Sudo on Debian

Sudo Not Installed?

The fix – getting sudo to work – is at the bottom.

When you use Debian for the first time, you may have quickly run into this:

Debian_sudo_not_found2

bash: sudo: command not found

This happens if, during the setup process, you provide a root password.  The Debian installation will install sudo if you do not specify the password.

debian-8-install-root-password

Notice, in the last paragraph of the above dialog:

If you leave this empty, the root account will be disabled and the system’s initial user account will be given the power to become root using the “sudo” command.

And, here is a relevant portion from the installation guide for Debian 8 Jessie:

By default you are asked to provide a password for the “root” (administrator) account and information necessary to create one regular user account. If you do not specify a password for the “root” user this account will be disabled but the sudo package will be installed later to enable administrative tasks to be carried out on the new system.

So, if you do specify the password for the root user account, the sudo package will not be installed.

Using sudo

To add sudo, all you need to do is:

1. Open a terminal and change to root
2. Install sudo

apt install sudo

3. Add user to sudo group

usermod -a -G sudo matthew

4. Have the user log out and back in.

That’s it!

Ubuntu – Automatically Connect to VPN on Boot (Without Keyring Prompt)

This post assumes that you have set up a VPN connection on Ubuntu already that you are able to use, and will show you how to make that connection start on boot.

First, the easy step; tell your existing connection to automatically connect to the VPN:

  1. Open up “Network Connections”
  2. Highlight your default network connection
  3. Click edit
  4. Choose the “General” tab
  5. Check the box “Automatically connect to VPN when using this connection” and choose your VPN connection
  6. Save

automatically-connect-checkbox

Stop the Keyring Prompt

At this point, if you restart your machine, you’ll be prompted to enter your keyring:

unlock-login-keyring

To make this go away on boot, navigate to /etc/NetworkManager/system-connections and look for a file named after your VPN connection.  For me, it was “pia-toronto(openvpn)”.  In this file, make two changes:

  1. Under the “[vpn]” section, remove the “password-flags=1” line.
  2. Add a new section, “[vpn-secrets]” to the file with your VPN account password underneath it:
[vpn-secrets]
password=my_vpn_password

And now you should be good to go.

Using Keepass on Multiple Devices

Keepass on multiple devices

Intro

If you don’t use a password manager, you definitely should.  The security benefits far outweigh the risks.

I used to use Lastpass.  I enjoyed the multi-device convenience, but the idea of trusting just one company so completely that always has a copy of my DB made me uneasy.

Using Keepass arguably still has issues because you are trusting an application, and trust is the opposite of security, but since it’s offline, and I take responsibility for the data sharing/syncing myself, I feel it’s at least less likely that all of my passwords will ever be stolen.

But, I still have multiple devices that I need to access my passwords on: desktop, laptops, phone, tablet, etc.  And, there is truly a need to have automatic syncing.  If you leave it to manual, you’ll forget to copy the DB file after changing that password that you’re trying to use and then you have to wait until you’re on the device with the right version of the DB.

How to Sync the DB File

The program you want to look into is Syncthing.  It does what it sounds like and syncs files/folders across devices.  So essentially, you can now have the Keepass DB file automatically sync across your various devices whenever a change is made.

Here’s why I like it:

  • Support each platform I use (Windows, Linux, Android) and more, but I haven’t tried the others.
  • Encrypted
    • The Keepass DB is encrypted, yes, but it’s still better to keep it from being stolen if at all possible.
  • Open Source
    • You don’t want to use closed source applications where the encryption is important unless you truly trust the company to do it properly.  Having others examine that the encryption is done correctly is a huge bonus.
  • Can be used on machines without Admin rights.

Syncthing Model

For this to really work, you don’t have to connect every device to every other device, instead you’ll need a machine that’s always reachable.  The way my setup works, is that my home computer is always on and the router has port forwarding configured so that Syncthing requests can make it there.

Once you have one reachable Syncthing host, the other hosts just need to connect to this one.  This gives you a connection model that can be visualized like this:

syncthing model

So, let’s consider an example and see how the changes will propagate:

  1. Update password DB on my phone.
  2. My phone connects to my Desktop at home, sees that there is a change and syncs the file
  3. Other devices connect to my Desktop, see that there is a change, and sync the file.

I’ve been using this for many months now and it works very well.

Finding the Versions of All Java Jars in a Directory

Tasked with converting a project to Maven, I needed to find out the version of the dependencies, as not all of them had the version in the name.

jars-without-versions-edited

Looking Up a Single Jar

If it’s a single jar you want to look up, it’s quite easy.  Simply take the sha1 hash of the file, head over to the Maven Central Advanced Search, and put the hash in the “SHA-1 Checksum” field.

maven-central-search-results

Looking Up Many Jars

The above becomes very tedious very quick if you have dozens of jars to lookup.  A whole directory of mysterious dependencies.

Maven Central has a search API that I quickly took advantage of to automate the above process in Python.  I created a script that will, for every file in a given path, hash the file and search for its version.

You simply run it as >jar_version.py <path>

jar-versions-found

The Script

Feel free to use the script.

import sys
import urllib2
import json
import os


def sha1_of_file(file_path):
    import hashlib
    with open(file_path, 'rb') as f:
        return hashlib.sha1(f.read()).hexdigest()


def search_maven_central(sha1_hash):
    maven_hash_url = "http://search.maven.org/solrsearch/select?q=1:%22" + sha1_hash + "%22&rows=20&wt=json"
    response = urllib2.urlopen(maven_hash_url)
    return response.read()


def pull_result_version_from_results(maven_central_response):
    results_parsed = json.loads(maven_central_response)
    if results_parsed["response"]["numFound"] == 0:
        return "Not Found"
    else:
        specific_results = results_parsed["response"]["docs"][0]
        return specific_results["g"] + " " + specific_results["a"] + " v" + specific_results["v"]


def process_artifact(artifact_path):
    sha1_hash = sha1_of_file(artifact_path)
    html = search_maven_central(sha1_hash)
    result_value = pull_result_version_from_results(html)
    print artifact_path + " -> " + result_value


def main():
    path = sys.argv[1]
    if os.path.isfile(path):
        process_artifact(path)
    else:
        for root, _, files in os.walk(path):
            for f in files:
                full_path = os.path.join(root, f)
                process_artifact(full_path)


main()

 

Running JBoss EAP 6 as a Windows Service

I spent some time myself trying to figure out how to easily install JBoss EAP as a Windows service.  I then came across an excellent thread post on developer.jboss.org which let me do what I wanted.  My own post will be based on that.

Files You’ll Need

First, you’ll need commons-daemon-1.0.15.jar, which is from Apache and can be downloaded here.

Second, you’ll want prunsrv.exe, also from the Apache commons-daemon library.  But this item you’ll need to get from the Windows binary downloads section.

Lastly, you’ll need the batch file that will create the service for you, using the previously acquired jar and exe.  This file can be found directly in either the comment I am basing this post on (service.bat.zip), or the bugzilla ticket that post is basing itself on.

Place everything in %JBOSS_HOME%\modules\system\layers\base\native\sbin

Installing the Service

Open up a command prompt in the sbin directory previously mentioned.  And run

service.bat install

The parameters you can pass to this batch file are as follows (pulled from the batch file’s usage output):

  • /controller <host:port>: The host:port of the management interface
    • default: %CONTROLLER% – “localhost:9999”
  • /host [<domainhost>]: Indicates that domain mode is to be used with an optional domain controller name
    • default: %DC_HOST% – “master”
    • Not specifying /host will install JBoss in standalone mode
  • /loglevel <level>: The log level for the service: Error, Info, Warn or Debug (Case insensitive)
    • default: %LOGLEVEL% – “INFO”
  • /name <servicename>: The name of the service – should not contain spaces
    • default: %SHORTNAME% – “JBossEAP6”
  • /desc <description>: The description of the service, use double quotes to allow spaces
    • default: %DESCRIPTION% – “JBoss Enterprise Application Platform 6”
  • /serviceuser <username>: Specifies the name of the account under which the service should run.
    • Use an account name in the form DomainName\UserName
    • default: not used, the service runs as Local System Account
  • /servicepass <password>: password for /serviceuser
  • /jbossuser <username>: jboss username to use for the shutdown command
  • /jbosspass <password>: password for /jbossuser