Although in modern architectures you typically see Spring Boot executable jars running as the primary process of a container, there are still many deployment scenarios where running the jar as a service at boot time is required. With Ubuntu 16.04, we can use the built-in systemd supervisor to run a Spring Boot application at boot … Java: Spring Boot application as a service using systemd on Ubuntu 16.04
Logstash provides a powerful mechanism for listening to various input sources, filtering and extracting the fields, and then sending events to a persistence store like ElasticSearch. Installing Logstash on Ubuntu is well documented, so in this article I will focus on Ubuntu specific steps required for Logstash 6.x on Ubuntu 16.04.
There are numerous articles I’ve written where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through generating a self-signed certificate with SAN (Subject Alternative Name) and SAN wildcard entries, replacing the deprecated usage of CN=<FQDN>. In addition to the operational benefits of managing SAN, it is also … Ubuntu: Creating a self-signed SAN certificate using OpenSSL
There are numerous articles I’ve written where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through creating a trusted CA (Certificate Authority), and then using that to sign a server certificate that supports SAN (Subject Alternative Name). Operationally, having your own trusted CA is advantageous over a … Ubuntu: Creating a trusted CA and SAN certificate using OpenSSL
It is common in secure production datacenters for internal hosts to be forced to go through a reverse proxy for public internet access. The same concept can be applied to apt package management, where setting up a centralized package proxy enables caching as well as security controls. In a datacenter where you could have hundreds … Ubuntu: A centralized apt package cache using Apt-Cacher-NG
In the world of Linux containers where deployment takes on the order of seconds, even the best-case scenario for spinning up a new Windows host can seem like an eternity. Clearly, you don’t want to wait for the entire Windows install process each time you bring up a Windows guest OS. Even automated, this would … Ubuntu: Standing up a Windows 2012 instance on Ubuntu using Sysprep
Android is one of the leading platforms of the mobile industry. By installing an Android emulator on your Ubuntu desktop, you can bring this power to your desktop. More often than not, an Android emulator is used for custom development of mobile apps, but don’t overlook its utility as a way to access your favorite … Ubuntu: Installing the Genymotion Android emulator
The Tor project is free software that helps protect your privacy by making it difficult for a 3rd party to analyze your network requests or link your traffic back to your network access point. See the Tor overview page for reasons why this may be important to world citizens, corporations, or specific professions. Simplified, this … Ubuntu: Installing Tor on Ubuntu 14.04 and 16.04
Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. In this article I’ll describe how to deploy the latest release of Ansible using pip on Ubuntu 16.04, and then perform a quick validation against a client.
Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. In this article I’ll describe how to deploy the latest release of Ansible using pip on Ubuntu 14.04, and then perform a quick validation against a client.
Syslog is a message logging standard has been around for decades, but has renewed popularity as a method of log capture with the advent of containerization and centralized logging solutions. Enabling an Ubutu 14.04 or 16.04 host to act as a syslog server only takes a few simple steps.
Update Oct 2022: This article has now been written for GoLang 1.19 on Ubuntu 22.04. Go has changed the way it handles SIGURG signals, and Systemd services no longer directly forward to syslog. Read my newer article here. The Go language with its simplicity, concurrency support, rich package ecosystem, and ability to compile down to a single … GoLang: Running a Go binary as a systemd service on Ubuntu 16.04
The Go language with its simplicity, concurrency support, rich package ecosystem, and ability to compile down to a single binary is an attractive solution for writing services on Ubuntu. However, the Go language does not natively provide a reliable way to daemonize itself. In this article I will describe how to take a couple of simple Go language programs, … GoLang: Running a Go binary as a SysV service on Ubuntu 14.04
The Go programming language has gotten considerable momentum, and the fact that it compiles down to machine code has made it popular in containers like Docker where a single executable binary fits the execution model perfectly. This article will detail installation on Ubuntu 14.04 with the standard hello world validation.
Configuration Management tools like SaltStack are invaluable for managing infrastructure at scale. Even in the growing world of containerization where immutable image deployment is the norm, those images need to be built in a repeatable and auditable fashion. This article will detail installation of the SaltStack master on Ubuntu 14.04, with validation using a single Minion. Note that Minion … SaltStack: Installing a Salt Master on Ubuntu 14.04
Logstash provides a powerful mechanism for listening to various input sources, filtering and extracting the fields, and then sending events to a persistence store like ElasticSearch. Installing Logstash on Ubuntu is well documented, so in this article I will focus on Ubuntu specific steps required for Logstash 2.x and 5.x.
Log rotation is an essential maintenance task for managed servers. The logrotate package available in the main Ubuntu repository is easily configurable and is invoked by the cron service for automated log retention.
ElastAlert from the Yelp Engineering group provides a very flexible platform for alerting on conditions coming from ElasticSearch. In a previous article I fully describe running interactively on an Ubuntu server, and now I’ll expand on that by running it at system startup using a System-V init script. One of the challenges of getting ElastAlert to run as a … ELK: Running ElastAlert as a service on Ubuntu 14.04
The open-source Zabbix monitoring solution has very lightweight agents that are easy to install on Ubuntu. Although the Ubuntu main repository has a build available, it is older and so we are going to choose to download and install the latest point version in this article. Unfortunately, the repo.zabbix.com cannot be added directly as an Ubuntu … Zabbix: Installing a Zabbix Agent on Ubuntu 14.04
Although container based engines such as Docker are highly popularized for newer application deployment – there will still be widespread use of OS virtualization engines for years to come. One of the most popular virtualization engines for development purposes is the open-source VirtualBox from Oracle. This article will detail its installation on Ubuntu 14.04.
Docker is a container platform that streamlines software delivery and provides isolation, scalability, and efficiency with less overhead than OS level virtualization. These instructions are taken directly from the official Docker for Ubuntu page, but I wanted to reiterate those tasks essential for installing the Docker Community Edition on Ubuntu 14.04 and 16.04.
Once you have a Squid proxy setup as described in my article here, the next challenge is configuring your Ubuntu servers so that they use this proxy by default instead of attempting direct internet connections. There are several entities we want using Squid by default: apt package manager, interactive consoles and wget/curl, and Java applications.
HAProxy is a high performance TCP/HTTP (Level 4 and Level 7) load balancer and reverse proxy. A common pattern is allowing HAProxy to be the fronting SSL-termination point, and then HAProxy determines which pooled backend server serves the request.
Nginx is a popular reverse proxy and load balancer that focuses on level 7 (application) traffic. A common pattern is allowing Nginx to be the fronting SSL-termination point, and then Nginx determines which pooled backend server is best available to serve the request.
There are numerous articles I’ve written where a certificate is a prerequisite for deploying a piece of infrastructure. Here are the quick steps for installing a simple self-signed certificate on an Ubuntu server. If you instead need to create a certificate with SAN (Subject Alternative Name) support, read my article here. Some of you will … Ubuntu: Creating a self-signed certificate using OpenSSL on Ubuntu
Jenkins is the open-source automation server that is critical in building a continuous integration and delivery pipeline. It is extensible and has a wealth of plugins that integrate with numerous enterprise systems. Here are the detailed steps for installing a Jenkins server on Ubuntu.
strace is a handy utility for tracing system, file, and network calls on a Linux system. It can produce trace output for either an already running process, or it can create a new process. Some of the most common troubleshooting scenarios are needing to isolate either the network or file system activity of a process. … Ubuntu: Using strace to get a view into file and network activity of a process
tcpdump comes standard on Ubuntu servers and is an invaluable tool in determining traffic coming in and out of a host. As network infrastructures have become more complex and security conscious, validating network flow from client hosts through potentially multiple proxies and ultimately to a destination host and port has become more important than ever. … Ubuntu: Using tcpdump for analysis of network traffic and port usage
Update Feb 2023: enumerating the secure protocols and ciphers of a remote site can be done more efficiently by nmap, as described in my other article here. While enabling HTTPS is a important step in securing your web application, it is critical that you take steps to disable legacy protocols and low strength ciphers that … OpenSSL: Using OpenSSL to enumerate protocols and ciphers in use by web applications
If you have worked on deploying packages via apt-get, you are probably familiar with a couple of forms of interruption during the package installation and upgrade process. The first is the text menu shown during package upgrades that informs you that a new configuration file is available and asks if you want to keep your … Ubuntu: Silent package installation and debconf
The AppDynamics Machine Agent is used not only to report back on basic hardware metrics (cpu/memory/disk/network), but also as the hook for custom plugins that can report back on any number of applications including: .NET, Apache, AWS, MongoDB, Cassandra, and many others. In this article, I’ll go over the details to install the Machine Agent … AppDynamics: Installing a Machine Agent on Ubuntu 14.04
Grafana is an open-source visualization suite that is able to generate graphs and dashboards, in addition to alerting. It is designed to retrieve data from various backends including: Graphite, ElasticSearch, Prometheus, and Zabbix. This article will lead you through an installation of the latest stable version on Ubuntu 14.04.
As part of normal long-term operations, the number of kernel images on your system will accumulate and take up disk space. This issue with space will be even more pronounced if /boot is mounted to its own smaller partition. With Ubuntu 16.04, ‘apt autoremove –purge’ and configuration of the unattended upgrades can ensure that old … Unbutu: Removing unused kernel images and headers
It may be hard to imagine on the development side, but there are instances where a deployed host is not accessible from the Salt Master in a production environment. This forces a bit of creativity if you have a set of standard formulas you need to apply to the host. For instance, imagine a host … SaltStack: Running a masterless minion on Ubuntu
Decompiling Java classes is sometimes associated with dubious behavior around proprietary and licensed software, but in reality there are many valid reasons why one may find it necessary to dig into Java class files and jar/war archives. It may be as simple as your development team no longer having the 5 year old version of … Ubuntu: Decompiling Java classes on Ubuntu using Eclipse and JD-GUI
The Dirty COW vulnerability affects the kernel of most base Ubuntu versions. Especially when running an Ubutu HWE stack, it can be a bit confusing to determine if your kernel and Ubuntu version are affected. If you need to validate patching, then you can use a simple C program to exercise this read-only write vulnerability … Ubuntu: Determine system vulnerability for Dirty COW CVE-2016-5195
Logging has always been a critical part of application development. But the rise of OS virtualization, applications containers, and cloud-scale logging solutions has turned logging into something bigger that managing local debug files. Modern applications and services are now expected to feed log aggregation and analysis stacks (ELK, Graylog, Loggly, Splunk, etc). This can be … Syslog: Sending Java log4j2 to rsyslog on Ubuntu
The prevalence of the long chains of firewall and reverse proxy solutions present in production infrastructure (and made even more popular with the dynamic routing introduced with containers) has made analysis of the end-user side of the network exchange a critical tool in troubleshooting. Fiddler has long been a solid tool for both proxy capture … Ubuntu: Using Fiddler to analyze Chrome/Firefox network capture
When tasked with deploying a web application and it is not responsive to your browser requests, sometimes you need to take a step back from the complexity of your full stack and run a quick sanity check. You can use netcat as a simple web server to prove to yourself that the network infrastructure is … Ubuntu: Simulating a Web Server using Netcat
Although virtualization has pushed a self-service culture for infrastructure, it is still common in production environments to need your Network Operations team to open the required ports necessary for any new application deployment. So, while you may be able to create the base virtualized host, you can’t go much further without the network connectivity. And … Ubuntu: Pre-Validate Network ACL and Firewall Connectivity with Netcat