• A Linux SysAdmins Guide to Mischief

    This book is designed to give Sysadmins some entertainment in the form of winding users up (in a non-destructive manner). The book contains tricks ranging from puerile to annoying, all designed for those administering Linux workstations to play on those using Linux workstations!

    All are achievable remotely, allowing the Sysadmin to sit back and listen for the sounds of frustration safely out of range of flying staplers. Intended as an exercise in humour, it should provide Sysadmins with some entertainment. Don't expect it to beat a Friday afternoon read of Bootnotes and Odd's n Sod's though!

    It's a pretty short book, hence the low price.

    Also available on .

  • An easier method of recovering deleted files on Linux

    A little while ago I posted some Documentation on how to Recover Deleted Inodes on an Ext2 filesystem. After a self-inflicted disaster last night, I found an eaier way to recover deleted files. It also has the benefit of being largely filesystem agnostic, there have been reports that it doesn't work with ReiserFS but otherwise it can recover deleted files from almost any filesystem on any medium.

    WARNING: The Steps Given in this Article are potentially Dangerous, Proceed at your own risk and read the Article in full before starting

  • Archiving a large backup across multiple discs on Linux

     

    Hopefully, we all back up our data, but what should we do once our data won't fit on our chosen media?

     

    We have two options (as we obviously don't want to delete our data!)

    • Use a different backup medium
    • Split the backup across multiple volumes

    Sometimes the former just isn't appropriate, as much because of the cost of harddrives vs Optical Media (i.e. CD's/DVD's).

    This short tutorial will explain how to create a single backup archive, and then split it across multiple CD's/DVD's.

     

  • Building a Tor Hidden Service From Scratch - Part 1 - Design and Setup

    Despite some fairly negative media attention, not every Tor Hidden Service is (or needs to be) a hotbed of immorality. Some exist in order to allow those in restrictive countries to access things we might take for granted (like Christian materials).

    Whilst I can't condone immoral activities, Tor is a tool, and any tool can be used or misused

    This is part one in a detailed walk through of the considerations and design steps that may need to be made when setting up a new Tor Hidden Service.

    The steps provided are intended to take security/privacy seriously, but won't defend against a wealthy state-backed attacker.

    How much of it you'll need to implement will obviously depend on your own circumstances, and in some cases there may be additional steps you need to take

  • CentOS: Using NGinx to serve static files and Apache for dynamic

    Apache is a great web-server, but it has a pretty heavy memory footprint. It can get quite restrictive quite quickly, especially if you're on a system will limited resources (given how many people now run on a VPS, and the poor disk IO of these systems it's all the more important - swapping is slow).

    The way around it, is to configure your system to use NGinx as a reverse-proxy. Depending how many virtualhosts you have, you can make the changes almost completely transparently within about 10 minutes.

  • Checking for Outdated Joomla Extensions on your server

    When you're managing Joomla sites it's reasonably easy to keep track of updates, especially if you use something like Watchful to help you. When you're running a server and only managing some (or none) of those sites, it becomes a little more difficult (especially on a busy shared hosting server).

    It's quite easy to shrug and say 'Not my site, not my problem', but the simple fact is that it is. The second someone manages to compromise one of the sites you host, they're going to try and find a way to run arbitrary code, once they've done that they'll try to run an auto-rooter. If they succeed, it's game over for everyone you host!

    The extension that always comes to mind, is the Joomla Content Editor (JCE) as they had a nasty vulnerability involving spoofed GIFs some time back. You'd hope that everyone would have updated by now, but there still seem to be a lot of sites running versions older than 2.1.1!

    In this post, we'll be creating a script designed to automatically check every one of the sites you host for a version of JCE older than the latest. Adjusting it to check other extensions is easy, so long as that extension has an update stream.

  • Configuring NGinx to act as a Reverse Proxy for PHPMyAdmin

    In a previous post, I detailed how to Use NGinx to serve static files and Apache for dynamic as well as the minor tweaks you need to make to have it work nicely with Joomla.

    One thing I didn't cover, though, is setting up PHPMyAdmin. This documentation isn't going to go into the detail of installing and configuring PHPMyAdmin as there's plenty of that available elsewhere on the web. What we will discuss, though, is the NGinx configuration changes you need to make to have the connection reverse proxied to Apache.

    These steps only really apply if you've gone for a system-wide installation of PMA. If you've unpacked into a web-accessible directory then you probably don't need to make any changes!

  • Configuring Postfix to automatically forward mail for one address to another

    There seem to be a number of people searching for how to do this, and from what I can see there's very little quick and easy documentation on the net. You've got a server, hosting a website (for example) for example.com.

    You want the server to accept mail for example.com but to automatically pass the mail onto a different address.

    Assuming you're running Postfix, it's as simple as the steps below

  • Configuring Postfix to block outgoing mail to all but one domain

    This is so simple to do, but I have to look it up every time I need it (not something that comes up regularly!);

    When configuring a development server, you may find you have a need to ensure that emails will not be sent to any domain except those you explicitly permit (for example if you're using real-world data to do some testing, do you want to send all those users irrelevant emails?).

    This documentation details how to configure Postfix on a Linux server to disregard any mail sent to domains that are not explicitly permitted.

  • Copying a Linux Kernel From One System to Another

    There may be occasions where, for testing purposes, you want to copy a kernel from one machine to another.

    There are some fairly self-explanatory caveats:

    • The donor and target system must be running on the same architecture
    • The target machine shouldn't have any (important) hardware that's unsupported by your donor kernel

    Obviously, you'll ideally want to make sure that the hardware is as close to identical as possible (otherwise your testing may be invalid) so the above should be considered a minimum

  • Creating a virtual Network Interface in CentOS 6

    Sometimes you need to assign more than one IP to a server, even if it only has one NIC. To do so, you create a virtual interface, attached to the physical NIC.

    This documentation details how to do this in CentOS 6

  • Creating a Virtual Network Interface in Debian

    There are times when you might want to assign more than one IP to a system, even if it only has a single physical NIC. This documentation details how to create a virtual network interface (known as aliasing) under Debian (see here for how to alias in Centos 6).

  • Creating an IPv6 Tunnel on Linux

    RIPE, the European internet registry has started heavily rationing IPv4 addresses, meaning that the day of IPv6 only connections is fast approaching. BT don't yet support IPv6 on their connections, but I need to be able to use IPv6 to help ensure that servers are correctly set up to handle IPv6 only traffic.

    So, I need to create an IPv6 over IPv4 tunnel.

    This documentation details the steps to do this using Helium Electric's (free) tunnelbroker service

  • Darkleech Apache attacks on the rise, but is it really that hard to detect?

    Reports of CDorked.A infections are still on the rise by the looks of things. The attack is reported as 'hard-to-detect', but this should only be true for the more naive sysadmins out there.

    Whilst it's true that CDorked changes nothing on disk, except the HTTPD binary, this change alone should be triggering alerts. On a production server, you should be storing checksums of known good files and comparing these regularly to see if anything's changed.

    As some obviously aren't following this basic step, in this post we'll look at what you need to do to at least be made aware if CDorked gets onto your system - it'd be nice to be able to do a post on avoiding it, but the attack vector is still unknown!

  • Enabling SRS on a CPanel Server

    The default MTA on a CPanel server (Exim) has supported both the Sender Policy Framework (SPF) and the Sender Rewriting Scheme (SRS) for quite some time. Unfortunately, whilst CPanel provides configuration options allowing you to enable and configure SPF, the same cannot be said for SRS.

    This can cause a major headache if you have set-up mail forwarders on your system. This documentation details how to go about configuring SRS.

  • Finding the cause of high CPU utilisation on Linux

    We've all had it happen from time to time, suddenly sites on a server we manage appear to have slowed to a crawl. Having logged in you take a look at the running processes to find the cause. 9 times out of 10 it's something like a backup routine overrunning, so you kill the task and everything's OK again.

    What do we do, though, if that's not the cause. It can sometimes be difficult to narrow down exactly what's causing it if the process list shows everything's currently OK. The slowdown may only kick in for a few seconds, but the perfectionist in us still needs to know what the cause is so we can mitigate it (if it's a particular page on a particular site, what happens if it suddenly gets a lot of hits?)

    This documentation details ways to monitor usage without needing to spend all day looking at top. The main aim being to try and identify which process is responsible to then dig a little further.

     

  • Howto Encrypt Your Removeable Media on Linux

    Data security is an area that people are becoming increasingly aware of. Between companies losing customer details, and the growing risk of identity theft, its becoming increasingly important that removeable media be encrypted.

  • Howto Install the Realtek 8171 Wireless Driver in Linux

    I was asked to install Linux on a brand new laptop today (yet another who doesn't like Win 7!), it was an Advent M100 which contains the Realtek SemiConductor 8171 Wireless Adaptor.

    The card is detected by the kernel (on Kubuntu) but no drivers are available, so neither ifconfig or NetworkManager find the device.

     

  • Howto root the Samsung Galaxy S2 from Linux

    One of the first things I do when I receive an Android phone is to root it, primarily so that I can use OpenVPN but it does carry some other benefits (including getting rid of the rubbish the carrier installs on your behalf!). This documentation has been sitting in my to-do pile for a little while, but for any looking to root a Samsung Galaxy S2 from a Linux machine, I hope it's of help (I know my article on rooting the Sony Xperia has been well visited!). 

  • Howto root the Sony Erricson Xperia X8 (Android 2.1) from Linux

    I recently bought a new X8, and unlocked it from Three. Unfortunately, when branding the phone they decided to install all manner of crud that the user won't necessarily need. Apps such as Spotify load whether you want them to or not, and there's nothing you can do about it!

    Well, nearly, you can root the phone and then uninstall the problem apps.

    There's plenty of guides out there on how to root the X8 from Windows, but information regarding Linux and Mac systems is much harder to find! Let's begin;