Add a keyboard shortcut on Ubuntu

Tired of typing the same thing repeatedly?

If you need to type a certain string on regular basis, you may want to set it up as a keyboard shortcut. But one cannot just associate a hot key with the string. Here is how to do it on Ubuntu without installing any extra package.

Continue reading “Add a keyboard shortcut on Ubuntu”

Load Averages on Linux/UNIX systems

Load Averages on Linux/UNIX systems

When you run uptime or top, 3 load average numbers are displayed. They represent the 1, 5, and 15 minute load averages. In the following example, the 1 minute load average of my computer is 1.11.

▶ uptime
 22:31:24 up 13 days, 14:32,  1 user,  load average: 1.11, 0.56, 0.31

For years, I’ve used it in relative term. When a high number is shown and the system is still responsive, I set that as normal in mind. But that can’t be right. That is got to be a more scientific way of explaining the numbers. Turns out the answer is right in the man page of uptime.

System load averages is the average number of processes that are either in a runnable or uninterruptable state. A process in a runnable state is either using the CPU or waiting to use the CPU. A process in un‐ interruptable state is waiting for some I/O access, eg waiting for disk. The averages are taken over the three time intervals. Load averages are not normalized for the number of CPUs in a system, so a load aver‐ age of 1 means a single CPU system is loaded all the time while on a 4 CPU system it means it was idle 75% of the time.

man uptime


On a generic workload, let’s simplify the calculation and assume load averages is computed based solely on CPU usage. On a single core system, load averages of 1 means it’s completely busy with that 1 process for the past period of time. On a 16-core system, a load average of 16 the performance expectation should be the same. When interpreting the numbers on a monitoring system or setting up thresholds, we can divide the result by number of cores and multiple it with 100%.

Load averages is actually influenced not just by CPU. IO, network busyness, interrupts, or any other busy resource that prevents processes from completing all contribute. A process can be busy waiting for other resources to return. On some VM, even the random number pool can put the CPU on wait.

That said, load averages is a fairly holistic assessment of how busy a system is.

apache-2.2.34 and openssh-8.2p1 on EL6

Red Hat backports fixes and keep package versions as they are. At times, security scanners are not smart enough to know that. They’d complain the packages are out of date. Making it worse, apache 2.2 has reached EOL since 2018. And even though openssh is now on version 8.2, one will still find version 5.3 on EL6 systems.

Upgrading EL is not an easy task like Ubuntu. One will most likely need to build a new system and migrate things over. If that is an issue for you, install my repo and yum-plugin-priorities. Then install or update httpd-2.2.34 with yum.

curl -sqo /etc/yum.repos.d/headdesk.repo https://repo.headdesk.me/headdesk.repo
yum -y install yum-plugin-priorities

While this gives you the very last version of apache 2.2, you may be asked to upgrade to apache 2.4. That’s a different game. IUS and SCL offer apache 2.4. Problem is, IUS’s apache does not work with php in the same repo. Their php are built to work with apache 2.2. So as Remi’s. SCL’s httpd24 and php work together, but they put files under a completely different location. And they stop making php packages at version 7.0, which is EOL.

It’s a mess. Migrate to FPM if you can.

Use the packages at your own risk. I cannot promise future updates. Your best option is to migrate to newer OS and rely on updates from the official distro.

UID > INT_MAX

From thehackernews, it was said when the UID is larger than INT_MAX, which is 2147483647, privilege validation is improperly handled and that gives the user right to run systemctl commands as if he/she is a privileged user.

What is my INT_MAX?

[email protected]:~# grep -i int_max /usr/include/limits.h
#  define INT_MIN	(-INT_MAX - 1)
#  define INT_MAX	2147483647
#  define UINT_MAX	4294967295U

Though it’s hard to imagine who would use such an UID when they usually starts with 1000. However, if Linux is integrated with AD, the AD users ID are mapped to very large number. For example, the UID of my AD user account is 1345012730 and this ID does not show up on /etc/passwd. sssd does not allow user enumeration by default, so it may not be able to check if any UID is > INT_MAX. It’d take a very large corp to reach INT_MAX though.

CVE for this is CVE-2018-19788

Cool feature on Azure – Run Command Script

I don’t think I’ve ever said anything good about Azure, but I’ve finally ran into one today. Someone screwed up sshd_config and the service would not start anymore. With the run script tool, I was able to revert the config to the original version and restart the service. Fortunately, the changes were checked into RCS, which made recovery relatively easy.

Here, I checked out the original version of the config file, overwrite the existing file quietly. Then restart sshd

co -q -f1.1 /etc/ssh/sshd_config
systemctl daemon-reload
systemctl restart sshd

In other cloud environments, I’d have to mount the OS disk on another machine and edit the file. Or do it through console, which only a few providers offer “writable” console.

Building my first Linux package

Let’s take a look at how to build a really simple Linux package. The most common package formats are definitely .deb and .rpm. One will find them on Debian-variants and Redhat-variants respectively.

In the following examples, a package will be created and it will contain 1 script.The script depends on Python so I want the package management tool to handle that for me too. The script’s name is goldenRatio.sh and it will be installed to /usr/local/bin/

DEB

Create a directory structure for building

Here is what I created. Will talk about the control file in a minute. The usr subdirectory contains the path to where I want this script installed.

/root/goldenRatio
├── DEBIAN
│   └── control
└── usr
    └── local
        └── bin
            └── goldenRatio.sh

The control file

This file describe the package. It is pretty much self-explanatory.

Package: goldenRatio
Version: 0.1.2
Maintainer: XPK
Architecture: all
Depends: python3
Description: Script to calculate golden ratio 

Build & install the package

We are ready to build the deb package. The following command will create a package under /tmp/.

$ cd /root
$ dpkg-deb --build goldenRatio /tmp
dpkg-deb: building package 'goldenratio' in '/tmp/goldenratio_0.1.2_all.deb'.
$ apt install /tmp/goldenratio_0.1.2_all.deb

RPM

The RPM version is more involved. For rpm, we’ll need to write a spec file.

The spec file

The spec file does not just describe the package. It contains instructions to compile a software or in this case to copy the script to the target location.

Name: goldenRatio
Summary: Shell script for calculating golden ratio
Version: 0.1
Release : 3
License: GPLv3
Requires: python36

%description
Shell script for calculating golden ratio

%changelog
* Thu Jul 26 2018 XPK [email protected] 0.1-3
- Second build, adding python dependency

%prep
mkdir -p %{buildroot}%{_prefix}/local/bin
cp -pf goldenRatio.sh %{buildroot}%{_prefix}/local/bin/goldenRatio.sh
chmod 755 %{buildroot}%{_prefix}/local/bin/goldenRatio.sh

%files
%{_prefix}/local/bin/goldenRatio.sh

Install the build tool

$ yum install rpm-build

The build directory

After the previous step is performed, /root/rpmbuild is automatically created. Here, I’ll need to put my spec file in the SPECS directory, and my script under the BUILD directory.

/root/rpmbuild/
├── BUILD
│   └── goldenRatio.sh
├── BUILDROOT
├── RPMS
├── SOURCES
├── SPECS
│   └── goldenRatio.sh.spec
└── SRPMS

Build and install the package

$ cd /root/rpmbuild/SPECS
$ rpmbuild  -ba goldenRatio.sh.spec
$ yum localinstall /root/rpmbuild/RPMS/x86_64/goldenRatio-0.1-3.x86_64.rpm

Wrapping up

In both case, apt and yum will automatically resolve the dependency for Python, and prompt you to install them if you don’t have it already.

These are very simply examples. I’ll do a follow-up post once I learn more.