There’s times when you need to get a list of the environment variables within your OS or in my case, containerd instance running within Kubernetes.
Powershell
Get-ChildItem Env:
kubectl exec -it my-pod — powershell -Command “Get-ChildItem Env:”
Linux
env
kubectl exec -it
printenv
As part of my Macbook Air using Linux Mint, I’ve been getting my development environments set up.
I got .NET 8 and .NET 9 installed so that running both of the following listed them
dotnet --list-sdks dotnet --line-runtimes
But Visual Studio Code and Rider complain that .NET 8 and .NET 9 need to be installed.
It was this Stackoverflow post that had the answer.
I deleted the /etc/dotnet folder as per the previous link suggests and things started working.
I’ve an old Intel based Macbook Air which, unfortunately Apple no longer support updates for, it’s a great little machine which I want to keep running. So, I do what I always do when the OS outgrows the hardware, I install Linux on it.
I would usually install Ubuntu but thought I’d try something lighter weight, by installing Linux Mint.
Once you have the bootable USB, it’s over to your Mac.
The above will take you into a LIVE mode, i.e. you’ve not installed Linux but are running from the USB. Let’s check everything works for you before you commit to installing Linux Mint. From the Linux Mint, Cinnamon desktop…
Play around with the OS and check it’s what you want to install and all works, then if you’re going to commit and overwrite MacOS
I had an issue when I installed Mint, in that it no longer installed the drivers for the WiFi when I went to Driver Manager to select them. Instead it wanted to go online to get them – difficult as the WiFi drivers are what I’m trying to install and I had no ethernet attachment and to be honest, I know the drivers are on the USB as it worked in LIVE mode.
To get things working, I found that if I mounted the USB drive and searched for the Broadcom packages (and these are what was installed via testing in LIVE) and now double clicking on the two files/packages within the USB installation directories, then I could install the drivers and everything worked.
Disclaimer: I’ve only just installed Linux Mint on the Macbook Air, so I haven’t down any extensive testing.
Let’s run up the Docker image with an instance of PostgreSQL
docker run --name mypostgres -d postgres
Now, connect to the instance so we can create a database etc.
docker exec -it mypostgres bash
createdb -U postgres MyDatabase
Note: if you find this error message psql: FATAL: role “root” does not exist, you’ll need to switch to the postgres user, see below.
Switch to the postgres user (su substitute user).
su postgres psql
At which point, we’re now in the psql application and can create databases etc.
UFW is used as the firewall on Linux and in my case on Ubuntu server. UFW comes with a UI, but we’re going to use this on a headless server (hence no UI being used).
Status and enabling/disabling the firewall
Simply run the following to check whether your firewall is active or not
sudo ufw status
To enable the firewall simply use the following
sudo ufw enable
Use disable to disable the firewall (as you probably guessed).
Once enabled run the status command again and you should see a list showing which ports we have defined rules for and these will show whether to ALLOW or REJECT connections to port. For example
To Action From -- ------ ---- 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 80 ALLOW Anywhere
Allow and reject access
We can allow access to a port, reject access to ports and reject outgoing traffic on ports. When we allow, reject incoming or reject outgoing access we’re creating firewall rules.
To allow access to SSH, for example we do the following
sudo ufw allow 22
This will allow tcp and udp access, but we can be more precise and just allow tcp by using
sudo ufw allow 22/tcp
As you can see from the previous output from the status option, we’ve enabled 22/tcp already.
To reject access to a port we use reject.
Note: If you’re access your server using SSH you probably don’t want to reject access to port 22, for obvious reasons, i.e. port 22 is used by SSH and this will block your access via SSH.
sudo ufw reject 80
Application profiles
UFW includes application profiles which allow us to enable predefined lists of permissions
sudo ufw app list
The applications listed from this command can also be seen by listing /etc/ufw/applications.d, so for example on my system I have a file name openssh-server, if you open this with nano (or your preferred editor), you’ll see an INI file format, for example
[OpenSSH] title=Secure shell server, an rshd replacement description=OpenSSH is a free implementation of the Secure Shell protocol. ports=22/tcp
We can also use
sudo ufw app info OpenSSH
Replacing OpenSSH with the name of the application profile you want to view
As you can see, if our application profiles are just INI files, then you can create your own file and place it into the aforementioned folder and make it available to UFW. Once you’ve created your file you’ll need to tell UFW to load the application definitions using
sudo ufw app update MyApp
Replace MyApp with your application name in the above.
Ofcourse once we have these profiles we can allow, reject etc. using the application name, i.e.
sudo ufw allow OpenSSH
Logging
By default logging is disabled, we can turn it on using
sudo ufw logging on
This is an update to Setting up swift on Ubuntu 18.04 – installing Swift on Ubuntu 20.04.
Check out Downloads for the current info. from swift.org.
apt-get install binutils git gnupg2 libc6-dev libcurl4 libedit2 libgcc-9-dev libpython2.7 libsqlite3-0 libstdc++-9-dev libxml2 libz3-dev pkg-config tzdata uuid-dev zlib1g-dev
wget https://download.swift.org/swift-5.5.2-release/ubuntu2004/swift-5.5.2-RELEASE/swift-5.5.2-RELEASE-ubuntu20.04.tar.gz
Next up we should verify this download
wget https://swift.org/builds/swift-5.5.2-release/ubuntu2004/swift-5.5.2-RELEASE/swift-5.5.2-RELEASE-ubuntu20.04.tar.gz.sig
wget -q -O - https://swift.org/keys/all-keys.asc | gpg --import -
gpg --keyserver hkp://keyserver.ubuntu.com --refresh-keys Swift gpg --verify swift-5.5.2-RELEASE-ubuntu20.04.tar.gz.sig
Assuming everything’s verified we now want to extract the download into our preferred location – in my case I am just creating a folder name ~/Swift and extracting the tar to this location, running the following from this location
tar xzf swift-5.5.2-RELEASE-ubuntu20.04.tar.gz
Finally let’s update the path – I’ve added this to the last line of my .bashrc
export PATH=~/Swift/swift-5.5.2-RELEASE-ubuntu20.04/usr/bin:"${PATH}"
You might want to see a list of who logged into your Ubuntu server last or over a time period. Or maybe you want to take a look at more than just that and see more of an audit trail…
last
We can use the command last to display a “listing of last logged in users”. For example let’s just get the tail of the list using
last | tail
or ofcourse we might simple look through all entries using
last | less
What about if we know the user we’re interested in, then we can simply use
last -x Bob
Replacing Bob with the username you wish to look for.
There’s options to specify listing data after a specific time or before a time and more see
last --help
What if we want even more information.
/var/log/auth.log
Last works well if you’re interested in users logging into the server, but what about if we just want to check who’s access a shared drive or the likes, then we can check the /var/log/auth.log like this
sudo cat /var/log/auth.log // or sudo less /var/log/auth.log // or sudo tail /var/log/auth.log
As per standard piping of commands, I’ve included an example of using less and tail, but basically we want to list the contents of the auth.log file. Ofcourse as it’s a file we can grep it (or whatever) as required.
This auth.log file lists sessions being opened and closed, cron jobs and lots more besides.
I have an Ubuntu server happily living it’s life as a NAS (and more) server which every now and then (if I forget to keep track of updates) it runs out of space on /boot causing issues removing old releases or partial updates to be a bit of a problem. So how do we either turn on or off automatic upgrades?
The configuration for this is stored in the file 20auto-upgrades. So we can edit the file using
sudo nano /etc/apt/apt.conf.d/20auto-upgrades
Within the file you’ll see something like this
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1";
Note: The “1” in the above are not True/False but the minimum number of days. So we could change from “1” to run weekly by changing this value to “7”. A value of “0” will disable the feature.
You can create the file yourself or run the following command to create the file (it can be used to turn on/off by running it on an existing file but that’s all)
sudo dpkg-reconfigure -plow unattended-upgrades
If you want to change the frequency of checks for updates you’ll need to edit the 20auto-upgrades manually (as already discussed).
References
I’m running up my latest Raspberry Pi with a connected USB SSD and forgot how to mount the thing. So this post is a little reminder. Ofcourse the instruction are not exclusive to Raspberry Pi’s or Ubuntu, but hey I just wanted a back story to this post.
So you’ve connected your USB drive and you’ve got a SSH terminal (i.e. via PuTTY) session connected to you Ubuntu server, what’s next?
Where’s my drive
The first thing you need to figure out is where your drive is, i.e. what /dev/ location it’s assigned to.
Mounting the drive
Assuming we’ve located the device, and for this example it is on /dev/sda1, how do we mount this drive?
sudo mount -t ntfs-3g /dev/sda1 /media/external
Obviously this drive I’m mounting is an NTFS formatted drive, you might be using vfat or something else instead, so check. Then we simply have the source (/dev/sda1) mapping to the destination (/media/external) that we created.
Note: without the mount taking place, ls the destination and you’ll see no files (if they exist on your drive). After you mount the drive. ls the destination to see the files on the USB drive.
As it currently stands, when you reboot you’ll have to mount the drive again.
Auto-mounting the drive
In scenarios where we’re not removing the drive and simply want the OS to automount our drive, we need to do a couple of things.
UUID=ABCDEFGHIJK /media/external auto nosiud,nodev,nofail 0 0
and save the file
Now when you reboot the machine the USB drive should be mounted automatically.
Whilst I have Linux machines available to me, they’re not always powered up or the remoting
See Windows Subsystem for Linux Installation Guide for Windows 10 for details on installing the WSL.
For completeness here’s the steps I took.
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
Install your preferred distro – I went for Ubuntu simply because that’s what I have on most of my Linux boxes.
Once everything is initialized you’ll be in the user’s (whatever user name you created) home folder – on Windows this folder is stored in C:\Users\{username}\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\rootfs\home
We can access the C drive using
cd /mnt/c
Running the Linux from Windows
When you want to run the Windows Subsystem for Linux going forward, simply execute
wsl