Category Archives: System Administration

Linux system administration.

Joining the pool.ntp.org project

If you have your own server, why not consider joining the pool.ntp.org project to help provide accurate time to many client machines?

What is NTP?

NTP, or Network Time Protocol, is a method for computers to obtain the current time accurately in order to keep their clocks correct. Even when set accurately, the clock on most computers will eventually drift until it is no longer accurate – often made worse when the computer is being heavily loaded.

NTP allows a client to ask a time server to tell it the current time. The “main” timeservers have accurate timekeeping equipment connected (GPS receivers are common) to give them the correct time. Other timeservers simply keep in sync with several main servers, and accept requests from client machines.

What is the pool.ntp.org project?

The pool.ntp.org project is a big virtual cluster of timeservers striving to provide reliable easy to use NTP service for millions of clients without putting a strain on the big popular timeservers.

Continue reading Joining the pool.ntp.org project

New NTP server

Been meaning to do this for a while, but I’ve finally set up a new public NTP timeserver.

It’s a stratum-3 server, syncing to several decent stratum-2 servers, and answers to the name of time.preshweb.co.uk.

It’s entered the UK pool.ntp.org DNS pool, and I’m seeing quite a few requests already – currently my stats show 4.2 requests per second.

NTP is a damn useful tool to keep system clocks in sync and I’ve been using it for ages on all my boxen; it’s nice to be able to help out by sharing the load a little.

Read more info about NTP or about the pool.ntp.org project. If you have a server somewhere and are willing to help out, the project needs more pool servers to share the load – read more about joining.

Installing PCLinuxOS – what a breeze

I’m setting up a PC for my future father-in-law right now. I’m avoiding installing Windows as I hate dealing with it. I’m happy to help him to get to grips with using the machine and doing whatever he wants with it, but not so happy with having to provide Windows support (after all, I don’t use Windows, so I can hardly call myself an expert at it).

So, I needed a Linux distro that’s clean and simple that he should be able to just get on with. My friend Tony recommended PCLinuxOS as a suitable distro, so I thought I’d give it a spin. It boots as a live CD incredibly easily, auto-detecting everything. Once at a KDE desktop, it’s a usable system already. If you want to actually install to the HDD, just double-click the install icon on the desktop (yes, it has KDE set to require double-click for icons; no doubt useful to save confusing people moving over from Windows, but left me wondering why the hell it wasn’t doing anything). The process is simple, and the ability to sit here with a working system and a copy of Firefox to keep me amused whilst the installation progresses is actually quite cute :)

Continue reading Installing PCLinuxOS – what a breeze

Damn hackers… :(

I got a phone call earlier today from Bytemark, who host a VPS server for me. I’ve had this box with them for a couple of years, and it’s been good.

However, it seems some idiot script-kiddie has used a vulnerability in some webapp to download and run a Perl script named udp.pl to do a UDP DoS against another server (something IRC related).

This had been happening since late Friday evening, and the excess bandwidth charge came to over £80 :( Now I don’t blame Bytemark for charging me really, they’ll be charged for the traffic so they have to pass it on – I blame the bastard who was abusing my server, and myself for (a) not having kept up to date enough, and (b) not noticing quicker (if I’d looked at my mrtg traffic graphs over the weekend I’d have instantly seem that something was amiss).

I’ve not been able to find any evidence as to how the attack came in, but I suspect it may have been WordPress – I hadn’t upgraded from 2.1.2, and apparently there was a remote code exploit in PHPMailer, which WP used, so WP was vulenerable to it. Other possibilities are Dokuwiki (which I’ve updated to latest version) and Gallery, which I’ve deleted.

On the plus side, I’m pretty sure they didn’t get actual access to the box beyond running their flooding script, although I’m still nervous trusting it, so I think I’ll have to move everything off it ASAP anyway.

In the meantime it’s behaving itself. Really not a good day today – slept through my alarm somehow and woke way, way late for work, then have this shite to deal with this evening… bah, hope tomorrow is better!

Lesson learned: make much more effort to stay up to date with all software; keep a much closer eye on the system; install Tripwire or similar; be more vigilant.

49MB mailbox size limit (Postfix & procmail)

Here for future reference more than anything else, and to help anyone who’s Googling for this.

I have my email delivered to a box at home running Postfix, and stored by procmail into mbox mailboxes.

I was finding that, whenever a mailbox file reached about 49MB, procmail would no longer deliver mail into that mailbox, instead dumping it into my main system mailbox.
Continue reading 49MB mailbox size limit (Postfix & procmail)

sshfs – Mount a filesystem over SSH

I’ve decided to do a few posts about some of the cool tools and tricks I use most in my day to day usage of Linux, and I’ll start with sshfs, the SSH filesystem.

As the name might suggest, sshfs allows you to mount all or part of a remote system’s filesystem with nothing more than an SSH connection. Here’s some examples of how to use it.
Continue reading sshfs – Mount a filesystem over SSH

Logitech QuickCam Messenger under Linux

Logitech QuickCam MessengerI bought a cheap (~£20) Logitech Quickcam Messenger to connect up to my Linux box at home to act as a basic security camera – coupled with the cunningly-titled motion detection program “motion”, it can detect movement, capture images and/or video, and execute any commands etc. (More on this setup in a future post!).

The Linux kernel now includes a quickcam_messenger driver, but it didn’t work for my camera. Checking the USB ID showed that it’s a different product ID, so they’ve changed the way the camera works, but kept the name (I wish they wouldn’t do that). I had to use the spca5xx/gspca driver.
Continue reading Logitech QuickCam Messenger under Linux