Ubuntu: Determine system vulnerability for Dirty COW CVE-2016-5195

ubuntuThe Dirty COW vulnerability affects the kernel of most base Ubuntu versions.  Especially when running an Ubutu HWE stack, it can be a bit confusing to determine if your kernel and Ubuntu version are affected.

If you need to validate patching, then you can use a simple C program to exercise this read-only write vulnerability and check your system.

Continue reading “Ubuntu: Determine system vulnerability for Dirty COW CVE-2016-5195”

Syslog: Sending Java log4j2 to rsyslog on Ubuntu

log4j-logoLogging has always been a critical part of application development.  But the rise of OS virtualization, applications containers, and cloud-scale logging solutions has turned logging into something bigger that managing local debug files.

Modern applications and services are now expected to feed log aggregation and analysis stacks (ELK, Graylog, Loggly, Splunk, etc).  This can be done a multitude of ways, in this post I want to focus on modifying log4j2 so that it sends directly to an rsyslog server.

Even though we focus on sending to an Ubuntu ryslog server in this post, this could be any entity listening for syslog traffic, such as Logstash.

Continue reading “Syslog: Sending Java log4j2 to rsyslog on Ubuntu”

Ubuntu: Using Fiddler to analyze Chrome/Firefox network capture

ubuntuThe prevalence of the long chains of firewall and reverse proxy solutions present in production infrastructure (and made even more popular with the dynamic routing introduced with containers) has made analysis of the end-user side of the network exchange a critical tool in troubleshooting.

Fiddler has long been a solid tool for both proxy capture as well as analysis of the end user application traffic on the Windows platform.  However, troubleshooting issues with customers always required them to first install the tool on their desktop, and at times corporate policies would prevent installation.

Now, with the built-in capabilities of the Chrome DevTools and Firefox Network Monitor, the capture can happen directly from the end user’s browser without any external tool installation.  If that session needs to be analyzed by higher level support resources, it can be exported as an HTTP Archive (HAR), and then imported into Fiddler for analysis at a later time.

And since the release of Fiddler for Linux, the analysis of the HAR can be done directly on the Ubuntu desktop.

Continue reading “Ubuntu: Using Fiddler to analyze Chrome/Firefox network capture”

Ubuntu: Simulating a Web Server using Netcat

ubuntuWhen tasked with deploying a web application and it is not responsive to your browser requests, sometimes you need to take a step back from the complexity of your full stack and run a quick sanity check.

You can use netcat as a simple web server to prove to yourself that the network infrastructure is allowing the traffic, the guest OS is not blocking the port with its own firewall, and the browser can receive the HTTP response.

Start the netcat HTTP Server

If you want to refer back to my post on the minimal TCP server using netcat, read here.  Extending that concept, here is the bash command to echo out a basic set of HTTP headers and body on port 8080:

while true; do { echo -e "HTTP/1.1 200 OK\r\n$(date)\r\n\r\n<h1>hello world from $(hostname) on $(date)</h1>" |  nc -vl 8080; } done

Continue reading “Ubuntu: Simulating a Web Server using Netcat”

Ubuntu: Pre-Validate Network ACL and Firewall Connectivity with Netcat

ubuntuAlthough virtualization has pushed a self-service culture for infrastructure, it is still common in production environments to need your  Network Operations team to open the required ports necessary for any new application deployment.

So, while you may be able to create the base virtualized host, you can’t go much further without the network connectivity.  And there is nothing worse than finding out half way through your full stack deployment that the reason you keep hitting errors is because a stray port was not opened.

I would suggest pre-validating all the TCP and UDP ports you expect open.  This can be done pretty simply by using netcat on both sides of the communication.

Continue reading “Ubuntu: Pre-Validate Network ACL and Firewall Connectivity with Netcat”

OpenWrt: Flashing Linksys WRT1X00AC/S from USB-TTL Using Ubuntu

openwrt_logoFlashing the firmware of the Linksys WRT1X00AC/S is well documented on the OpenWrt wiki.  So I don’t feel the need to go over the architectural concepts in this article, but I did want to provide instructions for the Ubuntu specific tools you can use to flash the firmware.

If you want to try flashing to OpenWrt using the factory LinkSys ‘Router Firmware Update’ feature, that is your choice, but it really is working blind and you have no ability to fix issues if something goes wrong.  After bricking my router once, I now rely solely on the Serial to USB-TTL cable which is the highly recommended connectivity method from the OpenWrt page.

Step 1. Connect via USB-TTL cable

I wrote a detailed article about using the Adafruit USB TTL Serial cable to connect to the Linksys WRT1X00AC/S for an Ubuntu host.

After powering off/on the router, you should be able to clearly the see the boot sequence of your Linksys firmware in your terminal program.  Below is a snippet of the output showing the Linksys logo in ASCII art which scrolls by as the router brings up all its services.

linksys_factor_booting2

Continue reading “OpenWrt: Flashing Linksys WRT1X00AC/S from USB-TTL Using Ubuntu”

Ubuntu: Enabling the Ubuntu universe Repository

ubuntuThere are four main repositories for Ubuntu: Main, Universe, Restricted, and Multiverse.  The Ubuntu CD contains the packages from the Main and Restricted repositories, so even if you do not have an Internet connections those will be available.

However, if you have booted from the LiveCD, and did not initially configure a wired or wireless network connection, then the ‘Universe’ repository will not be enabled.

If you were trying to install a package such as putty and the Universe repository source was disabled, you would get ‘E: Unable to locate package’ responses when trying to install and an empty response from apt-cache when searching for this package:

Continue reading “Ubuntu: Enabling the Ubuntu universe Repository”

OpenWrt: Installing a TFTP Server on Ubuntu for OpenWrt Firmware Updates

openwrt_logoThe Trivial File Transfer Protocol (TFTP) is an extremely simple protocol most often used for network booting strategies, such as PXE and flashing OpenWrt images unto consumer routers.

I go over full instructions for flashing OpenWrt using Ubuntu and flashing a sysupgrade in another post, this article will focus specifically on setting up a tftp server daemon on Ubuntu that can be used to serve the binary image file.

Installation

First, install the tftp server and client packages:

# apt-get install tftpd-hpa tftp-hpa -y

Continue reading “OpenWrt: Installing a TFTP Server on Ubuntu for OpenWrt Firmware Updates”

Ubuntu: Hang While Installing gutenprint as Network Driver

If you experience hanging when installing the gutenprint drivers for a network printer from the desktop, try manually installing the gutenprint drivers from the console first.

Most likely, you will see a screen like below, and the progress bar will continually cycle but never end.

gutenprint-searching2

If you can’t cancel, you can use the ‘xkill’ command from the console and click on the dialog window.  But you will also need to kill the process, and that can be done by  finding the process id using:

Continue reading “Ubuntu: Hang While Installing gutenprint as Network Driver”