How To Patch The Debian 6 Squeeze Shellshock Bug

debian-wallpaper-3

Debian I run a few webservers at work that are internal facing only (intranet) that run Debian 6 Squeeze.  I’ve been monitoring the Shellshock exploit since it was discovered a few weeks ago and have been looking for a way to get those few systems patched…despite them existing only internally.  Patches for Squeeze-lts (long term release) were released quickly and then just a last week, another patch was put into play as well.  I decided to go ahead and patch these internal systems and since I couldn’t find much out there for blog posts on how to do it…I decided to share how I did it.

Difference Between Squeeze and Squeeze-lts

The difference between Squeeze general and Squeeze-lts is that the LTS (long term support) repositories will continue to receive backported patches from the current release tree (which is version 7 for Debian).  I didn’t originally install/setup these two internal servers so the first thing I have to do is get the version of Debian these servers are running and then check to see if they are using the LTS repositories.

Finding Your Version of Debian

lsb_release -a

This command returns a vanilla squeeze install for me.

Changing Repositories to LTS

Now to see which repositories are enabled.

nano /etc/apt/sources.list

You should open your sources list with your favorite text editor.  If you just have vanilla sources like the two servers I have you can just comment out the sources listed there and paste the following:


deb http://http.debian.net/debian/ squeeze main contrib non-free
deb-src http://http.debian.net/debian/ squeeze main contrib non-free

deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

deb http://http.debian.net/debian squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian squeeze-lts main contrib non-free

Now that your sources have changed, update and patch your system:

 apt-get update && apt-get upgrade && apt-get dist-upgrade

Checking To See if You still Vulnerable

You can use bash itself to see if you’re vulnerable to the bug.  Execute the following command:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

This should return the following if you are patched:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello

If you’re not patched…the word ‘vulnerable’ will appear in your results.

Further Reading on Shellshock

You can read further about how to switch to LTS repositories here:  https://wiki.debian.org/LTS/Using

For more reading on the Shellshock bug, how it is being exploited and the history/timeline, see here:  http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

Netrunner – The Best Distro You’ve Barely Heard Of

Netrunner

Netrunner

In my quest to find a professional and polished distribution of Linux that used KDE as the default desktop…I tried out quite a few flavors:  Kubuntu, Salix, Manjaro, PCLinuxOS and even OpenSuse.  All done in the past few weeks.

Each time I installed these distributions on this Dell Latitude D630 I pretended I had no idea how Linux was supposed to work.  I’d step through like a less than technical person would do.  How do I connect to wireless?  Is it easy?  Can I stream Youtube videos?  Will my mp3 collection play?  How do I manage that mp3 collection?  Will DVD’s play?  Do things ‘just work’ out of the gate?

I blogged about the beginning step in Manjaro Linux…it wasn’t as polished as I’d like.  I jumped next to Salix and found that Wicd, the default network manager…makes you jump through 9 different hoops to connect to a hidden network.  PCLinuxOS came next but it was so slow on this laptop that it lasted less than a day.  OpenSuse repeated the PCLinuxOS slowness.  Kubuntu was last and it was fine and polished…but once again, slow…random hangups when doing things like file browsing/web browsing.  Kubuntu was the closest I came to a great KDE flavored distribution…it stayed on the laptop for a couple of days.  So the question remained:  Can the distribution I am running be considered professional and polished while getting out of the way

The majority answer for most of these distributions is a resounding “NO”.

One distribution however, stood above the rest of them.  Instead of stopping on one of the above questions…I found myself having to create new and more intricate ones.  This distribution wasn’t holding me up…it was pressing me forward.  THAT is what a distribution of Linux should do.  It should be out of the way and allow you to get on with your business.  The distribution that does this the best out of that handful mentioned above is Netrunner.

The Hardware

I have an old Dell D630 Laptop which was a standard business line laptop from Dell circa 2007 or so.  It’s got an Intel Centrino and I loaded it up with 4 GB of RAM.  It has a 40 GB Hard drive in it and an Nvidia Quadro graphics card.  Overall, nothing special.  It’s very Linux friendly overall and I’ve used numerous distributions on this laptop since I picked it up at a liquidation sale.

Installation

netrunner2Netrunner uses the Manjaro installer.  Manjaro is based on Arch Linux.  Normally when people think of Arch Linux, they think of a very technical distribution that is only for the Linux elite.  The installer for Netrunner shuns the idea that you need to speak binary to install it.  Simple choices are laid out for you…I was able to encrypt my hard drive and didn’t need to know how to partition anything to get it moving.  The wizard was, simply put, phenomenal.  It was a well put together and excellent installer.

 

Day to Day Use

I’ve found Netrunner to really and truly be out of my way.  I don’t have to think to use it.  I open up music and play it.  I watch movies with no issues.  I browse Youtube videos without a thought.  Flash video just works.  When I pop in a USB Drive, it detects and mounts like I’d expect it to.  Overall, the operating system gets out of my way.  I normally use Openbox for my Linux laptop and I’ve actually gotten used to using KDE because of how polished Netrunner rolling is.

One of my favorite things about Netrunner rolling was Octopi, the graphical front end for pacman.  This tool allows you to manage all the packages on your system and to search out new ones.  It also allows you to manage AUR packages as well.  While this might not be something the average user would dive into right away…having been an Arch and Manjaro user before…I found it fantastic to have a “one stop shopping” experience via Octopi.

The overall speed of the distribution is fantastic.  I found none of the slowness that plagued the laptop during the testing of other distributions.  Things were quick and crisp when opening.  The only time I experienced slowness was when I had about 15 browser tabs open and was trying to open GIMP (I also had KDE Telepathy, Konversation, and dolphin open in the background).  Overall, I’ve found the speed quite acceptable.

Conclusion

My overall conclusion with Netrunner Rolling is that there is no better Arch platformed Linux distro with KDE as the default environment out there.  It just works.  It gets out of the way and it gives the end user a clean, crisp and efficient desktop right out of the gate.  You don’t have to know binary to get it installed, updated, and running.  You don’t have to sacrifice a goat to Cthulhu (I’ve heard that comes later?) to have a pleasing KDE experience for your desktop.  I keep saying this, but it just works.

I found it really odd that I hadn’t heard very much about Netrunner in the past but I readily admit that I hadn’t kept up with KDE based distributions in the past few years due to my fascination with Openbox.  Netrunner has won me over though…I will definitely be paying attention to this fine distribution in the future as it has taken its place as the top KDE distribution I’ve ever tried.  I hope you’ll give it a try in the future (if you haven’t already) and kudos the developers and community of Netrunner!

 

Manjaro KDE Notes

manjaro kde

manjaro kdeThis week I decided to step up from Window Manager Manjaro Openbox and give the latest version of the Desktop Environment in KDE try.  I’m one of those odd people who love minimalist desktops like openbox, xmonad, and i3 but still have a soft spot in their hearts for KDE.  We’re few in number and many with insanity. :)

So I downloaded Manjaro KDE edition and installed it onto my Dell Latitude D630 laptop.  Upon first boot, everything looks professional and nice.  The bootscreen is professional and the desktop has a common theme that is pleasant to look at.

 

Then I went into the menu to see what programs come installed by default.  Bleh…everything with a bag of chips, the receipt, and then even more.  Too much mess.  Multiple entries for single programs.  It’s a mess in there.

4 entries for the ‘Marble’ program greet me inside of the ‘Education’ area.  FOUR?  This is very simple to fix…you simply right click the menu button and choose ‘edit applications’ but how does something like that make it past the QA process?

Sound was muted across the board by default….I’m pretty sure this is just due to my sound hardware but it’s important to note that not everyone will know to look for that.

Desktop effects enabled by default means that things were DOG slow until I installed a video driver.  Not a good first experience.

I attempted to download a few torrents out of the gate to see what kind of throughput KTorrent would give me.  I use magnet links mostly and upon grabbing my first torrent I realized that nothing was happening.  The metadata wasn’t even downloading.  So I attempted a restart of the application with no fix.  I tried logging out and back on with no fix.  Then I tried a restart of the entire PC with no fix.  No matter what I did…torrents wouldn’t download.

So I switched to qBittorrent.  Still no fix.  No matter what happens, torrents don’t work for me with this version of Manjaro.  In my previous version they worked just fine.

About this time, i started to get rather irritated and stopped looking around for things that were wrong.  No offense to the Manjaro KDE guys…but this isn’t a very good implementation of KDE in my opinion….there is just too much installed by default and what is installed doesn’t seem to work well.  There were quite a few other oddities I experienced while exploring the desktop including multiple KWin crashes when launching specific applications.

Overall, I wasn’t happy.

So I’m heading over to Salix KDE now to see if a simplified approach to KDE will cleans the palate so to speak.  I neglected screenshots when testing Manjaro KDE out but I’ll take many with Salix and follow up here.

Manjaro Linux – My Current Distribution

manjaro

manjaroI’ve been running Manjaro Linux Openbox Edition since about November of 2013.  I haven’t re-installed…since Manjaro rolls with it’s releases…I haven’t needed to re-install.  It’s been as steady as a rock for 2 releases and many months of torture and pain from yours truly.

The only other distribution I’ve ever put through its paces like this that remained stable and usable was Salix…which is Slackware based.  Manjaro is Arch based and benefits greatly from the fantastic package manager ‘pacman’.  Oddly enough, Salix has a lot in common with Manjaro in that they both attempt to bring simplicity with easy upgrades/updates.  They also both tap into the community for customized packages…Salix with the ability to install Slack builds and Manjaro with the ability to add on packages from the AUR (Arch User Repository).  Both provide tools that allow a user to interface with these user built repositories.  Both are lightning fast and use a very low amount of resources.

Even though I’d hadn’t noticed before….they do have a lot in common.

I’ve demanded a lot more from my Linux distributions lately…I haven’t picked the ones I use based on what everyone else is using.  I haven’t picked one that has recently released.  I picked one that doesn’t decide what’s best for you.  I think this approach is best…doing less is more.

I don’t want a distribution to install the entire KDE application suite out of the gate taking up tons of space on my hard drive and making my Kmenu a jumbled mess.  I don’t want a distribution that doesn’t install tons of applications but is so bloated and lethargic on the desktop that I can barely function.  I don’t want a distribution that does things the wrong way by requiring me to install more than what I need (thanks meta packages!).  The bottom line is, I want a simple distribution of Linux that truly and wholly supports the ‘less is more’ mantra.  The only two I’ve settled on are Manjaro and Salix.  I’m not saying these are the only ones that ascribe to this mantra…I’m just saying these are the only two I’ve used that I like.  I’m sure there are others you might have found do the same thing and I’d encourage you to leave a comment with this distribution so that I can check it out.

I don’t do a lot of Linux reviews…but I will be doing a Salix and Manjaro one in the near future.  I think they both deserve any amount of press they get because they are fantastically simple distributions.

Finding Files Modified in the Past Few Days

terminal_icon

It’s said that with age comes distinction and wisdom. If we believe that, then we’re talking about people and not files.  Working with older files doesn’t make you wise beyond your years…one could argue that it makes you a glutton for punishment :).  That doesn’t always have to be the case as we can solve finding and working with older files using the ‘find’ command.

Recently, I was tasked with finding files that had been modified in the past 5 days. I was to copy these files from a SAN Snapshot and move them over to a recover area that anyone could get to (read: Windows File Share).

We were doing this in Linux because the snapshot, which was a NTFS filesystem would only mount in Linux.  It seems that Linux is more forgiving of errors on a hard disk than Windows is when dealing with NTFS.

So, the snapshot was located on a server designated as X.X.X.X below.  I decided to use the find command to locate all files that were modified in the past 5 days.  The find command can be summarized succinctly using the following logic statement:  find where-to-look criteria what-to-do.  Keeping this logic in mind, I used the following command to get what I needed:

find . -mtime 4 -daystart -exec cp -a {} /home/devnet/fileshare\$ on\ X.X.X.X/RECOVER/ \;

Let’s break down what the above command is doing.  First and foremost, the find command when used in conjunction with a period means to search the current directory (where-to-look in logic statement above).  If you need to specify where to search via path, replace the period with the path to the directory you’ll be searching in  Next, I’ve added the following flags (criteria in logic statement above) which I’ll define:

  1. -mtime:  stands for ‘modified time’.  This means I’m searching for only files modified in the past 4 days.
  2. -daystart:  This flag is used to measure time from the beginning of the current day instead of 24 hours ago which is default.  So in the example above, it would find files 4 days from the start of today (which equates to 5 days from midnight versus 4 days from 24 hours ago for my task)
  3. -exec:  specifies that with the results, a new command should be executed.

The {} above is where the results of our find command are passed.  It will do the command after -exec for each result from the find command.

So, we’re copying with the cp -a command and flag, which will copy recursively, preserving file structure and attributes thanks to our -a flag.  That command copies all the files we’ve found using the find command to the path stated next (what-to-do in our logic statement above).  The last symbols \; are the end statement for our -exec flag.  This must always be present for our -exec command…and the exec flag should be the last option given in the find command as well.

It’s important to note above that I mounted the NTFS SAN snapshot using the GUI like I would any NTFS volume on a Linux desktop and that I executed this find command while I was located in the root of the directory I wanted to search on that snapshot.  The server I was copying the files to noted as X.X.X.X above was a Windows File Server on our network that had open permissions for me to copy to.  I used Samba to mount this server in the directory ‘fileshare’ in my home directory.  The RECOVER directory was made by me to house all the files I’ve found so I could keep them separate from any other files in the root of the file server directory.  I had to manually create this folder prior to issuing the command.

There are more than a couple of different ways to do what I did above.  There are also numerous ways to alter the command and adapt it for your needs.  For example, perhaps you want to find all files that are 3 days old and delete them…and you’re not a stickler for the -daystart option.  In this case:

find . -mtime -3 -exec rm -rf {} \;

Maybe you want to copy mp3’s from a directory to a separate location:

find . -name '*.mp3' -exec cp -a {} /path/to/copy/stuff/to \;

There are lots of ways to adapt this to help locate and deal with files.  The command line/shell are always more than powerful enough to help you get what you need.  I hope this helps you and if you have questions or just want to say thanks…please don’t hesitate to let me know in the comments below.

Would You Like a Native Client for Google Drive?

gdrive

If you’re like me, you think that the more native applications that are available to Linux users, the better.  In the case of Google Drive, there isn’t a native synchronization enabled client for Linux.  This is especially sad if you think about how Google got to where it is today…building its entire search infrastructure on the backs of customized Debian servers.  Not to mention that Android…which is powered by Linux…has a native client available in the Google Play store.

Why would we want a native client for Google Drive when we can just use unofficial software to do it or mount it like a command line commando would?  The answer is simple…uniformity and solidarity.  The experience that is already present for Windows and Mac users should be present in Linux as well…instead, Linux continues to be the ‘red headed stepchild’ of the desktop experience.

There are some people who feel this same way and they have started an online petition asking Google to release a native Drive client for Linux.  You can sign the petition here if you’d like to.  As of the writing of this post, there were 15,648 signatures…let’s see if we can push above 20k shall we?  I think online petitions are sometimes silly but Google might not.  Hopefully, we’ll get that native client and uniform experience for Linux desktops everywhere.