Category Archives: Ubuntu

Ubuntu Unix

See Version Information In Linux

There are a number of ways to see information about what version of Linux that you’re running on different

cat /etc/lsb-release

Which returns the distribution information, parsed as follows:

DISTRIB_DESCRIPTION="Ubuntu Precise Pangolin (LTS)"

LSB_release can also be run as a command, as follows:

lsb_release -a

Which returns the following:

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu Precise Pangolin (LTS)
Release: 12.04.5
Codename: precise

lab_release can be used as a command as well:

cat /etc/

Which returns:

Ubuntu Precise Pangolin
(development branch)

In Debian, you can simply look at the version file:

cat /etc/debian_version

Which returns the following:


Or Red Hat Enterprise can also be located with /etc/

cat /etc/

With many variants, including OS X, you can also use uname to determine kernel extensions, etc:

uname -a

The thing I’ve learned about Linux is that there’s always a better way to do things. So feel free to comment on your better way or favorite variant!

Mac OS X Mac OS X Server Mac Security Mass Deployment Ubuntu Unix WordPress

Install Pow for Rails Testing On OS X

Pow is a Rack server for OS X. It’s quick and easy to use and lets you skip that whole update an Apache file, then edit /etc/hosts, ethane move a file, then run an app type of process. To get started with Pow, curl it down and pipe it to a shell, then provide the password when prompted to do so:

odr:~ charlesedge$ curl | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9039 100 9039 0 0 10995 0 --:--:-- --:--:-- --:--:-- 10996
*** Installing Pow 0.5.0...
*** Installing local configuration files...
*** Installing system configuration files as root...
*** Starting the Pow server...
*** Performing self-test...
*** Installed

For troubleshooting instructions, please see the Pow wiki:

To uninstall Pow, `curl | sh`

To install an app into Pow, create a symlink to it using ln (assuming ~/.pow is your current working directory):

ln -s /path/to/myapp

Then just open the url, assuming my app is


Pow can also use ~/Library/LaunchAgents/cx.pow.powd.plist to port proxy. This allows you to redirect different apps to different ports. When pow boots, it runs .powconfig, so there’s a lot you can do there, like export, etc. Once you’re done testing out pow, if you don’t decide it’s awesome, remove it with the following command:

curl | sh

Ubuntu Unix

Linux and Free Memory Space

The free command in Linux is used to show memory utilization. When run without any options, you can see the used and available space of swap and physical memory. By default, the option is displayed in kilobytes but when run with a -b option it is shown in bytes or -m will show in megabytes or -g in gigabytes or -t in terabytes. So to see the free space in bytes run the following:

free -b

The -o option shows the output adjusted for the buffer. The -t option also adds a total column as well as a line for total that shows swap and physical, combined. The -s will update the output and is followed by a number of seconds. To see the number of times it happened, use the -c option. So to see the output every 60 seconds:

free -cs 60

The low and high stats are shown using the -l option:

free -l

As with many commands, you can see the version of the command using the -V option:

free -V

Finally, use the –help option to see the available options, no matter the version or OS.

Mac OS X Mac OS X Server Mac Security Mass Deployment Network Infrastructure Programming Ubuntu Unix

Opposite Day: Reversing Lines In Files

The other day, my daughter said “it’s opposite day” when it was time to do a little homework, trying to get out of it! Which reminded me of a funny little command line tool called rev. Rev reads a file and reverses all the lines. So let’s touch a file called rev ~/Desktop/revtest and then populate it with the following lines:


Now run rev followed by the file name:

rev ~/Desktop/revtest

Now cat it:

cat !$

Now rev it again:

rev !$

You go go forward and back at will for fun, much more fun than homework… Enjoy!

Mac OS X Mac OS X Server Mac Security Mass Deployment Network Infrastructure sites Ubuntu Unix

Manage Apex Domains In OS X

OS X Server supports running a traditional bind implementation of DNS. You can define a record for most any name, including,,, etc. You can use this to redirect subdomains. In this example, we’ll create an A Record to point to without breaking other subdomains. To get started, let’s use the DNS service in the Server app to create The reason for this is that OS X will then create a zone file for If we created instead, then OS X would automatically create, which would break the other subdomains. To do so, open Server app and click on the DNS Service. Then click on the plus sign to create a new record.

Screen Shot 2014-09-23 at 10.55.58 AM

Now, if you restart dns and ping you should see the referenced IP. To then change, we’d edit the zone file stored at /Library/Server/named/ This file will look like this when you first open it: 10800 IN SOA (
2014092301 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
1209600 ; expire (2 weeks)
86400 ; minimum (1 day)
10800 IN NS 10800 IN A

We’ll add an a record for 10801 IN A

Now, to change the apex record, you’d just replace the name you’ve been using with an @:

@ 10801 IN A

Good luck!

Ubuntu Unix

Installing the Docker for OpenStack Heat

Docker is an engine that automates deploying applications as highly portable, self-sufficient containers, independent of hardware, language, framework, packaging system and hosting provider. Heat is the main project used when it comes to OpenStack orchestration. There is a Docker plugin for Heat. To install this plugin, you’ll need to use the stable/icehouse branch (which seems like what’s made the tool so mature rather than simply being available for Nova) to install Heat via apt-get install. Once downloaded, extract the contrib/docker folder and delete the tests directory. Then copy the contrib/docker folder to the OpenStack controller. Here we’ll put it at /usr/lib/heat directory. This results in the path of /usr/lib/heat/docker/docker. Next, install python-pip:

apt-get install python-pip

Then check the installer requirements:

pip install -r requirements.txt

Then edit the heat config, likely at /etc/heat/heat.conf. Here, provide the plugin in the plugin_dirs section as:


Then reboot and check the resource type listing:

/usr/lib/heat/heat resource-type-list

If you see DockerInc::Docker::Container, you can deploy Docker containers.

Mac OS X Ubuntu Windows Server

Shell BUILTINs Available In Powershell

The following are Shell builtins from BSD/Mac that are available in Powershell (note the obvious lack of a builtin command):

  • alias
  • break
  • cd
  • chdir
  • command
  • continue
  • do
  • echo
  • end
  • exit
  • fc
  • for
  • foreach
  • history
  • if
  • kill
  • popd
  • pushd
  • pwd
  • return
  • set
  • switch
  • trap
  • type
  • where
  • while
Active Directory Mac OS X Mac OS X Server Microsoft Exchange Server Network Infrastructure Ubuntu Unix VMware Windows Server

Stashbox: Turning a Mac Mini Into A Logstash and Kibana Server

You have a lot of boxes. You would like to be able to parse through the logs of all those boxes at the same time, searching for a given timestamp across a set of machines for a specific string (like a filename or a port number). elasticsearch, logstash and kibana are one way to answer that kind of need. This will involve downloading three separate packages (which for this article, we’ll do in /usr/local) and creating a config file.

First, install the latest Java JDK. This is available at jdk8-downloads-2133151.html.

The following is going to download the latest version of logstash and untar the package into /usr/local/logstash (I like nesting that logstash-1.4.0 inside logstash so when the next version comes out I can have it there too, I have plenty of space so keeping a couple versions back helps in the event I need some old binary and can’t get to it ’cause they revved out the version I wrote a script against at some point):

curl -O
mkdir /usr/local/logstash
tar zxvf logstash-1.4.0.tar.gz -C /usr/local/logstash

Once we have log stash, we’ll grab elastic search similarly:

curl -O
mkdir /usr/local/elasticsearch
tar zxvf elasticsearch-1.0.1.tar.gz -C /usr/local/elasticsearch

Then we’ll untar kibana in the same manner:

curl -O
mkdir /usr/local/kibana
tar zxvf kibana-3.0.0.tar.gz -C /usr/local/kibana

Next we’ll make a very simple config file that we call /usr/local/stashbox.conf that listens on port 514 for syslog:

input {
tcp {
port => 514
type => syslog
udp {
port => 514
type => syslog
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
output {
elasticsearch { host => localhost }
stdout { codec => rubydebug }

Next, we’ll enable elastic search:


And finally, in a different window we’ll call logstash with that file as the config file:

/usr/local/logstash/logstash-1.4.0/bin/logstash -f /usr/local/stashbox.conf

Having each of these open in different Terminal windows allows you to see logs in stdout. Next, point a host at your new syslog box. You can use for installing Windows clients or for  a Mac. Once done, let’s get Kibana working. To do so, first edit the config.js.

vi /usr/local/kibana/kibana-3.0.0/config.js

Locate the elastic search setting and put the name of the host running logstash in there (yes, it can be the same as the actual logstash box as long as you install a web server on the logstash box). Then save the changes.

Now move the contents of that kibana-3.0.0 folder into your web directory. Let’s say this is a basic OS X Server, that would be:

cp -R /usr/local/kibana/kibana-3.0.0/* /Library/Server/Web/Data/Sites/Default/

You can then check out your Kibana site at http://localhost or http://localhost/index.html#/dashboard/file/logstash.json for the actual search pages, which is what I’ve bookmarked.

Screen Shot 2014-04-10 at 10.37.51 PM

For example, to see the impact of periodic scripts in System Logs:

Screen Shot 2014-04-12 at 9.07.44 AM


iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment Microsoft Exchange Server Network Infrastructure Ubuntu Unix VMware

Quick nmap Hacks

The nmap application is a pretty easy-to-use tool that can be used to port scan objects in a network environment. To obtain mmap in an easy-to-use package installer, for OS X check out the download page at (use the same page to grab it for Windows or *nix as well). Once downloaded run the package/rpm/whatever.

Before I scan a system, I like to pull the routing table and eth info to determine how scans are being run, which can be run by using the mmap command anong with the —iflist option:

nmap —iflist

Basic Scanning
To then scan a computer, just use the mmap command followed by the host name or even throw a -v option in there to see more information (you can use a hostname or an IP):

nmap -v

Use the -6 option if scanning via IPv6:

nmap -v -6 8a33:1a2c::83::1a

Can drop the -v for less info on these, but I usually like more than less. Shows ports, states, services (for the ports) and a MAC address for each IP being scanned.

You can also scan a range of IPs. I usually take the lazy way for this, by using a wildcard. I can replace an octet to scan all objects in that octet. For example, to scan all systems running on the 192.168.210 class B:

nmap 192.168.210.*

You can scan a subnet, which can cover more or less than one octet worth of IPs, by including the net mask:


You can also just list a range, which is much easier in some cases, using the —exclude option to remove an address that will be angry if port scanned:

nmap —exclude

Or to do a few hosts within that range:


Of you can even use the following to read in a list of addresses and subnets where each is on its own line:

nmap -iL ~/nmaplist.txt

By default, mmap is scanning all ports. However, if you know what you’re looking for, scans can be processed much faster if you constrain it to a port or range of ports. Use the -p option to identify a port and then T: for only TCP or U: for only UDP, or neither to do both. Additionally, you can scan a range of ports or separate ports using the same syntax used for identifying multiple hosts. For example, here we’ll scan 53, 80, 110, 443 and 143:

nmap -p 53,80,110,143,443

DO OS detection using the -A option:

nmap -A

For true remote OS detection, use -O with —osscan-guess:

mmap -v -O —osscan-guess

We can also output to a text file, using the -o option (or of course > filename but -o is more elegant here unless you’re parsing elsewhere in the line):

mmap -v -o ~/Desktop/nmapresults.txt -O —osscan-guess

Next, we’ll look at trying to bypass pesky annoyances like stageful packet inspection on firewalls. First, check whether there is actually a firewall using -s:

nmap -sA

Scan even if the host is protected by a firewall:

nmap -PN

Just check to see if some devices are up even if behind a firewall:

nmap -sP

Run a scan using Syn and ACK scans, run mmap along with the either -PS or -PA options (shown respectively):

nmap -PS 443
nmap -PA 443

Try to determine why ports are in a specific state:

nmap —reason

Show all sent/recvd packets:

nmap —packet-trace

Try to read the header of remote ports to determine a version number of the software:

nmap -sV

Security Scanning
Next, we can look at actually using nmap to test the attacking waters a little bit. First, we’ll try and spoof another MAC address, using the —spoof-mac options. We’ll use the 0 position after that option to indicate that we’re randomly generating a Mac, although we could use a real MAC in place of the 0:

nmap -v -sT —spoof-mac 0

Next, let’s try to add a decoy, which allows us to spoof some IPs and use that as decoys so our target doesn’t suspect our IP as one that’s actually scanning them (note that our IP we’re testing from is

nmap -n -,,,

Then, send some crazy packets (not an official term like magic packets, just my own term for throwing a curve ball at things and testing for the viability of syn-flood or Xmas packet attacking):

nmap -sX

Configure a custom mtu:

nmap —mtu 64

Fragment your packets:

nmap -f

Note: None of Apple’s servers were damaged in the writing of this article. I did a find/replace at the end, when I realized I didn’t want all of you hitting