Tag: Sysadmin

Increase your Linux server Internet speed with TCP BBR congestion control

Posted on in Categories Cloud Computing last updated July 22, 2017

I recently read that TCP BBR has significantly increased throughput and reduced latency for connections on Google’s internal backbone networks and google.com and YouTube Web servers throughput by 4 percent on average globally – and by more than 14 percent in some countries. The TCP BBR patch needs to be applied to the Linux kernel. The first public release of BBR was here, in September 2016. The patch is available to any one to download and install. Another option is using Google Cloud Platform (GCP). GCP by default turned on to use a cutting-edge new congestion control algorithm named TCP BBR.

Download of The Day: Fedora Linux 26

Posted on in Categories Linux News last updated July 11, 2017

Fedora 26 with KDEFedora Linux version 26.0 has been released ( jump to download ) after many months of constant development and available for download in various media format. Fedora 26 is a free and open source operating system includes various new features such as GCC 7, Golang 1.8, Python 3.6, DNF 2.0, OpenSSL 1.1.0 and more. Fedora 26 runs on both ARM servers and desktop boards too.

How to fix IPMI KVM JAVA BMCMD5withRSA and is treated as unsigned error

Posted on in Categories Datacenter, Hardware last updated July 8, 2017

Like any good sysadmin, I kept my servers and desktop side up to date and patched all the time. However, recent Java updates have broken my IPMI KVM Java Applets on Dell, IBM, HP, Supermicro and FreeNAS mini servers. You will get an error that read as follows:

Unsigned application requesting unrestricted access to system. The following resource is signed with a weak signature algorithm MD5withRSA and is treated as unsigned.

Why port 80 (HTTP) reported as open by nmap when it is closed?

Posted on in Categories Security last updated July 2, 2017

Why are some ports reported as open by nmap?
I recently setup a small server which is running Debian 9. The purpose of this machine is to run OpenVPN server on port 443 to bypass censorship. It runs the following services and nothing else:

  1. Squid on private IP belongs to VPN pool (10.8.0.1:3128)
  2. SSH on private IP belongs to VPN pool (10.8.0.1:22)
  3. DNS resolver on private IP belongs to VPN pool (10.8.0.1:53)
  4. OpneVPN on public IP port 443 (server_public_ip_address:443)

Linux security alert: Bug in sudo’s get_process_ttyname() [ CVE-2017-1000367 ]

Posted on in Categories Security last updated May 31, 2017

CVE-2017-1000367
There is a serious vulnerability in sudo command that grants root access to anyone with a shell account. It works on SELinux enabled systems such as CentOS/RHEL and others too. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. Patch your system as soon as possible.

Alpine Linux 3.6.0 has been released

Posted on in Categories Linux News last updated May 27, 2017

Alpine Linux 3.6.0 released
Alpine Linux version 3.6 has been released. Alpine Linux is built around musl libc and busybox. This makes it smaller and more resource efficient than traditional GNU/Linux distributions. A container requires no more than 8 MB, and a minimal installation to disk requires around 130 MB of storage. Not only do you get a fully-fledged Linux environment but a large selection of packages from the repository. Alpine Linux was designed with security in mind. The kernel is patched with an unofficial port of grsecurity/PaX, and all userland binaries are compiled as Position Independent Executables (PIE) with stack smashing protection. These proactive security features prevent exploitation of entire classes of zero-day and other vulnerabilities.

7 Awesome ChatOps Open Source Software For Conversation-driven Development and Management

Posted on in Categories Open Source last updated May 24, 2017

A software bot is nothing but a set of scripts or an independent program that connects to web services or chat services as a client to perform automated functions. Often, bots are deployed from a server. It runs in background and performer various activities such as giving out information, providing an answer to common questions, deleting spam and much more. Here is a list of 7 of them that you must know.
Continue reading “7 Awesome ChatOps Open Source Software For Conversation-driven Development and Management”