Linux

WSL 2 Setup for Development

Here are a few notes, snippets, and links to my current Windows Subsystem for Linux 2 (WSL 2) setup for development.

Most of our current work is Drupal 8, Node.js, and React. I'd previously tried setting up all of our development tools under the first version of WSL, but as has been fairly well documented elsewhere, file I/O performance was a roadblock - in particular for Drupal 8 which can be filesystem I/O intensive during development.

Category
Tags

How to Create a Truly Portable Ubuntu Installation on an External USB HDD or SSD

Update: 17-08-2020 - a few people have asked which NVMe external enclosure I'm using in the photo above. I was using a the 'Plugable Tool-Free NVMe' enclosure, but started to have difficulties with the Realtek RTL9210 controller and/or their USB cables. I was having difficulty removing all partitions from the drive under Ubuntu using GParted - with GParted freezing on device re-scan.

Category
Tags

Comments

Munin Virtual Host Configuration on Ubuntu 14.04 and Apache 2.4

Having switched to Nginx a while ago, I was recently asked to use Apache for a client installation. There have been some significant changes in 2.4 from 2.2, include the 'Requires' option.  I also wanted to create a virtualhost entry for Munin on this machine. It took a little while to figure this out, in particular on Apache 2.4. I'm also using the built-in cron task to generate graphs.

Category

SSH and SFTP Chroot Jail

SSH and SFTP Chroot Jail For a little while now I've wanted to be able to chroot both SFTP and SHH accounts on one of my multi-user VPSs. SFTP on its own is not so difficult. OpenSSH 4.9p1 and above includes the ChrootDirectory directive. And an SFTP chroot is a little more forgiving in so far as it doesn't actually require any supporting system or userpsace services (a shell, ls, cp, etc.), which is why you often see ChrootDirectory accompanied with `ForceCommand internal-sftp` which will prevent SSH access altogether.

What I'd like to do is create a restricted environment for both SSH and SFTP. I spent a little while looking at a very interesting project from Olivier Sessink called [Jailkit](http://olivier.sessink.nl/jailkit/). Jailkit has most of what I was looking for but, it has quite a few moving parts, including the need to replace a users shell with a special Jailkit shim that hands over to Jailkit. This is okay but it means changes to passwd are required, and editing your `/etc/ssh/sshd_config` to use `Subsystem sftp /usr/lib/openssh/sftp-server` and not `Subsystem sftp internal-sftp` if you want to chroot and jail both SFTP and SHH logins.

It turns out that OpenSSH gets us most of the way there with the ChrootDirectory directive. And so here are the steps required to create a minimal chroot jail on Ubuntu 12.04 LTS.

Category

Comments

Comments

A UDP Flood Story

I recently suffered a UDP flood attack on my little virtual private server (VPS) and thought I'd describe the steps I went through to discover and fix the problem.

Symptoms

Periodically, my server would stall and become unresponsive. It was effectively dead, although not down. These 'stalling' events would last from 5-20 minutes, and then the server would come back up. Looking at my Munin charts told me that my public ethernet interface (eth0) was being flooded. Here's a particularly bad day:

Category
Tags

Comments

Comments

Subscribe to Linux