Patching for Dirty Cow on Debian, Red Hat, Ubuntu, CentOS

Posted on December 3, 2016 by Jim

“Dirty Cow” is the common name given to Linux vulnerability CVE-2016-5195. It is a “privilege escalation” that allows a non-root user to gain root access on a system. An attacker must have system access first, as a normal user. Then they use the bug to obtain root rights. It is dangerous and should be patched.

The Linux kernel itself was fixed in October 2016. Since then, Linux vendors have all released patches. Many Internet articles suggest addressing the bug by doing a general system update. While that might be fine for a test machine or Linux desktop, it isn’t ideal for a production server. This article describes how to fix the bug in the least invasive way possible – by updating the kernel only. Continue reading →

Simple Nextcloud Installation on Raspberry Pi

Posted on November 20, 2016 by Jim

177

This article explains how to install Nextcloud on the Raspberry Pi. It has been tested with the latest version of Nextcloud (20.1 at the time of writing), but should work for future versions too. It has also been successfully tested on the latest Pi hardware, the Raspberry Pi 4, and on earlier Pi versions, and on the latest OS, Raspbian/Raspberry Pi OS 10 “Buster”. Article last updated 21/6/2021.

Nextcloud is an open source software package providing remote file sharing services, similar to Dropbox. But with Nextcloud, you retain ownership, security and control of the shared data. Nextcloud works well on a Pi 2, Pi 3 and especially a Pi 4 but will run very slowly on a Pi 1.

Note: This is a manual, step-by-step procedure. If you would rather do the installation automatically, please see my recent article Automatic Nextcloud Installation on Raspberry Pi, which explains how to install Nextcloud with 3 commands. It is the quickest and easiest way to get Nextcloud running. Both procedures achieve the same overall result, however.
Continue reading →

How to Upgrade WordPress on Linux

Posted on June 25, 2016 by Jim

WordPress is a popular blogging platform and content management system. This brief article explains how to upgrade WordPress on the Linux command line. A message on your Dashboard says that a new release is available ? Proceed as follows. Continue reading →

ESXi Embedded Host Client

Posted on June 6, 2016 by Jim

*UPDATED* December 2017. The ESXi embedded host client is a web application served direct from an ESXi server that allows basic management of virtual infrastructure. It is somewhat similar in appearance to Vsphere. Vmware has released it as a “fling“, which can be easily added to an existing ESXi server as follows. NB it is recommended to try this in a lab environment rather than a production machine. Continue reading →

Linux Capabilities and Ping

Posted on May 30, 2016 by Jim

If you are running a recent version of Linux (time of writing May 2016), you might encountered this error with ping:

$ ping somehost
ping: icmp open socket: Operation not permitted

It happens because the ping binary is no longer installed with setuid root rights. It doesn’t have the required priveliges to open the socket, and fails. The quick fix is to type: Continue reading →

Protect Your Web Server With Ipset

Posted on April 18, 2016 by Jim

The Linux packet filter provides an easy way to protect against unwanted network intrusions. Often referred to simply as “iptables“, it is a basic firewall built into the Linux kernel. Iptables is most useful, perhaps, on those servers most susceptible to attack, such as LAMP systems, content management servers and blogging platforms like WordPress, especially where they are Internet facing.

Ipset is a fairly recent addition to Linux, having been introduced into kernel version 2.6.32. This means it is supported in Debian 7 and 8, as well as Red Hat 6 onwards. In short, ipset allows a large number of IP addresses to be blocked in an efficient way, as demonstrated below. Continue reading →

Linux Device Change Breaks Encrypted Swap

Posted on March 20, 2016 by Jim

Linux disk partition names such as /dev/sda1, /dev/sda2 are not as fixed as they once were. From time to time they can change. Perhaps due to a hardware change or kernel upgrade, or sometimes for no apparent reason. If and when this happens on your system, things can break. In this case, an encrypted swap partition had been configured as “/dev/sda6”, and failed to activate following a change in the /dev/sdXX partition names. This article describes the symptoms and a fix.

The article also discusses a bug affecting Ubuntu 14.04 based distributions, which can make it more difficult to recover an encrypted swap configuration broken by a device name change. Continue reading →

Debian 7 to Debian 8 Migration Gotchas

Posted on February 16, 2016 by Jim

Debian 8 (jessie) was released in April 2015, ten months ago at the time of writing. Some sites will have upgraded by now, and others might be considering the move. This article provides a list of issues encountered after upgrading several servers from Debian 7 (wheezy) to Debian 8. These are system administration issues in the most part, though some might also be of interest to application support staff. Continue reading →

Repairing and Recovering a Broken ESXi VM

Posted on January 28, 2016 by Jim

This post describes the recovery of a broken virtual machine within ESXi 5.1 (update 1). The VM was damaged in several ways: the vmxf file was missing, and so was one of the vmdk files. The system was down and not bootable due to the missing files. In addition, the root password had been lost and needed recovery. The same procedure, or parts of it, should work for other ESXi VMs. The broken VM was running Red Hat, but that barely impacts the procedure, apart from the password recovery bit. Continue reading →

Upgrading ESXi from 5.0.0 to 5.0.0 Update 3