar it:
tar jxf 2XClient.tar.bz2

Copy the contents to /opt:
sudo cp opt/2X /opt/

Install the ia32libs:
sudo apt-get install ia32-libs

You can then create a launcher within the Gnome menu or whatever desktop manager you want.

To create the launcher, the command to start the client is:
/opt/2X/Client/bin/2XClient

That’s it! The 2X client should launch and run beautifully.

Tags: ubuntu
Filed under Uncategorized : Comments (1) : Aug 12th, 2009

Categories

• How-Tos / Tips
• Just for Fun
• News
• Rants
• Tech Trends
• Uncategorized

Search

Tags

Archives

• April 2012
• January 2012
• November 2011
• October 2011
• September 2011
• May 2011
• April 2011
• March 2011
• February 2011
• January 2011
• December 2010
• November 2010
• October 2010
• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008

Blogroll

• ShutterGuides
• SugarCRM
• TheSysAdminLog