Putting fail2ban to good use: whitelisting SSH logins

I don't like fail2ban all that much (neither do I like denyhosts or other similar software, I'm really egalitarian there), because it is based on the idea of using blacklists. Which don't work. If you don't believe me and rather believe more famous people, read http://www.codinghorror.com/blog/2007/12/blacklists-dont-work.html

mysql-server while upgrading Debian 5.0 (lenny) to 6.0 (squeeze)

I'm currently doing plenty of upgrades to Debian 6.0 for customers who tried to wait till the last moment, after all Lenny's security support ended on 9th of February, see http://www.debian.org/News/2012/20120209

"In-Place Editing" using shell redirections instead of sed

Oh, nice one from Stefan Monnier in http://lists.debian.org/debian-user/2011/10/msg01938.html:

    (rm /etc/conf.file;
     while read line; do
         echo ${line/old_word/new_word}
     done >/etc/conf.file) </etc/conf.file

Just in case your sed is not capable of the -i option and you don't want to mess with temporary files.


Help, ssh is eating up all my standard input!

If you're running ssh inside a shell script that's reading from standard input (stdin), beware that the ssh execution will drain stdin unless you use the -n option.

For example, take this loop:

while read host; do
   ssh "$host" hostname
done < /path/to/list-of-hosts

This will only loop once even if the file has multiple lines, since ssh is reading stdin attached to the whole loop and forwards it to the stdin of the "hostname" command executed on the remote host (which happily discards it, not reading from stdin at all).


GRUB 2 and extending a LVM volume group

While installing security updates in a seldomly used virtual machine, the latest kernel package was ready to be configured when I got the following error:

Setting up linux-image-2.6.32-5-amd64 (2.6.32-31) ...
Running depmod.
Running update-initramfs.
update-initramfs: Generating /boot/initrd.img-2.6.32-5-amd64
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 2.6.32-5-amd64 /boot/vmlinuz-2.6.32-5-amd64
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 2.6.32-5-amd64 /boot/vmlinuz-2.6.32-5-amd64
Generating grub.cfg ...
/usr/sbin/grub-probe: error: Couldn't find PV pv1. Check your device.map.
run-parts: /etc/kernel/postinst.d/zz-update-grub exited with return code 1
Failed to process /etc/kernel/postinst.d at /var/lib/dpkg/info/linux-image-2.6.32-5-amd64.postinst line 799.
dpkg: error processing linux-image-2.6.32-5-amd64 (--configure):
 subprocess installed post-installation script returned error exit status 2
Errors were encountered while processing:

First I didn't quite get the line about "Couldn't find PV pv1. Check your device.map", but after some time it dawned on me that "PV" might mean "physical volume", a term used by LVM. I also remembered that I extended the LVM volume group with an additional block device that I attached to the virtual machine.



Subscribe to linux.spiney.org RSS