When the  number of your servers is increasing more than you have expected, is a good practice to have a friend that  helps you track what’s happenning on those.

For this I use, among other apps, Munin. Munin is a “networked resource monitoring tool that can help analyze resource trends and [...] problems” according to its site.

But this post isn’t a howto-install guide but a how to personalize and extend munin to fit your requirements, just with a custom layout and new plugins. Read the rest of this entry »

Recently I have working on “mabishu-apache-autoindex”, a set of html, css, icons and image files designed to work together with the mod_autoindex module to make the default Apache file listings look a little nicer.  Try this screenshot demo and If you like it, grab the source files at my Github repository, now I’ll explain how to set it up.

Installation

First, get a copy of the “include” folder – the easiest way is to change to the document root of the domain you want to style, and check it out from git:

$ cd /var/www/YOUR.VHOST.LOCAL
$ git clone http://github.com/frandieguez/mabishu-apache-autoindex.git

This should create an ‘include’ folder in the parent of your document root. Next, you need to configure Apache to use the “includes” files to style your directory listings.

Read the rest of this entry »

If you want to get automatic upgrades of your personal repositories I haven’t find a way to get managed with unattended-upgrades so I have done the next wordarround.

This way is to use apt-get and crontab together, so open your crontab editor:

sudo crontab -e

And type the next line to execute our upgrade every night at 1AM:

0 1 * * * (/usr/bin/aptitude -y update && /usr/bin/aptitude -y safe-upgrade) 2>&1 >> /var/log/auto_update.log

Save and exit your editor, and you are all set! You could check the logfile: /var/log/auto_update.log every once in a while to see if everything is still running smoothly.

Note: If you have a solution to get to work unattended-upgrades package with custom repositories please fill a comment below.

As I wrote on tittle since grub’s 2529 svn revision we can use “Basic authentication” on entries. One of the huge regression bugs that grub2 introduces since is replacing grub on main distribution, like Ubuntu. This bug impedes me to implement on the hostile environments where I have deployed GNU/Linux boxes (university community).

This solution is still on initial development but after probe it I have to say that works perfectly for me. Here I’ll explain how to activate authentication support on grub2 and with this avoid that unprivileged users change grub entries or boot from memory sticks or similar.

Just edit file /boot/grub/grub.cfg and prepend the next text:

set superusers="user1"
password user1 password1
password user2 password2

menuentry "GNU/Linux" {
        set root=(hd0,1)
        linux /vmlinuz
}

menuentry "Windows" --users user2 {
        set root=(hd0,2)
        chainloader +1
}

as you can see this syntax is very simple and self-explainable. Take a lot at second menu entry, with that only user2 can boot on “Windows”  and only user1 and user2 can edit grub entries..

By other side, this introduces a huge security bug ’cause password is written on plain text. At this moment password command only has  support for pain passwords so if we want encrypted passwords we have to create a config file at /etc/grub.d/ and using

grub-mkpasswd-pbkdf2

we can generate a block with user and pass like the next one (trimmed ’cause brakes the layout page):

password_pbkdf2 user3 grub.pbkdf2.sha512.10000.9290F727ED06C....38BA45

For more, and possibly more actualized, information go to http://grub.enbug.org/Authentication