JDPFu.com 2013

Sometimes the hardware inside our PCs is not immediately discovered by Linux so we need to

• figure out the hardware vendor and chips
• understand the device driver (or a close relative in the same family of drivers)
• locate/install the driver
• load it as a kernel module
• configure it through the kernel module
• maintain the driver going forward – this can be 100% automatic or manual, depending on the driver involved.

After all this, there are some unsupported devices out there, so getting them to work under Linux is too difficult for most users. Even for an expert, the hassle-factor might become too great for seldom used hardware.

Determining the actual hardware and the chips used is the first step to getting it working.

Last fall a patch from Microsoft broke RDP access to Windows7 Media Center here. It has been a small hassle to manage the schedule of shows to be recorded ever since, but I didn’t take the time to research a fix. Until today.

I don’t travel all that much, just 3-4 weeks out of the country every year, usually for pleasure, not work. Below are the Android apps that consistently work well for me.

• without a data plan
• disconnected
• using wifi-only access
  The few times that I’ve looked for a data plan overseas to add to a smartphone, the costs were simply 10x more than I was willing to pay. For 10 days in Turkey, would you pay US$100 for a data capable GSM-SIM? Further, after 7 day, my friend’s SIM stopped working. Seems the Turkish government wants to know about all the cell phone users in their country. Moving the SIM to a different device did make it work again.

If you have a data plan, then translation tools work easier, but we’ll assume no data or wifi connection when you are away from the hotel.

I just returned from central and south east Asia, so the apps that worked are fresh in my mind.

If you ever need to analyze a complete machine memory dump … er … for some reason, then learning a little about Volatility would be a good idea.

The purpose of Volatility is computer memory forensics.

Get the F/LOSS tool here

If you ever need to analyze the memory from a Microsoft computer OS, it is possible to use Volatility to read normally secured memory locations for all sorts of handy data like Domain credentials, TrueCrypt keys, analyze spyware and viruses that are not caught by the normal file-based scanning tools. Lots of good stuff in there.

We just need to cause a BSOD and dump first, which we all know is not difficult at all. With the dump file, turn Volatility loose.

From a security standpoint, this tells us to never leave a running PC with credentials, do not hibernate, suspend, and do not walk away.

I’m sure there is much more that Volatility can be used for, but Karl didn’t have time to teach everything. The video is here

Today the blog was spammed by an IP that DNS resolves back to a Microsoft Corporate subnet address. It was a Chinese language spam, if that means anything. I expect this to happen from Joe’s Pizza of San Jaquine, but not from Microsoft.

I added another rule to the firewall, which already has a few thousand similar rules.

/sbin/iptables -I INPUT -s  168.61.0.0/16  -j DROP

I hate having to block large subnets, but if they can’t keep their network free from botnets, I don’t want them visiting my little blog.

The actual offending IP is 168.61.72.70 so if someone from MS wants to respond with a little more data, I’d love to hear it. I have no idea what that machine is, since even running an nmap could get me into trouble.. It could be a honeypot run by MS. I don’t know.

Subnet blocked. Sorry Microsoft.

I’m I being too harsh? What would you do?

All computers have network problems from time to time. Usually everything works fine, but sometimes something goes wrong. The first step to determining what to fix is to determine where the issue lies. Below is outlined the first troubleshooting steps to determine where the problem lies.

This isn’t a big problem, until it is. If you use LVM, then the Linux installer will create a small ext2 /boot partition. Something similar probably happens with encrypted installations. Eventuall, that partition will become full.

After a few months, there will be at least 5 kernels and perhaps 20 or more. If the /boot partition runs out of storage, bad things happen. The least of which could prevent a newer kernel being installed, but if the space filled up during a kernel install, the system may not boot.

Because this happened to me a few weeks ago, I decided to add a kernel-cleanup script to my weekly patch management efforts. Because I’m lazy, like all good system administrators, a script was needed. See below.

I’m often told that I’m too paranoid when it comes to computer security because I block ads, flash, javascript, and refuse to surf on the internet with a Microsoft Windows PC.

Well, seems that attacks have been created that come from highly reputable websites – News website included. Every website you visit has potential to infect your system with nasty software. None of them are trustworthy.

Be careful out there folks. We all need to be a little more paranoid because they are out to get everyone, not just you and me.

Have you checked the system logs?

$ sudo egrep -i ‘error|warning’ /var/log/*log

will find issues in the logs.

Almost any issue will leave a trace in the system logs.
Start with that to see any issues.

Log files are usually protected for security reasons, hence the need to use sudo.

Of course, sometimes it isn’t a system problem, but an application issue, so the important log file(s) will be with the application or in /tmp/ somewhere. Not all applications provide logging by default, but many support increased logging levels through an application setting. Sometimes an option passed into the program will control verbosity.

$ program -v 

or

$ program -vvv 

enable and increases the amount of logging output by the program. For some programs using more v s means more verbosity.

For networking issues, check the logs on other devices, especially the router.

If the commands above are not understood, then you probably should ask for more individual help from someone knowledgeable who can be in the same room. Getting help like that is possible from your local LUG, Linux Users Group. Also check with your local university or college for a LUG.

Some days we just can’t win.

This little blog VM is out of disk space … er … sorta.
It is out of inodes. Fortunately, it is at 93% use for sector storage, but unfortunately, there are less than 3K inodes available.

apt-get update cannot complete. Out of disk error.

The VM has 1.5G of swap that never gets used. The RAM amount is set to prevent that need on purpose, so I decided to

• change the swap partition into a data partition,
• rsync over a few thousand files from /var/www,
• mount /var/www from the other partition (vda5) and
  … life would be good. Yes, everything under /var/old-www was removed after mounting.

It was all scripted to minimize downtime. AND there is a good backup from last night should anything terrible happen. Downtime was a little over 30 seconds. Good enough. Heck, www.amazon.com was down for at least 10 minutes today, so my 30 seconds should be fine.

After all that, now there are fewer inodes available on /!!!

$ df -i

Filesystem     Inodes  IUsed  IFree IUse% Mounted on

/dev/vda1      296000 293371   2629  100% /

/dev/vda5       97344   3751  93593    4% /var/www

Looks like it is time to build a larger VM file. The blog storage was already expanded last year – which is probably why the inodes are so tight. Copying the entire VM will take longer than a few minutes.

What a pain. I hate downtime, but I hate leaving a system sorta-patched must more.

Some days we just can’t win.