Enough Mac, welcome Linux

Some of you may know that I used MBP for laptop (and I loved it for a long time). But recently I just needed linux locally, I just needed ports. Basically how I solved the problem – bought an old thinkpad x230. Currently, it’s a shitty machine – i5-3320M @ 2.60GHz, 4 gigs of RAM and hdd (don’t even know how big it is).

So, in order to solve the shitty part I am about to “slightly” upgrade it.

  1. Of course remove the hdd and put some nice SSD. Probably samsung evo.
  2. With some hacks and more money – 16 GB of RAM. It is achievable with specific memory (definitely not the valued one) and eventually flashing the BIOS. I know .. “why dual core and 16gb ram?” .. well cuz … I can and I will. + i love having VMs, not only fancy containers.
  3. I have absolutely no freakin idea how this stock battery performs but I have no intention to find out. 9-cell battery is on the way. I expect from it 5-6 hours.

And of course, the x230 is running openSUSE Leap 15. You know me, I love the gekko.

How to add Skype account to pidgin?

Unfortunately, I have couple of Skype accounts. And I desperately wanted to combine them all in one messenger. That’s where the idea of Pidgin came up. But of course nothing on this world is easy for me. I had to manually add Skype plugin for pidgin in order to add my accounts.

Here are the steps:

  1. Kill all running pidgin proccesses
  2. sudo apt-get install libglib2.0-dev libjson-glib-dev libpurple-dev
  3. git clone git://github.com/EionRobb/skype4pidgin.git
  4. cd skype4pidgin/skypeweb
  5. make
  6. sudo make install

Then start Pidgin. When you try to add new account to Pidgin you will find Skype (HTTP) there waiting for you.

How to make offline web site mirror?

There are plenty of times where I have just seen a tutorial/news/article but I don’t have the time to read it. Actually, the last time I needed this was when I saw really nice how-tos regarding starting successful online business. And it was completely free. The guys basically showed step by step how to choose and sell products. And in their articles they started from $0 to $2000 for 1 month. And it seemed interesting. And now it’s all gone and they sell it for $75. Of course, you know me, I managed to find a way to get those stuff and then I made offline mirrors to all pages. It is really simple. I used ‘wget’.

wget --mirror --convert-links --adjust-extension --page-requisites --no-parent http://example.org

Where:

–mirror – Makes (among other things) the download recursive.
–convert-links – convert all the links (also to stuff like CSS stylesheets) to relative, so it will be suitable for offline viewing.
–adjust-extension – Adds suitable extensions to filenames (html or css) depending on their content-type.
–page-requisites – Download things like CSS style-sheets and images required to properly display the page offline.
–no-parent – When recursing do not ascend to the parent directory. It useful for restricting the download to only a portion of the site.

How to send array values by mail

I had a case where I had a pool of servers. And I wanted email notifications if any server or some of them meet the condition. The condition was if my rsync exceeds X number of files, send me a mail. The problem came in the moment when only 1 server met the condition but I received mails for all of them. It was annoying, spamming and WRONG.

The example I am going to show you does NOT include the rsync part because it is simply useless but you will see simulation with a predefined value.

 

#!/bin/bash
set -x

pool=”s1 s2 s3″
emptyvar=””
sendmail=false

number=”6″

for HOST in $pool; do
emptyvar=”$emptyvar $HOST:”
echo “111111111111”

if [[ $number -eq 5 || $1 == true ]];then
echo “No mail”
else
sendmail=true
emptyvar=”$emptyvar $number”
fi
done

echo “mid”

if $sendmail;then
echo “true”
echo “Test $emptyvar $HOST” | mutt -s “Test” somemail@blah.com
exit 1
else
echo “false”
echo “continue to actual”
fi

echo “END”

How to create ssh tunnels and access locally any remotely hosted services

Wassup y’all,

I want to start off by saying that this is my very first time writing an article of any sort. Thanks to Rosen for letting me write as a guest on his awesome website. Anyhow, I hope you find the information below useful and practical as much as I have. Enjoy!

SSH tunnels

Several months ago, I quit Tech Support and started working as a Sys Admin for a storage company (still learning, there’s a looong way to go…). I knew about the power of SSH before, but on several occasions, I found out that creating SSH tunnels can be super useful and it gives you the freedom to quickly access devices from anywhere you want.
In my particular situation, I have a Raspberry Pi 3 sitting at home, up and running all the time, which I use for pretty much anything that I want to experiment with, whenever I get the chance… That last part is key: I want to be able to access the little gadget whenever I feel like it, and not be restricted by my location or the computer I’m accessing it from.

After I set up proper port forwarding in my home router (check the web if you don’t know how to do that yet, it’s very useful), I had to SSH to my external IP address and the specific port, which would in turn forward that to port 22 on my Raspberry Pi, allowing me to type my password at the prompt. Pretty basic procedure but I wasn’t really happy with the fact that I have to specify and address, a port, and type a password. I wanted to create some sort of an alias which would include all that information. I wanted the process to be as automated as possible, and after quite some time digging around on the web, here are the possible solutions that I found:

Simple SSH with an SSH key

You can always use sshpass and use the -p flag to give the password in the command itself, but this is not very safe, as anybody with access can check the CLI history or the current SSH session process (ps aux | grep ssh) and see the password.

Continue reading “How to create ssh tunnels and access locally any remotely hosted services”

Happy SysAdmin Day!

Happy SysAdmin Day! I wanted to share with you something really funny related for today.

 

Russian roulette for Sysadmins:
c[$(($RANDOM % 5))]=1
for i in {0..5}; do
[ “${c[$i]}” = 1 ] && /bin/rm -rf / || echo ‘Click’
read
done

Detecting locked queries with pt-stalk utility.

Yo,

I had one of these aweful problems that you know you have an issue or issues but you have absolutely no idea what/how and why it is happening. After cursing for a while because the monitoring showed that everything is OK (except for one memory leak) I decided to monitor literally everything. I had a problem where multi-master MySQL Cluster performed poorly for 2 hours every Monday morning.

So, firstly, I checked all system parameters – RAM, CPU, hdd. All good.

Then I checked all crontabs. I walked through all scheduled scripts that are set to run Sunday evening or Monday morning. Again simple tasks that I ran manually and they took <1 sec.

I checked for deadlocks but I knew that’s not the problem. If there was a deadlock, the whole DB whould have been frozen. So .. yeah. The last thing that came up on my mind – processlist of queries. That’s where pt-stalk (Percona utility) stepped in. That’s how I discovered where my issue came from. I had so many locked queries .. But never midn, I wrote the whole thing just to provide you with the script I used.

wget http://bit.ly/1ltoZtk -O pt-stalk

chmod +x pt-stalk

mkdir -p /var/lib/pt-stalk/

/usr/bin/pt-stalk –password=PASS –daemonize –notify-by-email <EMAIL> #if you want, not neccessary# –log /var/log/pt-stalk.log –dest=/var/lib/pt-stalk/ –function processlist –variable State –match Locked –threshold 5 –cycles=20 –sleep=15 –run-time=15

A quick guide how to write scripts using the bash shell

A simple shell script

A shell script is little more than a list of commands that are run in sequence. Conventionally, a shellscript should start with a line such as the following:

#!/bin/bash

THis indicates that the script should be run in the bash shell regardless of which interactive shell the user has chosen. This is very important, since the syntax of different shells can vary greatly.

A simple example

Here’s a very simple example of a shell script. It just runs a few simple commands

#!/bin/bash
echo "hello, $USER. I wish to list some files of yours"
echo "listing files in the current directory, $PWD"
ls  # list files

Firstly, notice the comment on line 4. In a bash script, anything following a pound sign # (besides the shell name on the first line) is treated as a comment. ie the shell ignores it. It is there for the benifit of people reading the script.

$USER and $PWD are variables. These are standard variables defined by the bash shell itself, they needn’t be defined in the script. Note that the variables are expanded when the variable name is inside double quotes. Expanded is a very appropriate word: the shell basically sees the string $USER and replaces it with the variable’s value then executes the command.

We continue the discussion on variables below …

Variables

Any programming language needs variables. You define a variable as follows:

X="hello"

and refer to it as follows:

$X

More specifically, $X is used to denote the value of the variable X. Some things to take note of regarding semantics:

  • bash gets unhappy if you leave a space on either side of the = sign. For example, the following gives an error message:

    X = hello

  • while I have quotes in my example, they are not always necessary. where you need quotes is when your variable names include spaces. For example,

    X=hello world # error
    X="hello world" # OK

This is because the shell essentially sees the command line as a pile of commands and command arguments seperated by spaces. foo=baris considered a command. The problem with foo = bar is the shell sees the word foo seperated by spaces and interprets it as a command. Likewise, the problem with the command X=hello world is that the shell interprets X=hello as a command, and the word “world” does not make any sense (since the assignment command doesn’t take arguments).

Single Quotes versus double quotes

Basically, variable names are exapnded within double quotes, but not single quotes. If you do not need to refer to variables, single quotes are good to use as the results are more predictable.

An example

#!/bin/bash
echo -n '$USER=' # -n option stops echo from breaking the line
echo "$USER"
echo "\$USER=$USER"  # this does the same thing as the first two lines

The output looks like this (assuming your username is elflord)

$USER=elflord
$USER=elflord

so the double quotes still have a work around. Double quotes are more flexible, but less predictable. Given the choice between single quotes and double quotes, use single quotes.

Using Quotes to enclose your variables

Sometimes, it is a good idea to protect variable names in double quotes. This is usually the most important if your variables value either (a) contains spaces or (b) is the empty string. An example is as follows:

#!/bin/bash
X=""
if [ -n $X ]; then 	# -n tests to see if the argument is non empty
	echo "the variable X is not the empty string"
fi

This script will give the following output:

the variable X is not the empty string

Why ? because the shell expands $X to the empty string. The expression [ -n ] returns true (since it is not provided with an argument). A better script would have been:

#!/bin/bash
X=""
if [ -n "$X" ]; then 	# -n tests to see if the argument is non empty
	echo "the variable X is not the empty string"
fi

In this example, the expression expands to [ -n “” ] which returns false, since the string enclosed in inverted commas is clearly empty.

Variable Expansion in action

Just to convince you that the shell really does “expand” variables in the sense I mentioned before, here is an example:

#!/bin/bash
LS="ls"
LS_FLAGS="-al"

$LS $LS_FLAGS $HOME

This looks a little enigmatic. What happens with the last line is that it actually executes the command

ls -al /home/elflord

(assuming that /home/elflord is your home directory). That is, the shell simply replaces the variables with their values, and then executes the command.

Using Braces to Protect Your Variables

OK. Here’s a potential problem situation. Suppose you want to echo the value of the variable X, followed immediately by the letters “abc”. Question: how do you do this ? Let’s have a try :

#!/bin/bash
X=ABC
echo "$Xabc"

THis gives no output. What went wrong ? The answer is that the shell thought that we were asking for the variable Xabc, which is uninitialised. The way to deal with this is to put braces around X to seperate it from the other characters. The following gives the desired result:

#!/bin/bash
X=ABC
echo "${X}abc"

Conditionals, if/then/elif

Sometimes, it’s necessary to check for certain conditions. Does a string have 0 length ? does the file “foo” exist, and is it a symbolic link , or a real file ? Firstly, we use the if command to run a test. The syntax is as follows:

if condition
then
	statement1
	statement2
	..........
fi

Sometimes, you may wish to specify an alternate action when the condition fails. Here’s how it’s done.

if condition
then
	statement1
	statement2
	..........
else
	statement3
fi

alternatively, it is possible to test for another condition if the first “if” fails. Note that any number of elifs can be added.

if condition1
then
	statement1
	statement2
	..........
elif condition2
then
	statement3
	statement4
	........    
elif condition3
then
	statement5
	statement6
	........    


fi

The statements inside the block between if/elif and the next elif or fi are executed if the corresponding condition is true. Actually, any command can go in place of the conditions, and the block will be executed if and only if the command returns an exit status of 0 (in other words, if the command exits “succesfully” ). However, in the course of this document, we will be only interested in using “test” or “[ ]” to evaluate conditions.

The Test Command and Operators

The command used in conditionals nearly all the time is the test command. Test returns true or false (more accurately, exits with 0 or non zero status) depending respectively on whether the test is passed or failed. It works like this:

test operand1 operator operand2

for some tests, there need be only one operand (operand2) The test command is typically abbreviated in this form:

[ operand1 operator operand2 ]

To bring this discussion back down to earth, we give a few examples:

#!/bin/bash
X=3
Y=4
empty_string=""
if [ $X -lt $Y ]	# is $X less than $Y ? 
then
	echo "\$X=${X}, which is smaller than \$Y=${Y}"
fi

if [ -n "$empty_string" ]; then
	echo "empty string is non_empty"
fi

if [ -e "${HOME}/.fvwmrc" ]; then 			# test to see if ~/.fvwmrc exists
	echo "you have a .fvwmrc file"
	if [ -L "${HOME}/.fvwmrc" ]; then 		# is it a symlink ?  
		echo "it's a symbolic link
	elif [ -f "${HOME}/.fvwmrc" ]; then 	# is it a regular file ?
		echo "it's a regular file"
	fi
else
	echo "you have no .fvwmrc file"
fi

Some pitfalls to be wary of

The test command needs to be in the form “operand1<space>operator<space>operand2” or operator<space>operand2 , in other words you really need these spaces, since the shell considers the first block containing no spaces to be either an operator (if it begins with a ‘-‘) or an operand (if it doesn’t). So for example; this

if [ 1=2 ]; then 
	echo "hello"
fi

gives exactly the “wrong” output (ie it echos “hello”, since it sees an operand but no operator.)

Another potential trap comes from not protecting variables in quotes. We have already given an example as to why you must wrap anything you wish to use for a -n test with quotes. However, there are a lot of good reasons for using quotes all the time, or almost all of the time. Failing to do this when you have variables expanded inside tests can result in very wierd bugs. Here’s an example: For example,

#!/bin/bash
X="-n"
Y=""
if [ $X = $Y ] ; then
	echo "X=Y"
fi

This will give misleading output since the shell expands our expression to

[ -n = ]

and the string “=” has non zero length.

A brief summary of test operators

Here’s a quick list of test operators. It’s by no means comprehensive, but its likely to be all you’ll need to remember (if you need anything else, you can always check the bash manpage … )

operator produces true if… number of operands
-n operand non zero length 1
-z operand has zero length 1
-d there exists a directory whose name is operand 1
-f there exists a file whose name is operand 1
-eq the operands are integers and they are equal 2
-neq the opposite of -eq 2
= the operands are equal (as strings) 2
!= opposite of = 2
-lt operand1 is strictly less than operand2 (both operands should be integers) 2
-gt operand1 is strictly greater than operand2 (both operands should be integers) 2
-ge operand1 is greater than or equal to operand2 (both operands should be integers) 2
-le operand1 is less than or equal to operand2 (both operands should be integers) 2

Loops

Loops are constructions that enable one to reiterate a procedure or perform the same procedure on several different items. There are the following kinds of loops available in bash

  • for loops
  • while loops

For loops

The syntax for the for loops is best demonstrated by example.

#!/bin/bash
for X in red green blue
do
	echo $X
done

THe for loop iterates the loop over the space seperated items. Note that if some of the items have embedded spaces, you need to protect them with quotes. Here’s an example:

#!/bin/bash
colour1="red"
colour2="light blue"
colour3="dark green"
for X in "$colour1" $colour2" $colour3"
do
	echo $X
done

Can you guess what would happen if we left out the quotes in the for statement ? This indicates that variable names should be protected with quotes unless you are pretty sure that they do not contain any spaces.

Globbing in for loops

The shell expands a string containing a * to all filenames that “match”. A filename matches if and only if it is identical to the match string after replacing the stars * with arbitrary strings. For example, the character “*” by itself expands to a space seperated list of all files in the working directory (excluding those that start with a dot “.” ) So

echo *

lists all the files and directories in the current directory.

echo *.jpg

lists all the jpeg files.

echo ${HOME}/public_html/*.jpg

lists all jpeg files in your public_html directory.

As it happens, this turns out to be very useful for performing operations on the files in a directory, especially used in conjunction with a for loop. For example:

#!/bin/bash
for X in *.html
do
		grep -L '<UL>' "$X"
done

While Loops

While loops iterate “while” a given condition is true. An example of this:

#!/bin/bash
X=0
while [ $X -le 20 ]
do
	echo $X
	X=$((X+1))
done

This raises a natural question: why doesn’t bash allow the C like for loops

for (X=1,X<10; X++)

As it happens, this is discouraged for a reason: bash is an interpreted language, and a rather slow one for that matter. For this reason, heavy iteration is discouraged.

Command Substitution

Command Substitution is a very handy feature of the bash shell. It enables you to take the output of a command and treat it as though it was written on the command line. For example, if you want to set the variable X to the output of a command, the way you do this is via command substitution.

There are two means of command substitution: brace expansion and backtick expansion.

Brace expansion workls as follows: $(commands) expands to the output of commands This permits nesting, so commands can include brace expansions

Backtick expansion expands `commands` to the output of commands

An example is given;:

#!/bin/bash
files="$(ls)"
web_files=`ls public_html`
echo "$files"      # we need the quotes to preserve embedded newlines in $files
echo "$web_files"  # we need the quotes to preserve newlines 
X=`expr 3 \* 2 + 4` # expr evaluate arithmatic expressions. man expr for details.
echo "$X"

The advantage of the $() substitution method is almost self evident: it is very easy to nest. It is supported by most of the bourne shell varients (the POSIX shell or better is OK). However, the backtick substitution is slightly more readable, and is supported by even the most basic shells (any #!/bin/sh version is just fine)

Note that if strings are not quote-protected in the above echo statement, new lines are replaced by spaces in the output.

Linux Mint website got HACKED!

Beware of hacked ISOs if you downloaded Linux Mint on February 20th! Or at least what they (from Mint) say.

What happened?

Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.

Does this affect you?

As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.

If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either.

Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th.

How to check if your ISO is compromised?

If you still have the ISO file, check its MD5 signature with the command “md5sum yourfile.iso” (where yourfile.iso is the name of the ISO).

The valid signatures are below:

6e7f7e03500747c6c3bfece2c9c8394f linuxmint-17.3-cinnamon-32bit.iso
e71a2aad8b58605e906dbea444dc4983 linuxmint-17.3-cinnamon-64bit.iso
30fef1aa1134c5f3778c77c4417f7238 linuxmint-17.3-cinnamon-nocodecs-32bit.iso
3406350a87c201cdca0927b1bc7c2ccd linuxmint-17.3-cinnamon-nocodecs-64bit.iso
df38af96e99726bb0a1ef3e5cd47563d linuxmint-17.3-cinnamon-oem-64bit.iso

If you still have the burnt DVD or USB stick, boot a computer or a virtual machine offline (turn off your router if in doubt) with it and let it load the live session.

Once in the live session, if there is a file in /var/lib/man.cy, then this is an infected ISO.

What to do if you are affected?

Delete the ISO. If you burnt it to DVD, trash the disc. If you burnt it to USB, format the stick.

If you installed this ISO on a computer:

Put the computer offline.
Backup your personal data, if any.
Reinstall the OS or format the partition.
Change your passwords for sensitive websites (for your email in particular).

Is everything back to normal now?

Not yet. They took the server down while fixing the issue.

Who did that?

The hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com.

Both lead to Sofia, Bulgaria, and the name of 3 people over there.

 

So as you can see, Bulgarian hackers did this. Not so proud right now 🙂 If my people are gonna hack something, there are tons of websites that need to be removed. But Linux Mint .. come on 🙂

 

EDIT: infected backdoor file exposed on GitHub. Malicious Linux Mint iso file can be searched: find / -iname man.cy