Welcome to cron.weekly issue #76 for Sunday, April 16th, 2017.
There are lots of Shadow Broker exploits going around for Linux, Unix, Windows, … while some target older releases, make sure to keep an extra eye out for updates in your distributions. They get exploited really quickly.
This issue is a solid mix of everything; lots of back-up tools as a result of a Twitter questionnaire, new releases for Ubuntu, some security news & new guides.
A very visual representation of which version of your Linux distributions is end of life and which is still actively maintained.
Vulnerability in UDP packet processing
Dubbed CVE-2016-10229, on Linux kernels before 4.5 this would allow remote attackers to execute arbitrary code via UDP traffic. Not all OS’s are vulnerable (RHEL + CentOS appear to be safe), but better check your distributions for this one.
Tools & Projects
Datadog: all your infrastructure, in one place
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
A FUSE filesystem and dungeon crawling adventure game engine.
A command line, stack-based calculator with postfix notation that displays the stack contents at all times. As you type, the stack changes are reflected immediately.
Command-line utility for managing shell history in a SQLite database. ~/.bash_history is deduped and imported into a database.
This is mostly a “container release”: adding support for Kubernetes, more Docker features, Snaps, …
MySQL InnoDB Cluster GA
“The MySQL Development Team is happy to announce the first GA release of InnoDB Cluster–our integrated, native, full stack HA solution for MySQL.”
This release focusses on network capabilities and performance.
Google has released their “Container-Optimized OS” (needs a fancy name, doesn’t it?), the same underlying OS that powers their Google Compute platform. In this sense, it rivals with other container focussed OS’s like CoreOS.
Backup is a system utility for Linux and Mac OS X, distributed as a RubyGem, that allows you to easily perform backup operations. It provides an elegant DSL in Ruby for modeling your backups.
Teleport is a modern SSH server designed for teams managing distributed infrastructure, the 2.0 release brings TOTP support for their 2 factor authentication, audit logging & more DB backends.
Duplicati is a free, open source, backup client that securely stores encrypted, incremental, compressed backups on cloud storage services and remote file servers.
Obnam is an easy, secure backup program. Backups can be stored on local hard disks, or online via the SSH SFTP protocol. The backup server, if used, does not require any special software, on top of SSH.
git-crypt is an open source, command line utility that empowers developers to protect specific files within a git repository.
Bareos is a 100% open source fork of the backup project from bacula.org. The fork is in development since late 2010, it has a lot of new features.
duply is a frontend for the mighty duplicity magic. duplicity is a python based shell application that makes encrypted incremental backups to remote storages. Different backends like ftp, sftp, imap, s3 and others are supported.
restic is a backup program that is fast, efficient and secure.
Guides & Tutorials
TokuDB Hotbackup and Replication
Lots of practical info and configs for taking back-ups and configuring replication on a MySQL instance running the TokuDB storage engine.
Connecting Kubernetes services with linkerd
A detailed post describing how linkerd can be used instead of Kubernetes’ default DNS-based service discovery, to link pods & services together.
Doing Ops in a “serverless” world
Good info on doing logging & reporting when you don’t run a dedicated Ops team, because even in a “serverless” world (think AWS Lambda or Azure Functions), we need visibility in the applications we want to support.
Build your own DNS name server on Linux
This guide helps get you started running the BIND nameserver.
Command Line Text Processing
Lost of examples for using “grep” at the command line; from simple searches to matching more specific content to using more complex regex’s.