Saturday, July 23, 2011

The Perils of TRUST - An IS Auditors Nightmare

I have worked for many years as a systems/network administrator, I have learned to live and adopt with the changing patterns of IT, which we have grown to know well. I have made enemies doing the right thing. I made friends to those enemies whom has done the wrong thing. In the end, we are rational beings tending along the stages of life. There are some science that just cannot be corrected due to its mortal beginnings and one of this truth is "TRUST"

To TRUST is to be believe that a thing, undertaking, and/or idea will work according to an individuals plans and desires. It is our belief system which we choose to adopt shall provide us the necessary cognitive apprehension of what "IS" and what "WAS". As an auditor, we are thought the high gaining values of TRUTH and HONESTY. When we learn to TRUST on something which we believe will generate a fair TRUTHFUL and HONEST outcome, we tend to relax a bit and put down our guard. This should not be the case.

TRUST is the most priced trait of an individual who PRIDES himself/herself of his accomplishment and works. Auditors are not an exemption. We are continually targeted by MALICIOUS self-centered agents of the trade. These agents DISGUISE themselves as CO-WORKERS, CLIENTS, FRIENDS and CORRUPTED POLICIES designed to harbor all the LIES and DECEIT man can think off. Therefore, it is our sworn duty to JUSTLY identify these agents and remove them from the SYSTEM. The SYSTEM is what we serve and though the SYSTEM we grow. Treat it with respect and it will reward you with peace of mind. Treat it with a twisted Intent and you are doomed to have sleepless nights.

The reason, why I find this so compelling is that I worked as a systems engineer for a good deal of time and I have learned everything there is necessary to understand what the DARK desires of an admin are and what they can do to a fellow admin.

SCENARIO:

A systems administrators builds a new server performs the necessary hardening and then performs the necessary ..... [to be continued ...]

Error during kernel upgrade: gzip: stdout: No space left on device

There are times when you will be surprised that package managers does not automatically remove older archives of the software installed. This happened to in for the first time, when one of the systems I was managing suddenly returned an exit status 1.

Removing the offensive application to free up much needed space is sure to fail! especially if the application mentioned here is a kernel.

Consider this line:
------------------------------

Setting up libcups2 (1.4.6-5ubuntu1.3) ...
dpkg: dependency problems prevent configuration of linux-image-generic:
linux-image-generic depends on linux-image-2.6.38-10-generic; however:
Package linux-image-2.6.38-10-generic is not configured yet.
dpkg: error processing linux-image-generic (--configure):
dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
dpkg: dependency problems prevent configuration of linux-generic:
linux-generic depends on linux-image-generic (= 2.6.38.10.25); however:
Package linux-image-generic is not configured yet.
dpkg: error processing linux-generic (--configure):
dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
Setting up linux-headers-2.6.38-10 (2.6.38-10.46) ...
Setting up linux-headers-2.6.38-10-generic (2.6.38-10.46) ...
Setting up linux-headers-generic (2.6.38.10.25) ...
Processing triggers for initramfs-tools ...
update-initramfs: Generating /boot/initrd.img-2.6.38-8-generic

gzip: stdout: No space left on device
E: mkinitramfs failure cpio 141 gzip 1
update-initramfs: failed for /boot/initrd.img-2.6.38-8-generic
dpkg: error processing initramfs-tools (--configure):
subprocess installed post-installation script returned error exit status 1
No apport report written because MaxReports is reached already
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Errors were encountered while processing:
linux-image-2.6.38-10-generic
linux-image-generic
linux-generic
initramfs-tools
E: Sub-process /usr/bin/dpkg returned an error code (1)


If you are guessing that /boot is in deep trouble. You are correct. Now, the tricky part is this. Issue a purge; autoremove won't do the trick because the drive no longer has enough space. What do you do next?

1. If it is a kernel (old one) that needs to be removed, look closely at your grub.conf or grub.cfg configuration and Identify the kernels you no longer need. Check the currently loaded kernel by issuing uname -r.

2. Take note of the files that needs to be moved, in our example its a debian based system so you will have to move these files: abi, config, initrd.img, System.map, vmcoreinfo, vmlinuz. Just remove/move those that you don't need.

3. Once done issue the command updatedb to update the slocate database of the filesystem

4. Now you can issue the upgrade command back and this will install the new kernel correctly.

Time Snatchers

For the not so unconventional and always looking forward admin, I have a few brewed time killers to get you, looking back at how it used to be when things aren't too serious.

Movies:

1. Pirates of the Silicon Valley -- the Apple and Microsoft love-affair
2. Revolution OS - Documentary, it highlights the advocacies of Open Source and the Free Software Foundation.
3. VODO.NET - if you are a true advocate of Creative Commons, then find the time to download there huge array of mini-series,documents and short films. This is how tv should be, the viewers chooses if-when-where-it-ends!

Books:


1. Probably not everybody's choice but worth the read: Harry Potter (Books 1-7) ain't too old to have time discussing things with the kids. It brings out the ideas in them and sponsors confidence, trust, good learning through reading. A much needed exercise is not to common these days especially for the youth of today.

2. The Art of Unix Programming: A defacto standard! Understand why Unix is still around today and what universal "chi" it has spawned through its 40 years of existence.

3. Cathedral and the Bazzar: Every known X "As" a service must have read this book. Truly worth while.


Sports/Leisure -- Family:

Going to Church, Malling, Dinning with the Family. It gives you a sense of purpose on why you have been working so hard and where it is all being poured to.

Friday, July 22, 2011

Why "curl" is way better than "wget"

I am an OLD SCHOOL admin tought from the old school class of using wget, I guess its time to move on. In this section I will highlight to you some very important key features on why curl is way too robust than wget.

Curl is better than wget for the following reasons:
1. Uses libcurl a cross platform library
2. curl sends more stuff to stdout and reads more from stdin
3. curl supports ftp, ftps, http, https, scp sftp, tftp, telnet, dict, ldap and ldaps while wget supports only http, https and ftp
4. curl has SSL support
5. libcurl supports more http authentication methods
6. Curl is bidirectional while wget offers http post support only
7. Curl has more development activities

Example:

curl -l -O http://nginx.org/download/nginx-1.0.5.tar.gz

The one advantage I see in using wget is it’s ability to download recursively.
In short curl is better and more powerful. I actually don't need to install it on most UNIX servers as curl is already available by default.


ATTRIBUTION: http://jayamorin.blogspot.com/2011/02/curl-for-wget.html

Wednesday, July 20, 2011

12 Reasons Why Every Linux System Administrator Should be Lazy

Lazy sysadmin is the best sysadmin –Anonymous

System administrators job is not visible to other IT groups or end-users. Mostly they look at administrators and wonder why sysadmins don’t seem to have any work.

If you see a sysadmin who is always running around, and trying to put down fire, and constantly dealing with production issues, you might think he is working very hard, and really doing his job. But in reality he is not really doing his job.

If you see a sysadmin (UNIX/Linux sysadmin, or DBA, or Network Administrators), who doesn’t seem to be doing much around the office that you can see, he always seem to be relaxed, and he don’t seem to have any visible work, you can be assured that he is doing his job.

The following are the 12 reasons why a lazy sysadmin is the best sysadmin.

Who is the boss? The main reason why lazy sysadmin is the best sysadmin is because of his attitude. They look at the machines little differently than how other IT departments looks at them. There is a difference between developers and sysadmins. Developers thinks they are here to serve the machines by developing code. There is nothing wrong in this approach, as developers have lot of fun developing the code. But, sysadmins think other way around. They think the machines are there to serve them. All they have to do is feed the machine and keep it happy, and let the machine do all the heavy duty job, while they can relax and just be lazy. The first step in being a lazy sysadmin is a slight change in attitutde, and letting the machine know that you are the boss.

Write scripts for repeated jobs. Being lazy means being smart. A smart sysadmin is a master in all scripting languages (bash, awk, sed, etc.,). Anytime he is forced to do some work, and if there is a remote possibility that the work might be needed in the future, he writes a script to complete the job. This way, in the future when he was requested to do the same job, he doesn’t have to think; he just have to execute the script, and get back to being lazy.

Backup everything. Being lazy means taking backup. A lazy sysadmin knows that he has to put little work in creating a backup process, and write backup scripts for all critical systems and applications. When the disk space is not an issue, he schedules the backup job for every application, even for those that are not critical. This way, when something goes wrong, he doesn’t have to break a sweat, and just have to restore from the backup, and get back to whatever lazy stuff he was doing before. This is also the rule#1 in the three sysadmin rules that you shouldn’t break.

Create a DR plan. Sysadmins doesn’t like to run around when things go wrong. When things are running smoothly, they take some time to create a DR plan. This way, when things go wrong, they can follow the DR plan and quickly get things back to normal, and get back to being lazy again.

Configure highly redundant systems. Lazy sysadmins don’t like to get calls in the middle of the night because of some silly hardware failure problem. So, they make sure all the components are highly redundant. This includes both hardware and software. They have dual network card configured, they have dual power, they have dual hard drives, they have dual of everything. This way, when one component fails, the system still keeps running, and the lazy sysadmin can work on fixing the broken component after he wakes-up in the morning.

Head room for unexpected growth. Lazy sysadmin never allows his system to run in full capacity. He always has enough head room for unexpected growth. He make sure the system has plenty of CPU, RAM and hard disk available. When the business unit decides to dump tons of data over night, he doesn’t have to think about how to handle that unexpected growth.

Be proactive. Being lazy doesn’t mean you just sit and do nothing all the times. Being lazy means being proactive. Lazy sysadmins hate being reactive. They are always anticipating issues and anticipating growth. When they have some free time in their hand, they always work on proactive projects that helps them to avoid unexpected future issues, and to handle future growth.

Loves keyboard shortcut. Lazy sysadmin knows all the keyboard shortcuts for all his favorite applications. If he spends significant time everyday on an application, the first thing he’ll do is to master the keyboard shortcut for that application. He likes to spends less them on the application to get his things done, and likes to get back to being lazy.

Command line master. Every lazy sysadmin is a command line master. This applies to Linux sysadmin, dba, network administrator, etc. If you see an administrator launching a GUI, when the same task can be done from the command line, then you know he is not a lazy sysadmin. There are two reasons why lazy sysadmin loves command line. For one, he can do things quickly at the command line. For another, it makes him feel that he is the boss and not the system. When you use the command line, you are in control, you know exactly what you want to do. When you use GUI, you are at the mercy of the GUI workflow, and you are not in control.

Learns from mistake. Lazy sysadmin never likes to make the same mistake twice. He hates to work on unexpected issues. But, when an unexpected issue happens, he works on fixing it, and thinks about why it happened, and he immediately puts necessary things in place so that the same issue doesn’t happen again. Working on the same problem twice is a sin according to lazy sysadmin. He likes to work on the problem only once, do things to prevent the same mistake from happening in the future, and get back to being lazy.

Learn new technology. There is nothing wrong in learning a new technology to get a better job, or just to keep up with technology growth. But, lazy sysadmin doesn’t learn new technology for this reason. Instead, he learns new technology because he likes to be in control of the systems all the times. He knows he is the boss, and not the machine. So, when a new technology comes, he takes time to study them. Now he has new tools that he can use to keep the system busy, while he continue to be lazy. He learns new technology just for selfish lazy reason.

Document everything. Not every lazy sysadmin does this. Only the best lazy sysadmins does this. You see, lazy sysadmin never likes to be disturbed when he is on the beach enjoying his vacation. So, what does he do? He documents everything, so that when he is not around, other junior sysadmins can do the routine job, and get things moving without disturbing his vacation. There is also another reason for the lazy sysadmin to document everything; because he forgets things. Since he is lazy, he tends to forget what he did a month ago. Since he never likes to think and research the same topic twice, he documents everything, and when he needs to do the same thing in the future, he goes back to his documentation to understand what he did earlier.

Probably you are now convinced that begin a lazy sysadmin is not that easy. It is lot of hard work. If you are not a sysadmin, you can now appreacie a lazy sysadmin when you see one. If you are sysadmin, and always running around, now you know what you need to do to be lazy.

ATTRIBUTION: TechRepublic from one of their recent news 2011 copyright.

Tuesday, July 12, 2011

CentOS 6.0 is here

Waiting for the arrival of branch release updates for the 6.1 version. Took, some time for CentOS community to put this up. So, what is in-store for us? Plenty of new features something to look forward if you plan to move your apps and projects to be hosted on this platform. The links provided below will give you a wealth of information what to expect.

http://www.centos.org/
http://isoredirect.centos.org/centos/6/isos/
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.0_Release_Notes/index.html