command lines for aws and gcloud: 2014

Thursday, September 25, 2014

CVE-2014-6271, CVE-2014-7169 Bash Vulnerability

more on https://shellshocker.net/

CVE-2014-6271 remote execution code through bash.
CVE-2014-7169 incomplete fix for CVE-2014-6271

Ubuntu : http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169.html (4.2-2ubuntu2.3, 4.3-7ubuntu1.2)
Red Hat :https://access.redhat.com/security/cve/CVE-2014-7169
Red Hat: https://access.redhat.com/articles/1200223
Debian : https://security-tracker.debian.org/tracker/CVE-2014-7169
CentOS: https://www.conoha.jp/blog/tech/3490.html (Japanese)
CoreOS: https://coreos.com/blog/security-update-shellshock/
Mac OS X: http://showterm.io/c96936f54f88c4475737d (need XCode)

FOR UBUNTU:

Remarks: CVE-2014-7169 has no patches yet !!! (9/24/2014)
(9/26/2014) Ubuntu patch for CVE-2014-7169

for ubuntu, just use following command to upgrade bash

$ sudo apt-get update && sudo apt-get install bash

## check your bash version with

$ dpkg -s bash | grep Version
Version: 4.2-2ubuntu2.3

or

$ dpkg -s bash | grep Version
Version: 4.3-7ubuntu1.2

if your bash is patched, you will see no "echo" for 'vulnerable' as bellow;

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test

FOR CENTOS

CentOS7 bash-4.2.45-5.el7_0.4 CentOS6 bash-4.1.2-15.el6_5.2 CentOS5 bash-3.2-33.el5_11.4

Tuesday, August 19, 2014

after you install openstack on Ubuntu 14.04 server, you can use following nova commands

root@ssd:~# nova --os-username=admin --os-tenant-name=admin --os-auth-url="http://10.0.1.100:5000/v2.0/" usage
OS Password:
Usage from 2014-07-23 to 2014-08-21:
+---------+--------------+-----------+---------------+
| Servers | RAM MB-Hours | CPU Hours | Disk GB-Hours |
+---------+--------------+-----------+---------------+
| 2 | 556.80 | 1.09 | 1.09 |
+---------+--------------+-----------+---------------+

root@ssd:~# nova --os-username=admin --os-tenant-name=admin --os-auth-url="http://10.0.1.100:5000/v2.0/" --version
2.17.0

Tuesday, August 12, 2014

no password for CoreOS to login as username: core (on AWS EC2)

ming➜~/.ec2» ssh -i turboteam.pem root@54.64.18.203 [16:45:05]
root@54.64.18.203's password:
Permission denied, please try again.
root@54.64.18.203's password:
Permission denied, please try again.
root@54.64.18.203's password:
Connection closed by 54.64.18.203
ming➜~/.ec2» ssh -i turboteam.pem root@54.64.18.203 [16:54:17]
root@54.64.18.203's password:
Permission denied, please try again.
root@54.64.18.203's password:
Permission denied, please try again.
root@54.64.18.203's password:
Permission denied (publickey,password,keyboard-interactive).
ming➜~/.ec2» [16:54:27]
ming➜~/.ec2» ssh -i turboteam.pem root@54.64.18.203 [16:54:28]
root@54.64.18.203's password:

ming➜~/.ec2» ssh -i turboteam.pem core@54.64.18.203 [16:54:45]
CoreOS (beta)

A couple ways to launch an EC2 on AWS from remote.

Vagrant (https://github.com/mitchellh/vagrant-aws)
Apache Mesos (https://elastic.mesosphere.io/) 3-steps.
Vagrant + Mesos (https://github.com/everpeace/vagrant-mesos#sec2)
using jcloud library (https://jclouds.apache.org/guides/aws-ec2/)
???

Thursday, July 31, 2014

install VirtualBox on uBuntu server (no test on AWS EC2)

sudo sh -c "echo 'deb http://download.virtualbox.org/virtualbox/debian '$(lsb_release -cs)' contrib non-free' > /etc/apt/sources.list.d/virtualbox.list" && wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add - && sudo apt-get update && sudo apt-get install virtualbox-4.3 dkms

Wednesday, July 23, 2014

how to install docker on AWS EC2 CentOS instance.

sudo yum -y install docker-io

sudo service docker start

sudo chkconfig docker on

test to create an ubuntu container

sudo docker run -it ubuntu sh

<demo>

[ec2-user@ip-172-31-27-45 ~]$ sudo yum -y install docker-io

Loaded plugins: priorities, update-motd, upgrade-helper

amzn-main/latest | 2.1 kB 00:00

amzn-updates/latest | 2.3 kB 00:00

mongodb | 951 B 00:00

Package docker-1.0.0-1.15.amzn1.x86_64 already installed and latest version

Nothing to do

[ec2-user@ip-172-31-27-45 ~]$ sudo service docker start

Starting cgconfig service: [ OK ]

Starting docker: [ OK ]

[ec2-user@ip-172-31-27-45 ~]$ sudo chkconfig docker on

[ec2-user@ip-172-31-27-45 ~]$ sudo docker run -it ubuntu sh

Unable to find image 'ubuntu' locally

Pulling repository ubuntu

ba5877dc9bec: Download complete

511136ea3c5a: Download complete

9bad880da3d2: Download complete

25f11f5fb0cb: Download complete

ebc34468f71d: Download complete

2318d26665ef: Download complete

# uname -a

Linux d5d4e7e0ea4e 3.10.38-49.136.amzn1.x86_64 #1 SMP Mon May 5 18:28:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

# df

Filesystem 1K-blocks Used Available Use% Mounted on

/dev/mapper/docker-202:1-147559-d5d4e7e0ea4e50bff40e7e53a4106e2c238066811bbebbe86020f1c7cce987dd 10190136 228364 9421100 3% /

tmpfs 303460 0 303460 0% /dev

shm 65536 0 65536 0% /dev/shm

/dev/xvda1 8125880 7426032 599580 93% /etc/hosts

tmpfs 303460 0 303460 0% /proc/kcore

# exit

[ec2-user@ip-172-31-27-45 ~]$ uname -a

Linux ip-172-31-27-45 3.10.38-49.136.amzn1.x86_64 #1 SMP Mon May 5 18:28:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

[ec2-user@ip-172-31-27-45 ~]$ df

df: ‘/var/lib/docker/devicemapper’: Permission denied

Filesystem 1K-blocks Used Available Use% Mounted on

/dev/xvda1 8125880 7426012 599600 93% /

devtmpfs 287060 52 287008 1% /dev

tmpfs 303460 0 303460 0% /dev/shm

Thursday, July 3, 2014

Error: couldn't connect to server 127.0.0.1:27017 (127.0.0.1), connection attempt failed at src/mongo/shell/mongo.js:146


MongoDB shell version: 2.6.3

connecting to: test

2014-07-01T15:34:46.151+0800 warning: Failed to connect to 127.0.0.1:27017, reason: errno:113 No route to host

2014-07-01T15:34:46.153+0800 Error: couldn't connect to server 127.0.0.1:27017 (127.0.0.1), connection attempt failed at src/mongo/shell/mongo.js:146

exception: connect failed





SOLUTION:



sudo iptables -I INPUT -p tcp -m state --state NEW,ESTABLISHED --dport 27017 -j ACCEPT

Wednesday, July 2, 2014

ERROR: listen(): bind() failed errno:13 Permission denied for socket: /tmp/mongodb-27017.sock

When you install mongoDB for CentOS on AWS EC2 and get trouble to run "mongod"
You may see ERROR message as title, this is one of the way to resolve the problem.


# chown root:root /tmp

# chmod 1777 /tmp









error message:


2014-07-01T11:34:16.802+0800 ***** SERVER RESTARTED *****

2014-07-01T11:34:16.814+0800 [initandlisten] MongoDB starting : pid=27528 port=27017 dbpath=/diskZ/mongodb/data/db 64-bit host=95ad9659-ada0-40df-ade9-af531e81e9e4

2014-07-01T11:34:16.814+0800 [initandlisten] db version v2.6.3

2014-07-01T11:34:16.814+0800 [initandlisten] git version: 255f67a66f9603c59380b2a389e386910bbb52cb

2014-07-01T11:34:16.814+0800 [initandlisten] build info: Linux build12.nj1.10gen.cc 2.6.32-431.3.1.el6.x86_64 #1 SMP Fri Jan 3 21:39:27 UTC 2014 x86_64 BOOST_LIB_VERSION=1_49

2014-07-01T11:34:16.814+0800 [initandlisten] allocator: tcmalloc

2014-07-01T11:34:16.814+0800 [initandlisten] options: { config: "/etc/mongod.conf", net: { bindIp: "127.0.0.1" }, processManagement: { fork: true, pidFilePath: "/var/run/mongodb/mongod.pid" }, storage: { dbPath: "/diskZ/mongodb/data/db" }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } }

2014-07-01T11:34:16.827+0800 [initandlisten] journal dir=/diskZ/mongodb/data/db/journal

2014-07-01T11:34:16.828+0800 [initandlisten] recover : no journal files present, no recovery needed

2014-07-01T11:34:16.887+0800 [initandlisten] ERROR: listen(): bind() failed errno:13 Permission denied for socket: /tmp/mongodb-27017.sock

Sunday, May 11, 2014

run karaf 3.0.1 as a service (daemon) in a AWS CE2 CentOS.

karaf@root()> feature:install wrapper
karaf@root()> wrapper:install -s AUTO_START -n KARAF -d Karaf -D "Karaf Service"
Creating file: /home/ming/apache-karaf-3.0.1/bin/KARAF-wrapper
Creating file: /home/ming/apache-karaf-3.0.1/bin/KARAF-service
Creating file: /home/ming/apache-karaf-3.0.1/etc/KARAF-wrapper.conf
Creating file: /home/ming/apache-karaf-3.0.1/lib/libwrapper.so
Creating file: /home/ming/apache-karaf-3.0.1/lib/karaf-wrapper.jar
Creating file: /home/ming/apache-karaf-3.0.1/lib/karaf-wrapper-main.jar

Setup complete. You may wish to tweak the JVM properties in the wrapper configuration file:
     /home/ming/apache-karaf-3.0.1/etc/KARAF-wrapper.conf
before installing and starting the service.

On Redhat/Fedora/CentOS Systems:
To install the service:
    $ ln -s /home/ming/apache-karaf-3.0.1/bin/KARAF-service /etc/init.d/
    $ chkconfig KARAF-service --add

To start the service when the machine is rebooted:
    $ chkconfig KARAF-service on

To disable starting the service when the machine is rebooted:
    $ chkconfig KARAF-service off

To start the service:
    $ service KARAF-service start

To stop the service:
    $ service KARAF-service stop

To uninstall the service :
    $ chkconfig KARAF-service --del
    $ rm /etc/init.d/KARAF-service

On Ubuntu/Debian Systems:
To install the service:
    $ ln -s /home/ming/apache-karaf-3.0.1/bin/KARAF-service /etc/init.d/

To start the service when the machine is rebooted:
    $ update-rc.d KARAF-service defaults

To disable starting the service when the machine is rebooted:
    $ update-rc.d -f KARAF-service remove

To start the service:
    $ /etc/init.d/KARAF-service start

To stop the service:
    $ /etc/init.d/KARAF-service stop

To uninstall the service :
    $ rm /etc/init.d/KARAF-service