Stuff I'm Up To

Technical Ramblings

Debian Stretch NTP Time Sync — May 16, 2018

Debian Stretch NTP Time Sync

No more messing about with installing ntp. Just a simple edit of what ntp servers to use.

Internally my ntp fails and reports regularly in syslog:

May 16 14:07:05 testserver systemd-timesyncd[394]: Timed out waiting for reply from 134.0.16.1:123 (3.debian.pool.ntp.org).

Which isn’t surprising as we don’t allow internal services access to external services. So we need to tell the system what servers to use.

$ sudo vi /etc/systemd/timesyncd.conf

add in your own space separated list of servers:

NTP=192.168.1.55 192.168.1.108

Restart the timesyncd service daemon:

$ sudo systemctl restart systemd-timesyncd

And in syslog you’ll see:

May 16 14:17:01 testserver systemd[1]: Stopping Network Time Synchronization...
May 16 14:17:01 testserver systemd[1]: Stopped Network Time Synchronization.
May 16 14:17:01 testserver systemd[1]: Starting Network Time Synchronization...
May 16 14:17:01 testserver systemd[1]: Started Network Time Synchronization.
May 16 14:17:02 testserver systemd-timesyncd[10047]: Synchronized to time server 192.168.1.55:123 (192.168.1.55).
May 16 14:17:02 testserver systemd[9968]: Time has been changed
May 16 14:17:02 testserver systemd[1]: Time has been changed

 

Advertisements
Proftpd and LDAP / Active Directory — May 10, 2018

Proftpd and LDAP / Active Directory

We’ve had a vsftpd server for a while and it’s performed very well for us. But it would appear that it’s not actively maintained. This may not be a problem as it still currently works just fine and we don’t have any obvious vulnerabilities with it, but as the OS it’s running on is Wheezy we need to move on at least up to Stretch. So I figured I’d try deploying a new server but configured with proftpd.

Continue reading

Repository Not Trusted — May 8, 2018

Repository Not Trusted

On a Wheezy box I saw this but was able to continue by answering yes to ignore the authentication warning.

WARNING: The following packages cannot be authenticated!

On a Stretch system, no can do. Apt was blocked from downloading updates.

W: The repository 'http://ftp.uk.debian.org/debian stretch/updates Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://security.debian.org/debian-security stretch/updates Release' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

First i thought someone forgot to update their repository keys.

$ sudo apt-key update

Nope. Still not downloading updates.

So I tried download the Release file myself using wget – success. So then I tried to download the Release.gpg file using wget – failed with an HTTP status code 500!

I could download all the files apart from the .gpg file. I checked the corporate proxy for errors and sure enough the .gpg files are being picked up by the Anti-Virus scanning. So a quick addition of a filter exception to disable the virus scanning for the Debian repository and my servers start updating again.

 

 

Access DFS Shares from Linux — March 27, 2018
vi – Visual Mode — February 15, 2018

vi – Visual Mode

I’m sure when using a mouse in a text terminal the visual mode of vi/vim is useful, but I can never figure it out. In fact it prevents me from copying from a vi terminal in a window.

To temporarily disable mouse visual mode in a window, so you can copy your text it’s as simple as hold the SHIFT key down whilst selecting text with your mouse. Or you can disable it in that vi session by typing :set mouse-=a

To permanently disable visual mode in your session create or add the following to your ~/.vimrc file

set mouse-=a

If you need to do this for whilst using vi/vim under sudo, you’ll have to add the above into /root/.vimrc.

Systemd and systemctl services — November 1, 2017

Systemd and systemctl services

I know it’s not all that new, but not something I’ve spent much time working with. Previously using init.d to enable/disable systems services. Today I remove a program from my system and purged the config files. But it left behind a service in a failed condition. Of course it failed. I just removed all the files and config.

Using systemctl I could see my magicbox service still there and failed.

$ systemctl status magicbox.service                                   
● magicbox.service - Magic Box process
   Loaded: loaded (/usr/lib/systemd/system/magicbox.service; enabled; ven
   Active: failed (Result: exit-code) since Wed 2017-11-01 13:36:57 GMT; 1min 9s
  Process: 839 ExecStart=/opt/magicbox/embedded/bin/start (code=exited, s
 Main PID: 839 (code=exited, status=203/EXEC)

Thankfully the clue is in the output. It tells me where the .service file is on the Loaded: line. So to tidy up I followed part of the guidance I found here:

https://superuser.com/questions/513159/how-to-remove-systemd-services

$ sudo systemctl disable [servicename]
$ sudo rm /etc/systemd/system/[servicename]
$ sudo systemctl daemon-reload
$ sudo systemctl reset-failed

But bear in mind that the service I want isn’t located there. It’s under /usr/lib/systemd/system so I needed to remove that file instead.

References

https://manpages.debian.org/jessie/systemd/systemd.unit.5.en.html – See table 1

https://medium.com/@johannes_gehrs/getting-started-with-systemd-on-debian-jessie-e024758ca63d

Fun with NTP — October 4, 2017

Fun with NTP

One of our Debian servers had a large time discrepancy. Turned out NTP wasn’t installed or working.

After I installed ntp I still wasn’t seeing a time update. Probably because I was more than 30 minutes adrift. So I had to force an ntp update.

Install ntp and set the servers in the .conf to match your ntp servers.

$ sudo apt-get install ntp
$ sudo vi /etc/ntp.conf

Then force a time update

$ sudo systemctl stop ntp.service
$ sudo ntpd -gq
$ sudo systemctl start ntp.service

The ntpd may take a while before dropping you back to the prompt.

SMB mount error(112): Host is down — August 3, 2017

SMB mount error(112): Host is down

Whilst trying to mount a Windows (cifs) volume onto my Linux workstation I encountered the following error:

$ sudo mount -t cifs -o user=mylogon //myserver/myshare /mnt/mountpoint 
Password for mylogon@//myserver/myshare: ***********
mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

As ever with Windows I suspected the SMBv1 disabled problem and wasn’t disappointed to discover this was precisely the issue.

Continue reading

Owncloud 10.0 Upgrade — July 24, 2017
apt-get – Hash Sum mismatch — June 30, 2017

apt-get – Hash Sum mismatch

I tried to run some updates on my workstation today and it failed with a Hash Sum mismatch.

$ sudo apt-get update

W: Failed to fetch http://www.deb-multimedia.org/dists/jessie/main/i18n/Translation-en Hash Sum mismatch

W: Failed to fetch http://www.deb-multimedia.org/dists/jessie/non-free/i18n/Translation-en Hash Sum mismatch

E: Some index files failed to download. They have been ignored, or old ones used instead.

Continue reading

MySQL 5.7 — September 20, 2016

MySQL 5.7

With a Debian Jessie install right now you’ll be getting MySQL 5.5. If you want something newer you’ll need to use MySQL’s own repositories by adding them to your apt sources.

The install works pretty seamlessly. Just make sure you follow the guide. Step 1 a) download the repository setup: http://dev.mysql.com/downloads/repo/apt/

Once done it’s a simple case of dpkg install it and then update the repos and install/upgrade your MySQL server.

Source: http://dev.mysql.com/doc/mysql-apt-repo-quick-guide/en/