Archive for the ‘ubuntu’ Category

PHP locale not working in Ubuntu

Tuesday, September 24th, 2013

I was working with Laravel 4 and trying to format Carbon object dates according to locale. However App::setLocale(‘et_EE’) did not have any effect. Going lower level and setting setlocale(LC_ALL, ‘et_EE’) did not change locale either. Carbon uses under formatLocalized method PHP strftime so issue relates to this also. Some have suggested to use

utf8_encode(strftime("%A, %d de %B",time()));

But it is not perfect solution either.

It turns out that OS must support the locale. You can check all available locales in your machine with

locale -a

If your webapp supported locales are missing then add these with command

locale-gen en_US et_EE

Removing locales is easy also, just add –purge to the command, which removes all other locales and keeps only the ones you specify.

locale-gen --purge en_US et_EE

I had another specific issue with locale et_EE, by default it is encoded in ISO-8859-15 ( et_EE.iso885915 ). If all application is in UTF-8 then dates will have special chares ÜÕÖÄ corrupted. To force UTF-8 only ( et_EE => et_EE.utf8 ) I had to make changes in this file

/usr/share/i18n/SUPPORTED

and edit there line et_EE ISO-8859-15 to et_EE UTF-8

 

 

How to download ca certificate chain

Thursday, January 10th, 2013

It might happen that some machine has missing CA chain certificates and you get error

OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
 Unable to establish SSL connection.

If accessing the specific URL in browser works without warning then you can export and download CA certificate chain

In Firefox right-click > View Page Info > Security > View Certificate > Details . There you see Certificate hierarchy and can export each certificate in chain individually.  Depending on OS you need to add these certificate in PEM format ti /etc/pki/tls/cert.pem or similar.

See more useful tricks about SSL here.

Application code deployment from SVN with fast and simple rollback

Wednesday, November 28th, 2012

Most important thing in every new release is the rollback procedure. Once you discover issues in new version then you need to be able to swithc back to previous version until you work on a fix. I have developed shell script to handle the automated deployment process and which allows quick and simple rollbacks if there are no database changes that dont allow easy rollback. Main idea is to

  • download code from SVN, GIT or similar
  • copy all code to new folder
  • replace all configuration with environment related conf
  • use symlink to switch between code versions

Here is example script that handles the automated deployment for you  (more…)

Access virtualbox shared folders from Ubuntu and fix ruined ubuntu installation.

Sunday, August 19th, 2012

If you are running Ubuntu virtualbox guest then you cannot access the shared folder under /media/shared with regular user. However you can fix this by adding your user to vboxsf additional group.

Important! make sure you append the additional group so that other groups are not removed! Run te command below as exactly as seen and replace you username. If the permission is not applied immediately then reboot.

usermod -a -G vboxsf username

In case you forgot flag -a then it is bad but not hopeless 🙂 (more…)

Recover virtualbox guest from failing snapshot

Sunday, August 12th, 2012

When making snapshot of running virtualmachine guest the process got stuck and left below traces in logfile. I had to kill hte snapshot process and reboot machine to continue.

vboxmanage snapshot mymachine take initial
00:00:14.576 PCNet#0: The link is back up again after the restore.
00:03:47.980 Changing the VM state from 'RUNNING' to 'RUNNING_LS'.
00:03:48.014 
00:03:48.014 !!R0-Assertion Failed!!
00:03:48.014 Expression: <NULL>
00:03:48.014 Location  : /build/buildd/virtualbox-4.1.12-dfsg/src/VBox/VMM/VMMAll/PGMAllBth.h(1458) void pgmR0BthEPTProtSyncPageWorkerTrackDeref(PVMCPU, PPGMPOOLPAGE, RTHCPHYS, uint16_t, RTGCPHYS)
00:03:48.014 HCPhys=00000000d5a37000 wasn't found!

After  reboot i see:

# vboxmanage list vms
"<inaccessible>" {d1d42d8a-38ed-4d6d-95a1-356d2896ff26}

(more…)

sh: 2: Syntax error: newline unexpected

Sunday, August 5th, 2012

Error happened when running perl script on Ubuntu machine after coping it from another.

Issue must have been caused by different encodings and was resolved by removing newline in the middle of the command.

        # Monthly Backup
        system("$MYSQLDUMP --user=$DB_USER --password='$DB_PASS' $db_name >
$BACKUP_DIR/$db/${db}_monthly_$datestamp.sql");

Changed to

         # Monthly Backup
         system("$MYSQLDUMP --user=$DB_USER --password='$DB_PASS' $db_name > $BACKUP_DIR/$db/${db}_weekly_$datestamp.sql");

Creating VM-s via CLI using VBoxManage

Sunday, July 29th, 2012

If you happen to setup virtual machines to remote server then you might not have good access to graphical interface to use the VirtualBox graphical interface but you have to be able to manage using CLI. This gives you even more flexibility but needs some time until you can figure out what and how to do.

First create virtualmachine and register it with virtualbox.

VBoxManage createvm --name myvirtmachine --register

Create harddisk for this virtualmachine

VBoxManage createhd --filename myvirtmachinedisk --size 100000

Set some useful params for tis virtual machine

VBoxManage modifyvm myvirtmachine--ostype Ubuntu_64 --memory 2048 --cpuhotplug on --cpus 2 --nic1 bridged --bridgeadapter1 eth0

Create storage controller for virtual machine

VBoxManage storagectl myvirtmachine --name myvirtmachinestoragectl --add sata

Attach installation media into DVD drive to this storage controller. In this case i have downloaded previously the ubuntu isntaller CD

VBoxManage storageattach myvirtmachine --storagectl myvirtmachinestoragectl --port 0 --type dvddrive --medium ../ubuntu-12.04-server-amd64.iso

Attach HDD to this storage controller

VBoxManage storageattach myvirtmachine --storagectl myvirtmachinestoragectl --port 1 --type hdd --medium myvirtmachinedisk.vdi

Now you are ready to start the VM. First command is without vnc access, another has vnc access and you can get the access to console by opening vnc session to host machine.

VBoxHeadless -startvm myvirtmachine --vrde off
VBoxHeadless -startvm myvirtmachine --vnc --vncpass 12345

Observations of Roboo usability and effectiveness agains DDOS

Thursday, October 20th, 2011

Before taking Roboo into use for protection against DDOS it is needed to take a look into cons and pros of it.

Firstly nothing comes without drawbacks and sideeffects. Here are some that you need to consider.

  • Searchengine crawlers have trouble indexing site. You never want that.
  • Webservice clients have issues. Api calls might breaks and SVN server over https does not work well.
  • Developers http://www.ecl-labs.org website by itself is not using the Roboo.

Good whitelisting plan must be developed to combat valid non-browser interactions.

I did some quick bruteforce analysis of performance  with 3 virtualmachines on vmware. Target was simple vulnerable web application WackoPicko used to test web application vulnerability scanners 1 core 1GB RAM. Roboo machine was ubuntu server 1 core, 1GB RAM. Third was more powerful server where httperf was run. All of these machines were run inside one physical server on vmware ESXi.

Here are the testing results: (more…)

Find files containing string in Ubuntu

Wednesday, October 12th, 2011

Use following command to find all files that contain some specific string.

find . -exec grep -l “string to find” {} \;

“find .” means find from current directory

“-exec” action for find command executes command that follows until “;” is encountered

“grep -l” looks for strings in files and flag “-l” means that display file name instead of matching line

curly brackets “{}”  are replaced on runtime with filename that was found

“\;” means that command to be executed when file is found ends

If you get

find: missing argument to `-exec'

Then you have to add the space between {} and \;

 

Install Roboo to Ubuntu for DDOS protection.

Sunday, September 25th, 2011

I was fortunate enough to take part in Black Hat 2011 EU where was first public presentation of Roboo the HTTP mitigator http://www.ecl-labs.org/2011/03/17/roboo-http-mitigator.html. What is less fortunate is that it can be a pain to install, mostly because of dependency on perl modules. I have tried it a few times and present my experience in here.

Get yourself roboo which comes as a nginx module written in perl. Also get nginx example configuration. Newest versions are available in github https://github.com/yuri-gushin/Roboo. Place these files to those locations

/etc/nginx/nginx.conf
/opt/local/share/nginx/Roboo.pm
To avoid problem below modify first line of nginx.conf and change user nobody to www-data for example:
Starting nginx: [emerg]: getgrnam("nobody") failed in /etc/nginx/nginx.conf:1
configuration file /etc/nginx/nginx.conf test failed

It is tempting to install nginx from reposotory but you will get error.

Starting nginx: [emerg]: unknown directive "perl_modules" in /etc/nginx/nginx.conf:10
configuration file /etc/nginx/nginx.conf test failed

(more…)