Tag Archives: linux

Quick install graylog on Ubuntu

Yes, yes, I know. There is the official document to guide you, e.g. http://docs.graylog.org/en/2.0/pages/installation/operating_system_packages.html

BUT, RTFM ! You need to install Java, MongoDB, elasticsearch config, and ensure they run well BEFORE you can run Graylog. That would need skills and time to do it right.

For those Ubuntu people, there is another way. Graylog officially (and constantly) releases a single deb package to update the OVA version. This package includes everything you need to run Graylog, so you can use it to deploy Graylog.

You can simply download the package at https://packages.graylog2.org/omnibus, dpkg -i to install, graylog-ctl to configure and run.

DONE.

 

Remount tmpfs

This is simple, and you can do it without rebooting the machine.

For example, let’s say you have /tmp using tmpfs, and you want to set size to 4 GB:

# mount -o remount,size=4G,noatime /tmp

That’s it.

IBM AMM USB keyboard issue

Many admin faced an issue when using a USB keyboard on IBM Advanced Management Module (AMM) with Linux.

It seems that some Linux distros do not recognize USB device on IBM AMM and then power off the USB port, disconnect a device plugged in.

The solution is quite straightforward: always supply the power to the port.

With udev, you can add the following rules

/lib/udev/rules.d/95-ibm-amm-power-workaround.rules

ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="04b3", ATTR{idProduct}=="4002", TEST=="power/control", ATTR{power/control}="on"

Sort file alphabetically in Samba

It looks like samba sending a list of file names in random order. Of course, you could make it sort alphabetically and make your life easier.

For Debian/Ubuntu

# apt-get install samba-vfs-modules

then edit /etc/samba/smb.conf

[global]
vfs objects = dirsort

Restart your samba, and tada !

Getting “A” from Qualy’s SSL

Qualys SSL Labs provides a SSL Server Test for awhile. You can rate your web site at https://www.ssllabs.com/ssltest

To get rating “A”, there are few straightforward tricks:

  1. Disable all versions of SSL protocol. Enable only TLS. e.g.,
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2
  2. Choose only strong ciphers, e.g., you’ll sacrifice some very old clients.
    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
  3. Use HSTS, e.g.,
    add_header Strict-Transport-Security max-age=31536000;

Optionally,

ssl_dhparam /etc/ssl/private/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;

Create an aligned partition

An aligned partition gives you the best read/write performance, but you will have to sacrifice some space to align your partition.

To create,

# parted -a optimal /dev/sda mkpart primary 0% 100%

And you can check if it is aligned,

# parted /dev/sda align-check optimal 1

NGINX HTTP Basic Authentication with LDAP

First,  install libpam-ldap

# apt-get install libpam-ldap

Config ldap:// properly. This will add ldap backend to PAM.

Now, create a file /etc/pam.d/nginx

@include common-auth
@include common-account

This will add nginx service in PAM.

Then, config your nginx to enable HTTP basic authentication using auth_pam and PAM service name “nginx”

location /someplace {
  auth_pam "Restricted Area";
  auth_pam_service_name nginx;
}

Restart nginx. Done.

Linux kernel 4.0

รีลีสไปแล้ว

และเรื่องใหญ่สุดของ 4.0 คือ infrastructure สำหรับอัพเกรดเคอร์เนลโดยไม่ต้อง reboot อีกต่อไป :)

ที่จริงไม่ใช่ของใหม่เสียทีเดียวมันคือฟีเจอร์เดียวกันกับ Ksplice (Oracle), Kpatch (RedHat) นั่นเอง

The next version of Linux Kernel

เมื่อกลางเดือนกุมภา Linus Torvalds บอกว่า เลข minor version ของ Linux Kernel นี่มันชักจะสูงเกินไปแล้ว (เหมือนตอน 2.6.3x) เลยทำโพล (ผ่าน G+) ว่า Linux Kernel version ถัดไปจะเป็น 3.20 หรือเปลี่ยน major เป็น 4.0 ไปเลย

มีคนกดเลือกไปสามหมื่นกว่าคน (/me ด้วย) สรุปผลโพลได้ว่า

44% เลือก 3.20
56% เลือก 4.0

ดังนั้น รุ่นถัดจาก 3.19 ก็เลยจะเป็น Linux Kernel 4.0 จ้ะ

และเมื่อปลายเดือนกุมภา Linus ก็ปล่อย 4.0-rc1 ก็ออกมาแล้ว