Top Nav

Archive | Ubuntu

Make vi Work On Ubuntu

Posting this because I always forget and have to goggle for the answer. The default “vi” installed with Ubuntu has terminal emulation problems on both Ubuntu Desktop and through putty. The fix is simple … install “vim” …

0

Dirty Cow Vulnerability (CVE-2016-5195)

On October 19, 2016, a privilege escalation vulnerability in the Linux kernel was disclosed. The bug is nicknamed Dirty COW because the underlying issue was a race condition in the way kernel handles copy-on-write (COW). Dirty COW has existed for a long time — at least since 2007, with kernel version 2.6.22 — so the vast majority of servers are at risk.

Exploiting this bug means that a regular, unprivileged user on your server can gain write access to any file they can read, and can therefore increase their privileges on the system. More information can be found on CVE-2016-5195 from Canonical, Red Hat, and Debian.

Fortunately, most major distributions have already released a fix. You can follow this tutorial to see if your server is vulnerable and to apply updates as needed.

Check Vulnerability

Ubuntu/Debian

To find out if your server is affected, check your kernel version.

  • uname -rv

You’ll see output like this:

Output

If your version is earlier than the following, you are affected:

  • 4.8.0-26.28 for Ubuntu 16.10
  • 4.4.0-45.66 for Ubuntu 16.04 LTS
  • 3.13.0-100.147 for Ubuntu 14.04 LTS
  • 3.2.0-113.155 for Ubuntu 12.04 LTS
  • 3.16.36-1+deb8u2 for Debian 8
  • 3.2.82-1 for Debian 7
  • 4.7.8-1 for Debian unstable

CentOS

Some versions of CentOS can use this script provided by RedHat for RHEL to test your server’s vulnerability. To try it, first download the script.

  • wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh

Then run it with bash.

  • bash rh-cve-2016-5195_1.sh

If you’re vulnerable, you’ll see output like this:

Output

Fix Vulnerability

Fortunately, applying the fix is straightforward: update your system and reboot your server.

On Ubuntu and Debian, upgrade your packages using apt-get.

  • sudo apt-get update && sudo apt-get dist-upgrade

You can update all of your packages on CentOS 6 and 7 with sudo yum update, but if you only want to update the kernel to address this bug, run:

  • sudo yum update kernel

Right now, we’re still waiting on a fix for CentOS 5. In the interim, you can use this workaround from the Red Hat bug tracker.

Finally, on all distributions, you’ll need to reboot your server to apply the changes.

  • sudo reboot

Conclusion

Make sure to update your Linux servers to stay protected from this privilege escalation bug.

0

Fix Completion In Shell On Ubuntu

Sometimes with a new user on Ubuntu I find that filename auto-completion is missing in the shell. I found two issues that cause this:

1. Ubuntu sets new users to /bin/sh which is a very limited shell. So first step is to change the user to /bin/bash:

2. The /etc/bash.bashrc has filename completion disabled by default. Edit this file and un-comment the appropriate lines. Here’s what it looked like on one server:

So I changed to:

Upon login the new user should now have filename completion features.

Also note that by default “vi” is handicapped. Here’s how to upgrade to a full feature set:

http://blogs.reliablepenguin.com/2013/10/25/fix-vi-ubuntu

0

Fix vi On Ubuntu

Some times I’ll run into an Ubuntu install where “vi” does not work as expected. For example the backspace and arrow keys will in insert mode will add characters. Turns out Ubuntu installs vim-tiny by default which is a stripped down (and historically compatible) version of vi. The solution is just to install the full version:

1

Manage Apache Modules On Ubuntu

Configuration for enable modules is stored in:

/etc/apache2/mods-enabled

Available but inactive modules are stored in:

/etc/apache2/mods-available

A module can be enabled with:

Where [modulename] is the module to be enabled.

For example:

will enable the rewrite module.

A module can be disabled in a similar fashion with:

Don’t forget to restart apache after making changes with:

0