Maintaining sanity on the Cloud

Thursday, April 10, 2014

Follow vendor recommendations on Openssl Heartbleed vulnerability

In order to mitigate the security risk imposed by Openssl "heartbleed" vulnerability, follow the below vendor recommendations where applicable instead of downloading Openssl 1.0.1g from source and compiling it only to find that it breaks package management on the Amazon EC2 instances.

Nginx:-

http://nginx.com/blog/nginx-and-the-heartbleed-vulnerability/

Apache:-

https://blogs.apache.org/cloudstack/entry/how_to_mitigate_openssl_heartbleed

RHEL + CentOS instances:-

https://access.redhat.com/site/solutions/781793

Amazon Linux instances (NAT + ELB):-

https://aws.amazon.com/amazon-linux-ami/security-bulletins/ALAS-2014-320/

Ubuntu instances:-

http://www.ubuntu.com/usn/usn-2165-1/

Wednesday, April 9, 2014

On some RHEL or CentOS machines, when you do a "yum update" you might see the error - "Error: database disk image is malformed"

It is possible that due to some reason the yum repository got corrupted or cache was not cleaned in previous update cycle. In which case, you can get over the problem by running the below set of commands:-

$sudo yum clean all
$sudo yum clean metadata
$sudo yum clean dbcache
$sudo yum makecache

After you do the above, you could now try running "yum update" on the package you need

$sudo yum update -y openssl

Sunday, April 6, 2014

locking the terminal in Ubuntu while you are away from desk

Many times we walk away from the desk for various reasons and you want to lock the terminal just like we lock UI screens like "xlock" or "Ctrl-Alt-Del" combination. In ubuntu, there is a simple program that allows you to do the same to a terminal window. It is called "away". You can install it as below:

$sudo apt-get install away

Once you install, you can invoke the terminal lock using

$away -C "gone for coffee"

After you return, it you can press "Enter" and it will prompt you for password.

Saturday, April 5, 2014

How to Install Elementary OS on a non-pae system

If you would like to install Elementary OS on an older machine (non-pae - no physical address extension), then you would have to follow the below steps:

Install Ubuntu 12.04 LTS server from the ubuntu download server - ubuntu 12.04 LTS
From the above iso install choose "base system install" option
After installing the server and logging in, run $sudo apt-get update to make sure pkgs are updated.
$sudo add-apt-repository -y ppa:elementary-os/stable
$sudo add-apt-repository -y ppa:elementary-os/os-patches
$sudo apt-get update
$sudo apt-get install -y elementary-desktop
$sudo reboot

Ubuntu "add-apt-repository" command missing?

If you are running a minimal version of Ubuntu Server and you need to use "add-apt-repository" command in lieu of editing /etc/apt/sources.list.d or /etc/apt/sources.list file manually, you would have to install two packages:-

1. $sudo apt-get install software-properties-common
2. $sudo apt-get install python-software-properties

Tuesday, April 1, 2014

Simple script that backs up logs to a timestamp based folder

In the script that you could run as a cron job, you can create a folder name date and time and then back the logs to that folder. Subsequently, you could augment the script to tar and gzip the file and upload to an s3 bucket:-

$cat simplebackup.sh
_now=$(date +"%m_%d_%Y")
_dir="./backup_$_now"
mkdir $_dir
mv nohup_* $_dir
mv /opt/logs/* $_dir
rm -rf nohup_*
rm -rf /opt/logs/*

To see if the backup script executed you can look at "crontab -l" and then "/var/log/cron".