Install WireShark on Ubuntu Linux

WireShark is an invaluable tool in recording and reviewing network traffic, it was previously known as Ethereal and is available for a variety of platforms.

Installation can sometimes be hard to remember as use by non-superusers requires additional configuration in Linux.

  1. Add the repository and install:

    sudo add-apt-repository ppa:wireshark-dev/stable

    sudo apt-get update

    sudo apt-get install wireshark

  2. During installation, the following will appear, chose "Yes" for most instances.


    Should non-super users be able to capture packets - Yes / No?

  3. If you need to change the value you selected, you can always re-run the following:


    dpkg-reconfigure wireshark-common

  4. Add the user to the wireshark group so that they can capture traffic:


    add user to group:
    sudo usermod -a -G wireshark username
    id username

  5. If you need additional information, you can always RTFM:


    sudo vi /usr/share/doc/wireshark-common/README.Debian.

REFERENCES:

Disable IPv6 on Ubuntu

Ubuntu updates occasionally fail due to IPv6 update servers not being reachable. While I prefer to keep IPV6 activated, this approach will allow you to disable it for updates, simply reverse the steps to re-enable afterwards!

  1. Update the configuration file…

    sudo vi /etc/sysctl.conf

    ADD:

    # IPv6 disabled
    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1
    net.ipv6.conf.lo.disable_ipv6 = 1

  2. Then, you must enable the change…

    sudo sysctl -p

  3. To verify…


    ifconfig

Install Splunk on Ubuntu

Splunk is a popular enterprise level tool for log collection, analysis and management. While you can obtain an enterprise license, most functions are available in the free community edition.

Setup is very easy:

  1. Download and move the .tar.gz file to the appropriate server (i386 vs. amd64)
  2. sudo dpkg -i splunk*.deb
  3. Start the server:

    sudo /opt/splunk/bin/splunk start

    The first time you run after installation or update you will have to accept terms.

  4. Access the admin screen:

    http://HOSTNAME:8000

    login (admin/changeme)
    change password

  5. Go to Settings/Forwarding * Receiving
    – add new (port 9997)
  6. Open firewall port (if enabled):

    sudo ufw allow 8000
  7. Now to start as a service…

    sudo /opt/splunk/bin/splunk enable boot-start

Competitors:

REFERENCES

Hackintosh – running Apple OS/X inside VirtualBox (on Ubuntu or Windows)

I’ve done a LOT of web and software development in my career, one of the biggest problems I’v e had is doing proper testing on various platforms. VirtualBox can be run on most platforms, and allows for you to virtualize various operating systems. Apple’s OS X can be problematic to install, here’s some functioning instructions and settings that I’ve successfully used for my virtual Hackintosh test environment.

WARNING: As this uses an image of the software, it is advisable to also have a valid licenced copy as to use this without a licence would be “stealing”.

NOTE: this is a version of Snow Leopard, unfortunately you will NOT be able to update or add “fixes” to this test copy as it will usually break. I recommend making a copy of the VM if you wish to try!

My VirtualBox settings:

Mac OS X
Mac OS X Snow Leopard (64-bit)
1024MB
1 core
Disable EFI
6MB+ video

Steps:

  1. English, continue
  2. Utilities… disk Utilities… Select drive, Erase, name, erase… close
  3. continue
  4. Select disk… continue
  5. Customize (see instructions for: updates, kernels & bootloaders)
  6. NOTE: i only did 10.6.1 (an earlier 10.6.2 failed)

  7. Install
  8. Resolution fix – (I could not save file, but here are the instructions…

    Finder > OSX Drive (On desktop) > Extras > com.apple.Boot.plist (open with TextEdit – use the field to find)


<key>Graphics Mode</key>
<string>1280×1024x32</string>

REFERENCES:

DomainKeys Identified Mail (DKIM) Email

DomainKeys (originally from Yahoo!) and Cisco, and later as an industry collaboration, is a means for and organization to claim responsibility for sending a message, in a way that can be validated by a recipient. As a result, emails are “signed” by the outgoing SMTP server and can be verified against a DNS record. Depending upon the receiver, unsigned emails MAY be treated or marked as SPAM as they could be forgeries.

The below instructions assume Ubuntu (Debian) and Postfix, but could likely be modified for other platforms.

  • Install OpenDKIM:
    sudo apt-get install opendkim opendkim-tools
  • Setup initial configuration:

    sudo vi /etc/opendkim.conf

    ADD:
    Domain example.com
    KeyFile /etc/postfix/dkim.key
    Selector dkim
    SOCKET inet:[email protected]
    PidFile /var/run/opendkim/opendkim.pid
    #Canonicalization relaxed/relaxed
    ExternalIgnoreList file:/etc/opendkim/TrustedHostList
    InternalHosts file:/etc/opendkim/TrustedHostList
    LogWhy yes
  • Add trusted hosts… (and folder path, if needed)

    sudo mkdir /etc/opendkim


    sudo vi /etc/opendkim/TrustedHostList

    ADD:

    # External Hosts that OpenDKIM will Trust (add any appropriate values)
    localhost
    127.0.0.1
    10.1.10.1
  • sudo vi /etc/default/opendkim
    ADD:

    SOCKET="inet:[email protected]"
  • sudo vi /etc/postfix/main.cf
    ADD:

    # DKIM
    # --------------------------------------
    milter_default_action = accept
    milter_protocol = 2
    smtpd_milters = inet:127.0.0.1:8891
    non_smtpd_milters = inet:127.0.0.1:8891
  • Take a look around the following file, you may need it later:
    sudo vi /etc/postfix/master.cf
  • Generate your keys:

    opendkim-genkey -t -s dkim -d example.com

    NOTE: this creates dkim.private & dkim.txt, you “might” want to make backups of them 🙂

  • Change permissions on the file:

    sudo chown opendkim:opendkim dkim.private
  • Copy to the postfix folder:

    sudo cp dkim.private /etc/postfix/dkim.key
  • NOTE: I initially had a problem with dkim refusing connections, this MIGHT be needed.

    sudo adduser postfix opendkim
  • Start things back up together:

    sudo service opendkim start
    sudo service postfix restart
  • sudo vi dkim.txt
    (copy contents, remove t=y; as it indicates test mode)
    dkim._domainkey IN TXT ( "v=DKIM1; k=rsa; p=xxxxxxxxx" ) ;

  • Add DNS for DomainKey:

    _domainkey.example.com TXT o=~
  • Add DNS for DKIM:

    dkim._domainkey.example.com TXT v=DKIM1; k=rsa; p=xxxxxxxxx
  • NOTE: you will likely need to wait a few hours for your DNS entries to propagate.

  • Simple verification…. send an email to this address and you will receive a response with your SPF, DKIM and DMARC compliance status:
    mailto:[email protected]

REFERENCES:

Install New Relic Server Monitor on Ubuntu

I’ve found New Relic to be a great free addition to my suite of tools for server monitoring and alerting as I shifted to a DevOps support environment.

Installation is very fast an simple once you’ve created a free accound. Paid options are available and allow for more features.

You will need to record/save YOUR_LICENSE_KEY from your account for step 5 below.

  1. sudo sh -c 'echo deb http://apt.newrelic.com/debian/ newrelic non-free > /etc/apt/sources.list.d/newrelic.list'
  2. wget -O- https://download.newrelic.com/548C16BF.gpg | sudo apt-key add -
  3. sudo apt-get update
  4. sudo apt-get install newrelic-sysmond
  5. sudo nrsysmond-config --set license_key=YOUR_LICENSE_KEY
  6. sudo /etc/init.d/newrelic-sysmond start

You are done! Within a few minutes you should start seeing data on your consoles at the New Relic website.

REFERENCES:

Ubuntu grub timeout warning on update

Shortly updating to Ubuntu Trusty (14.04), I noticed the following warning on my console during updates. I finally got around to looking into it deeper and found that many users have seen this too.

Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.

If you edit the ‘grub’ file, you can comment out the GRUB_HIDDEN_TIMEOUT line by adding a hash in front of it.

sudo vi /etc/default/grub

Verify that the error is fixed by executing the following:

sudo update-grub

If you are interested, you can also go and look at the updated ‘grub’ file at

/boot/grub/grub.cfg

NOTE: I’d also seen that the following command could be used, but it was of no use in my testing.

/usr/share/grub/default/grub

REFERENCES:

Remove Landscape on Ubuntu

The Canonical/Ubuntu Landscape service has been around for as long as I can remember using Ubuntu. A free trial period is enabled (re-enabled?) when a new installation occurs, that allows for a server administrator to see performance metrics and uptime information for any hardware that is running the client. After the trial ends, it is still a quick means of visually observing some key statistics in the terminal MOTD at login. I’d also noticed that it was still doing DNS lookups to “landscape.canonical.com” on a regular basis, and while I did not look for it, I assume that some information was still being collected and reported upon.

As there are MANY other ways to get server performance information, I decided that it was time to be rid of landscape itself.

Removal is easy, as only one line is required… I chose to “purge” all references, though you can “remove” if you feel inclined to leave any configuration for possible later re-installation.


sudo apt-get purge landscape-client landscape-client-ui landscape-client-ui-install landscape-common

REFERENCES:

Install Subversion Server on Ubuntu

Subversion is a commonly used central version control system for software development. There are currently still a large number of organizations that rely upon it, many have since moved on to Git.

  1. sudo apt-get install apache2 apache2-utils
  2. sudo apt-get install subversion subversion-tools libapache2-svn
  3. sudo mkdir /home/svn
  4. svnadmin create /home/svn/test
  5. Create a group for subversion users:
    sudo groupadd subversion
  6. sudo adduser USERNAME
  7. Add a user to the group:
    sudo useradd -G USERNAME subversion
  8. sudo chown -R www-data:subversion /home/svn/test
  9. sudo chmod -R g+rws /home/svn/test
  10. sudo a2enmod dav_svn
  11. To create/clobber a new file for the first user:
    sudo htpasswd -c /etc/apache2/.htpasswd YOURUSER
  12. To add additional users:
    sudo htpasswd /etc/apache2/.htpasswd YOURUSER
    (repeat for new users without the -c as that creates/clobbers the file)
  13. sudo vi /etc/apache2/sites-available/000-default.conf
    Then add to the bottom:
    (NOTE1: the LimitExcept can be enabled to allow anonymous access):
    (NOTE2: the LimitXMLRequestBody can be uncomment to allow large commits)

    <Location /svn>
    DAV svn
    SVNParentPath /home/svn
    AuthType Basic
    AuthName "Subversion Repository"
    # AuthUserFile /etc/svn-auth
    AuthUserFile /etc/apache2/.htpasswd
    #LimitXMLRequestBody 0
    #<LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
    #</LimitExcept>
    </Location>
  14. sudo service apache2 reload
  15. sudo service apache2 restart

    NOTE: At this point you should be able to browse and do a remote checkout of the code from another machine….

    http://YOUR-IP-OR-HOSTNAME/svn
    and
    svn co http://YOUR-IP-OR-HOSTNAME/svn/test --username YOURUSER --password YOURPASS

  16. sudo vi /etc/init/svnserve.conf
    Add the following:

    # svnserve - Subversion server
    description "Subversion server"
    start on (local-filesystems and net-device-up IFACE=lo and started udev-finish)
    stop on runlevel [06]
    chdir /home/svn
    respawn
    respawn limit 2 3600
    exec /usr/bin/svnserve --foreground --daemon --config-file /home/svn/repos/conf/svnserve.conf --root /home/svn/repos/
  17. Then execute:
    sudo initctl start svnserve
  18. Back on the client side…
    Create a new folder inside your user folder:
    cd ~/test
  19. Check out the project into this folder:
    svn checkout http://YOUR-IP-OR-HOSTNAME/svn/test
  20. Let us just add a new HTML index file to the folder:
    vi index.html
  21. Add it to version control:
    svn add index.html
    Commit the new file:
    svn commit -m "commit message"
    Update:
    svn up
  22. That should cover most cases for you…

REFERENCES:

Java temporary file directory path

I’ve recently resurrected some old java code that I’d written back when I primarily used Windows instead of Ubuntu for development. In some of that legacy code, the temporary file paths were hardcoded, to make things more modern and portable, The following line is recommended to get the Operating System values regardless of where it is installed and ran. The file separator “slash” can also be determined in this manner.


private static final String TMPDIR = System.getProperty("java.io.tmpdir") + java.io.File.separatorChar;