Bash “Shellshock” Bug – Quick Vulnerability Test and Patch


This is not meant as a comprehensive guide to the Bash “shell shock” bug, but as a quick reference to test and patch for the vulnerability. First, test your version of Bash with this line: env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” If you get the world “vulnerable” in your output then you need to update Bash: vulnerable this is a test If your output contains errors followed by “this is a test”, then your Bash version is not vulnerable: bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ this is a test Check to see if your distribution has an updated/fixed version of Bash available in its repository. … Continue reading

Fix for: Keepalived router enters fault state on link down


TL;DR: This is the configuration option you want: dont_track_primary At work and at home I have pairs of redundant “core” routers in an active-passive (or master-backup as you like) configuration. They consist of commodity hardware, a few 4-port gigabit NICs, and CentOS. All of these machines had been running flawlessly for anywhere from two to six years (as they were put into service or upgraded). That is until yesterday when my primary router at home had an SSD failure which completely stopped it in its tracks. The backup router took over, and in less than a second traffic was being routed. All of my point-to-point VPNs reconnected within about 20 seconds. In other words, it worked exactly as it should. … Continue reading

SAN with Linux Cluster and CLVM: Is it Necessary?


To answer the title of this post in one word: No. But as with all things computer related, that “no” needs to be followed by the caveat: “Well, it depends upon your needs.” From what I’ve seen, Linux clustering was designed primarily for high-availability services, with only a secondary effort to share disk resources across nodes. I have tried — and would never use in production — Linux clustering services for a VM host cluster. I know other people have done it and will continue to do it, but a properly configured (and managed) VM cluster does not need true clustering. (Again, “depending upon your needs”). Linux clustering requires fencing. (It didn’t always, but now it does). Fencing is a … Continue reading