cron.weekly issue #12: Zabbix, GitLab, Tcpdive, Pact, Grafana, XKCD and many moreJanuary 24, 2016 - Mattias Geniar
Welcome to issue 12 for cron.weekly. Today is January 24th, 2016 and there’s a lot of content to share!
Kernels 3.8 and higher are vulnerable for a local privilege escalation vulnerability, allowing non-root users to elevate their privileges to root. Patching is advised!
The first public beta of Zabbix 3.0 is available for download: source, pre-build VMs and appliances are available.
The Linux Foundation, which acts as a promoter and is involved in standardising Linux, has now removed the community from its board representation. In response to these accusations, an official response by the Linux Foundation was also written.
A daring title, but the author makes for some compelling arguments: a new config management tool focussed on parallel execution, event driven and distributed ideas.
By default, it has always been a pain to get multiple PHP versions running on a single server. The Debian project is working to resolve that, by allowing multiple PHP versions to be installed side-by-side, out of the box. Fingers crossed this gets adopted by other major distributions, too.
Last edition featured a complaint post about the issues Github should/could fix to improve the way open source works. This time, it’s time for praise, to acknowledge all the things Github has done to make open source so much better and easier to contribute to.
The recent good cop/bad cop posts about Github have prompted GitLab, the open source Github competitor, to highlight some of its open source features.
Very low-level thoughts on what we can lear from last weeks’ OpenSSH vulnerability and how it can shape the way we handle sensitive files in the future.
There is a trend of using Docker containers for everything. This post explores why that’s not always a good idea.
Tools & Projects
Give pact several PIDs. When one PID dies, pact will kill all provided PIDs. This is useful when you have grouped scripts/commands running that all rely on eachother and should either be started or stopped together.
Tcpdive is designed to provide an insight into TCP, by monitoring and analysing mass data collected from a running linux kernel. The data is gathered via systemtap and requires no kernel modifications.
This project allows you to use your Zabbix monitoring instances as a datasource for Grafana.
A wiki with a nice collection of ‘hacker links’: bash-scripts, vim guides, … lots of links to click through.
A new kernel module that adds support for the the famous XKCD comic about fair randomness on a server. If anything, it shows how much boilerplate code is required even for a simple kernel module.
This new project by Facebook’s open source team offers a library and CLI client to transfer data between 2 hosts as fast as possible, over multiple TCP paths.
This project uses AWS Lambda’s to write entire applications, effectively ignoring the need to manage ‘actual’ servers by yourself (while Amazon obviously still has servers to manage).
Riemann aggregates events from your servers and applications with a powerful stream processing language.
You’d think editing manpages is an easy thing, when you’re used to MarkDown or other formats. It’s actually a pretty obscure format, and this online editor helps you write proper manpages with correct syntax.
Wekan is an open source Kanban tool, much like Trello. It looks pretty much the same but is free to host on your own infrastructure.
An ‘EXPLAIN‘ query shows the query plan and execution strategy the SQL server, in this PostgreSQL, will use as its most optimal path of query’ing the data and returning the response. The pev project is a more visual representation of such an EXPLAIN query. The screenshots on the blog speak for themselves. If anyone makes a MySQL-version I’d be very interested!
Guides & Tutorials
A very practical and to-the-point guide on getting started with GitLab, the git repository hosting tool.
The BBC investigated the throughput of Varnish vs. Nginx and found that a well-tweaked Nginx could serve up to 20Gbps of traffic, whilst Varnish was limited to 4Gbps. The technical write-down shows some bottlenecks in Varnish when it comes to memory mapping.
Slack is all the rage nowadays. This post shows you how to let SSH trigger custom shell-scripts (through PAM) to send notifications to a chat-channel about logins on a server.
RHEL 7, and by extension CentOS 7, support different “profiles” for a server out of the box. This post covers how to select them and, in short, shows the differences between them (powersave, high-throughput, virtual-host, …). Tuning a server isn’t easy, these presets make it just a little easier.
IRC is the backbone of our open source communication. This post covers how you can get started by explaining both the tools and the concepts (channels, servers, etc) for IRC.
Some nice background information on the ‘random’ network names devices can get on systemd servers.
A lot of background information on the various terms.
A detailed step-by-step set of instructions if you ever want to configure OpenVPN on your own linux machine(s).
This post introduces a new tool, autossh, and covers its configuration. Autossh will make SSH tunnels persistent, should they ever disconnect they’ll be re-connected in the background.
The layout reminds me of a 90s TV show somehow, but the content is still relevant: explaining the Linux filesystem (inodes, paths, symlinks, hard- and softlinks, etc).
Another 90s-style layout, but covering important basics of handling SIGINT signals in your scripts.
I feel like I can include a ‘security best practice‘ link in every edition, but this one – aiming only at SSH – is very detailed. If your only job was to configure SSH as securely as possible, check this one out and follow each recommendation.