Category Archives: GNU Red Hat

Moving to a new hard drive

Lets say you want to migrate your system to a new hard drive.
Of course the best practice is to buy a hard drive with the exact same size. This will save you problems.

I think instead of changing the files where disk UUIDs reside just swap UUIDs between the old and new disk.

invalid partition -- table wrong signature 0
This means something went wrong with the partition table and you want to use fdisk to write a valid partition table.

Prelinking

There is an extensive discussion about benefits and disadvantages of this features.
I have decided to disable it.

1. open “/etc/sysconfig/prelink” in a text editir (such as vi)
2. you should see this line: PRELINKING=yes
3. change ‘yes’ to ‘no’
4. save the change you just made & exit the text editor
5. manually run “/etc/cron.daily/prelink” as root.
6. prelinking is now disabled and will not reactivate the next time you reboot.

Bluetooth: Error in firmware loading

Bluetooth: Error in firmware loading err = -110

So this is my story. My new laptop comes with Atheros AR9565.
This one has integrated wifi and bluetooth which causes problems.
My BT mouse was working fine, but suddenly disconnected to never come back even after multiple reboots.
Thanks to Fahad the solution was to create a file e.g. bluetooth-coe-fix.conf in /etc/modprobe.d with this single line:
options ath9k btcoex_enable=1
Reboot and voila!
Related bug report.

Shellshock bash bug

Test your vulnerability by executing this in your terminal
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
and this
env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("
If you can see word “vulnerable” it means your system is vulnerable to this bug and you should update your system asap.

Long time ago I was encouraged by my friends to use ZSH instead. This shell is not affected by this bug, but still you will have a lot of scripts in your system that by default call for bash, so you should still update your system.

Directly plenty of webservers and DHCP servers were affected. Whatever was exposed to the Internet is potentially compromised, so please check your firewall logs and system logs.

Hah. When I turned on my Raspbmc I have noticed a notification “Patching bash vulnerability”. Auto update is enabled on it. :)

Simple bash colouring

for root:
PS1=’\[\033[1;36m\][\A]\[\033[0;31m\]\u\[\033[0;32m\]@\[\033[1;34m\]\h\[\033[0m\]:\w \[\033[0;31m\]# \[\033[m\]’

for a regular user:
PS1=’\[\033[1;36m\][\A]\[\033[m\]\u@\[\033[1;34m\]\h\[\033[0m\]:\w \[\033[m\] $ ‘

Don’t ask about the details just use it.
More info here.

NFS easy way

Server:
yum install nfs-utils nfs-utils-lib

systemctl enable nfs-server.service

/etc/exports
/home/homebkp 192.168.0.20(rw,sync,no_root_squash)

exportfs -av
systemctl restart nfs.service
systemctl status nfs-server.service

iptables -L -n
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
iptables-save > backup.dump
iptables-restore < backup.dump

Client:
yum install nfs-utils nfs-utils-lib

mount -t nfs 192.168.0.10:/home/homebkp /mnt/server

k3b

Unfortunately k3b is not smart enough to tell you what is the actual problem.
It will say “Please insert an empty medium” even if there is actually an empty medium inside, but of wrong size e.g. CD instead of DVD.

It is much easier to troubleshoot similar dummy problems with Xfburn.

Who has root permissions?

grep 'x:0:' /etc/passwd
Again, you shouldn’t do this but to check if the user is a member of the root group:
grep root /etc/group
To see if anyone can execute commands as root, check sudoers:
cat /etc/sudoers
To check for SUID bit, which allows programs to be executed with root privileges:
find / -perm -04000

Not able to connect via SSH

skx@lappy:~$ ssh 192.168.1.199 -l root
ssh_exchange_identification: Connection closed by remote host

Most likely someone has messed up the permissions. Do this:
chmod 600 /var/run/sshd
chmod 600 /etc/ssh/ssh_host_*

RedHat, CentOS
/etc/init.d/sshd restart
OR
service sshd restart
Debian
/etc/init.d/ssh restart
OR
service ssh restart

Fedora bugs yeah!

Fedora developers have just came back from their holiday:

Justin M. Forbes 2014-02-24 08:54:07 EST

*********** MASS BUG UPDATE **************

We apologize for the inconvenience. There is a large number of bugs to go through and several of them have gone stale. Due to this, we are doing a mass bug update across all of the Fedora 20 kernel bugs.

Fedora 20 has now been rebased to 3.13.4-200.fc20. Please test this kernel update and let us know if you issue has been resolved or if it is still present with the newer kernel.

If you experience different issues, please open a new bug report for those.

Package integrity

lists all the known and accepted keys in YUM
rpm -qa gpg-pubkey*
gives you more details about a particular key
rpm -qi gpg-pubkey-xxxxxxx-xxxxxxx | grep Summary
so if you don’t know it or don’t like it just phase it out:
rpm -e gpg-pubkey-xxxxxxx-xxxxxxx

Veryfying any software package with GnuPG and signature file
Downloading the public key of the person that has signed the package and verification
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0x00000000000
gpg --fingerprint 0x00000000000

Check on the website where the person publishes its gpg fingerprint and compare.
gpg --verify signature-file.asc software-package.tar.xz
You should get “Good signature” if correct

GPG reminder:
gpg --list-keys
gpg --keyserver hkp://pgp.mit.edu --search-keys [name]
gpg --delete-key

Privacy in Linux

To be honest after a while I have noticed these repositories on my system:
adobe-linux-x86_64.repo
dropbox.repo
google-chrome.repo
google-talkplugin.repo
Doesn’t it look like a bunch of well known corporations?
I have added them myself while trying to achieve some other tasks.
I have removed them.

The other thing I want to get rid of is Adobe Flash Player, Skype and TeamViewer.
Skype and TeamViewer is already gone. You can replace heavy Skype with Google Hangout (I am not saying that it is more secure, but at least executes itself from the browser as plugin not as another application).
Finally Adobe Flash Plugin can be replaced with gnash and lightspark.

The other repositories I am concerned of is RPMFUSION that gives you a lot of stuff, but who knows what non-free software do they distribute. After reading this article we can believe that their genuine intentions are long lasting. I wish them all the best then.

The last corporation thing that stays with me is Dropbox.