Archive for June, 2012

So approx. 1 week ago i get questions as to why a clients upload is getting cut off when they are uploading a file to our FTP server. Being that it was only 1 client out of the hundred or so we have using our FTP server, I figured there was something wrong on their end or with the routing. I tried to login myself, uploaded files, moved around, did a little dance, voila everything works fine without issue. Well not so fast, customers continue to have issues and I can’t seem to make sense of it. A couple days after that I get another request to look into why a very frustrated customer is uploading a PDF that is being corrupted. Ok so now something has got to be going on. I check the FTP server, uploads work fine without corruption. I check the server that actually host the clients files, no errors reported. Finally my hair recedes another inch and I continue to look.

So to give a 10,000 foot view of the layout, we have 1 Linux VSFTP server which might I add, rocks!.  Attached via CIFS mount is a windows file server that just does what it’s name is, it serves up files. So I being that this is not my first day at the rodeo (” I have done this before”), I have been fairly confident about this setup. The VSFTP server provides the data link essentially to the file server and all is well. Well after looking and looking some more, I began to run a command in Linux some of you might know as Tail.  In running  ” tail -f /var/log/syslog” I started to see errors pop

And as you can see the CIFS VFS: Write2 ret -13, and I think oh! of course this is as clear as mud!.

All joking aside , I looked for several hours to find some kind of solution for this. Nothing shows online, but 1 thing I did determine was that my Linux release even though it was up to date, it was 2 versions behind. With CIFS errors coming from the Kernel, I decided that ultimately the Kernel will need to be recompiled at the very least to fix the issue with VFS. Or I can just update the entire OS to the latest release and be done with this.

On average every 15 minutes our FTP server is being connected to. Not extremely busy but, also does not give me a window large enough to do a full update. So I decided that I would go with an alternate idea that would minimize downtime to about 10 minutes. Drawbacks? I would be spending the next week building 2 Linux servers with VSFTPD and selecting the best Linux OS to support it. I thought, “This can’t be that hard”.  Sorely mistaken I dove into the task and was suddenly met with problems from the new and improved VSFTPD.

One of the newer features I believe that comes with version 2.5.3 and up is the chroot_users does not allow the root folder to be written to.  This I knew was a problem because of how we have our FTP set up, we need to allow users to write to their root. Knowing that the users root is technically not on the FTP server, I can see no harm in allowing this.

Well none the less the issue remains,  however with the new 3.0 version, you can set a config called allow_writeable_chroot. This will solve the issue for you. Only thing you need to do is to compile the 3.o version yourself till all the Linux versions inherit it. After all said and done, moving to Centos with a self compiled VSFTPD version fixed our problem.

Well I have been sitting here trying to think of topics of what to talk about next in this blog. It is hard for me to come up with topics at times because I don’t want to post topics that everyone and their brother has talked about. Obviously there is enough blogs out there to talk about cfoutput grouping or some other topic.

I have always wanted to be here to pass along things I have learned, after all it is blogs just like these that have helped me. So the objective is to come up with topics that I and many others may have a hard time finding a lot of information on.

Well sitting here thinking, I come up with something completely off topic and yet pertains probably to everyone in this field out there tonight. We work hard, many of us live and breathe coding. I know I do. Not only do I live and breathe coding, but with being a systems admin I am constantly on the front line of fast-moving technology with that comes problems, and at times very time consuming issues. I am a person who refuses to let a problem beat me. I am determined to find an answer to any issue I run into. This many times consumes me to the point where I invest 150% of time in what I do.With that I want to pass this on to you so that all who run into this blog hopefully find an answer that may otherwise cost them a lot of time.

With having this amount of passion for your work as I am sure all of you as well have, your job can consume you and yet be somewhat of a hobby for you as well. People in this field do this job because they have an immense passion for it. You would have to in order to do this job. Many of us fail to diverse from our job / hobby, and find a different passion outside our jobs. Trust me when I say that finding another passion and hobby in your life not only helps to keep you sanity in your life, but also rejuvenates you from week to week.

Those who know me know that I am a father of 2 beautiful girls. They also know that I have a fantastic fiance in my life. Other then God and my job, my family is my priority. In 2008 I had lost my job and at the time I was a single father scared wondering what would happen to me and my family. Something changed that day, and when I found a new job out here I made a choice in my life that I would never go back to that day. I want to ensure my family always has security and never has to fear like I did that day. With that decision I never realized some of the stress it may cause in my life. Every day I put everything I have into my job, not only because I love what I do but I want my family to have anything and everything in life.

Not very long ago I decided that I needed to pick up a hobby that would refocus my attention to more then work and being a father and husband. Something that would refresh me and give me something to share with my family that shows them I am not just all about work. I am blessed in that I have a fiance that understands why I work the way I do, but it does not make it any more right. My kids need to see more then me poring myself into a job to provide, they need to see that I love them and that there is more to life then work.

I urge all of you whether you are family men/women or not. Don’t let your work consume you. use it and most of all enjoy your job, but find something that makes you happy in life and pursue it because it will make you so much more better at your job, believe me. To much of a good thing is not good. I think I have become more passionate and better at my job for it. I took up astronomy about 2 months ago and I see that being able to share this with my family has brought us closer and they have been able to see a different side of me. It has been so worth it.

I hope all this reaches someone. As with everything I write, I know this is not very eloquent and well spoken. But this comes from the heart. I love my family and have spent the past 3 years strengthening our foundation. I recognize that they need to also see me enjoy life, so that they learn and apply this to their life as well.

Take Care.

Now as a Sys Admin I always am installing VM’s, testing OS’s hardening and such. One issue I always find myself in is when I have done a fresh OS install I need to get Perl up to date and install Modules that are needed to run some of my scripts. Now I always find myself in CPAN installing modules and finding out that they are failing to Make, and after banging my head into a wall for a while, I came across this fix.

$ sudo apt-get build-essential autoconf automake libtool gdb

This installs all the necessary packages to make CPAN modules. Once you have these installed, open CPAN and go ahead and install all the modules you need to. Oh and this works on Deb. Ubuntu releases of Linux, so if you need to install these for Red Hat you can use Yum and find the compatible packages to help with running Make on CPAN. Simple and quick as that.

Anyone who knows me probably knows this is one of my biggest pet peaves. I see this happening everyday, but from a large site like LinkedIn.. shame on you. As all of you probably know by now, a post was made to a Russian site of more then 6.5 million passwords from LinkedIn attempting to crack the SHA-1 hashed passwords.

Now for all of you who have gotten into encryption / decryption of sensitive data, I am sure you understand the problem here with just hashing a password with SHA-1 encryption without salting. If a hacker is able to determine the algorithm used to hash the password, then the rest is fairly easy. The simpler passwords can be uncovered fairly quickly, leaving the more difficult ones which when broadcasted to a hacker community, will take no time to be uncovered as well.

Salting a password is a process of adding in random bits into a hashed password. This makes it much more difficult for an attacker to decrypt because they would need to not only be able to hash their dictionary passwords, but then they would have to try each of those passwords with a variations of salts. This can fill up their data and computing power quite fast creating a very expensive and difficult task for a hacker. They would need a large budget along with tons of storage space and computing power to be able to break down a salted and encrypted password. Where as with just a SHA-1 encrypted password, an attacker would only have to Hash each password trial once and compare it to the value of the encrypted password they have. Once the value is not matched they can just move on to the next dictionary hashed value instead of salting variations of the same password.

So as you can see that the time and expense to decrypt salted passwords can be astronomical and even a deterrent for a hacker attempting to grab hold of your data. Now with all the problems these days with information being leaked or stolen, you would think that a site like LinkedIn would have been more mindful of the world we live in and not assume that the password obscurity they are using is “Good Enough”. If in fact the hackers have usernames that are tied to these passwords, then the truth of it is most people re use their usernames and passwords. So if a hacker grabs your information for one site, then they could potential try to use that same combination on other sites you may visit. Thinking that the breach that has happened to LinkedIn is focused solely on that site, is ignorant. Don’t fool yourselves, change your passwords everywhere you use it.

My recommendation to you is to alter your passwords. Try not to reuse a password many times. Come up with a methodology of using your passwords so that if you have to reuse them then you can derive a system of which passwords you use where. This will make it more difficult for someone to attempt to reuse your password to gain access to more of your personal information.

%d bloggers like this: