Slackware Security Advisor Bot

Three years ago, I started a personal project related to my favorite GNU/Linux, Slackware, this distribution was created in 1993 by Patrick Volkerding. Originally based on SLS Linux, Slackware is the oldest GNU/Linux distribution still in maintenance. The main philosophy is based on principles such as KISS (Keep it simple stupid) or keep it simple and stable, referring to a design point of view, instead of being easy to use. Your init scripts are init of BSD, this allows that in a transparent and simple way be create or changed, unlike System V. The package system is also minimalist, it has dependency managers such as slackpkg, slapt-get, Some of these tools determine the dependencies by analyzing the installed packages, determining what libraries are needed, and then discovering which packages are available. This automatic process, very similar to the Debian APT and generally produces satisfactory results.

Slackware is a distribution that does not focus on having the latest versions of the programs, but its focus is to have a stable system. The new packages are tested and are not delivered until they are stable (this does not imply that it is the latest available version of the program), for example, the Linux 2.6 kernel was not included until 2007, having been released version 2.6.0 in the year 2003. But when some package has an update for bugs or security improvements, these are incorporated into the Slackware packages and advertised through from a mailing list of those updates and in the change log that is found on the website. Slackware includes inside the / extra directory of the installation CD the Slackpkg program that helps keep the system updated.

To keep up-to-date with new security updates, I created a bot called Slackawaresa. This bot read from changes list(changelog) and posts the messages in the SlackwareSecAdv twitter account. Please, feel free to follow the SlackwareSecAdv on twitter to get the latest security updates advisors.

Git Hub SourceCode

Twitter Account Link

TimeLine

MongoDB Slackware script

#!/bin/sh
#
# MongoDB daemon control script.
# Written for Slackware Linux by Jose Bovet Derpich <jose.bovet@gmail.com>.

BIN=/opt/mongodb/bin/mongod
PID=/var/run/mongod.pid
LOG=/var/log/mongodb
DBPATH=/opt/mongodb/data/db

mongod_start() {
  if [ -s $PID ]; then
    echo "mongod appears to already be running?"
    exit 1
  fi

  echo "Starting mongo server daemon..."
  if [ -x $BIN ]; then
    $BIN --auth --dbpath=$DBPATH --pidfilepath=$PID --logpath=$LOG --fork --bind_ip 127.0.0.1
  fi
}

mongod_stop() {
  echo "Shutdown mongod..."
  if [ -r $PID ]; then
    kill -TERM $(cat $PID)
    rm $PID
  fi
}

mongod_restart() {
  mongod_stop
  sleep 3
  mongod_start
}

case "$1" in
  start)
    mongod_start
    ;;
  stop)
    mongod_stop
    ;;
  restart)
    mongod_restart
    ;;
  *)
  echo "usage: `basename $0` {start|stop|restart}"
esac

Gist Link

Manifesto for Software Craftsmanship

It’s been a while, and my commitment continue.

Manifesto

Running Nginx with SSL/TLS provided by Let’s Encrypt

Let’s Encrypt is Certificate Authority (CA) and provide free SSL/TLS certificates to enable HTTPS connections on our website. It’s very simple to implement and integrate to nginx, you just have to generate the certificate with certbot script and add it to the server configuration. I am currently running Slackware 14, to run certbot, I need install the follow pyhton packages with easy_install:

  • python-setuptools
  • zope.interface
  • zope.component
  • six
  • pytz
  • pyrfc3339
  • PyOpenSSL
  • python-parsedatetime
  • parsedatetime
  • mock
  • configobj
  • ConfigArgParse
  • requests
  • psutil
  • pycparser
  • ipaddress
  • enum34
  • idna
  • cffi
  • pyasn1
  • cryptography
  • ndg_httpsclient
  • python2-pythondialog
  • python-augeas

Now, running this command will get a certificate.

certbot certonly -a webroot --webroot-path=/usr/share/nginx/html -d mydomain.cl

After obtaining the cert, you will have the following PEM-encoded files:

  • cert1.pem: Your domain’s certificate
  • chain1.pem: The Let’s Encrypt chain certificate
  • fullchain1.pem: cert.pem and chain.pem combined
  • privkey1.pem: Your certificate’s private key

You can check that the files exist by running the command:

  ls -l /etc/letsencrypt/live/mydomain.cl

Within this file, we just need to set:

  • ssl_certificate: directive to our certificate file
  • ssl_certificate_key: associated key.

the nginx.conf should looks like this:

# HTTPS server
#
server {
    listen       443 ssl;
    server_name  mydomain.cl;

    ssl_certificate      /etc/letsencrypt/live/mydomain.cl/cert.pem;
    ssl_certificate_key  /etc/letsencrypt/live/mydomain.cl/privkey.pem;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        root   /var/www/nginx/public;
        index  index.html index.htm;
    }

    ...
}

Reference Certificats SSL/TLS avec Certbot sous Slackware

Slackware mosquitto script

#!/bin/sh
#
# Mosquitto daemon control script.
# Written for Slackware Linux by Jose Bovet Derpich <jose.bovet@gmail.com>.

BIN=/usr/sbin/mosquitto
CONF=/etc/mosquitto/mosquitto.conf
# enable pid_file in /etc/mosquitto/mosquitto.conf
PID=/var/run/mosquitto.pid

mosquitto_start() {
  if [ ! -r $CONF ]; then # no config file, exit:
    echo "$CONF does not appear to exist. Abort."
    exit 1
  fi

  if [ -s $PID ]; then
    echo "Mosquitto appears to already be running?"
    exit 1
  fi

  echo "Starting Mosquitto server daemon..."
  if [ -x $BIN ]; then
    $BIN -c $CONF -d
  fi
}

mosquitto_stop() {
  echo "Shutdown Mosquitto..."
  if [ -r $PID ]; then
    kill -TERM $(cat $PID)
    rm $PID
  fi
}

mosquitto_restart() {
  mosquitto_stop
  sleep 3
  mosquitto_start
}

case "$1" in
  start)
    mosquitto_start
    ;;
  stop)
    mosquitto_stop
    ;;
  restart)
    mosquitto_restart
    ;;
  *)
  echo "usage: `basename $0` {start|stop|restart}"
esac

Gist Link

Current Status

Currently I’m running Slackware Linux 14.2 on a VPS with Kernel 4.9.50-x86_64 provided by Linode.com. The main specifications are 2GB RAM, 1 CPU Core Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz, 30 GB SSD Storage, 2TB Transfer, 40 Gbps Network In and 1000 Mbps Network Out, enough to be a happy user! smiley

At the moment, I’ve running few services like nginx stable version 1.12.2 with http2 as HTTP server and jekyll as static website, Let’s Encrypt as Certificate Authority provider for free SSL/TLS support heart I will soon install postfix mail server,

Integración Webpay Transbank SOAP

Ejemplo de Integración con java para servicio Webpay SOAP con springboot 1.4.2 + cxf 3.1.x

Link