Rolling a Linux-VServer Kernel

Linux-VServer is a virtualization platform that allows you to run VPSs without running complete OS environments.  It can be argued that Linux-VServer is actually more of a container platform than virtualization, however, you can’t think of it like Docker or LXC containers.  From a structural design, I would actually say that they are more similar to Solaris Zones, which are still technically containers, but the functionality is different.

Continue reading

The Battle of Beijing

At my current job, I take care of all things systems. That’s infrastructure, security, networking, in-house desktop support, and automation. That’s a lot, I know, but someone has to do it. Nonetheless, it’s a great job. I’ve had a lot of jobs in my life, and this one is definitely top three. That being said, there are a bunch of a-holes in China making my life very hard right now by constantly running DDOS (dynamic denial of service) attacks against our IP address space. They particularly like to target our Joomla and WordPress sites. I’ve been fighting with them off and on for a few weeks now, but this morning, they launched the mother of all attacks against us. This was a geographically distributed, multi-datacenter DDOS attack. They were using in excess of 100 IPs in separate subnets scattered across at least five countries. So how did I fix this? Let’s get into it.

Continue reading

Nagios Doesn’t Suck (As much as people think)

My predecessor at my current company used a platform called check_mk to monitor our network.  Unfortunately, check_mk has a feature that populates based on network discovery and can be very chatty. check_mk is also very convoluted as it’s built on top of Icinga, which is built on top of Nagios.  When making changes, there were layers and layers of configuration files you had to dig through, at least, in the check_mk instance my predecessor had bequeathed me.  Needless to say, I was not a fan and it wasn’t very efficient.  I understand why they forked to create Icinga.  At the time, Nagios was stagnant.  Since then, I feel like the Nagios camp has progressed significantly.  I also understand why they forked Icinga to check_mk, but it’s not for me.   For the granularity I want in monitoring, check_mk would be more work intensive than Nagios.

Continue reading

Devuan on a Dell XPS 15 (9560, 2017)

I’ve been a Linux Systems Administrator for more than two decades, and I’m intimately aware of what’s necessary to run Linux in the enterprise. I knew after the viral epidemic that is systemd, that the Linux ecosystem was inherently broken, and we needed a change. At that point, I sought out a group of folks identifying themselves as the VUA, or Veteran Unix Administrators. This group is vehemently opposed to systemd and began a fork of Debian without systemd, now known as Devuan (pronounced dev one.) Devuan is still in it’s infancy, only one major release under it’s belt, but it’s a massively capable server platform. My company is now running solely on Devuan Linux for all of our LAMP stack applications. We are even using it for virtualization using vserver. On the desktop side of things, it’s coming along quite nicely as well, but there are definitely some growing pains. My company recently purchased a Dell XPS 15 (9560, 2017) for me, and it came with Ubuntu. I figured it was time to “put my money where my mouth is,” and try to install Devuan on this very new hardware that uses an NVME disk and boots via UEFI. This is a journal of that experience. I’m doing most of this from memory, so there may be some minor typos and/or mistakes. Feel free to reach out if something doesn’t seem correct.

Continue reading

The Art of “rsync”

As a migratory systems engineer, I have lived, or stayed extensively, in cities all over my country, The United States of America. Due to this, I belong to many mailing lists and technical groups in CONUS (CONtinental United States.) One of the groups I belong to is the the DCLUG, or more extensively stated, the Washington, DC Linux Users Group. A recent dialogue of correspondence covered a very mundane topic; the topic of “rsync,” and it’s behavior while trying to do incremental copies. A member of the group, a Mr. Michael Henry, replied with a very in-depth answer and I felt it should be recorded for posterity’s sake, as even I, being a Unix/Linux user for over 20 years, learned some rsync nuance from this walk-through. You will find the contents of his reply copied here.

Continue reading

Checkpoint SSL VPN on Debian/Ubuntu

I’m currently in the middle of small-scale deployment for my company. We sell a managed-service, big-data platform. This usually consists of a mix of Hadoop, Elastic Search, Storm, and Kafka; but all of that is actually irrelevant to the current topic. The data center we are deploying in lives on VMWare and from the outside is locked down with the exception of a Checkpoint SSL VPN. I work for a massive and archaic company; seriously, we have 90,000 employees and we’re still using Lotus Notes for email. It’s like it’s 1997 again; and I can say that because I was doing IT in 1997 and remember deploying Lotus Notes in the Marine Corps. Given the nature of my company, it’s needless to say they are mostly a Wintel shop and are still trying to figure out how to deal with all of their startup acquisitions, like myself. My group, ie. what is left of our startup, is mostly a Mac shop. I personally use my Debian Linux desktop for most of my work because I honestly can’t stomach Windows, and would rather not deal with OS X. That being said, there were really no directions on how to get the Checkpoint SSL VPN working with my Debian Jessie/Testing desktop, or my Ubuntu laptop. So I did what any *nix geek would do and figured it out on my own with a little know-how and a lot of Googling.

Continue reading

What is the best Linux distro?

As a veteran Unix/Linux Systems Engineer, I get the question everyday, “What is the best Linux distro?” First, I can tell you, there is no best Linux distro; each of them has their strengths and their weaknesses. Secondly, that is the wrong question. The question you should be asking: What is the right Linux distro? I can tell you that there is no right answer here.

Continue reading