How To Patch The Debian 6 Squeeze Shellshock Bug

Debian I run a few webservers at work that are internal facing only (intranet) that run Debian 6 Squeeze.  I’ve been monitoring the Shellshock exploit since it was discovered a few weeks ago and have been looking for a way to get those few systems patched…despite them existing only internally.  Patches for Squeeze-lts (long term release) were released quickly and then just a last week, another patch was put into play as well.  I decided to go ahead and patch these internal systems and since I couldn’t find much out there for blog posts on how to do it…I decided to share how I did it.

Difference Between Squeeze and Squeeze-lts

The difference between Squeeze general and Squeeze-lts is that the LTS (long term support) repositories will continue to receive backported patches from the current release tree (which is version 7 for Debian).  I didn’t originally install/setup these two internal servers so the first thing I have to do is get the version of Debian these servers are running and then check to see if they are using the LTS repositories.

Finding Your Version of Debian

lsb_release -a

This command returns a vanilla squeeze install for me.

Changing Repositories to LTS

Now to see which repositories are enabled.

nano /etc/apt/sources.list

You should open your sources list with your favorite text editor.  If you just have vanilla sources like the two servers I have you can just comment out the sources listed there and paste the following:


deb http://http.debian.net/debian/ squeeze main contrib non-free
deb-src http://http.debian.net/debian/ squeeze main contrib non-free

deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

deb http://http.debian.net/debian squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian squeeze-lts main contrib non-free

Now that your sources have changed, update and patch your system:

 apt-get update && apt-get upgrade && apt-get dist-upgrade

Checking To See if You still Vulnerable

You can use bash itself to see if you’re vulnerable to the bug.  Execute the following command:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

This should return the following if you are patched:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello

If you’re not patched…the word ‘vulnerable’ will appear in your results.

Further Reading on Shellshock

You can read further about how to switch to LTS repositories here:  https://wiki.debian.org/LTS/Using

For more reading on the Shellshock bug, how it is being exploited and the history/timeline, see here:  http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

Netrunner – The Best Distro You’ve Barely Heard Of

Netrunner

In my quest to find a professional and polished distribution of Linux that used KDE as the default desktop…I tried out quite a few flavors:  Kubuntu, Salix, Manjaro, PCLinuxOS and even OpenSuse.  All done in the past few weeks.

Each time I installed these distributions on this Dell Latitude D630 I pretended I had no idea how Linux was supposed to work.  I’d step through like a less than technical person would do.  How do I connect to wireless?  Is it easy?  Can I stream Youtube videos?  Will my mp3 collection play?  How do I manage that mp3 collection?  Will DVD’s play?  Do things ‘just work’ out of the gate?

I blogged about the beginning step in Manjaro Linux…it wasn’t as polished as I’d like.  I jumped next to Salix and found that Wicd, the default network manager…makes you jump through 9 different hoops to connect to a hidden network.  PCLinuxOS came next but it was so slow on this laptop that it lasted less than a day.  OpenSuse repeated the PCLinuxOS slowness.  Kubuntu was last and it was fine and polished…but once again, slow…random hangups when doing things like file browsing/web browsing.  Kubuntu was the closest I came to a great KDE flavored distribution…it stayed on the laptop for a couple of days.  So the question remained:  Can the distribution I am running be considered professional and polished while getting out of the way

The majority answer for most of these distributions is a resounding “NO”.

One distribution however, stood above the rest of them.  Instead of stopping on one of the above questions…I found myself having to create new and more intricate ones.  This distribution wasn’t holding me up…it was pressing me forward.  THAT is what a distribution of Linux should do.  It should be out of the way and allow you to get on with your business.  The distribution that does this the best out of that handful mentioned above is Netrunner.

The Hardware

I have an old Dell D630 Laptop which was a standard business line laptop from Dell circa 2007 or so.  It’s got an Intel Centrino and I loaded it up with 4 GB of RAM.  It has a 40 GB Hard drive in it and an Nvidia Quadro graphics card.  Overall, nothing special.  It’s very Linux friendly overall and I’ve used numerous distributions on this laptop since I picked it up at a liquidation sale.

Installation

netrunner2Netrunner uses the Manjaro installer.  Manjaro is based on Arch Linux.  Normally when people think of Arch Linux, they think of a very technical distribution that is only for the Linux elite.  The installer for Netrunner shuns the idea that you need to speak binary to install it.  Simple choices are laid out for you…I was able to encrypt my hard drive and didn’t need to know how to partition anything to get it moving.  The wizard was, simply put, phenomenal.  It was a well put together and excellent installer.

 

Day to Day Use

I’ve found Netrunner to really and truly be out of my way.  I don’t have to think to use it.  I open up music and play it.  I watch movies with no issues.  I browse Youtube videos without a thought.  Flash video just works.  When I pop in a USB Drive, it detects and mounts like I’d expect it to.  Overall, the operating system gets out of my way.  I normally use Openbox for my Linux laptop and I’ve actually gotten used to using KDE because of how polished Netrunner rolling is.

One of my favorite things about Netrunner rolling was Octopi, the graphical front end for pacman.  This tool allows you to manage all the packages on your system and to search out new ones.  It also allows you to manage AUR packages as well.  While this might not be something the average user would dive into right away…having been an Arch and Manjaro user before…I found it fantastic to have a “one stop shopping” experience via Octopi.

The overall speed of the distribution is fantastic.  I found none of the slowness that plagued the laptop during the testing of other distributions.  Things were quick and crisp when opening.  The only time I experienced slowness was when I had about 15 browser tabs open and was trying to open GIMP (I also had KDE Telepathy, Konversation, and dolphin open in the background).  Overall, I’ve found the speed quite acceptable.

Conclusion

My overall conclusion with Netrunner Rolling is that there is no better Arch platformed Linux distro with KDE as the default environment out there.  It just works.  It gets out of the way and it gives the end user a clean, crisp and efficient desktop right out of the gate.  You don’t have to know binary to get it installed, updated, and running.  You don’t have to sacrifice a goat to Cthulhu (I’ve heard that comes later?) to have a pleasing KDE experience for your desktop.  I keep saying this, but it just works.

I found it really odd that I hadn’t heard very much about Netrunner in the past but I readily admit that I hadn’t kept up with KDE based distributions in the past few years due to my fascination with Openbox.  Netrunner has won me over though…I will definitely be paying attention to this fine distribution in the future as it has taken its place as the top KDE distribution I’ve ever tried.  I hope you’ll give it a try in the future (if you haven’t already) and kudos the developers and community of Netrunner!

 

Manjaro KDE Notes

manjaro kdeThis week I decided to step up from Window Manager Manjaro Openbox and give the latest version of the Desktop Environment in KDE try.  I’m one of those odd people who love minimalist desktops like openbox, xmonad, and i3 but still have a soft spot in their hearts for KDE.  We’re few in number and many with insanity. 🙂

So I downloaded Manjaro KDE edition and installed it onto my Dell Latitude D630 laptop.  Upon first boot, everything looks professional and nice.  The bootscreen is professional and the desktop has a common theme that is pleasant to look at.

 

Then I went into the menu to see what programs come installed by default.  Bleh…everything with a bag of chips, the receipt, and then even more.  Too much mess.  Multiple entries for single programs.  It’s a mess in there.

4 entries for the ‘Marble’ program greet me inside of the ‘Education’ area.  FOUR?  This is very simple to fix…you simply right click the menu button and choose ‘edit applications’ but how does something like that make it past the QA process?

Sound was muted across the board by default….I’m pretty sure this is just due to my sound hardware but it’s important to note that not everyone will know to look for that.

Desktop effects enabled by default means that things were DOG slow until I installed a video driver.  Not a good first experience.

I attempted to download a few torrents out of the gate to see what kind of throughput KTorrent would give me.  I use magnet links mostly and upon grabbing my first torrent I realized that nothing was happening.  The metadata wasn’t even downloading.  So I attempted a restart of the application with no fix.  I tried logging out and back on with no fix.  Then I tried a restart of the entire PC with no fix.  No matter what I did…torrents wouldn’t download.

So I switched to qBittorrent.  Still no fix.  No matter what happens, torrents don’t work for me with this version of Manjaro.  In my previous version they worked just fine.

About this time, i started to get rather irritated and stopped looking around for things that were wrong.  No offense to the Manjaro KDE guys…but this isn’t a very good implementation of KDE in my opinion….there is just too much installed by default and what is installed doesn’t seem to work well.  There were quite a few other oddities I experienced while exploring the desktop including multiple KWin crashes when launching specific applications.

Overall, I wasn’t happy.

So I’m heading over to Salix KDE now to see if a simplified approach to KDE will cleans the palate so to speak.  I neglected screenshots when testing Manjaro KDE out but I’ll take many with Salix and follow up here.

Manjaro Linux – My Current Distribution

manjaroI’ve been running Manjaro Linux Openbox Edition since about November of 2013.  I haven’t re-installed…since Manjaro rolls with it’s releases…I haven’t needed to re-install.  It’s been as steady as a rock for 2 releases and many months of torture and pain from yours truly.

The only other distribution I’ve ever put through its paces like this that remained stable and usable was Salix…which is Slackware based.  Manjaro is Arch based and benefits greatly from the fantastic package manager ‘pacman’.  Oddly enough, Salix has a lot in common with Manjaro in that they both attempt to bring simplicity with easy upgrades/updates.  They also both tap into the community for customized packages…Salix with the ability to install Slack builds and Manjaro with the ability to add on packages from the AUR (Arch User Repository).  Both provide tools that allow a user to interface with these user built repositories.  Both are lightning fast and use a very low amount of resources.

Even though I’d hadn’t noticed before….they do have a lot in common.

I’ve demanded a lot more from my Linux distributions lately…I haven’t picked the ones I use based on what everyone else is using.  I haven’t picked one that has recently released.  I picked one that doesn’t decide what’s best for you.  I think this approach is best…doing less is more.

I don’t want a distribution to install the entire KDE application suite out of the gate taking up tons of space on my hard drive and making my Kmenu a jumbled mess.  I don’t want a distribution that doesn’t install tons of applications but is so bloated and lethargic on the desktop that I can barely function.  I don’t want a distribution that does things the wrong way by requiring me to install more than what I need (thanks meta packages!).  The bottom line is, I want a simple distribution of Linux that truly and wholly supports the ‘less is more’ mantra.  The only two I’ve settled on are Manjaro and Salix.  I’m not saying these are the only ones that ascribe to this mantra…I’m just saying these are the only two I’ve used that I like.  I’m sure there are others you might have found do the same thing and I’d encourage you to leave a comment with this distribution so that I can check it out.

I don’t do a lot of Linux reviews…but I will be doing a Salix and Manjaro one in the near future.  I think they both deserve any amount of press they get because they are fantastically simple distributions.

CrunchBang Linux Review

I love CrunchBang Linux.  In my opinion, it’s one of the best distributions of Linux for older computers (heck, any computer) that is actively developed.

I pieced together a Gateway M250 laptop a year or so ago (3 bad ones parted out into 1 good one) and loaded it up with max RAM (2GB).  It’s now a handy little 14 inch laptop with a 1.73Ghz single core Centrino processor.  Not bad…but when playing videos or streaming them, it can really struggle.  So keeping the operating system lightweight on it is a definite must.

Enter, CrunchBang.  It’s small and fast.  It’s elegant and slick.  Just look at this screenshot:

Default Desktop

Simple and sleek, CrunchBang gives feelings of order and uniformity while breaking the speed limit signs.  I’d like to take some time to show you why I feel CrunchBang Linux should be the next distribution of Linux you put on your laptop.  Let’s get started…

Login Screen

In the screenshot above we find the login screen that greets you after installing CrunchBang.  It’s very basic and sleek…it gives the impression that CrunchBang has things together.  It’s impressive but you won’t get to the most impressive portion of CrunchBang Linux until you login for the first time after installing.  I’m going to assume that you already have CrunchBang installed and are booting it for the first time in this review since the install is very easy to do.  After the installation, you’ll be greeted by a command line first run wizard (see below):

First Run Wizard

This wizard will take you through a plethora of tasks…including, but not limited to, getting you connected to the internet, installing development tools, installing web server tools, installing software development tools, and of course…updating your install.  You’ll be able to select each that you want to perform or skip each depending on your need/desire.  THIS is how a first run wizard should be.

This wizard is just a simple script but it does more in the first few minutes for new users than any first run wizard I’ve ever seen.  In my opinion, this tool puts CrunchBang head and shoulders above just about any other distribution of Linux out there.  This lightweight approach to things permeates the entire install.

Now that you’ve made it through the first run wizard, we can explore the various applications installed by default.  For a list, please see the CrunchBang wiki entry.  I’ve found that there is a lightweight replacement for everything I’m accustomed to.  You access these applications by right clicking ON the desktop…which is the standard way to do this using the Openbox window manager.

Right ClickAs you can see, there is a well organized menu structure for the applications that are installed and the appearance provides a uniform appearance just like all other areas of the distro do.  The theme is modern and elegant and continues throughout the menu structure.

browsersAre you a Firefox, Opera or Chromium fan?  Doesn’t matter.  Install scripts are provided inside the menu to get you the right browser right away.  Just a small detail that shows the creator of the distro isn’t thinking about only themselves but rather, the standard user.

I recommend CrunchBang Linux for ANYONE out there…regardless of skill level…who wants a lightweight, complete, and polished distribution of Linux with very few hassles.


Where Will You Hide the Bodhi?

Bodhi LinuxI had a brief flirtation with Bodhi Linux this past week.  I nuked my CrunchBang Linux install to give it a go.  It seemed pretty solid, but after spending some quality time with the distro, I found the version of Network Manager loved to randomly disconnect me from wireless networks…as in, right in the middle of me transferring files, streaming music, and doing tha IRC thing.  Very irritating.

I did a full update to the most recent released version (released in the past few weeks) and found e17 randomly crashing which wasn’t the best addition to a randomly disconnecting wireless connection…and I know that crashes aren’t a problem in e17 since the handler can just restart all the modules and BOOM you’re back.  Regardless, the Network Manager disconnection problem eventually irritated me enough to jump ship.  I attempted connman, exalt, and wicd but I found myself lost.  Since I haven’t used those tools before and the docs very scarce for uprooting Network Manager from Bodhi, it was a stopping point.  No worries, it’s still a great distribution and e17 is VERY fast and looks very good on this 7 year old laptop. However, CrunchBang called me back.

It just works.  Period.

It’s fast.  It’s openbox.  It smells tasty.  Ok, so I made up that last part…there isn’t a smell per se, but rather an overall polish that makes me want to use it.  So, inside a Starbucks in Eastern North Carolina, I buried a Bodhi and set out for home with a CrunchBang ISO.  I promised a review of CrunchBang anyway and it’s high time I started on it.  Let the distro hopping slow down for a while.