Ubuntu AD Client

Sep 16th, 2012

This is my original way of using Active Directory as the directory server for linux. It requires the schema to be extended to include the unix attributes. In Windows Server 2008 AD, the schema is actually extended by default. Unfortunately, in order to access the unix attributes in the AD MMC you need to add the NIS role. The new way of auto generating the userid is way better and is documented here: [[ubuntu rid client]]

sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config

edit /etc/krb5.onf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
  
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
  
[appdefaults]
pam = {
  debug = false
  ticket_lifetime = 36000
  renew_lifetime = 36000
  forwardable = true
  krb4_convert = false
}

sudo apt-get install samba winbind

#GLOBAL PARAMETERS
  [global]
     workgroup = CS
     realm = CS.UMB.EDU
     preferred master = no
     server string = %h Linux Test Machine
     security = ADS
     encrypt passwords = yes
     log level = 3
     log file = /var/log/samba/%m
     max log size = 50
     printcap name = cups
     printing = cups
     winbind enum users = No
     winbind enum groups = No
     winbind use default domain = Yes
     winbind nested groups = Yes
     winbind separator = +
     winbind nss info = rfc2307
     winbind cache time = 10
     idmap backend = tdb
     idmap uid = 60000-70000
     idmap gid = 60000-70000
     idmap config CS: backend = ad
     idmap config CS: range = 10000-20000
     idmap config CS: schema_mode = rfc2307
     ;template primary group = "Domain Users"
     ;template shell = /bin/bash
  
  [homes]
     comment = Home Direcotries
     valid users = %S
     read only = No
     browseable = No
  
  [printers]
     comment = All Printers
     path = /var/spool/cups
     browseable = no
     printable = yes
     guest ok = yes

edit /etc/nsswitch.conf

passwd:         compat winbind
group:          compat winbind

net ads join -U Administrator

wbinfo -u

REST Client

Sep 15th, 2012

Fire up firefox and download the RESTClient Add-on.

Window -> Add-ons Manager

Search -> RESTClient

Method: 
  POST

URL: 
  http://ec2-184-73-40-56.compute-1.amazonaws.com/sessions.json

Headers: 
  Content-Type: application/json

Body:
  {
    "user": 
    {
      "email": "your@emailaddress.com", "password": "Your_Password"
    }
  }

Rails Production Server

Sep 12th, 2012

Load Ubuntu 12.04

Get updates. Run ‘sudo apt-get update’ and ‘sudo apt-get upgrade’ and ‘sudo apt-get dist-upgrade’

Reboot.

Install Apache2

sudo apt-get install apache2

Install curl

sudo apt-get install curl

Install rvm (Multi-User install)

curl -L https://get.rvm.io | sudo bash -s stable

Install Ruby Dependencies:

apt-get install build-essential openssl libreadline6 libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev automake libtool bison subversion

Install the latest version of ruby

rvm install ruby

Install the rails gems

gem install rails

Install The Ruby Racer

gem install therubyracer

Install nodejs

apt-get install nodejs

Get ready for passenger

apt-get install libcurl4-openssl-dev apache2-prefork-dev libapr1-dev libaprutil1-dev
gem install passenger

Install the passenger module

passenger-install-apache2-module

Edit your Apache configuration file, and add these lines:

LoadModule passenger_module /usr/local/rvm/gems/ruby-1.9.3-p194/gems/passenger-3.0.13/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/rvm/gems/ruby-1.9.3-p194/gems/passenger-3.0.13
PassengerRuby /usr/local/rvm/wrappers/ruby-1.9.3-p194/ruby

Deploying a Ruby on Rails application: an example

Suppose you have a Rails application in /somewhere. Add a virtual host to your Apache configuration file and set its DocumentRoot to /somewhere/public:

<VirtualHost *:80>
      ServerName www.yourhost.com
      # !!! Be sure to point DocumentRoot to 'public'!
      DocumentRoot /somewhere/public    
      <Directory /somewhere/public>
         # This relaxes Apache security settings.
         AllowOverride all
         # MultiViews must be turned off.
         Options -MultiViews
      </Directory>
   </VirtualHost>

And that’s it! You may also want to check the Users Guide for security and optimization tips, troubleshooting and other useful information:

/usr/local/rvm/gems/ruby-1.9.3-p194/gems/passenger-3.0.13/doc/Users guide Apache.html

Add deploy user and add rvm group

useradd deploy -d /home/deploy -m deploy
passwd deploy
usermod -a -G rvm deploy

Windows Media Player Playlist

Aug 6th, 2012

<?wpl version="1.0"?>
  <smil>
    <head>
        <meta name="Generator" content="Microsoft Windows Media Player -- 12.0.7601.17514"/>
        <meta name="ItemCount" content="0"/>
        <title>MyStreams</title>
    </head>
    <body>
        <seq>
			<media src="http://wmbr.org/WMBR_live_128.m3u"/>
            <media src="http://jpr.streamguys.org:80/jpr-classics"/>
			<media src="http://amber.streamguys.com:4860/listen.pls"/>
			<media src="http://streams.wgbh.org:8000"/>
			<media src="http://npr.ic.llnwd.net/stream/npr_live24"/>
        </seq>
    </body>
  </smil>

Rails Deployment Using Capistrano

Jul 12th, 2012

Create your new rails project

rails new myapp
cd myapp

Get git initialized

git init

Edit your .gitignore file to include some more options

vi .gitignore

Add this:

# Added from https://github.com/github/gitignore/blob/master/Rails.gitignore
*.rbc
*.sassc
.sass-cache
capybara-*.html
.rspec
/.bundle
/vendor/bundle
/log/*
/tmp/*
/db/*.sqlite3
/public/system/*
/coverage/
/spec/tmp/*
**.orig
rerun.txt
pickle-email-*.html

Now add the files to git and commit

git add .
git commit -a -m 'initial commit'

Edit your Gemfile and uncomment capistrano then run:

bundle install

Now we’re gonna “capify” the application, run:

capify .

You should see this output:

[add] writing './Capfile'
[add] writing './config/deploy.rb'
[done] capified!

Capistrano logs into your production servers and checks out the latest version of your production branch, we need to get our app onto a scm server that the production server has access to. I’m going to use bitbucket.org as the example, but it could be anywhere.

git remote add origin https://bitbucket.org/my-user-name/myapp.git
git push origin master

Scientific Linux

Scientific Linux (SL) is a Linux distribution produced by Fermi National Accelerator Laboratory and the European Organization for Nuclear Research (CERN). It is a free and open source operating system based on Red Hat Enterprise Linux and aims to be “as close to the commercial enterprise distribution as we can get it.”

This product is derived from the free and open source software made available by Red Hat, Inc., but is not produced, maintained or supported by Red Hat. Specifically, this product is built from the source code for Red Hat Enterprise Linux versions, under the terms and conditions of Red Hat Enterprise Linux’s EULA and the GNU General Public License.

Perform a minimal install.

A feature of Red Hat Enterprise Server 6 (and therefore of all its clones, so this applies to Scientific Linux 6, too) is that it defaults to managing your network connections with NetworkManager, which isn’t actually installed as part of a minimal install. The net result (no pun intended) is that your network doesn’t work when you first boot into your new, slimline O/S.

The fix is to run the command system-config-network-tui, which allows you to specify a fixed IP address manually. In Centos 6, however, even this tool is not installed as part of a minimal install (I guess they took the word ‘minimal’ literally), so you’ll end up having to edit by hand the /etc/sysconfig/network-scripts/ifcfg-eth0 file.

It looks like this at first: DEVICE=”eth0” HWADDR=”00:0C:29:9B:0C:CD” NM_CONTROLLED=”yes” ONBOOT=”no”

You’ll need to end up with something looking like this:

IPADDR=172.16.25.10 BOOTPROTO=none NETMASK=255.255.255.0 GATEWAY=172.16.25.2 DNS1=172.16.25.2

Obviously, you replace those specific IP addresses with whatever suits your local environment. Once the file has the appropriate entries, a reboot will do to make the new settings take effect.

In Scientific Linux 6, the system-config-network-tui tool exists, so you could use that… or you can achieve all these edits with the nano text editor. The Centos 6 minimal install is less forgiving, however, and you’ll have to use vi (because nano is not installed as part of its minimal install option).

[[dhcpd]]

Perl

tmullaly@vm22:~> cpan

DHCPD

Jun 28th, 2012

[root@dhcpdns ~]# yum -y install dhcp
[root@dhcpdns ~]# vi /etc/dhcp/dhcpd.conf
# create new
# specify domain name
option domain-name "cs.umb.edu";
# specify DNS's hostname or IP address
option domain-name-servers 172.16.25.2;
# default lease time
default-lease-time 600;
# max lease time
max-lease-time 7200;
# this DHCP server to be declared valid
authoritative;
# specify network address and subnet mask
subnet 172.16.25.0 netmask 255.255.255.0 {
# specify the range of lease IP address
range dynamic-bootp 172.16.25.50 172.16.25.254;
# specify broadcast address
option broadcast-address 172.16.25.255;
# specify default gateway
option routers 172.16.25.2;
# filename "pxelinux.0";
# next-server <pxe host>;
}
[root@dlp ~]#
/etc/rc.d/init.d/dhcpd start
Starting dhcpd:
[  OK  ]
[root@dlp ~]# chkconfig dhcpd on

Installing Mysql

Installing MySQL

Use apt to install mysql # apt-get install mysql-server mysql-client

Install the MySQL gem
# gem install mysql2

Apt Reference

Jun 6th, 2012

Both Debian and Ubuntu Linux provides a number of package management tools. This article summaries package management command along with it usage and examples for you.

(1) apt-get : APT is acronym for Advanced Package Tool. It supports installing packages over internet (ftp or http). You can also upgrade all packages in single operations, which makes it even more attractive.

(2) dpkg : Debian packaging tool which can be use to install, query, uninstall packages.

(3) Gui tools: You can also try GUI based or high level interface to the Debian GNU/Linux package system. Following list summaries them: (1) aptitude: It is a text-based interface to the Debian GNU/Linux package system. (2) synaptic: GUI front end for APT

Red hat Linux package names generally end in .rpml similarly Debian package names end in .deb, for example: apache_1.3.31-6_i386.deb

apache : Package name 1.3.31-6 : Version number i386 : Hardware Platform on which this package will run (i386 == intel x86 based system) .deb : Extension that suggest it is a Debian package

Remember whenever I refer .deb file it signifies complete file name, and whenever I refer package name it must be first part of .deb file. For example when I refer to package sudo it means sudo only and not the .deb file i.e. sudo_1.6.7p5-2_i386.deb. However do not worry you can find out complete debian package list with the following command:

apt-cache search {package-name}

apt-get add a new package

Add a new package called samba Syntax: apt-get install {package-name}

apt-get install samba

apt-get remove the package called samba but keep the configuration files

Syntax: apt-get remove {package-name}

apt-get remove samba

apt-get remove (erase) package and configuration file

Syntax: apt-get –purge remove {package-name}

apt-get --purge remove samba

apt-get Update (upgrade) package

Syntax: apt-get upgrade

To upgrade individual package called sudo, enter:

apt-get install sudo

apt-get display available software updates

Following command will display the list of all available upgrades (updates) using -u option, if you decided to upgrade all of the shown packages just hit ‘y’

apt-get upgrade samba

However if you just wish to upgrade individual package then use apt-get command and it will take care of rest of your worries:

Syntax: apt-get install {package-name}

dpkg command to get package information such as description of package, version etc.

Syntax: dpkg –info {.deb-package-name}

dpkg --info sudo_1.6.7p5-2_i386.deb | less

List all installed packages

Syntax: dpkg -l

dpkg -l

To list individual package try such as apache

dpkg -l apache

You can also use this command to see (verify) if package sudo is install or not (note that if package is installed then it displays package name along with small description):

dpkg -l | grep -i 'sudo'

To list packages related to the apache:

dpkg -l '*apache*'

List files provided (or owned) by the installed package (for example what files are provided by the installed samba package)

Syntax: dpkg -L {package-name}

dpkg -L samba

(H) List files provided (or owned) by the package (for example what files are provided by the uninstalled sudo package)

Syntax: dpkg –contents {.deb-package-name}

dpkg --contents sudo_1.6.7p5-2_i386.deb

Find, what package owns the file /bin/netstat?

Syntax: dpkg -S {/path/to/file}

dpkg -S /bin/netstat

Search for package or package description

Some times you don’t know package name but aware of some keywords to search the package. Once you got package name you can install it using apt-get -i {package-name} command:

Syntax: apt-cache search “Text-to-search”

Find out all the Debian package which can be used for Intrusion Detection

# apt-cache search “Intrusion Detection” Find out all sniffer packages # apt-cache search sniffer Find out if Debian package is installed or not (status)

Syntax: dpkg -s {package-name} | grep Status

dpkg -s samba| grep Status

List ach dependency a package has…

Display a listing of each dependency a package has and all the possible other packages that can fulfill that dependency. You hardly use this command as apt-get does decent job fulfill all package dependencies. Syntax: apt-cache depends package

Display dependencies for lsof and mysql-server packages:

apt-cache depends lsof
apt-cache depends mysql-server

← Older Blog Archives Newer →

Thomas Mullaly

DevOps, Security and IT Leadership