Linux

Getting Started with Vagrant

benzid.wael Linux, Ubuntu, Virtualization , , ,

Last post, I show you how to install VirtualBox on Ubuntu 12.04. Today, I’ll show you how to improve your capabilities to manage VMs by using an awesome tool. Yes, I’m speaking about Vagrant.

What’s Vagrant ?

Vagrant is an open source tool for managing virtual machines (VMs) developed by Mitchell Hashimoto and John Bender. A virtual machine is a full implementation of a computer with a virtual disk, memory and CPU. A Box, or base image, is the pre-packaged virtual machine that Vagrant will manage.

Vagrant is a CLI tool. Calling vagrant without additional arguments will provide the list of available commands:

  • init — create the base configuration file.
  • up — start a new instance of the virtual machine.
  • suspend — suspend the running guest.
  • halt — stop the running guest, similar to hitting the power button on a real machine.
  • resume — restart the suspended guest.
  • reload — reboot the guest.
  • status — determine the status of vagrant for the current Vagrantfile.
  • provision — run the provisioning commands.
  • destroy — remove the current instance of the guest, delete the virtual disk and associated files.
  • box — the set of commands used to add, list, remove or repackage box files.
  • package — used for the creation of new box files.
  • sshssh to a running guest.

Install it

This is so easy. Go to the Vagrant downloads page and download the latest release version which is v1.7.4 when writing this post. You can download it with the below command:

wget https://dl.bintray.com/mitchellh/vagrant/vagrant_1.7.4_x86_64.deb

Next install it with the following command:

dpkg -i vagrant_1.7.4_x86_64.deb

Great ! Now you have vagrant installed on your machine. You can test it by adding boxes, creating a new box, etc.

Your first Vagrant project

Download the precise Ubuntu 12.04 vagrant box

vagrant box add precise64 http://files.vagrantup.com/precise64.box # 323MB, faster download

Once it’s downloaded, let’s initialize the new Vagrant project basing on the downloaded box:

mkdir -p ~/vagrant-tutorial/ && cd ~/vagrant-tutorial/
vagrant init precise64 # creates a default Vagrantfile in the current directory

For more details about Vagrantfile, see the official documentation.

Creating VM

Now let’s start up a VM defined by the created Vagrantfile:

vagrant up

The VM is now running. You can ssh into it with the following command:

vagrant ssh

Note that on the new VM, /vagrant is a shared directory mounted to ~/vagrant-tutorial

ls /vagrant

Soon, you’ll start making modifications to the Vagrantfile. There are three ways to rebuild the VM.

# Fastest method: re-runs the provisioner without stopping the VM.
vagrant provision 

# Restarts VM, provisions. Use this if you changed virtualbox settings (e.g shared folders)
vagrant reload 

# Destroys the active VM, and rebuilds.
# Slow, but guarantees stability.
vagrant destroy --force && vagrant up

Thanks for reading !

Install Virtualbox on Ubuntu using PPA

benzid.wael Linux, Ubuntu, Virtualization , ,

This is a brief post in which I’m going to show you how to install VirtualBox in Ubuntu. I assume that you already know what is VirtualBox. So I’ll enter directly into the subject.

Dependency

To avoid any error, we should install the dkms package, just type:

sudo apt-get install dkms

Installation

Firstable, Press Ctrl – Alt – T, to open a terminal.when it’s opened, type:

wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -

which will add the VirtualBox repository’s key. Next, add the VirtualBox repository to your /etc/apt/sources.list

sudo sh -c 'echo "deb http://download.virtualbox.org/virtualbox/debian precise contrib" >> /etc/apt/sources.list'

Finally, let’s update your system and install the latest VirtualBox (which is v4.3 on Ubuntu 12.04)

sudo apt-get update && sudo apt-get install virtualbox-4.3

Extra

Now, after understanding the different steps to install VirtualBox on Ubuntu 12.04 using PPA, I’ll give a command which will install VirtualBox for you independently of your Ubuntu version:

sudo sh -c "echo 'deb http://download.virtualbox.org/virtualbox/debian '$(lsb_release -cs)' contrib non-free' > /etc/apt/sources.list.d/virtualbox.list" && wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add - && sudo apt-get update && sudo apt-get install virtualbox-4.3 dkms

Enjoy 🙂 !

 

Installing different python versions in ubuntu

benzid.wael Linux, Python, Ubuntu , ,

Since I write python code that should be running on different python versions, I have to install multiple python versions on my workstation. As usually, I believe that we should do everything well as we can :).

This post is a description of my procedure to get different python versions installed in my Ubuntu workstation.

Installing Multiple Versions

Ubuntu typically only supports one python 2.x version and one 3.x version at a time.  There’s a popular PPA called deadsnakes that contains older versions of python. To install it you should run the below commands:

$ sudo add-apt-repository ppa:fkrull/deadsnakes
$ sudo apt-get update

I’ve a Ubuntu 14.04 already installed in my workstation (So I’ve both python2.7 and python3.4). So, I’ll install versions 2.6 and 3.3.

$ sudo apt-get install python2.6 python3.3

Let’s check the default python version by running `python – V`

$ python -V
Python 2.7.6

Now, to manage the different python versions I will use an amazing Linux command: update-alternatives. According to Linux man page, ” update-alternatives maintain symbolic links determining default commands ”

Firstable, let’s install the different alternatives:

$ sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.6 10
$ sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 20
$ sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.3 30
$ sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.4 40

To choose the default python version you should run the below command:

$ sudo update-alternatives --config python

Secondly, I can switch between the different Python versions easily with the previous command. However, Ubuntu runs multiple maintenance scripts and those script may break if I choose Python 2.6 as a default version.

Using virtualenv

I assume that we have different python version installed on your machine and you didn’t change the default python version (which is 2.7 in my case).

1. Installing virtualenv

$ sudo apt-get install python-virtualenv

2. Managing different python version
Suppose that I will start a new project which will run on Python 2.6. Using this solution, I will be able to manage different version of python and different version of any package I use. Great!

$ virtualenv -p /usr/bin/python2.6 ~/.envs/project_x_py2.6
Running virtualenv with interpreter /usr/bin/python2.6
New python executable in ~/.envs/project_x_py2.6/bin/python2.6
Also creating executable in ~/.envs/project_x_py2.6/bin/python
Installing distribute....................................done.
Installing pip.....................done.

3. Activating virtualenv
Before that you can install any package for this project, you should activate it:

$ source ~/.envs/project_x_py2.6/bin/activate

Now, If we check the default python version used for this project:

$ python -V
Python 2.6.9
$ which python
~/.envs/project_x_py2.6/bin/python

When you’re gone with the project, just deactivate its virtualenv and you can back to it when you need by activating it

$ deactivate

Shellshock bash bug

benzid.wael Linux, Security , ,

Yesterday, security experts discovered a security bug in Bash sell. This bug called Shellshock. This is a very serious bug, as it can be used to take control of your machine, even you have a Macintosh or an Android device. This make Shellshock a bigger threat than Heartbleed in two dimensions:

  • First of all, unlike Heartbleed, Shellshock can be used to steal all your information not only your password.
  • Second, If Heartbleed was unnoticed for two years, Shellshock was unnoticed for 22 years.

To understand the threat, I will share some code from Robert Graham’s blog post who made an excellent analysis of this issue. We will request resources with the below configuration:

target = 0.0.0.0/0
port = 80
banners = true
http-user-agent = shellshock-scan (http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html)
http-header = Cookie:() { :; }; ping -c 3 209.126.230.74
http-header = Host:() { :; }; ping -c 3 209.126.230.74
http-header = Referer:() { :; }; ping -c 3 209.126.230.74

Which when be tested to a huge number of IP addresses, will shows that bug is widespread:
shellshock-responses

What’s Shellshock ?

If we take a look to the CVE from NIST vulnerability database, we will found:

GNU Bash through 4.3 processes trailing strings
after function  definitions in the values of
environment variables, which allows remote
attackers to execute arbitrary code via a
crafted environment, as demonstrated by vectors
involving the ForceCommand feature in OpenSSH
sshd, the mod_cgi and mod_cgid modules in the
Apache HTTP Server, scripts executed by
unspecified DHCP clients, and other situations
in which setting the environment occurs across a
privilege boundary from Bash execution.

In other words, when you add extra lines to the bash code, you’ll be allowed to execute scripts:


$ env 'x=() { :;}; echo this is the threat' bash -c "echo good morning"

Is there any patch?

Likely, the Red Hat security team has released patches for this threat (You can find further detail here).

Dbus | C API (Part 1)

benzid.wael Linux ,

My first experience with Dbus started in 2010. My challenge was to manage the communication between the differents parts as: decoder (C), UI (C++), the xosd interface, and the remote controller interface  (C).

What’s Dbus ?

Dbus is a message bus system, it allows applications to communicate to each other in a simple way. Currently the communicating applications are on one computer, or through unencrypted TCP/IP suitable for use behind a firewall with shared NFS home directories. It is simultaneously an Inter-Process Communication (IPC) and Remote Procedure Calling (RPC) mechanism. In Dbus we have two kind of sessions:

  • A “system bus” for communicating between system applications and user sessions
  • A “session bus” for exchanging data between applications in a desktop environments

Code

Let’s go now to the real life: To connect to Dbus you should

  • Initialize the errors

DBusError err;
DBusConnection* conn;
int ret;
// initialize the errors
dbus_error_init(&err);
  • Connect to the dbus

conn = dbus_bus_get(DBUS_BUS_SESSION, &err);
if (dbus_error_is_set(&err)) {
 fprintf(stderr, "Connection Error (%s)\n", err.message);
 dbus_error_free(&err);
}
if (NULL == conn) {
 exit(1);
}
    • Now, you need to request a name on the bus

ret = dbus_bus_request_name(conn, "test.method.server",
                            DBUS_NAME_FLAG_REPLACE_EXISTING
                            , &err);
if (dbus_error_is_set(&err)) {
  fprintf(stderr, "Name Error (%s)\n", err.message);
  dbus_error_free(&err);
}
if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
  exit(1);
}
  • After you have finished with the bus, you should close the connection:
dbus_connection_close(conn);
  1. Sending a signal

This is the simplest operation, the below code do the entirely operation

dbus_uint32_t serial = 0; // unique number to associate replies with requests
DBusMessage* msg;
DBusMessageIter args;

// create a signal and check for errors
msg = dbus_message_new_signal("/test/signal/Object", // object name of the signal
"test.signal.Type", // interface name of the signal
"Test"); // name of the signal
if (NULL == msg)
{
fprintf(stderr, "Message Null\n");
exit(1);
}

// append arguments onto signal
dbus_message_iter_init_append(msg, &args);
if (!dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &sigvalue)) {
fprintf(stderr, "Out Of Memory!\n");
exit(1);
}

// send the message and flush the connection
if (!dbus_connection_send(conn, msg, &serial)) {
fprintf(stderr, "Out Of Memory!\n");
exit(1);
}
dbus_connection_flush(conn);

// free the message
dbus_message_unref(msg);
  1. Receiving a signal

These operation requires reading message from the bus. To receive a signal you have to tell the bus what signals you are interested in so they are sent to your application, then you read messages off the bus and can check what type they are and what interfaces and signal names each signal represents.

// add a rule for which messages we want to see
dbus_bus_add_match(conn,
"type='signal',interface='test.signal.Type'",
&err); // see signals from the given interface
dbus_connection_flush(conn);
if (dbus_error_is_set(&err)) {
fprintf(stderr, "Match Error (%s)\n", err.message);
exit(1);
}

// loop listening for signals being emmitted
while (true) {
// non blocking read of the next available message
dbus_connection_read_write(conn, 0);
msg = dbus_connection_pop_message(conn);

// loop again if we haven't read a message
if (NULL == msg) {
sleep(1);
continue;
}

// check if the message is a signal from the correct interface and with the correct name
if (dbus_message_is_signal(msg, "test.signal.Type", "Test")) {
// read the parameters
if (!dbus_message_iter_init(msg, &args))
fprintf(stderr, "Message has no arguments!\n");
else if (DBUS_TYPE_STRING != dbus_message_iter_get_arg_type(&args))
fprintf(stderr, "Argument is not string!\n");
else {
dbus_message_iter_get_basic(&args, &sigvalue);
printf("Got Signal with value %s\n", sigvalue);
}
}

// free the message
dbus_message_unref(msg);
 }

I hope that will be a good light introduction to the Dbus system.